/*
- Copyright (C) 2013-2014 Carl Hetherington <cth@carlh.net>
+ Copyright (C) 2013-2015 Carl Hetherington <cth@carlh.net>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
* @brief Functions to make signer chains.
*/
+#ifndef LIBDCP_CERTIFICATE_CHAIN_H
+#define LIBDCP_CERTIFICATE_CHAIN_H
+
+#include "certificate.h"
+#include "types.h"
#include <boost/filesystem.hpp>
+#include <boost/optional.hpp>
+
+namespace xmlpp {
+ class Node;
+}
namespace dcp {
-/** Create a chain of certificates for signing things.
- * @param openssl Name of openssl binary (if it is on the path) or full path.
- * @return Directory (which should be deleted by the caller) containing:
- * - ca.self-signed.pem self-signed root certificate
- * - intermediate.signed.pem intermediate certificate
- * - leaf.key leaf certificate private key
- * - leaf.signed.pem leaf certificate
+/** @class CertificateChain
+ * @brief A chain of any number of certificates, from root to leaf.
*/
-boost::filesystem::path make_certificate_chain (boost::filesystem::path openssl);
+class CertificateChain
+{
+public:
+ CertificateChain () {}
+
+ /** Create a chain of certificates for signing things.
+ * @param openssl Name of openssl binary (if it is on the path) or full path.
+ * @return Directory (which should be deleted by the caller) containing:
+ * - ca.self-signed.pem self-signed root certificate
+ * - intermediate.signed.pem intermediate certificate
+ * - leaf.key leaf certificate private key
+ * - leaf.signed.pem leaf certificate
+ */
+ CertificateChain (
+ boost::filesystem::path openssl,
+ std::string organisation = "example.org",
+ std::string organisational_unit = "example.org",
+ std::string root_common_name = ".smpte-430-2.ROOT.NOT_FOR_PRODUCTION",
+ std::string intermediate_common_name = ".smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION",
+ std::string leaf_common_name = "CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION"
+ );
+
+ void add (Certificate c);
+ void remove (Certificate c);
+ void remove (int);
+
+ Certificate root () const;
+ Certificate leaf () const;
+
+ typedef std::list<Certificate> List;
+
+ List leaf_to_root () const;
+ List root_to_leaf () const;
+
+ bool valid () const;
+ bool attempt_reorder ();
+
+ void sign (xmlpp::Element* parent, Standard standard) const;
+ void add_signature_value (xmlpp::Node* parent, std::string ns) const;
+
+ boost::optional<std::string> key () const {
+ return _key;
+ }
+
+ void set_key (std::string k) {
+ _key = k;
+ }
+
+private:
+ friend class ::certificates;
+
+ List _certificates;
+ /** Leaf certificate's private key, if known */
+ boost::optional<std::string> _key;
+};
}
+
+#endif