{
_certificates.push_back (c);
}
+
+/** Verify the chain.
+ * @return true if it's ok, false if not.
+ */
+bool
+CertificateChain::verify () const
+{
+ X509_STORE* store = X509_STORE_new ();
+ if (!store) {
+ return false;
+ }
+
+ for (list<shared_ptr<Certificate> >::const_iterator i = _certificates.begin(); i != _certificates.end(); ++i) {
+ list<shared_ptr<Certificate> >::const_iterator j = i;
+ ++j;
+ if (j == _certificates.end ()) {
+ break;
+ }
+
+ if (!X509_STORE_add_cert (store, (*i)->x509 ())) {
+ X509_STORE_free (store);
+ return false;
+ }
+
+ X509_STORE_CTX* ctx = X509_STORE_CTX_new ();
+ if (!ctx) {
+ X509_STORE_free (store);
+ return false;
+ }
+
+ X509_STORE_set_flags (store, 0);
+ if (!X509_STORE_CTX_init (ctx, store, (*j)->x509 (), 0)) {
+ X509_STORE_CTX_free (ctx);
+ X509_STORE_free (store);
+ return false;
+ }
+
+ int v = X509_verify_cert (ctx);
+ X509_STORE_CTX_free (ctx);
+
+ if (v == 0) {
+ X509_STORE_free (store);
+ return false;
+ }
+ }
+
+ X509_STORE_free (store);
+ return true;
+}
std::string subject () const;
std::string common_name () const;
+ X509* x509 () const {
+ return _certificate;
+ }
+
RSA* public_key () const;
std::string thumbprint () const;
std::list<boost::shared_ptr<Certificate> > leaf_to_root () const;
+ bool verify () const;
+
private:
friend class ::certificates;
std::list<boost::shared_ptr<Certificate> > _certificates;
dcp::Certificate test (c.root()->certificate (true));
BOOST_CHECK_EQUAL (test.certificate(), c.root()->certificate());
}
+
+/** Check that dcp::CertificateChain::validate() basically works */
+BOOST_AUTO_TEST_CASE (certificates_validation)
+{
+ dcp::CertificateChain good;
+ good.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/ca.self-signed.pem"))));
+ good.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/intermediate.signed.pem"))));
+ good.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/leaf.signed.pem"))));
+ BOOST_CHECK (good.verify ());
+
+ dcp::CertificateChain bad;
+ bad.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/intermediate.signed.pem"))));
+ bad.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/leaf.signed.pem"))));
+ BOOST_CHECK (!bad.verify ());
+}