/** @class CertificateChain
* @brief A chain of any number of certificates, from root to leaf.
+ *
+ * A CertificateChain object can also (optionally) hold the private key corresponding
+ * to the leaf certificate.
*/
class CertificateChain
{
*/
CertificateChain (
boost::filesystem::path openssl,
+ int validity_in_days,
std::string organisation = "example.org",
std::string organisational_unit = "example.org",
std::string root_common_name = ".smpte-430-2.ROOT.NOT_FOR_PRODUCTION",
std::string leaf_common_name = "CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION"
);
- explicit CertificateChain (std::string);
+ /** Read a CertificateChain from a string.
+ * @param s A string containing one or more PEM-encoded certificates.
+ */
+ explicit CertificateChain (std::string s);
/** Add a certificate to the chain.
* @param c Certificate to add.
List root_to_leaf () const;
List unordered () const;
+ /** Check if the certificates form a chain (i.e. root signs intermediate etc.)
+ * and that the private key matches the leaf certificate.
+ * @param if not nullptr, filled in with a reason for vailure (or untouched
+ * if there is no error)
+ * @return true if the chain is valid, false if not.
+ */
bool valid (std::string* reason = nullptr) const;
/** Check to see if the chain is valid (i.e. root signs the intermediate, intermediate
friend struct ::certificates_validation7;
friend struct ::certificates_validation8;
- bool chain_valid (List const & chain) const;
+ bool chain_valid(List const & chain, std::string* error = nullptr) const;
/** Our certificates, not in any particular order */
List _certificates;
- /** Leaf certificate's private key, if known */
+ /** Leaf certificate's private key, if known, in PEM format */
boost::optional<std::string> _key;
};
+std::string public_key_digest(RSA* public_key);
+std::string public_key_digest(boost::filesystem::path private_key);
+std::string escape_digest(std::string digest);
+
+
}