X-Git-Url: https://main.carlh.net/gitweb/?a=blobdiff_plain;f=src%2Fsigner.cc;h=f6cc76ac4edbfdd9e84d7d34d362cd2e0a34af33;hb=491ac453512ac1982f62fc0d2a310586427601d7;hp=a280cb07af0ff693fd15f306fca1dbe9ce31584a;hpb=ac265d3d008328b9bdaf00c39ebcd86f263605c7;p=libdcp.git

diff --git a/src/signer.cc b/src/signer.cc
index a280cb07..f6cc76ac 100644
--- a/src/signer.cc
+++ b/src/signer.cc
@@ -23,19 +23,59 @@
 
 #include "signer.h"
 #include "exceptions.h"
+#include "certificate_chain.h"
+#include "util.h"
 #include <libcxml/cxml.h>
 #include <libxml++/libxml++.h>
 #include <xmlsec/xmldsig.h>
 #include <xmlsec/dl.h>
 #include <xmlsec/app.h>
 #include <xmlsec/crypto.h>
+#include <openssl/pem.h>
+#include "compose.hpp"
 
 using std::string;
 using std::list;
-using std::cout;
 using boost::shared_ptr;
 using namespace dcp;
 
+Signer::Signer (boost::filesystem::path openssl)
+{
+	create (make_certificate_chain (openssl));
+}
+
+Signer::Signer (boost::filesystem::path openssl,
+		string organisation,
+		string organisational_unit,
+		string root_common_name,
+		string intermediate_common_name,
+		string leaf_common_name
+	)
+{
+	create (
+		make_certificate_chain (
+			openssl,
+			organisation,
+			organisational_unit,
+			root_common_name,
+			intermediate_common_name,
+			leaf_common_name
+			)
+		);
+}
+
+void
+Signer::create (boost::filesystem::path directory)
+{
+	_certificates.add (dcp::Certificate (dcp::file_to_string (directory / "ca.self-signed.pem")));
+	_certificates.add (dcp::Certificate (dcp::file_to_string (directory / "intermediate.signed.pem")));
+	_certificates.add (dcp::Certificate (dcp::file_to_string (directory / "leaf.signed.pem")));
+
+	_key = dcp::file_to_string (directory / "leaf.key");
+
+	boost::filesystem::remove_all (directory);
+}
+
 /** Add a &lt;Signer&gt; and &lt;ds:Signature&gt; nodes to an XML node.
  *  @param parent XML node to add to.
  *  @param standard INTEROP or SMPTE.
@@ -48,9 +88,9 @@ Signer::sign (xmlpp::Element* parent, Standard standard) const
 	xmlpp::Element* signer = parent->add_child("Signer");
 	xmlpp::Element* data = signer->add_child("X509Data", "dsig");
 	xmlpp::Element* serial_element = data->add_child("X509IssuerSerial", "dsig");
-	serial_element->add_child("X509IssuerName", "dsig")->add_child_text (_certificates.leaf()->issuer());
-	serial_element->add_child("X509SerialNumber", "dsig")->add_child_text (_certificates.leaf()->serial());
-	data->add_child("X509SubjectName", "dsig")->add_child_text (_certificates.leaf()->subject());
+	serial_element->add_child("X509IssuerName", "dsig")->add_child_text (_certificates.leaf().issuer());
+	serial_element->add_child("X509SerialNumber", "dsig")->add_child_text (_certificates.leaf().serial());
+	data->add_child("X509SubjectName", "dsig")->add_child_text (_certificates.leaf().subject());
 
 	/* <Signature> */
 	
@@ -95,17 +135,17 @@ Signer::add_signature_value (xmlpp::Node* parent, string ns) const
 	xmlpp::Node* key_info = cp.node_child("KeyInfo")->node ();
 
 	/* Add the certificate chain to the KeyInfo child node of parent */
-	list<shared_ptr<Certificate> > c = _certificates.leaf_to_root ();
-	for (list<shared_ptr<Certificate> >::iterator i = c.begin(); i != c.end(); ++i) {
+	CertificateChain::List c = _certificates.leaf_to_root ();
+	for (CertificateChain::List::iterator i = c.begin(); i != c.end(); ++i) {
 		xmlpp::Element* data = key_info->add_child("X509Data", ns);
 		
 		{
 			xmlpp::Element* serial = data->add_child("X509IssuerSerial", ns);
-			serial->add_child("X509IssuerName", ns)->add_child_text((*i)->issuer ());
-			serial->add_child("X509SerialNumber", ns)->add_child_text((*i)->serial ());
+			serial->add_child("X509IssuerName", ns)->add_child_text (i->issuer ());
+			serial->add_child("X509SerialNumber", ns)->add_child_text (i->serial ());
 		}
 		
-		data->add_child("X509Certificate", ns)->add_child_text((*i)->certificate());
+		data->add_child("X509Certificate", ns)->add_child_text (i->certificate());
 	}
 
 	xmlSecDSigCtxPtr signature_context = xmlSecDSigCtxCreate (0);
@@ -113,7 +153,10 @@ Signer::add_signature_value (xmlpp::Node* parent, string ns) const
 		throw MiscError ("could not create signature context");
 	}
 
-	signature_context->signKey = xmlSecCryptoAppKeyLoad (_key.string().c_str(), xmlSecKeyDataFormatPem, 0, 0, 0);
+	signature_context->signKey = xmlSecCryptoAppKeyLoadMemory (
+		reinterpret_cast<const unsigned char *> (_key.c_str()), _key.size(), xmlSecKeyDataFormatPem, 0, 0, 0
+		);
+	
 	if (signature_context->signKey == 0) {
 		throw FileError ("could not load private key file", _key, 0);
 	}
@@ -123,9 +166,30 @@ Signer::add_signature_value (xmlpp::Node* parent, string ns) const
 		throw MiscError ("could not set key name");
 	}
 
-	if (xmlSecDSigCtxSign (signature_context, parent->cobj ()) < 0) {
-		throw MiscError ("could not sign");
+	int const r = xmlSecDSigCtxSign (signature_context, parent->cobj ());
+	if (r < 0) {
+		throw MiscError (String::compose ("could not sign (%1)", r));
 	}
 
 	xmlSecDSigCtxDestroy (signature_context);
 }
+
+bool
+Signer::valid () const
+{
+	if (!_certificates.valid ()) {
+		return false;
+	}
+
+	BIO* bio = BIO_new_mem_buf (const_cast<char *> (_key.c_str ()), -1);
+	if (!bio) {
+		throw MiscError ("could not create memory BIO");
+	}
+	
+	RSA* private_key = PEM_read_bio_RSAPrivateKey (bio, 0, 0, 0);
+	RSA* public_key = _certificates.leaf().public_key ();
+	bool const valid = !BN_cmp (private_key->n, public_key->n);
+	BIO_free (bio);
+
+	return valid;
+}