diff options
| author | Carl Hetherington <cth@carlh.net> | 2023-01-19 22:03:21 +0100 |
|---|---|---|
| committer | Carl Hetherington <cth@carlh.net> | 2023-02-11 22:26:38 +0100 |
| commit | 788ef2cf5daf510651cc4f5eb7940d7bd0c44b76 (patch) | |
| tree | 75505127edb1356dfccfeda76232d49d66a9609a /src/tools | |
| parent | 57cbdbed89e6432049fec50ecef28b5b57bcf301 (diff) | |
Warn/error on making KDMs using recipient certs whose validity periods
lie outside those of the KDMs (#2423).
Diffstat (limited to 'src/tools')
| -rw-r--r-- | src/tools/dcpomatic_kdm.cc | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/src/tools/dcpomatic_kdm.cc b/src/tools/dcpomatic_kdm.cc index c1239ff29..9d6fa2e8f 100644 --- a/src/tools/dcpomatic_kdm.cc +++ b/src/tools/dcpomatic_kdm.cc @@ -46,6 +46,7 @@ #include "lib/exceptions.h" #include "lib/file_log.h" #include "lib/job_manager.h" +#include "lib/kdm_util.h" #include "lib/kdm_with_metadata.h" #include "lib/screen.h" #include "lib/send_kdm_email_job.h" @@ -367,6 +368,8 @@ private: throw InvalidSignerError (); } + vector<KDMCertificatePeriod> period_checks; + for (auto i: _screens->screens()) { if (!i->recipient) { @@ -376,6 +379,8 @@ private: dcp::LocalTime begin(_timing->from(), dcp::UTCOffset(i->cinema->utc_offset_hour(), i->cinema->utc_offset_minute())); dcp::LocalTime end(_timing->until(), dcp::UTCOffset(i->cinema->utc_offset_hour(), i->cinema->utc_offset_minute())); + period_checks.push_back(check_kdm_and_certificate_validity_periods(*i->recipient, begin, end)); + /* Make an empty KDM */ dcp::DecryptedKDM kdm ( begin, @@ -411,6 +416,21 @@ private: return; } + if (find(period_checks.begin(), period_checks.end(), KDMCertificatePeriod::KDM_OUTSIDE_CERTIFICATE) != period_checks.end()) { + error_dialog( + this, + _("Some KDMs would have validity periods which are completely outside the recipient certificate periods. Such KDMs are very unlikely to work, so will not be created.") + ); + return; + } + + if (find(period_checks.begin(), period_checks.end(), KDMCertificatePeriod::KDM_OVERLAPS_CERTIFICATE) != period_checks.end()) { + message_dialog( + this, + _("For some of these KDMs the recipient certificate's validity period will not cover the whole of the KDM validity period. This might cause problems with the KDMs.") + ); + } + auto result = _output->make ( kdms, title, bind (&DOMFrame::confirm_overwrite, this, _1) ); |