using std::list;
using std::string;
using std::cout;
-using boost::shared_ptr;
+using std::ostream;
using namespace dcp;
/** @param c X509 certificate, which this object will take ownership of */
}
-/** Load an X509 certificate from a file.
- * @param filename File to load.
- */
-Certificate::Certificate (boost::filesystem::path filename)
- : _certificate (0)
- , _public_key (0)
-{
- FILE* f = fopen_boost (filename, "r");
- if (!f) {
- throw FileError ("could not open file", filename, errno);
- }
-
- if (!PEM_read_X509 (f, &_certificate, 0, 0)) {
- throw MiscError ("could not read X509 certificate");
- }
-}
-
/** Load an X509 certificate from a string.
* @param cert String to read from.
*/
RSA_free (_public_key);
_public_key = 0;
- read_string (other.certificate ());
+ read_string (other.certificate (true));
return *this;
}
uint8_t buffer[8192];
uint8_t* p = buffer;
i2d_X509_CINF (_certificate->cert_info, &p);
- int const length = p - buffer;
- if (length > 8192) {
+ unsigned int const length = p - buffer;
+ if (length > sizeof (buffer)) {
throw MiscError ("buffer too small to generate thumbprint");
}
return _public_key;
}
+bool
+dcp::operator== (Certificate const & a, Certificate const & b)
+{
+ return a.certificate() == b.certificate();
+}
+
+bool
+dcp::operator< (Certificate const & a, Certificate const & b)
+{
+ return a.certificate() < b.certificate();
+}
+
+ostream&
+dcp::operator<< (ostream& s, Certificate const & c)
+{
+ s << c.certificate();
+ return s;
+}
+
/** @return Root certificate */
-shared_ptr<Certificate>
+Certificate
CertificateChain::root () const
{
assert (!_certificates.empty());
}
/** @return Leaf certificate */
-shared_ptr<Certificate>
+Certificate
CertificateChain::leaf () const
{
assert (_certificates.size() >= 2);
* @param c Certificate to add.
*/
void
-CertificateChain::add (shared_ptr<Certificate> c)
+CertificateChain::add (Certificate c)
{
_certificates.push_back (c);
}
+/** Remove a certificate from the chain.
+ * @param c Certificate to remove.
+ */
void
-CertificateChain::remove (shared_ptr<Certificate> c)
+CertificateChain::remove (Certificate c)
{
_certificates.remove (c);
}
}
}
-/** Verify the chain.
+/** Check to see if the chain is valid (i.e. root signs the intermediate, intermediate
+ * signs the leaf and so on).
* @return true if it's ok, false if not.
*/
bool
-CertificateChain::verify () const
+CertificateChain::valid () const
{
X509_STORE* store = X509_STORE_new ();
if (!store) {
break;
}
- if (!X509_STORE_add_cert (store, (*i)->x509 ())) {
+ if (!X509_STORE_add_cert (store, i->x509 ())) {
X509_STORE_free (store);
return false;
}
}
X509_STORE_set_flags (store, 0);
- if (!X509_STORE_CTX_init (ctx, store, (*j)->x509 (), 0)) {
+ if (!X509_STORE_CTX_init (ctx, store, j->x509 (), 0)) {
X509_STORE_CTX_free (ctx);
X509_STORE_free (store);
return false;
List original = _certificates;
_certificates.sort ();
do {
- if (verify ()) {
+ if (valid ()) {
return true;
}
} while (std::next_permutation (_certificates.begin(), _certificates.end ()));