3 #include <boost/filesystem.hpp>
4 #include <boost/algorithm/string.hpp>
5 #include "crypt_chain.h"
6 #include "exceptions.h"
11 using std::stringstream;
14 static void command (char const * c)
16 int const r = system (c);
17 if (WEXITSTATUS (r)) {
19 s << "error in " << c << "\n";
20 throw libdcp::MiscError (s.str());
25 libdcp::make_crypt_chain (string directory)
27 boost::filesystem::current_path (directory);
28 command ("openssl genrsa -out ca.key 2048");
31 ofstream f ("ca.cnf");
33 << "distinguished_name = req_distinguished_name\n"
34 << "x509_extensions = v3_ca\n"
36 << "basicConstraints = critical,CA:true,pathlen:3\n"
37 << "keyUsage = keyCertSign,cRLSign\n"
38 << "subjectKeyIdentifier = hash\n"
39 << "authorityKeyIdentifier = keyid:always,issuer:always\n"
40 << "[ req_distinguished_name ]\n"
41 << "O = Unique organization name\n"
42 << "OU = Organization unit\n"
43 << "CN = Entity and dnQualifier\n";
46 command ("openssl rsa -outform PEM -pubout -in ca.key | openssl base64 -d | dd bs=1 skip=24 2>/dev/null | openssl sha1 -binary | openssl base64 > ca_dnq");
51 ifstream f ("ca_dnq");
53 boost::replace_all (ca_dnq, "/", "\\/");
56 string const ca_subject = "/O=example.org/OU=example.org/CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION/dnQualifier=" + ca_dnq;
60 c << "openssl req -new -x509 -sha256 -config ca.cnf -days 3650 -set_serial 5 -subj " << ca_subject << " -key ca.key -outform PEM -out ca.self-signed.pem";
61 command (c.str().c_str());
64 command ("openssl genrsa -out intermediate.key 2048");
67 ofstream f ("intermediate.cnf");
69 << "distinguished_name = req_distinguished_name\n"
70 << "x509_extensions = v3_ca\n"
72 << "basicConstraints = critical,CA:true,pathlen:2\n"
73 << "keyUsage = keyCertSign,cRLSign\n"
74 << "subjectKeyIdentifier = hash\n"
75 << "authorityKeyIdentifier = keyid:always,issuer:always\n"
76 << "[ req_distinguished_name ]\n"
77 << "O = Unique organization name\n"
78 << "OU = Organization unit\n"
79 << "CN = Entity and dnQualifier\n";
82 command ("openssl rsa -outform PEM -pubout -in intermediate.key | openssl base64 -d | dd bs=1 skip=24 2>/dev/null | openssl sha1 -binary | openssl base64 > inter_dnq");
87 ifstream f ("inter_dnq");
88 getline (f, inter_dnq);
89 boost::replace_all (inter_dnq, "/", "\\/");
92 string const inter_subject = "/O=example.org/OU=example.org/CN=.smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION/dnQualifier=" + inter_dnq;
96 s << "openssl req -new -config intermediate.cnf -days 3649 -subj " << inter_subject << " -key intermediate.key -out intermediate.csr";
97 command (s.str().c_str());
101 command ("openssl x509 -req -sha256 -days 3649 -CA ca.self-signed.pem -CAkey ca.key -set_serial 6 -in intermediate.csr -extfile intermediate.cnf -extensions v3_ca -out intermediate.signed.pem");
103 command ("openssl genrsa -out leaf.key 2048");
106 ofstream f ("leaf.cnf");
108 << "distinguished_name = req_distinguished_name\n"
109 << "x509_extensions = v3_ca\n"
111 << "basicConstraints = critical,CA:false\n"
112 << "keyUsage = digitalSignature,keyEncipherment\n"
113 << "subjectKeyIdentifier = hash\n"
114 << "authorityKeyIdentifier = keyid,issuer:always\n"
115 << "[ req_distinguished_name ]\n"
116 << "O = Unique organization name\n"
117 << "OU = Organization unit\n"
118 << "CN = Entity and dnQualifier\n";
121 command ("openssl rsa -outform PEM -pubout -in leaf.key | openssl base64 -d | dd bs=1 skip=24 2>/dev/null | openssl sha1 -binary | openssl base64 > leaf_dnq");
126 ifstream f ("leaf_dnq");
127 getline (f, leaf_dnq);
128 boost::replace_all (leaf_dnq, "/", "\\/");
131 string const leaf_subject = "/O=example.org/OU=example.org/CN=CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION/dnQualifier=" + leaf_dnq;
135 s << "openssl req -new -config leaf.cnf -days 3648 -subj " << leaf_subject << " -key leaf.key -outform PEM -out leaf.csr";
136 command (s.str().c_str());
139 command ("openssl x509 -req -sha256 -days 3648 -CA intermediate.signed.pem -CAkey intermediate.key -set_serial 7 -in leaf.csr -extfile leaf.cnf -extensions v3_ca -out leaf.signed.pem");