From bd195d6b1a0b2928abc6aa4b75bea8b0fb1aac8a Mon Sep 17 00:00:00 2001
From: Carl Hetherington <cth@carlh.net>
Date: Fri, 9 Oct 2015 16:32:42 +0100
Subject: [PATCH] Nicer default labels in certificate chains.

---
 ChangeLog         |  3 +++
 src/lib/config.cc | 23 +++++++++++++++++++----
 src/lib/config.h  |  1 +
 3 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8ed18b7c1..a37851a10 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2015-10-09  c.hetherington  <cth@carlh.net>
 
+	* Create certificate chains with nicer default
+	organizational unit etc.
+
 	* Various improvements to server GUI.
 
 	* Package main DCP-o-matic, server and batch
diff --git a/src/lib/config.cc b/src/lib/config.cc
index f00d8d1e5..07c9b9c89 100644
--- a/src/lib/config.cc
+++ b/src/lib/config.cc
@@ -122,14 +122,29 @@ Config::restore_defaults ()
 	Config::instance()->changed ();
 }
 
+shared_ptr<dcp::CertificateChain>
+Config::create_certificate_chain ()
+{
+	return shared_ptr<dcp::CertificateChain> (
+		new dcp::CertificateChain (
+			openssl_path(),
+			"dcpomatic.com",
+			"dcpomatic.com",
+			".dcpomatic.smpte-430-2.ROOT",
+			".dcpomatic.smpte-430-2.INTERMEDIATE",
+			"CS.dcpomatic.smpte-430-2.LEAF"
+			)
+		);
+}
+
 void
 Config::read ()
 {
 	if (!have_existing ()) {
 		/* Make a new set of signing certificates and key */
-		_signer_chain.reset (new dcp::CertificateChain (openssl_path ()));
+		_signer_chain = create_certificate_chain ();
 		/* And similar for decryption of KDMs */
-		_decryption_chain.reset (new dcp::CertificateChain (openssl_path ()));
+		_decryption_chain = create_certificate_chain ();
 		write ();
 		return;
 	}
@@ -256,7 +271,7 @@ Config::read ()
 		_signer_chain = c;
 	} else {
 		/* Make a new set of signing certificates and key */
-		_signer_chain.reset (new dcp::CertificateChain (openssl_path ()));
+		_signer_chain = create_certificate_chain ();
 	}
 
 	cxml::NodePtr decryption = f.optional_node_child ("Decryption");
@@ -268,7 +283,7 @@ Config::read ()
 		c->set_key (decryption->string_child ("PrivateKey"));
 		_decryption_chain = c;
 	} else {
-		_decryption_chain.reset (new dcp::CertificateChain (openssl_path ()));
+		_decryption_chain = create_certificate_chain ();
 	}
 }
 
diff --git a/src/lib/config.h b/src/lib/config.h
index 579527975..9c1f23161 100644
--- a/src/lib/config.h
+++ b/src/lib/config.h
@@ -452,6 +452,7 @@ private:
 	void read ();
 	void set_defaults ();
 	void set_kdm_email_to_default ();
+	boost::shared_ptr<dcp::CertificateChain> create_certificate_chain ();
 
 	template <class T>
 	void maybe_set (T& member, T new_value) {
-- 
2.30.2