Make disabling forensic marking optional.

6 files changed, 30 insertions, 7 deletions

diff --git a/src/decrypted_kdm.cc b/src/decrypted_kdm.cc
index 1b226d9b..53e958c1 100644
--- a/src/decrypted_kdm.cc
+++ b/src/decrypted_kdm.cc
@@ -303,7 +303,7 @@ DecryptedKDM::add_key (DecryptedKDMKey key)
 
 EncryptedKDM
 DecryptedKDM::encrypt (
-	shared_ptr<const CertificateChain> signer, Certificate recipient, vector<Certificate> trusted_devices, Formulation formulation
+	shared_ptr<const CertificateChain> signer, Certificate recipient, vector<Certificate> trusted_devices, Formulation formulation, int disable_forensic_marking_picture, int disable_forensic_marking_audio
 	) const
 {
 	DCP_ASSERT (!_keys.empty ());
@@ -369,6 +369,8 @@ DecryptedKDM::encrypt (
 		_not_valid_before,
 		_not_valid_after,
 		formulation,
+		disable_forensic_marking_picture,
+		disable_forensic_marking_audio,
 		key_ids,
 		keys
 		);
diff --git a/src/decrypted_kdm.h b/src/decrypted_kdm.h
index 56529b5d..c264bfbc 100644
--- a/src/decrypted_kdm.h
+++ b/src/decrypted_kdm.h
@@ -130,7 +130,9 @@ public:
 		boost::shared_ptr<const CertificateChain> signer,
 		Certificate recipient,
 		std::vector<Certificate> trusted_devices,
-		Formulation formulation
+		Formulation formulation,
+		int disable_forensic_marking_picture,
+		int disable_forensic_marking_audio
 		) const;
 
 	void add_key (boost::optional<std::string> type, std::string key_id, Key key, std::string cpl_id, Standard standard);
diff --git a/src/encrypted_kdm.cc b/src/encrypted_kdm.cc
index 7286f2d7..ebcb41ca 100644
--- a/src/encrypted_kdm.cc
+++ b/src/encrypted_kdm.cc
@@ -41,6 +41,7 @@
 #include <libxml/parser.h>
 #include <boost/date_time/posix_time/posix_time.hpp>
 #include <boost/foreach.hpp>
+#include <boost/format.hpp>
 
 using std::list;
 using std::vector;
@@ -401,9 +402,19 @@ public:
 		}
 		key_id_list.as_xml (node->add_child ("KeyIdList"));
 
-		xmlpp::Element* forensic_mark_flag_list = node->add_child ("ForensicMarkFlagList");
-		forensic_mark_flag_list->add_child("ForensicMarkFlag")->add_child_text ("http://www.smpte-ra.org/430-1/2006/KDM#mrkflg-picture-disable");
-		forensic_mark_flag_list->add_child("ForensicMarkFlag")->add_child_text ("http://www.smpte-ra.org/430-1/2006/KDM#mrkflg-audio-disable");
+		if (disable_forensic_marking_picture || disable_forensic_marking_audio) {
+			xmlpp::Element* forensic_mark_flag_list = node->add_child ("ForensicMarkFlagList");
+			if (disable_forensic_marking_picture) {
+				forensic_mark_flag_list->add_child("ForensicMarkFlag")->add_child_text ("http://www.smpte-ra.org/430-1/2006/KDM#mrkflg-picture-disable");
+			}
+			if (disable_forensic_marking_audio) {
+				string mrkflg = "http://www.smpte-ra.org/430-1/2006/KDM#mrkflg-audio-disable";
+				if (disable_forensic_marking_audio != -1) {
+					mrkflg = str (boost::format (mrkflg + "-above-channel-%u") % disable_forensic_marking_audio);
+				}
+				forensic_mark_flag_list->add_child("ForensicMarkFlag")->add_child_text (mrkflg);
+			}
+		}
 	}
 
 	Recipient recipient;
@@ -412,6 +423,8 @@ public:
 	string content_title_text;
 	LocalTime not_valid_before;
 	LocalTime not_valid_after;
+	int disable_forensic_marking_picture;
+	int disable_forensic_marking_audio;
 	boost::optional<AuthorizedDeviceInfo> authorized_device_info;
 	KeyIdList key_id_list;
 };
@@ -545,6 +558,8 @@ EncryptedKDM::EncryptedKDM (
 	LocalTime not_valid_before,
 	LocalTime not_valid_after,
 	Formulation formulation,
+	int disable_forensic_marking_picture,
+	int disable_forensic_marking_audio,
 	list<pair<string, string> > key_ids,
 	list<string> keys
 	)
@@ -577,6 +592,8 @@ EncryptedKDM::EncryptedKDM (
 	kre.content_title_text = content_title_text;
 	kre.not_valid_before = not_valid_before;
 	kre.not_valid_after = not_valid_after;
+	kre.disable_forensic_marking_picture = disable_forensic_marking_picture;
+	kre.disable_forensic_marking_audio = disable_forensic_marking_audio;
 
 	if (formulation != MODIFIED_TRANSITIONAL_TEST) {
 		kre.authorized_device_info = data::AuthorizedDeviceInfo ();
diff --git a/src/encrypted_kdm.h b/src/encrypted_kdm.h
index 69b9a267..24e8f060 100644
--- a/src/encrypted_kdm.h
+++ b/src/encrypted_kdm.h
@@ -110,6 +110,8 @@ private:
 		LocalTime not_valid_before,
 		LocalTime not_valid_after,
 		Formulation formulation,
+		int disable_forensic_marking_picture,
+		int disable_forensic_marking_audio,
 		std::list<std::pair<std::string, std::string> > key_ids,
 		std::list<std::string> keys
 		);
diff --git a/test/encryption_test.cc b/test/encryption_test.cc
index f5298725..7b41e096 100644
--- a/test/encryption_test.cc
+++ b/test/encryption_test.cc
@@ -135,7 +135,7 @@ BOOST_AUTO_TEST_CASE (encryption_test)
 		"2012-07-17T04:45:18+00:00"
 		);
 
-	kdm.encrypt (signer, signer->leaf(), vector<dcp::Certificate>(), dcp::MODIFIED_TRANSITIONAL_1).as_xml ("build/test/encryption_test.kdm.xml");
+	kdm.encrypt (signer, signer->leaf(), vector<dcp::Certificate>(), dcp::MODIFIED_TRANSITIONAL_1, -1, -1).as_xml ("build/test/encryption_test.kdm.xml");
 
 	int r = system (
 		"xmllint --path schema --nonet --noout --schema schema/SMPTE-430-1-2006-Amd-1-2009-KDM.xsd build/test/encryption_test.kdm.xml "
diff --git a/test/round_trip_test.cc b/test/round_trip_test.cc
index 396dba67..1fd89dbb 100644
--- a/test/round_trip_test.cc
+++ b/test/round_trip_test.cc
@@ -83,7 +83,7 @@ BOOST_AUTO_TEST_CASE (round_trip_test)
 
 	boost::filesystem::path const kdm_file = work_dir / "kdm.xml";
 
-	kdm_A.encrypt(signer, signer->leaf(), vector<dcp::Certificate>(), dcp::MODIFIED_TRANSITIONAL_1).as_xml (kdm_file);
+	kdm_A.encrypt(signer, signer->leaf(), vector<dcp::Certificate>(), dcp::MODIFIED_TRANSITIONAL_1, -1, -1).as_xml (kdm_file);
 
 	/* Reload the KDM, using our private key to decrypt it */
 	dcp::DecryptedKDM kdm_B (dcp::EncryptedKDM (dcp::file_to_string (kdm_file)), signer->key().get ());