Allow KDMRecipient and hence Screen to convert certs to dcp::Certificate lazily.

This is pretty slow (as it runs the certificate through OpenSSL) and we
don't need to do it for every certificate in a database when we load the
database.

8 files changed, 72 insertions, 19 deletions

diff --git a/src/lib/cinema_list.cc b/src/lib/cinema_list.cc
index f59a8f4f8..01824ca54 100644
--- a/src/lib/cinema_list.cc
+++ b/src/lib/cinema_list.cc
@@ -309,7 +309,7 @@ CinemaList::add_screen(CinemaID cinema_id, dcpomatic::Screen const& screen)
 	add_screen.bind_int64(1, cinema_id.get());
 	add_screen.bind_text(2, screen.name);
 	add_screen.bind_text(3, screen.notes);
-	add_screen.bind_text(4, screen.recipient->certificate(true));
+	add_screen.bind_text(4, screen.recipient()->certificate(true));
 	add_screen.bind_text(5, screen.recipient_file.get_value_or(""));
 
 	add_screen.execute();
@@ -332,7 +332,7 @@ dcpomatic::Screen
 CinemaList::screen_from_result(SQLiteStatement& statement, ScreenID screen_id) const
 {
 	auto certificate_string = statement.column_text(4);
-	optional<dcp::Certificate> certificate = certificate_string.empty() ? optional<dcp::Certificate>() : dcp::Certificate(certificate_string);
+	optional<string> certificate = certificate_string.empty() ? optional<string>() : certificate_string;
 	auto recipient_file_string = statement.column_text(5);
 	optional<string> recipient_file = recipient_file_string.empty() ? optional<string>() : recipient_file_string;
 
@@ -429,7 +429,7 @@ CinemaList::update_screen(CinemaID cinema_id, ScreenID screen_id, dcpomatic::Scr
 	statement.bind_int64(1, cinema_id.get());
 	statement.bind_text(2, screen.name);
 	statement.bind_text(3, screen.notes);
-	statement.bind_text(4, screen.recipient->certificate(true));
+	statement.bind_text(4, screen.recipient()->certificate(true));
 	statement.bind_text(5, screen.recipient_file.get_value_or(""));
 	statement.bind_int64(6, screen_id.get());
 
diff --git a/src/lib/dkdm_recipient.cc b/src/lib/dkdm_recipient.cc
index 4ab532f3d..bd14aedea 100644
--- a/src/lib/dkdm_recipient.cc
+++ b/src/lib/dkdm_recipient.cc
@@ -41,7 +41,7 @@ kdm_for_dkdm_recipient (
 	dcp::LocalTime valid_to
 	)
 {
-	if (!recipient.recipient) {
+	if (!recipient.recipient()) {
 		return {};
 	}
 
@@ -51,7 +51,7 @@ kdm_for_dkdm_recipient (
 	}
 
 	auto const decrypted_kdm = film->make_kdm(cpl, valid_from, valid_to);
-	auto const kdm = decrypted_kdm.encrypt(signer, recipient.recipient.get(), {}, dcp::Formulation::MODIFIED_TRANSITIONAL_1, true, 0);
+	auto const kdm = decrypted_kdm.encrypt(signer, recipient.recipient().get(), {}, dcp::Formulation::MODIFIED_TRANSITIONAL_1, true, 0);
 
 	dcp::NameFormat::Map name_values;
 	name_values['f'] = kdm.content_title_text();
diff --git a/src/lib/dkdm_recipient_list.cc b/src/lib/dkdm_recipient_list.cc
index 34179337e..f67379122 100644
--- a/src/lib/dkdm_recipient_list.cc
+++ b/src/lib/dkdm_recipient_list.cc
@@ -154,7 +154,7 @@ DKDMRecipientList::add_dkdm_recipient(DKDMRecipient const& dkdm_recipient)
 
 	add_dkdm_recipient.bind_text(1, dkdm_recipient.name);
 	add_dkdm_recipient.bind_text(2, dkdm_recipient.notes);
-	add_dkdm_recipient.bind_text(3, dkdm_recipient.recipient ? dkdm_recipient.recipient->certificate(true) : "");
+	add_dkdm_recipient.bind_text(3, dkdm_recipient.recipient() ? dkdm_recipient.recipient()->certificate(true) : "");
 	add_dkdm_recipient.bind_text(4, join_strings(dkdm_recipient.emails));
 
 	add_dkdm_recipient.execute();
@@ -170,7 +170,7 @@ DKDMRecipientList::update_dkdm_recipient(DKDMRecipientID id, DKDMRecipient const
 
 	add_dkdm_recipient.bind_text(1, dkdm_recipient.name);
 	add_dkdm_recipient.bind_text(2, dkdm_recipient.notes);
-	add_dkdm_recipient.bind_text(3, dkdm_recipient.recipient ? dkdm_recipient.recipient->certificate(true) : "");
+	add_dkdm_recipient.bind_text(3, dkdm_recipient.recipient() ? dkdm_recipient.recipient()->certificate(true) : "");
 	add_dkdm_recipient.bind_text(4, join_strings(dkdm_recipient.emails));
 	add_dkdm_recipient.bind_int64(5, id.get());
 
diff --git a/src/lib/kdm_cli.cc b/src/lib/kdm_cli.cc
index 686d2b4a1..c820fb22a 100644
--- a/src/lib/kdm_cli.cc
+++ b/src/lib/kdm_cli.cc
@@ -380,13 +380,13 @@ from_dkdm (
 	try {
 		list<KDMWithMetadataPtr> kdms;
 		for (auto const& screen_details: screens) {
-			if (!screen_details.screen.recipient) {
+			if (!screen_details.screen.recipient()) {
 				continue;
 			}
 
 			auto const kdm = kdm_from_dkdm(
 							dkdm,
-							screen_details.screen.recipient.get(),
+							screen_details.screen.recipient().get(),
 							screen_details.screen.trusted_device_thumbprints(),
 							valid_from,
 							valid_to,
diff --git a/src/lib/kdm_recipient.cc b/src/lib/kdm_recipient.cc
index c33eb1b9f..7e7e14324 100644
--- a/src/lib/kdm_recipient.cc
+++ b/src/lib/kdm_recipient.cc
@@ -22,14 +22,17 @@
 #include "kdm_recipient.h"
 
 
+using boost::optional;
+
+
 KDMRecipient::KDMRecipient (cxml::ConstNodePtr node)
 	: name (node->string_child("Name"))
 	, notes (node->optional_string_child("Notes").get_value_or(""))
 {
 	if (node->optional_string_child("Certificate")) {
-		recipient = dcp::Certificate (node->string_child("Certificate"));
+		_recipient = dcp::Certificate(node->string_child("Certificate"));
 	} else if (node->optional_string_child("Recipient")) {
-		recipient = dcp::Certificate (node->string_child("Recipient"));
+		_recipient = dcp::Certificate(node->string_child("Recipient"));
 	}
 
 	recipient_file = node->optional_string_child("RecipientFile");
@@ -40,8 +43,8 @@ void
 KDMRecipient::as_xml (xmlpp::Element* parent) const
 {
 	cxml::add_text_child(parent, "Name", name);
-	if (recipient) {
-		cxml::add_text_child(parent, "Recipient", recipient->certificate(true));
+	if (auto const r = recipient()) {
+		cxml::add_text_child(parent, "Recipient", r->certificate(true));
 	}
 	if (recipient_file) {
 		cxml::add_text_child(parent, "RecipientFile", *recipient_file);
@@ -50,3 +53,26 @@ KDMRecipient::as_xml (xmlpp::Element* parent) const
 	cxml::add_text_child(parent, "Notes", notes);
 }
 
+
+boost::optional<dcp::Certificate>
+KDMRecipient::recipient() const
+{
+	if (_recipient) {
+		return _recipient;
+	}
+
+	if (_recipient_string) {
+		return dcp::Certificate(*_recipient_string);
+	}
+
+	return {};
+}
+
+
+void
+KDMRecipient::set_recipient(optional<dcp::Certificate> certificate)
+{
+	_recipient = certificate;
+	_recipient_string = {};
+}
+
diff --git a/src/lib/kdm_recipient.h b/src/lib/kdm_recipient.h
index f18e71429..9fe75874d 100644
--- a/src/lib/kdm_recipient.h
+++ b/src/lib/kdm_recipient.h
@@ -36,11 +36,18 @@ LIBDCP_ENABLE_WARNINGS
 class KDMRecipient
 {
 public:
-	KDMRecipient (std::string const& name_, std::string const& notes_, boost::optional<dcp::Certificate> recipient_, boost::optional<std::string> recipient_file_)
+	KDMRecipient (std::string const& name_, std::string const& notes_, boost::optional<dcp::Certificate> recipient, boost::optional<std::string> recipient_file_)
 		: name (name_)
 		, notes (notes_)
-		, recipient (recipient_)
 		, recipient_file (recipient_file_)
+		, _recipient(recipient)
+	{}
+
+	KDMRecipient(std::string const& name_, std::string const& notes_, boost::optional<std::string> recipient, boost::optional<std::string> recipient_file_)
+		: name(name_)
+		, notes(notes_)
+		, recipient_file(recipient_file_)
+		, _recipient_string(recipient)
 	{}
 
 	explicit KDMRecipient (cxml::ConstNodePtr);
@@ -49,13 +56,22 @@ public:
 
 	virtual void as_xml (xmlpp::Element *) const;
 
+	boost::optional<dcp::Certificate> recipient() const;
+	void set_recipient(boost::optional<dcp::Certificate> certificate);
+
 	std::string name;
 	std::string notes;
-	boost::optional<dcp::Certificate> recipient;
 	/** The pathname or URL that the recipient certificate was obtained from; purely
 	 *  to inform the user.
 	 */
 	boost::optional<std::string> recipient_file;
+
+private:
+	/* The recipient certificate may be stored as either a string or a dcp::Certificate;
+	 * the string is useful if we want to be lazy about constructing the dcp::Certificate.
+	 */
+	boost::optional<dcp::Certificate> _recipient;
+	boost::optional<std::string> _recipient_string;
 };
 
 
diff --git a/src/lib/screen.cc b/src/lib/screen.cc
index b77eb6b52..304fb52f3 100644
--- a/src/lib/screen.cc
+++ b/src/lib/screen.cc
@@ -65,11 +65,11 @@ kdm_for_screen (
 	vector<KDMCertificatePeriod>& period_checks
 	)
 {
-	if (!screen.recipient) {
+	if (!screen.recipient()) {
 		return {};
 	}
 
-	period_checks.push_back(check_kdm_and_certificate_validity_periods(cinema.name, screen.name, screen.recipient.get(), valid_from, valid_to));
+	period_checks.push_back(check_kdm_and_certificate_validity_periods(cinema.name, screen.name, screen.recipient().get(), valid_from, valid_to));
 
 	auto signer = Config::instance()->signer_chain();
 	if (!signer->valid()) {
@@ -77,7 +77,7 @@ kdm_for_screen (
 	}
 
 	auto kdm = make_kdm(valid_from, valid_to).encrypt(
-		signer, screen.recipient.get(), screen.trusted_device_thumbprints(), formulation, disable_forensic_marking_picture, disable_forensic_marking_audio
+		signer, screen.recipient().get(), screen.trusted_device_thumbprints(), formulation, disable_forensic_marking_picture, disable_forensic_marking_audio
 		);
 
 	dcp::NameFormat::Map name_values;
diff --git a/src/lib/screen.h b/src/lib/screen.h
index 89ebc3ab4..326bc9403 100644
--- a/src/lib/screen.h
+++ b/src/lib/screen.h
@@ -64,6 +64,17 @@ public:
 		, trusted_devices (trusted_devices_)
 	{}
 
+	Screen(
+		std::string const & name_,
+		std::string const & notes_,
+		boost::optional<std::string> recipient_,
+		boost::optional<std::string> recipient_file_,
+		std::vector<TrustedDevice> trusted_devices_
+	       )
+		: KDMRecipient(name_, notes_, recipient_, recipient_file_)
+		, trusted_devices(trusted_devices_)
+	{}
+
 	std::vector<std::string> trusted_device_thumbprints () const;
 	std::vector<TrustedDevice> trusted_devices;
 };