Take thumbprint rather than a full dcp::Certificate for trusted devices.

7 files changed, 16 insertions, 13 deletions

diff --git a/src/decrypted_kdm.cc b/src/decrypted_kdm.cc
index 0fa95f9a..756028d1 100644
--- a/src/decrypted_kdm.cc
+++ b/src/decrypted_kdm.cc
@@ -305,7 +305,7 @@ EncryptedKDM
 DecryptedKDM::encrypt (
 	shared_ptr<const CertificateChain> signer,
 	Certificate recipient,
-	vector<Certificate> trusted_devices,
+	vector<string> trusted_devices,
 	Formulation formulation,
 	bool disable_forensic_marking_picture,
 	optional<int> disable_forensic_marking_audio
diff --git a/src/decrypted_kdm.h b/src/decrypted_kdm.h
index 7ae1d161..1cf1e0d4 100644
--- a/src/decrypted_kdm.h
+++ b/src/decrypted_kdm.h
@@ -1,5 +1,5 @@
 /*
-    Copyright (C) 2013-2017 Carl Hetherington <cth@carlh.net>
+    Copyright (C) 2013-2018 Carl Hetherington <cth@carlh.net>
 
     This file is part of libdcp.
 
@@ -121,7 +121,7 @@ public:
 	/** Encrypt this KDM's keys and sign the whole KDM.
 	 *  @param signer Chain to sign with.
 	 *  @param recipient Certificate of the projector/server which should receive this KDM's keys.
-	 *  @param trusted_devices Extra trusted devices which should be written to the KDM (recipient will be written
+	 *  @param trusted_devices Thumbprints of extra trusted devices which should be written to the KDM (recipient will be written
 	 *  as a trusted device automatically and does not need to be included in this list).
 	 *  @param formulation Formulation to use for the encrypted KDM.
 	 *  @param disable_forensic_marking_picture true to disable forensic marking of picture.
@@ -132,7 +132,7 @@ public:
 	EncryptedKDM encrypt (
 		boost::shared_ptr<const CertificateChain> signer,
 		Certificate recipient,
-		std::vector<Certificate> trusted_devices,
+		std::vector<std::string> trusted_devices,
 		Formulation formulation,
 		bool disable_forensic_marking_picture,
 		boost::optional<int> disable_forensic_marking_audio
diff --git a/src/encrypted_kdm.cc b/src/encrypted_kdm.cc
index 7a7d98c1..23052f8a 100644
--- a/src/encrypted_kdm.cc
+++ b/src/encrypted_kdm.cc
@@ -576,10 +576,11 @@ EncryptedKDM::EncryptedKDM (string s)
 	}
 }
 
+/** @param trusted_devices Trusted device thumbprints */
 EncryptedKDM::EncryptedKDM (
 	shared_ptr<const CertificateChain> signer,
 	Certificate recipient,
-	vector<Certificate> trusted_devices,
+	vector<string> trusted_devices,
 	string cpl_id,
 	string content_title_text,
 	optional<string> annotation_text,
@@ -651,8 +652,8 @@ EncryptedKDM::EncryptedKDM (
 				   recipient's thumbprint (recipient.thumbprint()).
 				   Waimea uses only the trusted devices here, too.
 				*/
-				BOOST_FOREACH (Certificate const & i, trusted_devices) {
-					kre.authorized_device_info->certificate_thumbprints.push_back (i.thumbprint ());
+				BOOST_FOREACH (string i, trusted_devices) {
+					kre.authorized_device_info->certificate_thumbprints.push_back (i);
 				}
 			}
 		}
diff --git a/src/encrypted_kdm.h b/src/encrypted_kdm.h
index 3ac15864..e52fa0a1 100644
--- a/src/encrypted_kdm.h
+++ b/src/encrypted_kdm.h
@@ -103,7 +103,7 @@ private:
 	EncryptedKDM (
 		boost::shared_ptr<const CertificateChain> signer,
 		Certificate recipient,
-		std::vector<Certificate> trusted_devices,
+		std::vector<std::string> trusted_devices,
 		std::string cpl_id,
 		std::string cpl_content_title_text,
 		boost::optional<std::string> annotation_text,
diff --git a/test/encryption_test.cc b/test/encryption_test.cc
index 42b93bb0..d7b9aefa 100644
--- a/test/encryption_test.cc
+++ b/test/encryption_test.cc
@@ -1,5 +1,5 @@
 /*
-    Copyright (C) 2013-2015 Carl Hetherington <cth@carlh.net>
+    Copyright (C) 2013-2018 Carl Hetherington <cth@carlh.net>
 
     This file is part of libdcp.
 
@@ -40,6 +40,7 @@
 #include <boost/shared_ptr.hpp>
 
 using std::vector;
+using std::string;
 using boost::shared_ptr;
 
 /** Load a certificate chain from build/test/data/ *.pem and then build
@@ -135,7 +136,7 @@ BOOST_AUTO_TEST_CASE (encryption_test)
 		"2012-07-17T04:45:18+00:00"
 		);
 
-	kdm.encrypt (signer, signer->leaf(), vector<dcp::Certificate>(), dcp::MODIFIED_TRANSITIONAL_1, true, 0).as_xml ("build/test/encryption_test.kdm.xml");
+	kdm.encrypt (signer, signer->leaf(), vector<string>(), dcp::MODIFIED_TRANSITIONAL_1, true, 0).as_xml ("build/test/encryption_test.kdm.xml");
 
 	int r = system (
 		"xmllint --path schema --nonet --noout --schema schema/SMPTE-430-1-2006-Amd-1-2009-KDM.xsd build/test/encryption_test.kdm.xml "
diff --git a/test/kdm_test.cc b/test/kdm_test.cc
index 53aabd87..4a9d4ff8 100644
--- a/test/kdm_test.cc
+++ b/test/kdm_test.cc
@@ -146,7 +146,7 @@ kdm_forensic_test (cxml::Document& doc, bool picture, optional<int> audio)
 	signer->set_key(dcp::file_to_string("test/data/private.key"));
 
 	dcp::EncryptedKDM kdm = decrypted.encrypt (
-		signer, signer->leaf(), vector<dcp::Certificate>(), dcp::MODIFIED_TRANSITIONAL_1, picture, audio
+		signer, signer->leaf(), vector<string>(), dcp::MODIFIED_TRANSITIONAL_1, picture, audio
 		);
 
 	/* Check that we can pass this through correctly */
diff --git a/test/round_trip_test.cc b/test/round_trip_test.cc
index 567d3aa4..9c100124 100644
--- a/test/round_trip_test.cc
+++ b/test/round_trip_test.cc
@@ -1,5 +1,5 @@
 /*
-    Copyright (C) 2013-2015 Carl Hetherington <cth@carlh.net>
+    Copyright (C) 2013-2018 Carl Hetherington <cth@carlh.net>
 
     This file is part of libdcp.
 
@@ -42,6 +42,7 @@
 
 using std::list;
 using std::vector;
+using std::string;
 using boost::shared_ptr;
 using boost::scoped_array;
 
@@ -83,7 +84,7 @@ BOOST_AUTO_TEST_CASE (round_trip_test)
 
 	boost::filesystem::path const kdm_file = work_dir / "kdm.xml";
 
-	kdm_A.encrypt(signer, signer->leaf(), vector<dcp::Certificate>(), dcp::MODIFIED_TRANSITIONAL_1, true, 0).as_xml (kdm_file);
+	kdm_A.encrypt(signer, signer->leaf(), vector<string>(), dcp::MODIFIED_TRANSITIONAL_1, true, 0).as_xml (kdm_file);
 
 	/* Reload the KDM, using our private key to decrypt it */
 	dcp::DecryptedKDM kdm_B (dcp::EncryptedKDM (dcp::file_to_string (kdm_file)), signer->key().get ());