X-Git-Url: https://git.carlh.net/gitweb/?a=blobdiff_plain;f=src%2Fcertificate_chain.h;h=63ef89015eee80e7cc6dd8822759d82865fc6e66;hb=f5bd0937a730e9dbb58f955c11df41abc56e89b5;hp=dcb9c1418e07b6d1443f7afe04ad218b97b9e26f;hpb=2ae92dcc97765deb2845dd07a338858aeb375cb3;p=libdcp.git diff --git a/src/certificate_chain.h b/src/certificate_chain.h index dcb9c141..63ef8901 100644 --- a/src/certificate_chain.h +++ b/src/certificate_chain.h @@ -1,45 +1,138 @@ /* - Copyright (C) 2013-2014 Carl Hetherington + Copyright (C) 2013-2016 Carl Hetherington - This program is free software; you can redistribute it and/or modify + This file is part of libdcp. + + libdcp is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - This program is distributed in the hope that it will be useful, + libdcp is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with libdcp. If not, see . + + In addition, as a special exception, the copyright holders give + permission to link the code of portions of this program with the + OpenSSL library under certain conditions as described in each + individual source file, and distribute linked combinations + including the two. + You must obey the GNU General Public License in all respects + for all of the code used other than OpenSSL. If you modify + file(s) with this exception, you may extend this exception to your + version of the file(s), but you are not obligated to do so. If you + do not wish to do so, delete this exception statement from your + version. If you delete this exception statement from all source + files in the program, then also delete it here. */ /** @file src/signer_chain.h * @brief Functions to make signer chains. */ +#ifndef LIBDCP_CERTIFICATE_CHAIN_H +#define LIBDCP_CERTIFICATE_CHAIN_H + +#include "certificate.h" +#include "types.h" #include +#include + +namespace xmlpp { + class Node; +} + +struct certificates_validation1; +struct certificates_validation2; +struct certificates_validation3; +struct certificates_validation4; +struct certificates_validation5; +struct certificates_validation6; +struct certificates_validation7; +struct certificates_validation8; namespace dcp { -/** Create a chain of certificates for signing things. - * @param openssl Name of openssl binary (if it is on the path) or full path. - * @return Directory (which should be deleted by the caller) containing: - * - ca.self-signed.pem self-signed root certificate - * - intermediate.signed.pem intermediate certificate - * - leaf.key leaf certificate private key - * - leaf.signed.pem leaf certificate +/** @class CertificateChain + * @brief A chain of any number of certificates, from root to leaf. */ -boost::filesystem::path make_certificate_chain ( - boost::filesystem::path openssl, - std::string organisation = "example.org", - std::string organisational_unit = "example.org", - std::string root_common_name = ".smpte-430-2.ROOT.NOT_FOR_PRODUCTION", - std::string intermediate_common_name = ".smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION", - std::string leaf_common_name = "CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION" - ); +class CertificateChain +{ +public: + CertificateChain () {} + + /** Create a chain of certificates for signing things. + * @param openssl Name of openssl binary (if it is on the path) or full path. + * @return Directory (which should be deleted by the caller) containing: + * - ca.self-signed.pem self-signed root certificate + * - intermediate.signed.pem intermediate certificate + * - leaf.key leaf certificate private key + * - leaf.signed.pem leaf certificate + */ + CertificateChain ( + boost::filesystem::path openssl, + std::string organisation = "example.org", + std::string organisational_unit = "example.org", + std::string root_common_name = ".smpte-430-2.ROOT.NOT_FOR_PRODUCTION", + std::string intermediate_common_name = ".smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION", + std::string leaf_common_name = "CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION" + ); + + explicit CertificateChain (std::string); + + void add (Certificate c); + void remove (Certificate c); + void remove (int); + + Certificate root () const; + Certificate leaf () const; + + typedef std::list List; + + List leaf_to_root () const; + List root_to_leaf () const; + List unordered () const; + + bool valid (std::string* reason = 0) const; + bool chain_valid () const; + bool private_key_valid () const; + + void sign (xmlpp::Element* parent, Standard standard) const; + void add_signature_value (xmlpp::Element* parent, std::string ns, bool add_indentation) const; + + boost::optional key () const { + return _key; + } + + void set_key (std::string k) { + _key = k; + } + + std::string chain () const; + +private: + friend struct ::certificates_validation1; + friend struct ::certificates_validation2; + friend struct ::certificates_validation3; + friend struct ::certificates_validation4; + friend struct ::certificates_validation5; + friend struct ::certificates_validation6; + friend struct ::certificates_validation7; + friend struct ::certificates_validation8; + + bool chain_valid (List const & chain) const; + + /** Our certificates, not in any particular order */ + List _certificates; + /** Leaf certificate's private key, if known */ + boost::optional _key; +}; } + +#endif