Pass certificate validity length into the constructor.

diff --git a/src/certificate_chain.cc b/src/certificate_chain.cc
index 5ff9b2943431402d31295be02b257fa3475c7819..84478dc1d2fb37c5a820d4b0890029ce7db06761 100644 (file)
--- a/src/certificate_chain.cc
+++ b/src/certificate_chain.cc
@@ -187,6 +187,7 @@ public_key_digest (boost::filesystem::path private_key, boost::filesystem::path
 
 CertificateChain::CertificateChain (
        boost::filesystem::path openssl,
+       int validity_in_days,
        string organisation,
        string organisational_unit,
        string root_common_name,
@@ -194,9 +195,6 @@ CertificateChain::CertificateChain (
        string leaf_common_name
        )
 {
-       /* Valid for 40 years */
-       int const days = 365 * 40;
-
        auto directory = boost::filesystem::temp_directory_path() / boost::filesystem::unique_path ();
        boost::filesystem::create_directories (directory);
 
@@ -234,7 +232,7 @@ CertificateChain::CertificateChain (
                        String::compose (
                                "%1 req -new -x509 -sha256 -config ca.cnf -days %2 -set_serial 5"
                                " -subj \"%3\" -key ca.key -outform PEM -out ca.self-signed.pem",
-                               quoted_openssl, days, ca_subject
+                               quoted_openssl, validity_in_days, ca_subject
                                )
                        );
        }
@@ -267,7 +265,7 @@ CertificateChain::CertificateChain (
                command (
                        String::compose (
                                "%1 req -new -config intermediate.cnf -days %2 -subj \"%3\" -key intermediate.key -out intermediate.csr",
-                               quoted_openssl, days - 1, inter_subject
+                               quoted_openssl, validity_in_days - 1, inter_subject
                                )
                        );
        }
@@ -276,7 +274,7 @@ CertificateChain::CertificateChain (
                String::compose (
                        "%1 x509 -req -sha256 -days %2 -CA ca.self-signed.pem -CAkey ca.key -set_serial 6"
                        " -in intermediate.csr -extfile intermediate.cnf -extensions v3_ca -out intermediate.signed.pem",
-                       quoted_openssl, days - 1
+                       quoted_openssl, validity_in_days - 1
                        )
                );
 
@@ -308,7 +306,7 @@ CertificateChain::CertificateChain (
                command (
                        String::compose (
                                "%1 req -new -config leaf.cnf -days %2 -subj \"%3\" -key leaf.key -outform PEM -out leaf.csr",
-                               quoted_openssl, days - 2, leaf_subject
+                               quoted_openssl, validity_in_days - 2, leaf_subject
                                )
                        );
        }
@@ -317,7 +315,7 @@ CertificateChain::CertificateChain (
                String::compose (
                        "%1 x509 -req -sha256 -days %2 -CA intermediate.signed.pem -CAkey intermediate.key"
                        " -set_serial 7 -in leaf.csr -extfile leaf.cnf -extensions v3_ca -out leaf.signed.pem",
-                       quoted_openssl, days - 2
+                       quoted_openssl, validity_in_days - 2
                        )
                );
 

diff --git a/src/certificate_chain.h b/src/certificate_chain.h
index 934e1fc5cb521b978a81a754bdfcf9e715308354..df9f4ccfbf723fab1f1abf679abf0652e0d83c3a 100644 (file)
--- a/src/certificate_chain.h
+++ b/src/certificate_chain.h
@@ -86,6 +86,7 @@ public:
         */
        CertificateChain (
                boost::filesystem::path openssl,
+               int validity_in_days,
                std::string organisation = "example.org",
                std::string organisational_unit = "example.org",
                std::string root_common_name = ".smpte-430-2.ROOT.NOT_FOR_PRODUCTION",

diff --git a/test/certificates_test.cc b/test/certificates_test.cc
index 927bddafafa8f720843cc825cd693d46f6ecc83c..0c671fc3cf8084ea67ec2a1ad7e410fc45b3c391 100644 (file)
--- a/test/certificates_test.cc
+++ b/test/certificates_test.cc
@@ -215,6 +215,7 @@ BOOST_AUTO_TEST_CASE (certificates_validation9)
 {
        dcp::CertificateChain good (
                boost::filesystem::path ("openssl"),
+               10 * 365,
                "dcpomatic.com",
                "dcpomatic.com",
                ".dcpomatic.smpte-430-2.ROOT",
@@ -228,7 +229,7 @@ BOOST_AUTO_TEST_CASE (certificates_validation9)
 /** Check that we can create a valid chain */
 BOOST_AUTO_TEST_CASE (certificates_validation10)
 {
-       dcp::CertificateChain good (boost::filesystem::path ("openssl"));
+       dcp::CertificateChain good (boost::filesystem::path ("openssl"), 10 * 365);
        BOOST_CHECK_NO_THROW (good.root_to_leaf());
 }
 
@@ -244,7 +245,7 @@ BOOST_AUTO_TEST_CASE (signer_validation)
        BOOST_CHECK (chain.valid ());
 
        /* Put in an unrelated key and the signer should no longer be valid */
-       dcp::CertificateChain another_chain (boost::filesystem::path ("openssl"));
+       dcp::CertificateChain another_chain (boost::filesystem::path ("openssl"), 10 * 365);
        chain.set_key (another_chain.key().get ());
        BOOST_CHECK (!chain.valid ());
 }

diff --git a/test/round_trip_test.cc b/test/round_trip_test.cc
index c5ad414ceb2be47d1e1062d6a3c4a7d94edc7998..add00651a0efc28e4b3266468e93c78eee36eadd 100644 (file)
--- a/test/round_trip_test.cc
+++ b/test/round_trip_test.cc
@@ -65,7 +65,7 @@ using boost::scoped_array;
 /** Build an encrypted picture asset and a KDM for it and check that the KDM can be decrypted */
 BOOST_AUTO_TEST_CASE (round_trip_test)
 {
-       auto signer = make_shared<dcp::CertificateChain>(boost::filesystem::path ("openssl"));
+       auto signer = make_shared<dcp::CertificateChain>(boost::filesystem::path("openssl"), 10 * 365);
 
        boost::filesystem::path work_dir = "build/test/round_trip_test";
        boost::filesystem::create_directory (work_dir);