CertificateChain::CertificateChain (
boost::filesystem::path openssl,
+ int validity_in_days,
string organisation,
string organisational_unit,
string root_common_name,
string leaf_common_name
)
{
- /* Valid for 40 years */
- int const days = 365 * 40;
-
boost::filesystem::path directory = boost::filesystem::temp_directory_path() / boost::filesystem::unique_path ();
boost::filesystem::create_directories (directory);
String::compose (
"%1 req -new -x509 -sha256 -config ca.cnf -days %2 -set_serial 5"
" -subj \"%3\" -key ca.key -outform PEM -out ca.self-signed.pem",
- quoted_openssl, days, ca_subject
+ quoted_openssl, validity_in_days, ca_subject
)
);
}
command (
String::compose (
"%1 req -new -config intermediate.cnf -days %2 -subj \"%3\" -key intermediate.key -out intermediate.csr",
- quoted_openssl, days - 1, inter_subject
+ quoted_openssl, validity_in_days - 1, inter_subject
)
);
}
String::compose(
"%1 x509 -req -sha256 -days %2 -CA ca.self-signed.pem -CAkey ca.key -set_serial 6"
" -in intermediate.csr -extfile intermediate.cnf -extensions v3_ca -out intermediate.signed.pem",
- quoted_openssl, days - 1
+ quoted_openssl, validity_in_days - 1
)
);
command (
String::compose (
"%1 req -new -config leaf.cnf -days %2 -subj \"%3\" -key leaf.key -outform PEM -out leaf.csr",
- quoted_openssl, days - 2, leaf_subject
+ quoted_openssl, validity_in_days - 2, leaf_subject
)
);
}
String::compose(
"%1 x509 -req -sha256 -days %2 -CA intermediate.signed.pem -CAkey intermediate.key"
" -set_serial 7 -in leaf.csr -extfile leaf.cnf -extensions v3_ca -out leaf.signed.pem",
- quoted_openssl, days - 2
+ quoted_openssl, validity_in_days - 2
)
);
*/
CertificateChain (
boost::filesystem::path openssl,
+ int validity_in_days,
std::string organisation = "example.org",
std::string organisational_unit = "example.org",
std::string root_common_name = ".smpte-430-2.ROOT.NOT_FOR_PRODUCTION",
{
dcp::CertificateChain good (
boost::filesystem::path ("openssl"),
+ 10 * 365,
"dcpomatic.com",
"dcpomatic.com",
".dcpomatic.smpte-430-2.ROOT",
/** Check that we can create a valid chain */
BOOST_AUTO_TEST_CASE (certificates_validation10)
{
- dcp::CertificateChain good (boost::filesystem::path ("openssl"));
+ dcp::CertificateChain good (boost::filesystem::path ("openssl"), 10 * 365);
BOOST_CHECK_NO_THROW (good.root_to_leaf());
}
BOOST_CHECK (chain.valid ());
/* Put in an unrelated key and the signer should no longer be valid */
- dcp::CertificateChain another_chain (boost::filesystem::path ("openssl"));
+ dcp::CertificateChain another_chain (boost::filesystem::path ("openssl"), 10 * 365);
chain.set_key (another_chain.key().get ());
BOOST_CHECK (!chain.valid ());
}
/** Check reading of a certificate chain from a string */
BOOST_AUTO_TEST_CASE (certificate_chain_from_string)
{
- dcp::CertificateChain a (dcp::file_to_string (private_test / "chain.pem"));
+ dcp::CertificateChain a (dcp::file_to_string (private_test / "chain.pem"), 10 * 365);
BOOST_CHECK_EQUAL (a.root_to_leaf().size(), 3);
- dcp::CertificateChain b (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"));
+ dcp::CertificateChain b (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"), 10 * 365);
BOOST_CHECK_EQUAL (b.root_to_leaf().size(), 1);
}
/** Build an encrypted picture asset and a KDM for it and check that the KDM can be decrypted */
BOOST_AUTO_TEST_CASE (round_trip_test)
{
- shared_ptr<dcp::CertificateChain> signer (new dcp::CertificateChain (boost::filesystem::path ("openssl")));
+ shared_ptr<dcp::CertificateChain> signer (new dcp::CertificateChain (boost::filesystem::path ("openssl"), 10 * 365));
boost::filesystem::path work_dir = "build/test/round_trip_test";
boost::filesystem::create_directory (work_dir);