Add certificate thumbprint method.

diff --git a/src/certificates.cc b/src/certificates.cc
index ac7e20f7384ab2193e68975a7d44b8fb9158e024..6ed32dcadf1d74e71d7e282c5fa0c8a1370627c0 100644 (file)
--- a/src/certificates.cc
+++ b/src/certificates.cc
@@ -1,3 +1,22 @@
+/*
+    Copyright (C) 2012 Carl Hetherington <cth@carlh.net>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+*/
+
 #include <sstream>
 #include <vector>
 #include <boost/algorithm/string.hpp>
@@ -5,6 +24,7 @@
 #include <openssl/ssl.h>
 #include <openssl/asn1.h>
 #include <libxml++/nodes/element.h>
+#include "KM_util.h"
 #include "certificates.h"
 #include "exceptions.h"
 
@@ -106,6 +126,27 @@ Certificate::serial () const
        return st;
 }
 
+string
+Certificate::thumbprint () const
+{
+       uint8_t buffer[8192];
+       uint8_t* p = buffer;
+       i2d_X509_CINF (_certificate->cert_info, &p);
+       int const length = p - buffer;
+       if (length > 8192) {
+               throw MiscError ("buffer too small to generate thumbprint");
+       }
+
+       SHA_CTX sha;
+       SHA1_Init (&sha);
+       SHA1_Update (&sha, buffer, length);
+       uint8_t digest[20];
+       SHA1_Final (digest, &sha);
+
+       char digest_base64[64];
+       return Kumu::base64encode (digest, 20, digest_base64, 64);
+}
+
 /** @param filename Text file of PEM-format certificates,
  *  in the order:
  *
@@ -153,3 +194,4 @@ CertificateChain::leaf_to_root () const
        c.reverse ();
        return c;
 }
+

diff --git a/src/certificates.h b/src/certificates.h
index 1c342acb227bb36d63334f93a3b45af06a23691c..0b7127c869c4fcedfe6c41954e99c3a7dc23f3e6 100644 (file)
--- a/src/certificates.h
+++ b/src/certificates.h
@@ -1,3 +1,22 @@
+/*
+    Copyright (C) 2012 Carl Hetherington <cth@carlh.net>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+*/
+
 #ifndef LIBDCP_CERTIFICATES_H
 #define LIBDCP_CERTIFICATES_H
 
@@ -26,6 +45,8 @@ public:
        std::string serial () const;
        std::string subject () const;
 
+       std::string thumbprint () const;
+
        static std::string name_for_xml (std::string const &);
 
 private:

diff --git a/src/dcp.cc b/src/dcp.cc
index a282c33ed62be5b6479bbfd08e8862127b056853..efa0e5101f19818bd46c66846d7aad92d47cee2a 100644 (file)
--- a/src/dcp.cc
+++ b/src/dcp.cc
@@ -631,7 +631,7 @@ CPL::make_kdm (CertificateChain const & certificates, string const & signer_key,
                                        authorized_device_info->add_child("DeviceListDescription")->add_child_text(recipient_cert->subject());
                                        {
                                                xmlpp::Element* device_list = authorized_device_info->add_child("DeviceList");
-                                               device_list->add_child("CertificateThumbprint")->add_child_text("XXX");
+                                               device_list->add_child("CertificateThumbprint")->add_child_text(recipient_cert->thumbprint());
                                        }
                                }
 

diff --git a/src/util.cc b/src/util.cc
index ea6f6c0d95c847cd0b9767c0a1ed310b34b43b65..f2ee35e34cefd7ff4fdc462c386946427cb39716 100644 (file)
--- a/src/util.cc
+++ b/src/util.cc
@@ -97,7 +97,6 @@ libdcp::make_digest (string filename, boost::signals2::signal<void (float)>* pro
        byte_t byte_buffer[20];
        SHA1_Final (byte_buffer, &sha);
 
-       stringstream s;
        char digest[64];
        return Kumu::base64encode (byte_buffer, 20, digest, 64);
 }