libdcp
Public Types | Public Member Functions | Private Member Functions | Private Attributes | Friends | List of all members
dcp::CertificateChain Class Reference

A chain of any number of certificates, from root to leaf. More...

#include <certificate_chain.h>

Public Types

typedef std::vector< CertificateList
 

Public Member Functions

 CertificateChain (boost::filesystem::path openssl, int validity_in_days, std::string organisation="example.org", std::string organisational_unit="example.org", std::string root_common_name=".smpte-430-2.ROOT.NOT_FOR_PRODUCTION", std::string intermediate_common_name=".smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION", std::string leaf_common_name="CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION")
 
 CertificateChain (std::string s)
 
void add (Certificate c)
 
void remove (Certificate c)
 
void remove (int i)
 
Certificate root () const
 
Certificate leaf () const
 
List leaf_to_root () const
 
List root_to_leaf () const
 
List unordered () const
 
bool valid (std::string *reason=nullptr) const
 
bool chain_valid () const
 
bool private_key_valid () const
 
void sign (xmlpp::Element *parent, Standard standard) const
 
void add_signature_value (xmlpp::Element *parent, std::string ns, bool add_indentation) const
 
boost::optional< std::string > key () const
 
void set_key (std::string k)
 
std::string chain () const
 

Private Member Functions

bool chain_valid (List const &chain, std::string *error=nullptr) const
 

Private Attributes

List _certificates
 
boost::optional< std::string > _key
 

Friends

struct ::certificates_validation1
 
struct ::certificates_validation2
 
struct ::certificates_validation3
 
struct ::certificates_validation4
 
struct ::certificates_validation5
 
struct ::certificates_validation6
 
struct ::certificates_validation7
 
struct ::certificates_validation8
 

Detailed Description

A chain of any number of certificates, from root to leaf.

A CertificateChain object can also (optionally) hold the private key corresponding to the leaf certificate.

Definition at line 74 of file certificate_chain.h.

Constructor & Destructor Documentation

◆ CertificateChain() [1/2]

CertificateChain::CertificateChain ( boost::filesystem::path  openssl,
int  validity_in_days,
std::string  organisation = "example.org",
std::string  organisational_unit = "example.org",
std::string  root_common_name = ".smpte-430-2.ROOT.NOT_FOR_PRODUCTION",
std::string  intermediate_common_name = ".smpte-430-2.INTERMEDIATE.NOT_FOR_PRODUCTION",
std::string  leaf_common_name = "CS.smpte-430-2.LEAF.NOT_FOR_PRODUCTION" 
)

Create a chain of certificates for signing things.

Parameters
opensslName of openssl binary (if it is on the path) or full path.
Returns
Directory (which should be deleted by the caller) containing:
  • ca.self-signed.pem self-signed root certificate
  • intermediate.signed.pem intermediate certificate
  • leaf.key leaf certificate private key
  • leaf.signed.pem leaf certificate

Definition at line 201 of file certificate_chain.cc.

◆ CertificateChain() [2/2]

CertificateChain::CertificateChain ( std::string  s)
explicit

Read a CertificateChain from a string.

Parameters
sA string containing one or more PEM-encoded certificates.

Definition at line 354 of file certificate_chain.cc.

Member Function Documentation

◆ add()

void CertificateChain::add ( Certificate  c)

Add a certificate to the chain.

Parameters
cCertificate to add.

Definition at line 405 of file certificate_chain.cc.

◆ add_signature_value()

void CertificateChain::add_signature_value ( xmlpp::Element *  parent,
std::string  ns,
bool  add_indentation 
) const

Sign an XML node.

Parameters
parentNode to sign.
nsNamespace to use for the signature XML nodes.

Definition at line 655 of file certificate_chain.cc.

◆ chain_valid() [1/2]

bool CertificateChain::chain_valid ( ) const

Check to see if the chain is valid (i.e. root signs the intermediate, intermediate signs the leaf and so on) and that the private key (if there is one) matches the leaf certificate.

Returns
true if it's ok, false if not.

Definition at line 437 of file certificate_chain.cc.

◆ chain_valid() [2/2]

bool CertificateChain::chain_valid ( List const &  chain,
std::string *  error = nullptr 
) const
private
Parameters
errorif non-null, filled with an error if a certificate in the list has a a problem.
Returns
true if all the given certificates verify OK, and are in the correct order in the list (root to leaf). false if any certificate has a problem, or the order is wrong.

Definition at line 449 of file certificate_chain.cc.

◆ leaf()

Certificate CertificateChain::leaf ( ) const
Returns
Leaf certificate

Definition at line 381 of file certificate_chain.cc.

◆ leaf_to_root()

CertificateChain::List CertificateChain::leaf_to_root ( ) const
Returns
Certificates in order from leaf to root

Definition at line 389 of file certificate_chain.cc.

◆ private_key_valid()

bool CertificateChain::private_key_valid ( ) const

Check that there is a valid private key for the leaf certificate. Will return true if there are no certificates.

Definition at line 524 of file certificate_chain.cc.

◆ remove() [1/2]

void CertificateChain::remove ( Certificate  c)

Remove a certificate from the chain.

Parameters
cCertificate to remove.

Definition at line 412 of file certificate_chain.cc.

◆ remove() [2/2]

void CertificateChain::remove ( int  i)

Remove the i'th certificate in the chain, as listed from root to leaf.

Definition at line 422 of file certificate_chain.cc.

◆ root()

Certificate CertificateChain::root ( ) const
Returns
Root certificate

Definition at line 373 of file certificate_chain.cc.

◆ root_to_leaf()

CertificateChain::List CertificateChain::root_to_leaf ( ) const
Returns
Certificates in order from root to leaf

Definition at line 588 of file certificate_chain.cc.

◆ sign()

void CertificateChain::sign ( xmlpp::Element *  parent,
Standard  standard 
) const

Add a <Signer> and <ds:Signature> nodes to an XML node.

Parameters
parentXML node to add to.
standardINTEROP or SMPTE.

Definition at line 604 of file certificate_chain.cc.

◆ valid()

bool CertificateChain::valid ( std::string *  reason = nullptr) const

Check if the certificates form a chain (i.e. root signs intermediate etc.) and that the private key matches the leaf certificate.

Parameters
ifnot nullptr, filled in with a reason for vailure (or untouched if there is no error)
Returns
true if the chain is valid, false if not.

Definition at line 565 of file certificate_chain.cc.

Member Data Documentation

◆ _certificates

List dcp::CertificateChain::_certificates
private

Our certificates, not in any particular order

Definition at line 187 of file certificate_chain.h.

◆ _key

boost::optional<std::string> dcp::CertificateChain::_key
private

Leaf certificate's private key, if known, in PEM format

Definition at line 189 of file certificate_chain.h.

The documentation for this class was generated from the following files:
Generated on Tue Dec 24 2024 22:11:00 for libdcp by doxygen 1.9.1