X-Git-Url: https://git.carlh.net/gitweb/?a=blobdiff_plain;f=src%2Fsigner.cc;h=c04ac1223abfaf4cd4dd273ea97b23399b86da7a;hb=d69d2d2d32b6f874cc13ecec1ce705d44a1feb24;hp=8f0114a2b0e0a9c6c944345b60e707e002130890;hpb=77b0ffe6c50796b8fb132f56394995e0df089713;p=libdcp.git diff --git a/src/signer.cc b/src/signer.cc index 8f0114a2..c04ac122 100644 --- a/src/signer.cc +++ b/src/signer.cc @@ -23,20 +23,59 @@ #include "signer.h" #include "exceptions.h" +#include "certificate_chain.h" +#include "util.h" #include #include #include #include #include #include +#include #include "compose.hpp" using std::string; using std::list; -using std::cout; using boost::shared_ptr; using namespace dcp; +Signer::Signer (boost::filesystem::path openssl) +{ + create (make_certificate_chain (openssl)); +} + +Signer::Signer (boost::filesystem::path openssl, + string organisation, + string organisational_unit, + string root_common_name, + string intermediate_common_name, + string leaf_common_name + ) +{ + create ( + make_certificate_chain ( + openssl, + organisation, + organisational_unit, + root_common_name, + intermediate_common_name, + leaf_common_name + ) + ); +} + +void +Signer::create (boost::filesystem::path directory) +{ + _certificates.add (dcp::Certificate (dcp::file_to_string (directory / "ca.self-signed.pem"))); + _certificates.add (dcp::Certificate (dcp::file_to_string (directory / "intermediate.signed.pem"))); + _certificates.add (dcp::Certificate (dcp::file_to_string (directory / "leaf.signed.pem"))); + + _key = dcp::file_to_string (directory / "leaf.key"); + + boost::filesystem::remove_all (directory); +} + /** Add a <Signer> and <ds:Signature> nodes to an XML node. * @param parent XML node to add to. * @param standard INTEROP or SMPTE. @@ -45,27 +84,27 @@ void Signer::sign (xmlpp::Element* parent, Standard standard) const { /* */ - + xmlpp::Element* signer = parent->add_child("Signer"); xmlpp::Element* data = signer->add_child("X509Data", "dsig"); xmlpp::Element* serial_element = data->add_child("X509IssuerSerial", "dsig"); - serial_element->add_child("X509IssuerName", "dsig")->add_child_text (_certificates.leaf()->issuer()); - serial_element->add_child("X509SerialNumber", "dsig")->add_child_text (_certificates.leaf()->serial()); - data->add_child("X509SubjectName", "dsig")->add_child_text (_certificates.leaf()->subject()); + serial_element->add_child("X509IssuerName", "dsig")->add_child_text (_certificates.leaf().issuer()); + serial_element->add_child("X509SerialNumber", "dsig")->add_child_text (_certificates.leaf().serial()); + data->add_child("X509SubjectName", "dsig")->add_child_text (_certificates.leaf().subject()); /* */ - + xmlpp::Element* signature = parent->add_child("Signature", "dsig"); - + xmlpp::Element* signed_info = signature->add_child ("SignedInfo", "dsig"); signed_info->add_child("CanonicalizationMethod", "dsig")->set_attribute ("Algorithm", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"); - + if (standard == INTEROP) { signed_info->add_child("SignatureMethod", "dsig")->set_attribute("Algorithm", "http://www.w3.org/2000/09/xmldsig#rsa-sha1"); } else { signed_info->add_child("SignatureMethod", "dsig")->set_attribute("Algorithm", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); } - + xmlpp::Element* reference = signed_info->add_child("Reference", "dsig"); reference->set_attribute ("URI", ""); @@ -96,17 +135,17 @@ Signer::add_signature_value (xmlpp::Node* parent, string ns) const xmlpp::Node* key_info = cp.node_child("KeyInfo")->node (); /* Add the certificate chain to the KeyInfo child node of parent */ - list > c = _certificates.leaf_to_root (); - for (list >::iterator i = c.begin(); i != c.end(); ++i) { + CertificateChain::List c = _certificates.leaf_to_root (); + for (CertificateChain::List::iterator i = c.begin(); i != c.end(); ++i) { xmlpp::Element* data = key_info->add_child("X509Data", ns); - + { xmlpp::Element* serial = data->add_child("X509IssuerSerial", ns); - serial->add_child("X509IssuerName", ns)->add_child_text((*i)->issuer ()); - serial->add_child("X509SerialNumber", ns)->add_child_text((*i)->serial ()); + serial->add_child("X509IssuerName", ns)->add_child_text (i->issuer ()); + serial->add_child("X509SerialNumber", ns)->add_child_text (i->serial ()); } - - data->add_child("X509Certificate", ns)->add_child_text((*i)->certificate()); + + data->add_child("X509Certificate", ns)->add_child_text (i->certificate()); } xmlSecDSigCtxPtr signature_context = xmlSecDSigCtxCreate (0); @@ -114,7 +153,10 @@ Signer::add_signature_value (xmlpp::Node* parent, string ns) const throw MiscError ("could not create signature context"); } - signature_context->signKey = xmlSecCryptoAppKeyLoad (_key.string().c_str(), xmlSecKeyDataFormatPem, 0, 0, 0); + signature_context->signKey = xmlSecCryptoAppKeyLoadMemory ( + reinterpret_cast (_key.c_str()), _key.size(), xmlSecKeyDataFormatPem, 0, 0, 0 + ); + if (signature_context->signKey == 0) { throw FileError ("could not load private key file", _key, 0); } @@ -131,3 +173,23 @@ Signer::add_signature_value (xmlpp::Node* parent, string ns) const xmlSecDSigCtxDestroy (signature_context); } + +bool +Signer::valid () const +{ + if (!_certificates.valid ()) { + return false; + } + + BIO* bio = BIO_new_mem_buf (const_cast (_key.c_str ()), -1); + if (!bio) { + throw MiscError ("could not create memory BIO"); + } + + RSA* private_key = PEM_read_bio_RSAPrivateKey (bio, 0, 0, 0); + RSA* public_key = _certificates.leaf().public_key (); + bool const valid = !BN_cmp (private_key->n, public_key->n); + BIO_free (bio); + + return valid; +}