CertificateChain::CertificateChain (
boost::filesystem::path openssl,
+ int validity_in_days,
string organisation,
string organisational_unit,
string root_common_name,
string leaf_common_name
)
{
- /* Valid for 40 years */
- int const days = 365 * 40;
-
auto directory = boost::filesystem::temp_directory_path() / boost::filesystem::unique_path ();
boost::filesystem::create_directories (directory);
String::compose (
"%1 req -new -x509 -sha256 -config ca.cnf -days %2 -set_serial 5"
" -subj \"%3\" -key ca.key -outform PEM -out ca.self-signed.pem",
- quoted_openssl, days, ca_subject
+ quoted_openssl, validity_in_days, ca_subject
)
);
}
command (
String::compose (
"%1 req -new -config intermediate.cnf -days %2 -subj \"%3\" -key intermediate.key -out intermediate.csr",
- quoted_openssl, days - 1, inter_subject
+ quoted_openssl, validity_in_days - 1, inter_subject
)
);
}
String::compose (
"%1 x509 -req -sha256 -days %2 -CA ca.self-signed.pem -CAkey ca.key -set_serial 6"
" -in intermediate.csr -extfile intermediate.cnf -extensions v3_ca -out intermediate.signed.pem",
- quoted_openssl, days - 1
+ quoted_openssl, validity_in_days - 1
)
);
command (
String::compose (
"%1 req -new -config leaf.cnf -days %2 -subj \"%3\" -key leaf.key -outform PEM -out leaf.csr",
- quoted_openssl, days - 2, leaf_subject
+ quoted_openssl, validity_in_days - 2, leaf_subject
)
);
}
String::compose (
"%1 x509 -req -sha256 -days %2 -CA intermediate.signed.pem -CAkey intermediate.key"
" -set_serial 7 -in leaf.csr -extfile leaf.cnf -extensions v3_ca -out leaf.signed.pem",
- quoted_openssl, days - 2
+ quoted_openssl, validity_in_days - 2
)
);
{
dcp::CertificateChain good (
boost::filesystem::path ("openssl"),
+ 10 * 365,
"dcpomatic.com",
"dcpomatic.com",
".dcpomatic.smpte-430-2.ROOT",
/** Check that we can create a valid chain */
BOOST_AUTO_TEST_CASE (certificates_validation10)
{
- dcp::CertificateChain good (boost::filesystem::path ("openssl"));
+ dcp::CertificateChain good (boost::filesystem::path ("openssl"), 10 * 365);
BOOST_CHECK_NO_THROW (good.root_to_leaf());
}
BOOST_CHECK (chain.valid ());
/* Put in an unrelated key and the signer should no longer be valid */
- dcp::CertificateChain another_chain (boost::filesystem::path ("openssl"));
+ dcp::CertificateChain another_chain (boost::filesystem::path ("openssl"), 10 * 365);
chain.set_key (another_chain.key().get ());
BOOST_CHECK (!chain.valid ());
}
/** Build an encrypted picture asset and a KDM for it and check that the KDM can be decrypted */
BOOST_AUTO_TEST_CASE (round_trip_test)
{
- auto signer = make_shared<dcp::CertificateChain>(boost::filesystem::path ("openssl"));
+ auto signer = make_shared<dcp::CertificateChain>(boost::filesystem::path("openssl"), 10 * 365);
boost::filesystem::path work_dir = "build/test/round_trip_test";
boost::filesystem::create_directory (work_dir);