Some new features in dcpkdm.

5 files changed, 70 insertions, 1 deletions

diff --git a/src/certificate.cc b/src/certificate.cc
index a83d800d..6edf4f4c 100644
--- a/src/certificate.cc
+++ b/src/certificate.cc
@@ -337,6 +337,40 @@ Certificate::subject_organizational_unit_name () const
 	return get_name_part (X509_get_subject_name (_certificate), NID_organizationalUnitName);
 }
 
+static
+struct tm
+convert_time (ASN1_TIME const * time)
+{
+	struct tm t;
+	char const * s = (char const *) time->data;
+
+	if (time->type == V_ASN1_UTCTIME) {
+		sscanf(s, "%2d%2d%2d%2d%2d%2d", &t.tm_year, &t.tm_mon, &t.tm_mday, &t.tm_hour, &t.tm_min, &t.tm_sec);
+		if (t.tm_year < 70) {
+			t.tm_year += 100;
+		}
+	} else if (time->type == V_ASN1_GENERALIZEDTIME) {
+		sscanf(s, "%4d%2d%2d%2d%2d%2d", &t.tm_year, &t.tm_mon, &t.tm_mday, &t.tm_hour, &t.tm_min, &t.tm_sec);
+		t.tm_year -= 1900;
+	}
+
+	return t;
+}
+
+struct tm
+Certificate::not_before () const
+{
+	DCP_ASSERT (_certificate);
+	return convert_time(X509_get0_notBefore(_certificate));
+}
+
+struct tm
+Certificate::not_after () const
+{
+	DCP_ASSERT (_certificate);
+	return convert_time(X509_get0_notAfter(_certificate));
+}
+
 string
 Certificate::serial () const
 {
diff --git a/src/certificate.h b/src/certificate.h
index 0d333f1e..4be673cc 100644
--- a/src/certificate.h
+++ b/src/certificate.h
@@ -81,6 +81,8 @@ public:
 	std::string subject_common_name () const;
 	std::string subject_organization_name () const;
 	std::string subject_organizational_unit_name () const;
+	struct tm not_before () const;
+	struct tm not_after () const;
 
 	X509* x509 () const {
 		return _certificate;
diff --git a/src/encrypted_kdm.cc b/src/encrypted_kdm.cc
index 996708ad..071bf870 100644
--- a/src/encrypted_kdm.cc
+++ b/src/encrypted_kdm.cc
@@ -772,6 +772,17 @@ EncryptedKDM::recipient_x509_subject_name () const
 	return _data->authenticated_public.required_extensions.kdm_required_extensions.recipient.x509_subject_name;
 }
 
+CertificateChain
+EncryptedKDM::signer_certificate_chain () const
+{
+	CertificateChain chain;
+	BOOST_FOREACH (data::X509Data const & i, _data->signature.x509_data) {
+		string s = "-----BEGIN CERTIFICATE-----\n" + i.x509_certificate + "\n-----END CERTIFICATE-----";
+		chain.add (Certificate(s));
+	}
+	return chain;
+}
+
 bool
 dcp::operator== (EncryptedKDM const & a, EncryptedKDM const & b)
 {
diff --git a/src/encrypted_kdm.h b/src/encrypted_kdm.h
index e52fa0a1..ddc0273a 100644
--- a/src/encrypted_kdm.h
+++ b/src/encrypted_kdm.h
@@ -94,6 +94,7 @@ public:
 	LocalTime not_valid_before () const;
 	LocalTime not_valid_after () const;
 	std::string recipient_x509_subject_name () const;
+	CertificateChain signer_certificate_chain () const;
 
 private:
 
diff --git a/tools/dcpkdm.cc b/tools/dcpkdm.cc
index a04e4ba0..6ffabfe7 100644
--- a/tools/dcpkdm.cc
+++ b/tools/dcpkdm.cc
@@ -1,5 +1,5 @@
 /*
-    Copyright (C) 2017 Carl Hetherington <cth@carlh.net>
+    Copyright (C) 2017-2019 Carl Hetherington <cth@carlh.net>
 
     This file is part of libdcp.
 
@@ -35,6 +35,7 @@
 #include "decrypted_kdm.h"
 #include "util.h"
 #include "exceptions.h"
+#include "certificate_chain.h"
 #include <boost/foreach.hpp>
 #include <getopt.h>
 
@@ -51,6 +52,14 @@ help (string n)
 	     << "  -p, --private-key  private key file\n";
 }
 
+static string
+tm_to_string (struct tm t)
+{
+	char buffer[64];
+	snprintf (buffer, 64, "%02d/%02d/%02d %02d:%02d:%02d", t.tm_mday, t.tm_mon, (t.tm_year + 1900), t.tm_hour, t.tm_min, t.tm_sec);
+	return buffer;
+}
+
 int
 main (int argc, char* argv[])
 {
@@ -96,6 +105,18 @@ main (int argc, char* argv[])
 	cout << "CPL id:        " << enc_kdm.cpl_id() << "\n";
 	cout << "Recipient:     " << enc_kdm.recipient_x509_subject_name() << "\n";
 
+	cout << "Signer chain:\n";
+	dcp::CertificateChain signer = enc_kdm.signer_certificate_chain ();
+	BOOST_FOREACH (dcp::Certificate const & i, signer.root_to_leaf()) {
+		cout << "\tCertificate:\n";
+		cout << "\t\tSubject: " << i.subject() << "\n";
+		cout << "\t\tSubject common name: " << i.subject_common_name() << "\n";
+		cout << "\t\tSubject organization name: " << i.subject_organization_name() << "\n";
+		cout << "\t\tSubject organizational unit name: " << i.subject_organizational_unit_name() << "\n";
+		cout << "\t\tNot before: " << tm_to_string(i.not_before()) << "\n";
+		cout << "\t\tNot after:  " << tm_to_string(i.not_after()) << "\n";
+	}
+
 	if (private_key_file) {
 		try {
 			dcp::DecryptedKDM dec_kdm (enc_kdm, dcp::file_to_string (private_key_file.get()));