}
-/** Load an X509 certificate from a file.
- * @param filename File to load.
- */
-Certificate::Certificate (boost::filesystem::path filename)
- : _certificate (0)
- , _public_key (0)
-{
- FILE* f = fopen_boost (filename, "r");
- if (!f) {
- throw FileError ("could not open file", filename, errno);
- }
-
- if (!PEM_read_X509 (f, &_certificate, 0, 0)) {
- throw MiscError ("could not read X509 certificate");
- }
-}
-
/** Load an X509 certificate from a string.
* @param cert String to read from.
*/
uint8_t buffer[8192];
uint8_t* p = buffer;
i2d_X509_CINF (_certificate->cert_info, &p);
- int const length = p - buffer;
- if (length > 8192) {
+ unsigned int const length = p - buffer;
+ if (length > sizeof (buffer)) {
throw MiscError ("buffer too small to generate thumbprint");
}
}
string
-dcp::file_to_string (boost::filesystem::path p)
+dcp::file_to_string (boost::filesystem::path p, uintmax_t max_length)
{
uintmax_t len = boost::filesystem::file_size (p);
- char* c = new char[len];
+ if (len > max_length) {
+ throw MiscError ("Unexpectedly long file");
+ }
+
+ char* c = new char[len + 1];
FILE* f = fopen_boost (p, "r");
if (!f) {
fread (c, 1, len, f);
fclose (f);
+ c[len] = '\0';
string s (c);
delete[] c;
return s;
}
+
+/** @param key RSA private key in PEM format (optionally with -----BEGIN... / -----END...)
+ * @return SHA1 fingerprint of key
+ */
+string
+dcp::private_key_fingerprint (string key)
+{
+ boost::replace_all (key, "-----BEGIN RSA PRIVATE KEY-----\n", "");
+ boost::replace_all (key, "\n-----END RSA PRIVATE KEY-----\n", "");
+
+ unsigned char buffer[4096];
+ int const N = base64_decode (key, buffer, sizeof (buffer));
+
+ SHA_CTX sha;
+ SHA1_Init (&sha);
+ SHA1_Update (&sha, buffer, N);
+ uint8_t digest[20];
+ SHA1_Final (digest, &sha);
+
+ char digest_base64[64];
+ return Kumu::base64encode (digest, 20, digest_base64, 64);
+}
{
dcp::CertificateChain c;
- c.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/ca.self-signed.pem"))));
- c.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/intermediate.signed.pem"))));
- c.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/leaf.signed.pem"))));
+ c.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))));
+ c.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem"))));
+ c.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))));
dcp::CertificateChain::List leaf_to_root = c.leaf_to_root ();
BOOST_AUTO_TEST_CASE (certificates_validation)
{
dcp::CertificateChain good1;
- good1.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/ca.self-signed.pem"))));
- good1.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/intermediate.signed.pem"))));
- good1.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/leaf.signed.pem"))));
+ good1.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))));
+ good1.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem"))));
+ good1.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))));
BOOST_CHECK (good1.valid ());
dcp::CertificateChain good2;
- good2.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/ca.self-signed.pem"))));
+ good2.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))));
BOOST_CHECK (good2.valid ());
dcp::CertificateChain bad1;
- bad1.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/intermediate.signed.pem"))));
- bad1.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/leaf.signed.pem"))));
+ bad1.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem"))));
+ bad1.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))));
BOOST_CHECK (!bad1.valid ());
BOOST_CHECK (!bad1.attempt_reorder ());
dcp::CertificateChain bad2;
- bad2.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/leaf.signed.pem"))));
- bad2.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/ca.self-signed.pem"))));
- bad2.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/intermediate.signed.pem"))));
+ bad2.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))));
+ bad2.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))));
+ bad2.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem"))));
BOOST_CHECK (!bad2.valid ());
BOOST_CHECK (bad2.attempt_reorder ());
dcp::CertificateChain bad3;
- bad3.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/intermediate.signed.pem"))));
- bad3.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/leaf.signed.pem"))));
- bad3.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/ca.self-signed.pem"))));
+ bad3.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem"))));
+ bad3.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))));
+ bad3.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))));
BOOST_CHECK (!bad3.valid ());
BOOST_CHECK (bad3.attempt_reorder ());
dcp::CertificateChain bad4;
- bad4.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/leaf.signed.pem"))));
- bad4.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/intermediate.signed.pem"))));
- bad4.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/ca.self-signed.pem"))));
+ bad4.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))));
+ bad4.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem"))));
+ bad4.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))));
BOOST_CHECK (!bad4.valid ());
BOOST_CHECK (bad4.attempt_reorder ());
dcp::CertificateChain bad5;
- bad5.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/ca.self-signed.pem"))));
- bad5.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/leaf.signed.pem"))));
+ bad5.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))));
+ bad5.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))));
BOOST_CHECK (!bad5.valid ());
BOOST_CHECK (!bad5.attempt_reorder ());
}
{
/* Check a valid signer */
dcp::CertificateChain chain;
- chain.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/ca.self-signed.pem"))));
- chain.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/intermediate.signed.pem"))));
- chain.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (boost::filesystem::path ("test/ref/crypt/leaf.signed.pem"))));
+ chain.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/ca.self-signed.pem"))));
+ chain.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/intermediate.signed.pem"))));
+ chain.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (dcp::file_to_string ("test/ref/crypt/leaf.signed.pem"))));
dcp::Signer signer (chain, dcp::file_to_string ("test/ref/crypt/leaf.key"));
BOOST_CHECK (signer.valid ());