Add a hint about certificate validity, moving some things around

so that it's easier for the user to re-make the certificates if
they need to.

4 files changed, 61 insertions, 20 deletions

diff --git a/src/lib/config.cc b/src/lib/config.cc
index 371682966..bab15ecb7 100644
--- a/src/lib/config.cc
+++ b/src/lib/config.cc
@@ -450,25 +450,7 @@ try
 		}
 	}
 
-	optional<BadReason> bad;
-
-	for (auto const& i: _signer_chain->unordered()) {
-		if (i.has_utf8_strings()) {
-			bad = BAD_SIGNER_UTF8_STRINGS;
-		}
-		if ((i.not_after().year() - i.not_before().year()) > 15) {
-			bad = BAD_SIGNER_VALIDITY_TOO_LONG;
-		}
-	}
-
-	if (!_signer_chain->chain_valid() || !_signer_chain->private_key_valid()) {
-		bad = BAD_SIGNER_INCONSISTENT;
-	}
-
-	if (!_decryption_chain->chain_valid() || !_decryption_chain->private_key_valid()) {
-		bad = BAD_DECRYPTION_INCONSISTENT;
-	}
-
+	auto bad = check_certificates ();
 	if (bad) {
 		auto const remake = Bad(*bad);
 		if (remake && *remake) {
@@ -1470,3 +1452,29 @@ Config::add_custom_language (dcp::LanguageTag tag)
 	}
 }
 
+
+optional<Config::BadReason>
+Config::check_certificates () const
+{
+	optional<BadReason> bad;
+
+	for (auto const& i: _signer_chain->unordered()) {
+		if (i.has_utf8_strings()) {
+			bad = BAD_SIGNER_UTF8_STRINGS;
+		}
+		if ((i.not_after().year() - i.not_before().year()) > 15) {
+			bad = BAD_SIGNER_VALIDITY_TOO_LONG;
+		}
+	}
+
+	if (!_signer_chain->chain_valid() || !_signer_chain->private_key_valid()) {
+		bad = BAD_SIGNER_INCONSISTENT;
+	}
+
+	if (!_decryption_chain->chain_valid() || !_decryption_chain->private_key_valid()) {
+		bad = BAD_DECRYPTION_INCONSISTENT;
+	}
+
+	return bad;
+}
+
diff --git a/src/lib/config.h b/src/lib/config.h
index be4e6ecf1..e01eab780 100644
--- a/src/lib/config.h
+++ b/src/lib/config.h
@@ -1084,6 +1084,8 @@ public:
 	void rename_template (std::string old_name, std::string new_name) const;
 	void delete_template (std::string name) const;
 
+	boost::optional<BadReason> check_certificates () const;
+
 	static Config* instance ();
 	static void drop ();
 	static void restore_defaults ();
diff --git a/src/lib/hints.cc b/src/lib/hints.cc
index 40b51e817..0f1cfece8 100644
--- a/src/lib/hints.cc
+++ b/src/lib/hints.cc
@@ -1,5 +1,5 @@
 /*
-    Copyright (C) 2016-2021 Carl Hetherington <cth@carlh.net>
+    Copyright (C) 2016-2022 Carl Hetherington <cth@carlh.net>
 
     This file is part of DCP-o-matic.
 
@@ -23,6 +23,7 @@
 #include "audio_content.h"
 #include "audio_processor.h"
 #include "compose.hpp"
+#include "config.h"
 #include "content.h"
 #include "cross.h"
 #include "dcp_content_type.h"
@@ -381,6 +382,7 @@ try
 
 	auto content = film->content ();
 
+	check_certificates ();
 	check_interop ();
 	check_big_font_files ();
 	check_few_audio_channels ();
@@ -652,3 +654,31 @@ Hints::check_audio_language ()
 	}
 }
 
+
+void
+Hints::check_certificates ()
+{
+	auto bad = Config::instance()->check_certificates();
+	if (!bad) {
+		return;
+	}
+
+	switch (*bad) {
+	case Config::BAD_SIGNER_UTF8_STRINGS:
+		hint(_("The certificate chain that DCP-o-matic uses for signing DCPs and KDMs contains a small error "
+		       "which will prevent DCPs from being validated correctly on some systems.  You are advised to "
+		       "re-create the signing certificate chain by clicking the \"Re-make certificates and key...\" "
+		       "button in the Keys page of Preferences."));
+		break;
+	case Config::BAD_SIGNER_VALIDITY_TOO_LONG:
+		hint(_("The certificate chain that DCP-o-matic uses for signing DCPs and KDMs has a validity period "
+		       "that is too long.  This will cause problems playing back DCPs on some systems. "
+		       "You are advised to re-create the signing certificate chain by clicking the "
+		       "\"Re-make certificates and key...\" button in the Keys page of Preferences."));
+		break;
+	default:
+		/* Some bad situations can't happen here as DCP-o-matic would have refused to start until they are fixed */
+		break;
+	}
+}
+
diff --git a/src/lib/hints.h b/src/lib/hints.h
index 6553593a0..985fa1910 100644
--- a/src/lib/hints.h
+++ b/src/lib/hints.h
@@ -65,6 +65,7 @@ private:
 	void closed_caption (PlayerText text, dcpomatic::DCPTimePeriod period);
 	void open_subtitle (PlayerText text, dcpomatic::DCPTimePeriod period);
 
+	void check_certificates ();
 	void check_interop ();
 	void check_big_font_files ();
 	void check_few_audio_channels ();