Some OS X build fixes.

[libdcp.git] / src / signer.cc

diff --git a/src/signer.cc b/src/signer.cc
index a280cb07af0ff693fd15f306fca1dbe9ce31584a..f6cc76ac4edbfdd9e84d7d34d362cd2e0a34af33 100644 (file)
--- a/src/signer.cc
+++ b/src/signer.cc
@@ -23,19 +23,59 @@
 
 #include "signer.h"
 #include "exceptions.h"
+#include "certificate_chain.h"
+#include "util.h"
 #include <libcxml/cxml.h>
 #include <libxml++/libxml++.h>
 #include <xmlsec/xmldsig.h>
 #include <xmlsec/dl.h>
 #include <xmlsec/app.h>
 #include <xmlsec/crypto.h>
+#include <openssl/pem.h>
+#include "compose.hpp"
 
 using std::string;
 using std::list;
-using std::cout;
 using boost::shared_ptr;
 using namespace dcp;
 
+Signer::Signer (boost::filesystem::path openssl)
+{
+       create (make_certificate_chain (openssl));
+}
+
+Signer::Signer (boost::filesystem::path openssl,
+               string organisation,
+               string organisational_unit,
+               string root_common_name,
+               string intermediate_common_name,
+               string leaf_common_name
+       )
+{
+       create (
+               make_certificate_chain (
+                       openssl,
+                       organisation,
+                       organisational_unit,
+                       root_common_name,
+                       intermediate_common_name,
+                       leaf_common_name
+                       )
+               );
+}
+
+void
+Signer::create (boost::filesystem::path directory)
+{
+       _certificates.add (dcp::Certificate (dcp::file_to_string (directory / "ca.self-signed.pem")));
+       _certificates.add (dcp::Certificate (dcp::file_to_string (directory / "intermediate.signed.pem")));
+       _certificates.add (dcp::Certificate (dcp::file_to_string (directory / "leaf.signed.pem")));
+
+       _key = dcp::file_to_string (directory / "leaf.key");
+
+       boost::filesystem::remove_all (directory);
+}
+
 /** Add a &lt;Signer&gt; and &lt;ds:Signature&gt; nodes to an XML node.
  *  @param parent XML node to add to.
  *  @param standard INTEROP or SMPTE.
@@ -48,9 +88,9 @@ Signer::sign (xmlpp::Element* parent, Standard standard) const
        xmlpp::Element* signer = parent->add_child("Signer");
        xmlpp::Element* data = signer->add_child("X509Data", "dsig");
        xmlpp::Element* serial_element = data->add_child("X509IssuerSerial", "dsig");
-       serial_element->add_child("X509IssuerName", "dsig")->add_child_text (_certificates.leaf()->issuer());
-       serial_element->add_child("X509SerialNumber", "dsig")->add_child_text (_certificates.leaf()->serial());
-       data->add_child("X509SubjectName", "dsig")->add_child_text (_certificates.leaf()->subject());
+       serial_element->add_child("X509IssuerName", "dsig")->add_child_text (_certificates.leaf().issuer());
+       serial_element->add_child("X509SerialNumber", "dsig")->add_child_text (_certificates.leaf().serial());
+       data->add_child("X509SubjectName", "dsig")->add_child_text (_certificates.leaf().subject());
 
        /* <Signature> */
        
@@ -95,17 +135,17 @@ Signer::add_signature_value (xmlpp::Node* parent, string ns) const
        xmlpp::Node* key_info = cp.node_child("KeyInfo")->node ();
 
        /* Add the certificate chain to the KeyInfo child node of parent */
-       list<shared_ptr<Certificate> > c = _certificates.leaf_to_root ();
-       for (list<shared_ptr<Certificate> >::iterator i = c.begin(); i != c.end(); ++i) {
+       CertificateChain::List c = _certificates.leaf_to_root ();
+       for (CertificateChain::List::iterator i = c.begin(); i != c.end(); ++i) {
                xmlpp::Element* data = key_info->add_child("X509Data", ns);
                
                {
                        xmlpp::Element* serial = data->add_child("X509IssuerSerial", ns);
-                       serial->add_child("X509IssuerName", ns)->add_child_text((*i)->issuer ());
-                       serial->add_child("X509SerialNumber", ns)->add_child_text((*i)->serial ());
+                       serial->add_child("X509IssuerName", ns)->add_child_text (i->issuer ());
+                       serial->add_child("X509SerialNumber", ns)->add_child_text (i->serial ());
                }
                
-               data->add_child("X509Certificate", ns)->add_child_text((*i)->certificate());
+               data->add_child("X509Certificate", ns)->add_child_text (i->certificate());
        }
 
        xmlSecDSigCtxPtr signature_context = xmlSecDSigCtxCreate (0);
@@ -113,7 +153,10 @@ Signer::add_signature_value (xmlpp::Node* parent, string ns) const
                throw MiscError ("could not create signature context");
        }
 
-       signature_context->signKey = xmlSecCryptoAppKeyLoad (_key.string().c_str(), xmlSecKeyDataFormatPem, 0, 0, 0);
+       signature_context->signKey = xmlSecCryptoAppKeyLoadMemory (
+               reinterpret_cast<const unsigned char *> (_key.c_str()), _key.size(), xmlSecKeyDataFormatPem, 0, 0, 0
+               );
+       
        if (signature_context->signKey == 0) {
                throw FileError ("could not load private key file", _key, 0);
        }
@@ -123,9 +166,30 @@ Signer::add_signature_value (xmlpp::Node* parent, string ns) const
                throw MiscError ("could not set key name");
        }
 
-       if (xmlSecDSigCtxSign (signature_context, parent->cobj ()) < 0) {
-               throw MiscError ("could not sign");
+       int const r = xmlSecDSigCtxSign (signature_context, parent->cobj ());
+       if (r < 0) {
+               throw MiscError (String::compose ("could not sign (%1)", r));
        }
 
        xmlSecDSigCtxDestroy (signature_context);
 }
+
+bool
+Signer::valid () const
+{
+       if (!_certificates.valid ()) {
+               return false;
+       }
+
+       BIO* bio = BIO_new_mem_buf (const_cast<char *> (_key.c_str ()), -1);
+       if (!bio) {
+               throw MiscError ("could not create memory BIO");
+       }
+       
+       RSA* private_key = PEM_read_bio_RSAPrivateKey (bio, 0, 0, 0);
+       RSA* public_key = _certificates.leaf().public_key ();
+       bool const valid = !BN_cmp (private_key->n, public_key->n);
+       BIO_free (bio);
+
+       return valid;
+}