Complain on startup if signer or decryption chains are inconsistent (#1520).

2 files changed, 52 insertions, 28 deletions

diff --git a/src/lib/config.cc b/src/lib/config.cc
index c71f3acd3..0bacc96ba 100644
--- a/src/lib/config.cc
+++ b/src/lib/config.cc
@@ -69,7 +69,7 @@ Config* Config::_instance = 0;
 int const Config::_current_version = 3;
 boost::signals2::signal<void ()> Config::FailedToLoad;
 boost::signals2::signal<void (string)> Config::Warning;
-boost::signals2::signal<bool (void)> Config::BadSignerChain;
+boost::signals2::signal<bool (Config::BadReason)> Config::Bad;
 boost::optional<boost::filesystem::path> Config::override_path;
 
 /** Construct default configuration */
@@ -442,30 +442,6 @@ try
 	}
 #endif
 
-	/* These must be done before we call BadSignerChain as that might set one
-	   of the nags.
-	*/
-	BOOST_FOREACH (cxml::NodePtr i, f.node_children("Nagged")) {
-		int const id = i->number_attribute<int>("Id");
-		if (id >= 0 && id < NAG_COUNT) {
-			_nagged[id] = raw_convert<int>(i->content());
-		}
-	}
-
-	bool bad_signer_chain = false;
-	BOOST_FOREACH (dcp::Certificate const & i, _signer_chain->unordered()) {
-		if (i.has_utf8_strings()) {
-			bad_signer_chain = true;
-		}
-	}
-
-	if (bad_signer_chain) {
-		optional<bool> const remake = BadSignerChain();
-		if (remake && *remake) {
-			_signer_chain = create_certificate_chain ();
-		}
-	}
-
 	cxml::NodePtr decryption = f.optional_node_child ("Decryption");
 #ifdef DCPOMATIC_VARIANT_SWAROOP
 	if (decryption && decryption->node_children().size() == 1) {
@@ -493,6 +469,48 @@ try
 		_decryption_chain = create_certificate_chain ();
 	}
 #endif
+
+	/* These must be done before we call Bad as that might set one
+	   of the nags.
+	*/
+	BOOST_FOREACH (cxml::NodePtr i, f.node_children("Nagged")) {
+		int const id = i->number_attribute<int>("Id");
+		if (id >= 0 && id < NAG_COUNT) {
+			_nagged[id] = raw_convert<int>(i->content());
+		}
+	}
+
+	optional<BadReason> bad;
+
+	BOOST_FOREACH (dcp::Certificate const & i, _signer_chain->unordered()) {
+		if (i.has_utf8_strings()) {
+			bad = BAD_SIGNER_UTF8_STRINGS;
+		}
+	}
+
+	if (!_signer_chain->private_key_valid() || !_signer_chain->chain_valid()) {
+		bad = BAD_SIGNER_INCONSISTENT;
+	}
+
+	if (!_decryption_chain->private_key_valid() || !_decryption_chain->chain_valid()) {
+		bad = BAD_DECRYPTION_INCONSISTENT;
+	}
+
+	if (bad) {
+		optional<bool> const remake = Bad(*bad);
+		if (remake && *remake) {
+			switch (*bad) {
+			case BAD_SIGNER_UTF8_STRINGS:
+			case BAD_SIGNER_INCONSISTENT:
+				_signer_chain = create_certificate_chain ();
+				break;
+			case BAD_DECRYPTION_INCONSISTENT:
+				_decryption_chain = create_certificate_chain ();
+				break;
+			}
+		}
+	}
+
 	if (f.optional_node_child("DKDMGroup")) {
 		/* New-style: all DKDMs in a group */
 		_dkdms = dynamic_pointer_cast<DKDMGroup> (DKDMBase::read (f.node_child("DKDMGroup")));
diff --git a/src/lib/config.h b/src/lib/config.h
index 5018f7a4f..d54cc17be 100644
--- a/src/lib/config.h
+++ b/src/lib/config.h
@@ -1071,10 +1071,16 @@ public:
 	static boost::signals2::signal<void ()> FailedToLoad;
 	/** Emitted if read() issued a warning which the user might want to know about */
 	static boost::signals2::signal<void (std::string)> Warning;
-	/** Emitted if there is a bad certificate in the signer chain.  Handler can call
-	 *  true to ask Config to re-create the chain.
+	/** Emitted if there is a something wrong the contents of our config.  Handler can call
+	 *  true to ask Config to solve the problem (by discarding and recreating the bad thing)
 	 */
-	static boost::signals2::signal<bool (void)> BadSignerChain;
+	enum BadReason {
+		BAD_SIGNER_UTF8_STRINGS,     ///< signer chain contains UTF-8 strings (not PRINTABLESTRING)
+		BAD_SIGNER_INCONSISTENT,     ///< signer chain is somehow inconsistent
+		BAD_DECRYPTION_INCONSISTENT, ///< KDM decryption chain is somehow inconsistent
+	};
+
+	static boost::signals2::signal<bool (BadReason)> Bad;
 
 	void write () const;
 	void write_config () const;