Test hack.

3 files changed, 77 insertions, 2 deletions

diff --git a/src/verify.cc b/src/verify.cc
index b10f25c1..367a0f49 100644
--- a/src/verify.cc
+++ b/src/verify.cc
@@ -297,6 +297,13 @@ validate_xml (boost::filesystem::path xml_file, boost::filesystem::path xsd_dtd_
 }
 
 
+void
+verify_signer (shared_ptr<CPL> cpl, list<VerificationNote>& notes)
+{
+
+}
+
+
 enum VerifyAssetResult {
 	VERIFY_ASSET_RESULT_GOOD,
 	VERIFY_ASSET_RESULT_CPL_PKL_DIFFER,
@@ -432,6 +439,7 @@ dcp::verify (
 		BOOST_FOREACH (shared_ptr<CPL> cpl, dcp->cpls()) {
 			stage ("Checking CPL", cpl->file());
 			validate_xml (cpl->file().get(), xsd_dtd_directory, notes);
+			verify_signer (cpl);
 
 			/* Check that the CPL's hash corresponds to the PKL */
 			BOOST_FOREACH (shared_ptr<PKL> i, dcp->pkls()) {
diff --git a/test/verify_test.cc b/test/verify_test.cc
index 7a553d07..87f417d0 100644
--- a/test/verify_test.cc
+++ b/test/verify_test.cc
@@ -41,6 +41,7 @@
 #include "openjpeg_image.h"
 #include "mono_picture_asset.h"
 #include "mono_picture_asset_writer.h"
+#include "certificate_chain.h"
 #include "compose.hpp"
 #include <boost/test/unit_test.hpp>
 #include <boost/foreach.hpp>
@@ -534,7 +535,7 @@ random_image ()
 
 static
 void
-dcp_from_frame (dcp::Data const& frame, boost::filesystem::path dir)
+dcp_from_frame (dcp::Data const& frame, boost::filesystem::path dir, shared_ptr<const dcp::CertificateChain> signer = shared_ptr<const dcp::CertificateChain>())
 {
 	shared_ptr<dcp::MonoPictureAsset> asset(new dcp::MonoPictureAsset(dcp::Fraction(24, 1), dcp::SMPTE));
 	boost::filesystem::create_directories (dir);
@@ -551,7 +552,7 @@ dcp_from_frame (dcp::Data const& frame, boost::filesystem::path dir)
 	cpl->add (reel);
 	shared_ptr<dcp::DCP> dcp(new dcp::DCP(dir));
 	dcp->add (cpl);
-	dcp->write_xml (dcp::SMPTE);
+	dcp->write_xml (dcp::SMPTE, dcp::XMLMetadata(), signer);
 }
 
 
@@ -607,3 +608,23 @@ BOOST_AUTO_TEST_CASE (verify_test17)
 	BOOST_REQUIRE_EQUAL (notes.size(), 0);
 }
 
+
+/* DCP with a signer chain that is out of order */
+BOOST_AUTO_TEST_CASE (verify_test18)
+{
+	shared_ptr<dcp::OpenJPEGImage> image = random_image ();
+	dcp::Data frame = dcp::compress_j2k (image, 100000000, 24, false, false);
+	boost::filesystem::path const dir("build/test/verify_test18");
+
+	shared_ptr<dcp::CertificateChain> signer(new dcp::CertificateChain(boost::filesystem::path("openssl")));
+	dcp::Certificate root = signer->root();
+	signer->remove (root);
+	signer->add (root);
+
+	dcp_from_frame (frame, dir, signer);
+	vector<boost::filesystem::path> dirs;
+	dirs.push_back (dir);
+	list<dcp::VerificationNote> notes = dcp::verify (dirs, &stage, &progress, "xsd");
+	BOOST_REQUIRE_EQUAL (notes.size(), 0);
+}
+
diff --git a/verify.c b/verify.c
new file mode 100644
index 00000000..419a7d42
--- /dev/null
+++ b/verify.c
@@ -0,0 +1,46 @@
+/* gcc -o verify verify.c -I/usr/include/libxml2 $(pkg-config --cflags --libs xmlsec1) && ./verify */
+#include <libxml/parser.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/app.h>
+#include <xmlsec/xmldsig.h>
+
+int main()
+{
+	int const size = 9218;
+	char* buffer = malloc(size);
+	FILE* f = fopen("test.xml", "r");
+	fread(buffer, 1, size, f);
+	fclose(f);
+	xmlDocPtr doc = xmlReadMemory(buffer, size, "noname.xml", NULL, 0);
+	if (!doc) {
+		fprintf(stderr, "parse\n");
+		exit(1);
+	}
+
+	xmlNodePtr node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
+	if (!node) {
+		fprintf(stderr, "find the node\n");
+		exit(1);
+	}
+
+	xmlSecKeysMngrPtr keys_manager = xmlSecKeysMngrCreate();
+
+	xmlSecDSigCtxPtr dsig_context = xmlSecDSigCtxCreate(keys_manager);
+	if (!dsig_context) {
+		fprintf(stderr, "make context\n");
+		exit(1);
+	}
+
+	xmlSecDSigCtxEnableSignatureTransform(dsig_context, xmlSecTransformInclC14NId);
+	xmlSecDSigCtxEnableSignatureTransform(dsig_context, xmlSecTransformExclC14NId);
+	xmlSecDSigCtxEnableReferenceTransform(dsig_context, xmlSecTransformInclC14NId);
+	xmlSecDSigCtxEnableReferenceTransform(dsig_context, xmlSecTransformExclC14NId);
+
+	if (xmlSecDSigCtxVerify(dsig_context, node) < 0) {
+		fprintf(stderr, "nope\n");
+		exit(1);
+	}
+}
+
+