/*
- Copyright (C) 2013-2016 Carl Hetherington <cth@carlh.net>
+ Copyright (C) 2013-2021 Carl Hetherington <cth@carlh.net>
This file is part of libdcp.
files in the program, then also delete it here.
*/
-/** @file src/signer_chain.h
- * @brief Functions to make signer chains.
+
+/** @file src/certificate_chain.h
+ * @brief CertificateChain class
*/
+
#ifndef LIBDCP_CERTIFICATE_CHAIN_H
#define LIBDCP_CERTIFICATE_CHAIN_H
+
#include "certificate.h"
#include "types.h"
#include <boost/filesystem.hpp>
#include <boost/optional.hpp>
+
namespace xmlpp {
class Node;
}
+
+struct certificates_validation1;
+struct certificates_validation2;
+struct certificates_validation3;
+struct certificates_validation4;
+struct certificates_validation5;
+struct certificates_validation6;
+struct certificates_validation7;
+struct certificates_validation8;
+
+
namespace dcp {
+
/** @class CertificateChain
* @brief A chain of any number of certificates, from root to leaf.
+ *
+ * A CertificateChain object can also (optionally) hold the private key corresponding
+ * to the leaf certificate.
*/
class CertificateChain
{
*/
CertificateChain (
boost::filesystem::path openssl,
+ int validity_in_days,
std::string organisation = "example.org",
std::string organisational_unit = "example.org",
std::string root_common_name = ".smpte-430-2.ROOT.NOT_FOR_PRODUCTION",
std::string leaf_common_name = "CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION"
);
+ /** Read a CertificateChain from a string.
+ * @param s A string containing one or more PEM-encoded certificates.
+ */
+ explicit CertificateChain (std::string s);
+
+ /** Add a certificate to the chain.
+ * @param c Certificate to add.
+ */
void add (Certificate c);
+
+ /** Remove a certificate from the chain.
+ * @param c Certificate to remove.
+ */
void remove (Certificate c);
- void remove (int);
+ /** Remove the i'th certificate in the chain, as listed
+ * from root to leaf.
+ */
+ void remove (int i);
+
+ /** @return Root certificate */
Certificate root () const;
+
+ /** @return Leaf certificate */
Certificate leaf () const;
- typedef std::list<Certificate> List;
+ typedef std::vector<Certificate> List;
+ /** @return Certificates in order from leaf to root */
List leaf_to_root () const;
+ /** @return Certificates in order from root to leaf */
List root_to_leaf () const;
+ List unordered () const;
+
+ /** Check if the certificates form a chain (i.e. root signs intermediate etc.)
+ * and that the private key matches the leaf certificate.
+ * @param if not nullptr, filled in with a reason for vailure (or untouched
+ * if there is no error)
+ * @return true if the chain is valid, false if not.
+ */
+ bool valid (std::string* reason = nullptr) const;
- bool valid () const;
- bool attempt_reorder ();
+ /** Check to see if the chain is valid (i.e. root signs the intermediate, intermediate
+ * signs the leaf and so on) and that the private key (if there is one) matches the
+ * leaf certificate.
+ * @return true if it's ok, false if not.
+ */
+ bool chain_valid () const;
+
+ /** Check that there is a valid private key for the leaf certificate.
+ * Will return true if there are no certificates.
+ */
+ bool private_key_valid () const;
+ /** Add a <Signer> and <ds:Signature> nodes to an XML node.
+ * @param parent XML node to add to.
+ * @param standard INTEROP or SMPTE.
+ */
void sign (xmlpp::Element* parent, Standard standard) const;
- void add_signature_value (xmlpp::Node* parent, std::string ns) const;
+
+ /** Sign an XML node.
+ *
+ * @param parent Node to sign.
+ * @param ns Namespace to use for the signature XML nodes.
+ */
+ void add_signature_value (xmlpp::Element* parent, std::string ns, bool add_indentation) const;
boost::optional<std::string> key () const {
return _key;
std::string chain () const;
private:
- friend class ::certificates;
-
+ friend struct ::certificates_validation1;
+ friend struct ::certificates_validation2;
+ friend struct ::certificates_validation3;
+ friend struct ::certificates_validation4;
+ friend struct ::certificates_validation5;
+ friend struct ::certificates_validation6;
+ friend struct ::certificates_validation7;
+ friend struct ::certificates_validation8;
+
+ bool chain_valid(List const & chain, std::string* error = nullptr) const;
+
+ /** Our certificates, not in any particular order */
List _certificates;
- /** Leaf certificate's private key, if known */
+ /** Leaf certificate's private key, if known, in PEM format */
boost::optional<std::string> _key;
};
+
}
+
#endif