Keep signing certificates / keys in config.xml rather than on disk; allow configuration.

author: Carl Hetherington <cth@carlh.net> 2014-07-18 13:12:41 +0100
committer: Carl Hetherington <cth@carlh.net> 2014-07-18 13:12:41 +0100
commit: 5ea52a08f45b0cb8b8fe7221244cdcdeeaca0ed7 (patch)
tree: ff9b2d893caa5a1d2914b52e98112f22fb96bdec /src/lib
parent: 684da6bed46635f72d93c57a8721b63aa7e10ed5 (diff)
8 files changed, 111 insertions, 77 deletions
diff --git a/src/lib/config.cc b/src/lib/config.cc
index f2f25efe9..0d6a55054 100644
--- a/src/lib/config.cc
+++ b/src/lib/config.cc
@@ -25,6 +25,8 @@
 #include <boost/algorithm/string.hpp>
 #include <dcp/colour_matrix.h>
 #include <dcp/raw_convert.h>
+#include <dcp/signer.h>
+#include <dcp/certificate_chain.h>
 #include <libcxml/cxml.h>
 #include "config.h"
 #include "server.h"
@@ -36,6 +38,7 @@
 #include "colour_conversion.h"
 #include "cinema.h"
 #include "util.h"
+#include "cross.h"
 
 #include "i18n.h"
 
@@ -207,6 +210,37 @@ Config::read ()
 	_allow_any_dcp_frame_rate = f.optional_bool_child ("AllowAnyDCPFrameRate");
 
 	_log_types = f.optional_number_child<int> ("LogTypes").get_value_or (Log::TYPE_GENERAL | Log::TYPE_WARNING | Log::TYPE_ERROR);
+
+	cxml::NodePtr signer = f.optional_node_child ("Signer");
+	dcp::CertificateChain signer_chain;
+	if (signer) {
+		/* Read the signing certificates and private key in from the config file */
+		list<cxml::NodePtr> certificates = signer->node_children ("Certificate");
+		for (list<cxml::NodePtr>::const_iterator i = certificates.begin(); i != certificates.end(); ++i) {
+			signer_chain.add (shared_ptr<dcp::Certificate> (new dcp::Certificate ((*i)->content ())));
+		}
+
+		_signer.reset (new dcp::Signer (signer_chain, signer->string_child ("PrivateKey")));
+	} else {
+		/* Make a new set of signing certificates and key */
+		_signer.reset (new dcp::Signer (openssl_path ()));
+	}
+
+	if (f.optional_string_child ("DecryptionCertificate")) {
+		_decryption_certificate = dcp::Certificate (f.string_child ("DecryptionCertificate"));
+	}
+
+	if (f.optional_string_child ("DecryptionPrivateKey")) {
+		_decryption_private_key = f.string_child ("DecryptionPrivateKey");
+	}
+
+	if (!f.optional_string_child ("DecryptionCertificate") || !f.optional_string_child ("DecryptionPrivateKey")) {
+		/* Generate our own decryption certificate and key if either is not present in config */
+		boost::filesystem::path p = dcp::make_certificate_chain (openssl_path ());
+		_decryption_certificate = dcp::Certificate (dcp::file_to_string (p / "leaf.signed.pem"));
+		_decryption_private_key = dcp::file_to_string (p / "leaf.key");
+		boost::filesystem::remove_all (p);
+	}
 }
 
 /** @return Filename to write configuration to */
@@ -227,17 +261,6 @@ Config::file (bool old) const
 	return p;
 }
 
-boost::filesystem::path
-Config::signer_chain_directory () const
-{
-	boost::filesystem::path p;
-	p /= g_get_user_config_dir ();
-	p /= "dcpomatic";
-	p /= "crypt";
-	boost::filesystem::create_directories (p);
-	return p;
-}
-
 /** @return Singleton instance */
 Config *
 Config::instance ()
@@ -326,7 +349,17 @@ Config::write () const
 	root->add_child("MaximumJ2KBandwidth")->add_child_text (raw_convert<string> (_maximum_j2k_bandwidth));
 	root->add_child("AllowAnyDCPFrameRate")->add_child_text (_allow_any_dcp_frame_rate ? "1" : "0");
 	root->add_child("LogTypes")->add_child_text (raw_convert<string> (_log_types));
-	
+
+	xmlpp::Element* signer = root->add_child ("Signer");
+	dcp::CertificateChain::List certs = _signer->certificates().root_to_leaf ();
+	for (dcp::CertificateChain::List::const_iterator i = certs.begin(); i != certs.end(); ++i) {
+		signer->add_child("Certificate")->add_child_text ((*i)->certificate (true));
+	}
+	signer->add_child("PrivateKey")->add_child_text (_signer->key ());
+
+	root->add_child("DecryptionCertificate")->add_child_text (_decryption_certificate.certificate (true));
+	root->add_child("DecryptionPrivateKey")->add_child_text (_decryption_private_key);
+
 	doc.write_to_file_formatted (file(false).string ());
 }
 
diff --git a/src/lib/config.h b/src/lib/config.h
index 03dd9c0fe..d8ac75bed 100644
--- a/src/lib/config.h
+++ b/src/lib/config.h
@@ -29,6 +29,8 @@
 #include <boost/signals2.hpp>
 #include <boost/filesystem.hpp>
 #include <dcp/metadata.h>
+#include <dcp/certificates.h>
+#include <dcp/signer.h>
 #include "isdcf_metadata.h"
 #include "colour_conversion.h"
 
@@ -188,6 +190,18 @@ public:
 		return _kdm_email;
 	}
 
+	boost::shared_ptr<const dcp::Signer> signer () const {
+		return _signer;
+	}
+
+	dcp::Certificate decryption_certificate () const {
+		return _decryption_certificate;
+	}
+
+	std::string decryption_private_key () const {
+		return _decryption_private_key;
+	}
+
 	bool check_for_updates () const {
 		return _check_for_updates;
 	}
@@ -357,6 +371,21 @@ public:
 
 	void reset_kdm_email ();
 
+	void set_signer (boost::shared_ptr<const dcp::Signer> s) {
+		_signer = s;
+		changed ();
+	}
+
+	void set_decryption_certificate (dcp::Certificate c) {
+		_decryption_certificate = c;
+		changed ();
+	}
+
+	void set_decryption_private_key (std::string k) {
+		_decryption_private_key = k;
+		changed ();
+	}
+
 	void set_check_for_updates (bool c) {
 		_check_for_updates = c;
 		changed ();
@@ -377,8 +406,6 @@ public:
 		changed ();
 	}
 	
-	boost::filesystem::path signer_chain_directory () const;
-
 	void changed ();
 	boost::signals2::signal<void ()> Changed;
 
@@ -435,6 +462,9 @@ private:
 	std::string _kdm_from;
 	std::string _kdm_cc;
 	std::string _kdm_email;
+	boost::shared_ptr<const dcp::Signer> _signer;
+	dcp::Certificate _decryption_certificate;
+	std::string _decryption_private_key;
 	/** true to check for updates on startup */
 	bool _check_for_updates;
 	bool _check_for_test_updates;
diff --git a/src/lib/exceptions.cc b/src/lib/exceptions.cc
index f34cebbfe..95d4c8cce 100644
--- a/src/lib/exceptions.cc
+++ b/src/lib/exceptions.cc
@@ -67,3 +67,9 @@ SubRipError::SubRipError (string saw, string expecting, boost::filesystem::path
 {
 	
 }
+
+InvalidSignerError::InvalidSignerError ()
+	: StringError (_("The certificate chain for signing is invalid"))
+{
+
+}
diff --git a/src/lib/exceptions.h b/src/lib/exceptions.h
index a8969d702..52f257a8d 100644
--- a/src/lib/exceptions.h
+++ b/src/lib/exceptions.h
@@ -253,6 +253,12 @@ public:
 	{}
 };
 
+class InvalidSignerError : public StringError
+{
+public:
+	InvalidSignerError ();
+};
+
 /** @class ExceptionStore
  *  @brief A parent class for classes which have a need to catch and
  *  re-throw exceptions.
@@ -295,6 +301,4 @@ private:
 	mutable boost::mutex _mutex;
 };
 
-	
-
 #endif
diff --git a/src/lib/film.cc b/src/lib/film.cc
index 85dc5b168..eaf738b8b 100644
--- a/src/lib/film.cc
+++ b/src/lib/film.cc
@@ -1078,9 +1078,14 @@ Film::make_kdm (
 	) const
 {
 	shared_ptr<const dcp::CPL> cpl (new dcp::CPL (cpl_file));
+	shared_ptr<const dcp::Signer> signer = Config::instance()->signer();
+	if (!signer->valid ()) {
+		throw InvalidSignerError ();
+	}
+	
 	return dcp::DecryptedKDM (
 		cpl, from, until, "DCP-o-matic", cpl->content_title_text(), dcp::LocalTime().as_string()
-		).encrypt (make_signer(), target, formulation);
+		).encrypt (signer, target, formulation);
 }
 
 list<dcp::EncryptedKDM>
diff --git a/src/lib/util.cc b/src/lib/util.cc
index 837f3cdf3..c7ef40a1c 100644
--- a/src/lib/util.cc
+++ b/src/lib/util.cc
@@ -791,59 +791,6 @@ tidy_for_filename (string f)
 	return t;
 }
 
-shared_ptr<const dcp::Signer>
-make_signer ()
-{
-	boost::filesystem::path const sd = Config::instance()->signer_chain_directory ();
-
-	/* Remake the chain if any of it is missing */
-	
-	list<boost::filesystem::path> files;
-	files.push_back ("ca.self-signed.pem");
-	files.push_back ("intermediate.signed.pem");
-	files.push_back ("leaf.signed.pem");
-	files.push_back ("leaf.key");
-
-	list<boost::filesystem::path>::const_iterator i = files.begin();
-	while (i != files.end()) {
-		boost::filesystem::path p (sd);
-		p /= *i;
-		if (!boost::filesystem::exists (p)) {
-			boost::filesystem::remove_all (sd);
-			boost::filesystem::create_directories (sd);
-			dcp::make_signer_chain (sd, openssl_path ());
-			break;
-		}
-
-		++i;
-	}
-	
-	dcp::CertificateChain chain;
-
-	{
-		boost::filesystem::path p (sd);
-		p /= "ca.self-signed.pem";
-		chain.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (p)));
-	}
-
-	{
-		boost::filesystem::path p (sd);
-		p /= "intermediate.signed.pem";
-		chain.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (p)));
-	}
-
-	{
-		boost::filesystem::path p (sd);
-		p /= "leaf.signed.pem";
-		chain.add (shared_ptr<dcp::Certificate> (new dcp::Certificate (p)));
-	}
-
-	boost::filesystem::path signer_key (sd);
-	signer_key /= "leaf.key";
-
-	return shared_ptr<const dcp::Signer> (new dcp::Signer (chain, signer_key));
-}
-
 map<string, string>
 split_get_request (string url)
 {
diff --git a/src/lib/util.h b/src/lib/util.h
index 094d57f40..b7dc978e3 100644
--- a/src/lib/util.h
+++ b/src/lib/util.h
@@ -32,7 +32,6 @@
 #include <boost/optional.hpp>
 #include <boost/filesystem.hpp>
 #include <dcp/util.h>
-#include <dcp/signer.h>
 extern "C" {
 #include <libavcodec/avcodec.h>
 #include <libavfilter/avfilter.h>
@@ -48,10 +47,6 @@ extern "C" {
 
 #define DCPOMATIC_HELLO "Boys, you gotta learn not to talk to nuns that way"
 
-namespace dcp {
-	class Signer;
-}
-
 class Job;
 struct AVSubtitle;
 
@@ -71,7 +66,6 @@ extern bool valid_image_file (boost::filesystem::path);
 extern boost::filesystem::path mo_path ();
 #endif
 extern std::string tidy_for_filename (std::string);
-extern boost::shared_ptr<const dcp::Signer> make_signer ();
 extern dcp::Size fit_ratio_within (float ratio, dcp::Size);
 extern std::string entities_to_text (std::string e);
 extern std::map<std::string, std::string> split_get_request (std::string url);
diff --git a/src/lib/writer.cc b/src/lib/writer.cc
index b165545c7..c34a6a66d 100644
--- a/src/lib/writer.cc
+++ b/src/lib/writer.cc
@@ -30,6 +30,7 @@
 #include <dcp/reel_subtitle_asset.h>
 #include <dcp/dcp.h>
 #include <dcp/cpl.h>
+#include <dcp/signer.h>
 #include "writer.h"
 #include "compose.hpp"
 #include "film.h"
@@ -124,6 +125,11 @@ Writer::Writer (shared_ptr<const Film> f, weak_ptr<Job> j)
 		_sound_mxf_writer = _sound_mxf->start_write (_film->directory() / _film->audio_mxf_filename(), _film->interop() ? dcp::INTEROP : dcp::SMPTE);
 	}
 
+	/* Check that the signer is OK if we need one */
+	if (_film->is_signed() && !Config::instance()->signer()->valid ()) {
+		throw InvalidSignerError ();
+	}
+
 	_thread = new boost::thread (boost::bind (&Writer::thread, this));
 
 	job->sub (_("Encoding image data"));
@@ -484,7 +490,16 @@ Writer::finish ()
 	dcp::XMLMetadata meta = Config::instance()->dcp_metadata ();
 	meta.set_issue_date_now ();
 
-	dcp.write_xml (_film->interop () ? dcp::INTEROP : dcp::SMPTE, meta, _film->is_signed() ? make_signer () : shared_ptr<const dcp::Signer> ());
+	shared_ptr<const dcp::Signer> signer;
+	if (_film->is_signed ()) {
+		signer = Config::instance()->signer ();
+		/* We did check earlier, but check again here to be on the safe side */
+		if (!signer->valid ()) {
+			throw InvalidSignerError ();
+		}
+	}
+
+	dcp.write_xml (_film->interop () ? dcp::INTEROP : dcp::SMPTE, meta, signer);
 
 	LOG_GENERAL (
 		N_("Wrote %1 FULL, %2 FAKE, %3 pushed to disk"), _full_written, _fake_written, _pushed_to_disk
author	Carl Hetherington <cth@carlh.net>	2014-07-18 13:12:41 +0100
committer	Carl Hetherington <cth@carlh.net>	2014-07-18 13:12:41 +0100
commit	5ea52a08f45b0cb8b8fe7221244cdcdeeaca0ed7 (patch)
tree	ff9b2d893caa5a1d2914b52e98112f22fb96bdec /src/lib
parent	684da6bed46635f72d93c57a8721b63aa7e10ed5 (diff)