return get_name_part (X509_get_subject_name (_certificate), NID_organizationalUnitName);
}
+static
+struct tm
+convert_time (ASN1_TIME const * time)
+{
+ struct tm t;
+ char const * s = (char const *) time->data;
+
+ if (time->type == V_ASN1_UTCTIME) {
+ sscanf(s, "%2d%2d%2d%2d%2d%2d", &t.tm_year, &t.tm_mon, &t.tm_mday, &t.tm_hour, &t.tm_min, &t.tm_sec);
+ if (t.tm_year < 70) {
+ t.tm_year += 100;
+ }
+ } else if (time->type == V_ASN1_GENERALIZEDTIME) {
+ sscanf(s, "%4d%2d%2d%2d%2d%2d", &t.tm_year, &t.tm_mon, &t.tm_mday, &t.tm_hour, &t.tm_min, &t.tm_sec);
+ t.tm_year -= 1900;
+ }
+
+ return t;
+}
+
+struct tm
+Certificate::not_before () const
+{
+ DCP_ASSERT (_certificate);
+ return convert_time(X509_get0_notBefore(_certificate));
+}
+
+struct tm
+Certificate::not_after () const
+{
+ DCP_ASSERT (_certificate);
+ return convert_time(X509_get0_notAfter(_certificate));
+}
+
string
Certificate::serial () const
{
std::string subject_common_name () const;
std::string subject_organization_name () const;
std::string subject_organizational_unit_name () const;
+ struct tm not_before () const;
+ struct tm not_after () const;
X509* x509 () const {
return _certificate;
return _data->authenticated_public.required_extensions.kdm_required_extensions.recipient.x509_subject_name;
}
+CertificateChain
+EncryptedKDM::signer_certificate_chain () const
+{
+ CertificateChain chain;
+ BOOST_FOREACH (data::X509Data const & i, _data->signature.x509_data) {
+ string s = "-----BEGIN CERTIFICATE-----\n" + i.x509_certificate + "\n-----END CERTIFICATE-----";
+ chain.add (Certificate(s));
+ }
+ return chain;
+}
+
bool
dcp::operator== (EncryptedKDM const & a, EncryptedKDM const & b)
{
LocalTime not_valid_before () const;
LocalTime not_valid_after () const;
std::string recipient_x509_subject_name () const;
+ CertificateChain signer_certificate_chain () const;
private:
/*
- Copyright (C) 2017 Carl Hetherington <cth@carlh.net>
+ Copyright (C) 2017-2019 Carl Hetherington <cth@carlh.net>
This file is part of libdcp.
#include "decrypted_kdm.h"
#include "util.h"
#include "exceptions.h"
+#include "certificate_chain.h"
#include <boost/foreach.hpp>
#include <getopt.h>
<< " -p, --private-key private key file\n";
}
+static string
+tm_to_string (struct tm t)
+{
+ char buffer[64];
+ snprintf (buffer, 64, "%02d/%02d/%02d %02d:%02d:%02d", t.tm_mday, t.tm_mon, (t.tm_year + 1900), t.tm_hour, t.tm_min, t.tm_sec);
+ return buffer;
+}
+
int
main (int argc, char* argv[])
{
cout << "CPL id: " << enc_kdm.cpl_id() << "\n";
cout << "Recipient: " << enc_kdm.recipient_x509_subject_name() << "\n";
+ cout << "Signer chain:\n";
+ dcp::CertificateChain signer = enc_kdm.signer_certificate_chain ();
+ BOOST_FOREACH (dcp::Certificate const & i, signer.root_to_leaf()) {
+ cout << "\tCertificate:\n";
+ cout << "\t\tSubject: " << i.subject() << "\n";
+ cout << "\t\tSubject common name: " << i.subject_common_name() << "\n";
+ cout << "\t\tSubject organization name: " << i.subject_organization_name() << "\n";
+ cout << "\t\tSubject organizational unit name: " << i.subject_organizational_unit_name() << "\n";
+ cout << "\t\tNot before: " << tm_to_string(i.not_before()) << "\n";
+ cout << "\t\tNot after: " << tm_to_string(i.not_after()) << "\n";
+ }
+
if (private_key_file) {
try {
dcp::DecryptedKDM dec_kdm (enc_kdm, dcp::file_to_string (private_key_file.get()));