X-Git-Url: https://git.carlh.net/gitweb/?a=blobdiff_plain;f=src%2Fcertificate_chain.h;h=8d07ebc26db6124343c3df55bc5739e5fbe5abbc;hb=6518f7e4e8b02a1d78b6121c2032fa27c50ddc78;hp=8b54604d2f6d38e4a2a549231e6e8368ecb35b63;hpb=a266fc223ecb7a696fa9dc35422ef0264b1c3c40;p=libdcp.git diff --git a/src/certificate_chain.h b/src/certificate_chain.h index 8b54604d..8d07ebc2 100644 --- a/src/certificate_chain.h +++ b/src/certificate_chain.h @@ -1,5 +1,5 @@ /* - Copyright (C) 2013-2016 Carl Hetherington + Copyright (C) 2013-2021 Carl Hetherington This file is part of libdcp. @@ -31,22 +31,27 @@ files in the program, then also delete it here. */ -/** @file src/signer_chain.h - * @brief Functions to make signer chains. + +/** @file src/certificate_chain.h + * @brief CertificateChain class */ + #ifndef LIBDCP_CERTIFICATE_CHAIN_H #define LIBDCP_CERTIFICATE_CHAIN_H + #include "certificate.h" #include "types.h" #include #include + namespace xmlpp { class Node; } + struct certificates_validation1; struct certificates_validation2; struct certificates_validation3; @@ -56,10 +61,15 @@ struct certificates_validation6; struct certificates_validation7; struct certificates_validation8; + namespace dcp { + /** @class CertificateChain * @brief A chain of any number of certificates, from root to leaf. + * + * A CertificateChain object can also (optionally) hold the private key corresponding + * to the leaf certificate. */ class CertificateChain { @@ -76,6 +86,7 @@ public: */ CertificateChain ( boost::filesystem::path openssl, + int validity_in_days, std::string organisation = "example.org", std::string organisational_unit = "example.org", std::string root_common_name = ".smpte-430-2.ROOT.NOT_FOR_PRODUCTION", @@ -83,27 +94,66 @@ public: std::string leaf_common_name = "CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION" ); - explicit CertificateChain (std::string); + /** Read a CertificateChain from a string. + * @param s A string containing one or more PEM-encoded certificates. + */ + explicit CertificateChain (std::string s); + /** Add a certificate to the chain. + * @param c Certificate to add. + */ void add (Certificate c); + + /** Remove a certificate from the chain. + * @param c Certificate to remove. + */ void remove (Certificate c); - void remove (int); + /** Remove the i'th certificate in the chain, as listed + * from root to leaf. + */ + void remove (int i); + + /** @return Root certificate */ Certificate root () const; + + /** @return Leaf certificate */ Certificate leaf () const; - typedef std::list List; + typedef std::vector List; + /** @return Certificates in order from leaf to root */ List leaf_to_root () const; + /** @return Certificates in order from root to leaf */ List root_to_leaf () const; List unordered () const; - bool valid (std::string* reason = 0) const; + bool valid (std::string* reason = nullptr) const; + + /** Check to see if the chain is valid (i.e. root signs the intermediate, intermediate + * signs the leaf and so on) and that the private key (if there is one) matches the + * leaf certificate. + * @return true if it's ok, false if not. + */ bool chain_valid () const; + + /** Check that there is a valid private key for the leaf certificate. + * Will return true if there are no certificates. + */ bool private_key_valid () const; + /** Add a <Signer> and <ds:Signature> nodes to an XML node. + * @param parent XML node to add to. + * @param standard INTEROP or SMPTE. + */ void sign (xmlpp::Element* parent, Standard standard) const; - void add_signature_value (xmlpp::Element* parent, std::string ns) const; + + /** Sign an XML node. + * + * @param parent Node to sign. + * @param ns Namespace to use for the signature XML nodes. + */ + void add_signature_value (xmlpp::Element* parent, std::string ns, bool add_indentation) const; boost::optional key () const { return _key; @@ -125,14 +175,16 @@ private: friend struct ::certificates_validation7; friend struct ::certificates_validation8; - bool chain_valid (List const & chain) const; + bool chain_valid(List const & chain, std::string* error = nullptr) const; /** Our certificates, not in any particular order */ List _certificates; - /** Leaf certificate's private key, if known */ + /** Leaf certificate's private key, if known, in PEM format */ boost::optional _key; }; + } + #endif