Fix erroneous extra character.

[libdcp.git] / src / certificate_chain.h

diff --git a/src/certificate_chain.h b/src/certificate_chain.h
index 6a6fc48357bf80ab79602cba4bd224301dd2906a..4e13d6ee1590e460cf0d78746a84e116b1967f23 100644 (file)
--- a/src/certificate_chain.h
+++ b/src/certificate_chain.h
@@ -1,5 +1,5 @@
 /*
-    Copyright (C) 2013-2014 Carl Hetherington <cth@carlh.net>
+    Copyright (C) 2013-2015 Carl Hetherington <cth@carlh.net>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -21,18 +21,79 @@
  *  @brief Functions to make signer chains.
  */
 
+#ifndef LIBDCP_CERTIFICATE_CHAIN_H
+#define LIBDCP_CERTIFICATE_CHAIN_H
+
+#include "certificate.h"
+#include "types.h"
 #include <boost/filesystem.hpp>
+#include <boost/optional.hpp>
+
+namespace xmlpp {
+       class Node;
+}
 
 namespace dcp {
 
-/** Create a chain of certificates for signing things.
- *  @param openssl Name of openssl binary (if it is on the path) or full path.
- *  @return Directory (which should be deleted by the caller) containing:
- *    - ca.self-signed.pem      self-signed root certificate
- *    - intermediate.signed.pem intermediate certificate
- *    - leaf.key                leaf certificate private key
- *    - leaf.signed.pem         leaf certificate
+/** @class CertificateChain
+ *  @brief A chain of any number of certificates, from root to leaf.
  */
-boost::filesystem::path make_certificate_chain (boost::filesystem::path openssl);
+class CertificateChain
+{
+public:
+       CertificateChain () {}
+
+       /** Create a chain of certificates for signing things.
+        *  @param openssl Name of openssl binary (if it is on the path) or full path.
+        *  @return Directory (which should be deleted by the caller) containing:
+        *    - ca.self-signed.pem      self-signed root certificate
+        *    - intermediate.signed.pem intermediate certificate
+        *    - leaf.key                leaf certificate private key
+        *    - leaf.signed.pem         leaf certificate
+        */
+       CertificateChain (
+               boost::filesystem::path openssl,
+               std::string organisation = "example.org",
+               std::string organisational_unit = "example.org",
+               std::string root_common_name = ".smpte-430-2.ROOT.NOT_FOR_PRODUCTION",
+               std::string intermediate_common_name = ".smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION",
+               std::string leaf_common_name = "CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION"
+               );
+
+       void add (Certificate c);
+       void remove (Certificate c);
+       void remove (int);
+
+       Certificate root () const;
+       Certificate leaf () const;
+
+       typedef std::list<Certificate> List;
+
+       List leaf_to_root () const;
+       List root_to_leaf () const;
+
+       bool valid () const;
+       bool attempt_reorder ();
+
+       void sign (xmlpp::Element* parent, Standard standard) const;
+       void add_signature_value (xmlpp::Node* parent, std::string ns) const;
+
+       boost::optional<std::string> key () const {
+               return _key;
+       }
+
+       void set_key (std::string k) {
+               _key = k;
+       }
+
+private:
+       friend class ::certificates;
+
+       List _certificates;
+       /** Leaf certificate's private key, if known */
+       boost::optional<std::string> _key;
+};
 
 }
+
+#endif