diff options
| author | Carl Hetherington <cth@carlh.net> | 2021-01-18 20:13:41 +0100 |
|---|---|---|
| committer | Carl Hetherington <cth@carlh.net> | 2021-01-18 20:13:41 +0100 |
| commit | 8e4f704c6624c42093306918a8904e2159bde141 (patch) | |
| tree | 3dbacecdfbe9454d674ad469d89fb10d8eb0e521 | |
| parent | b2e68c20550fce629d9ebaf1fca5244d1e2ca517 (diff) | |
Bv2.1 8.7: CPLs with encrypted content must be signed.
| -rw-r--r-- | src/verify.cc | 11 | ||||
| -rw-r--r-- | src/verify.h | 2 | ||||
| -rw-r--r-- | test/verify_test.cc | 27 |
3 files changed, 40 insertions, 0 deletions
diff --git a/src/verify.cc b/src/verify.cc index 58e777fb..3f15668f 100644 --- a/src/verify.cc +++ b/src/verify.cc @@ -1300,6 +1300,15 @@ dcp::verify ( } check_extension_metadata (cpl, notes); + + if (cpl->encrypted()) { + cxml::Document doc ("CompositionPlaylist"); + DCP_ASSERT (cpl->file()); + doc.read_file (cpl->file().get()); + if (!doc.optional_node_child("Signature")) { + notes.push_back ({VerificationNote::VERIFY_BV21_ERROR, VerificationNote::CPL_WITH_ENCRYPTED_CONTENT_NOT_SIGNED, cpl->file().get()}); + } + } } } @@ -1441,6 +1450,8 @@ dcp::note_to_string (dcp::VerificationNote note) return "The CPL metadata must contain <ExtensionMetadata>"; case dcp::VerificationNote::INVALID_EXTENSION_METADATA: return String::compose("The <ExtensionMetadata> is malformed in some way: %1", note.note().get()); + case dcp::VerificationNote::CPL_WITH_ENCRYPTED_CONTENT_NOT_SIGNED: + return String::compose("The CPL %1, which has encrypted content, is not signed", note.file()->filename()); } return ""; diff --git a/src/verify.h b/src/verify.h index 60100435..833efa72 100644 --- a/src/verify.h +++ b/src/verify.h @@ -173,6 +173,8 @@ public: MISSING_EXTENSION_METADATA, /** <ExtensionMetadata> must have a particular form Bv2.1_8.6.3 */ INVALID_EXTENSION_METADATA, + /** CPLs containing encrypted content must be signed Bv2.1_8.7 */ + CPL_WITH_ENCRYPTED_CONTENT_NOT_SIGNED }; VerificationNote (Type type, Code code) diff --git a/test/verify_test.cc b/test/verify_test.cc index 34f95aad..3d30797e 100644 --- a/test/verify_test.cc +++ b/test/verify_test.cc @@ -2358,3 +2358,30 @@ BOOST_AUTO_TEST_CASE (verify_cpl_extension_metadata9) } + +BOOST_AUTO_TEST_CASE (verify_encrypted_cpl_is_signed) +{ + boost::filesystem::path dir = "build/test/verify_encrypted_cpl_is_signed"; + prepare_directory (dir); + for (auto i: boost::filesystem::directory_iterator("test/ref/DCP/encryption_test")) { + boost::filesystem::copy_file (i.path(), dir / i.path().filename()); + } + + { + Editor e (dir / "cpl_81fb54df-e1bf-4647-8788-ea7ba154375b.xml"); + e.delete_lines ("<dsig:Signature", "</dsig:Signature>"); + } + + check_verify_result ( + {dir}, + { + { dcp::VerificationNote::VERIFY_ERROR, dcp::VerificationNote::CPL_HASH_INCORRECT }, + { dcp::VerificationNote::VERIFY_ERROR, dcp::VerificationNote::MISSING_FFEC_IN_FEATURE }, + { dcp::VerificationNote::VERIFY_ERROR, dcp::VerificationNote::MISSING_FFMC_IN_FEATURE }, + { dcp::VerificationNote::VERIFY_WARNING, dcp::VerificationNote::MISSING_FFOC }, + { dcp::VerificationNote::VERIFY_WARNING, dcp::VerificationNote::MISSING_LFOC }, + { dcp::VerificationNote::VERIFY_WARNING, dcp::VerificationNote::MISSING_CPL_METADATA }, + { dcp::VerificationNote::VERIFY_BV21_ERROR, dcp::VerificationNote::CPL_WITH_ENCRYPTED_CONTENT_NOT_SIGNED } + }); +} + |