- dcp::CertificateChain good;
- good.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/ca.self-signed.pem"))));
- good.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/intermediate.signed.pem"))));
- good.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/leaf.signed.pem"))));
- BOOST_CHECK (good.verify ());
-
- dcp::CertificateChain bad;
- bad.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/intermediate.signed.pem"))));
- bad.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/leaf.signed.pem"))));
- BOOST_CHECK (!bad.verify ());
+ dcp::CertificateChain good1;
+ good1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
+ good1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
+ good1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
+ BOOST_CHECK (good1.valid ());
+
+ dcp::CertificateChain good2;
+ good2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
+ BOOST_CHECK (good2.valid ());
+
+ dcp::CertificateChain bad1;
+ bad1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
+ bad1.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
+ BOOST_CHECK (!bad1.valid ());
+ BOOST_CHECK (!bad1.attempt_reorder ());
+
+ dcp::CertificateChain bad2;
+ bad2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
+ bad2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
+ bad2.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
+ BOOST_CHECK (!bad2.valid ());
+ BOOST_CHECK (bad2.attempt_reorder ());
+
+ dcp::CertificateChain bad3;
+ bad3.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
+ bad3.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
+ bad3.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
+ BOOST_CHECK (!bad3.valid ());
+ BOOST_CHECK (bad3.attempt_reorder ());
+
+ dcp::CertificateChain bad4;
+ bad4.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
+ bad4.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
+ bad4.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
+ BOOST_CHECK (!bad4.valid ());
+ BOOST_CHECK (bad4.attempt_reorder ());
+
+ dcp::CertificateChain bad5;
+ bad5.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
+ bad5.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
+ BOOST_CHECK (!bad5.valid ());
+ BOOST_CHECK (!bad5.attempt_reorder ());
+}
+
+/** Check that dcp::Signer::valid() basically works */
+BOOST_AUTO_TEST_CASE (signer_validation)
+{
+ /* Check a valid signer */
+ dcp::CertificateChain chain;
+ chain.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem")));
+ chain.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem")));
+ chain.add (dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem")));
+ dcp::Signer signer (chain, dcp::file_to_string ("test/ref/crypt/leaf.key"));
+ BOOST_CHECK (signer.valid ());
+
+ /* Put in an unrelated key and the signer should no longer be valid */
+ dcp::Signer another_signer ("openssl");
+ signer.set_key (another_signer.key ());
+ BOOST_CHECK (!signer.valid ());