diff options
| author | Carl Hetherington <cth@carlh.net> | 2014-06-26 20:33:19 +0100 |
|---|---|---|
| committer | Carl Hetherington <cth@carlh.net> | 2014-06-26 20:33:19 +0100 |
| commit | d87f979ea98a19614f164a0d49fccc1be926e789 (patch) | |
| tree | 5558493eb6c717f59c587e01a3041d122eb346f4 | |
| parent | ecd8cbc534e82d0644d15fa483c2b6bf54876276 (diff) | |
Forward-port KDM formulation from v0.
| -rw-r--r-- | src/decrypted_kdm.cc | 3 | ||||
| -rw-r--r-- | src/decrypted_kdm.h | 4 | ||||
| -rw-r--r-- | src/encrypted_kdm.cc | 31 | ||||
| -rw-r--r-- | src/encrypted_kdm.h | 6 | ||||
| -rw-r--r-- | src/types.h | 6 | ||||
| -rw-r--r-- | test/encryption_test.cc | 2 | ||||
| -rw-r--r-- | test/round_trip_test.cc | 2 |
7 files changed, 40 insertions, 14 deletions
diff --git a/src/decrypted_kdm.cc b/src/decrypted_kdm.cc index 3d442ce7..8a714b1e 100644 --- a/src/decrypted_kdm.cc +++ b/src/decrypted_kdm.cc @@ -211,7 +211,7 @@ DecryptedKDM::DecryptedKDM ( } EncryptedKDM -DecryptedKDM::encrypt (shared_ptr<const Signer> signer, shared_ptr<const Certificate> recipient) const +DecryptedKDM::encrypt (shared_ptr<const Signer> signer, shared_ptr<const Certificate> recipient, Formulation formulation) const { list<pair<string, string> > key_ids; list<string> keys; @@ -273,6 +273,7 @@ DecryptedKDM::encrypt (shared_ptr<const Signer> signer, shared_ptr<const Certifi _content_title_text, _not_valid_before, _not_valid_after, + formulation, key_ids, keys ); diff --git a/src/decrypted_kdm.h b/src/decrypted_kdm.h index bb50d6ad..3c3d07db 100644 --- a/src/decrypted_kdm.h +++ b/src/decrypted_kdm.h @@ -24,6 +24,7 @@ #include "key.h" #include "local_time.h" #include "decrypted_kdm_key.h" +#include "types.h" #include <boost/filesystem.hpp> namespace dcp { @@ -75,9 +76,10 @@ public: /** Encrypt this KDM's keys and sign the whole KDM. * @param signer Signer. * @param recipient Certificate of the projector/server which should receive this KDM's keys. + * @param formulation Formulation to use for the encrypted KDM. * @return Encrypted KDM. */ - EncryptedKDM encrypt (boost::shared_ptr<const Signer> signer, boost::shared_ptr<const Certificate> recipient) const; + EncryptedKDM encrypt (boost::shared_ptr<const Signer> signer, boost::shared_ptr<const Certificate> recipient, Formulation formulation) const; /** @return This KDM's (decrypted) keys, which could be used to decrypt MXFs. */ std::list<DecryptedKDMKey> keys () const { diff --git a/src/encrypted_kdm.cc b/src/encrypted_kdm.cc index 5330490f..be22ca5b 100644 --- a/src/encrypted_kdm.cc +++ b/src/encrypted_kdm.cc @@ -265,13 +265,7 @@ public: class AuthorizedDeviceInfo { public: - AuthorizedDeviceInfo () - : device_list_identifier (make_uuid ()) - /* Sometimes digital_cinema_tools uses this magic thumbprint instead of that from an actual - recipient certificate. KDMs delivered to City Screen appear to use the same thing. - */ - , certificate_thumbprint ("2jmj7l5rSw0yVb/vlWAYkK/YBwk=") - {} + AuthorizedDeviceInfo () {} AuthorizedDeviceInfo (shared_ptr<const cxml::Node> node) : device_list_identifier (node->string_child ("DeviceListIdentifier").substr (9)) @@ -361,7 +355,9 @@ public: recipient.as_xml (node->add_child ("Recipient")); node->add_child("CompositionPlaylistId")->add_child_text ("urn:uuid:" + composition_playlist_id); - /* XXX: no ContentAuthenticator */ + if (content_authenticator) { + node->add_child("ContentAuthenticator")->add_child_text (content_authenticator.get ()); + } node->add_child("ContentTitleText")->add_child_text (content_title_text); node->add_child("ContentKeysNotValidBefore")->add_child_text (not_valid_before.as_string ()); node->add_child("ContentKeysNotValidAfter")->add_child_text (not_valid_after.as_string ()); @@ -375,6 +371,7 @@ public: Recipient recipient; string composition_playlist_id; + boost::optional<string> content_authenticator; string content_title_text; LocalTime not_valid_before; LocalTime not_valid_after; @@ -500,6 +497,7 @@ EncryptedKDM::EncryptedKDM ( string content_title_text, LocalTime not_valid_before, LocalTime not_valid_after, + Formulation formulation, list<pair<string, string> > key_ids, list<string> keys ) @@ -517,9 +515,26 @@ EncryptedKDM::EncryptedKDM ( kre.recipient.x509_subject_name = recipient->subject (); kre.authorized_device_info.device_list_description = device_list_description; kre.composition_playlist_id = cpl_id; + if (formulation == DCI_ANY || formulation == DCI_SPECIFIC) { + kre.content_authenticator = signer->certificates().leaf()->thumbprint (); + } kre.content_title_text = content_title_text; kre.not_valid_before = not_valid_before; kre.not_valid_after = not_valid_after; + kre.authorized_device_info.device_list_identifier = "urn:uuid:" + make_uuid (); + string n = recipient->common_name (); + if (n.find (".") != string::npos) { + n = n.substr (n.find (".") + 1); + } + kre.authorized_device_info.device_list_description = n; + + if (formulation == MODIFIED_TRANSITIONAL_1 || formulation == DCI_ANY) { + /* Use the "assume trust" thumbprint */ + kre.authorized_device_info.certificate_thumbprint = "2jmj7l5rSw0yVb/vlWAYkK/YBwk="; + } else if (formulation == DCI_SPECIFIC) { + /* Use the recipient thumbprint */ + kre.authorized_device_info.certificate_thumbprint = recipient->thumbprint (); + } for (list<pair<string, string> >::const_iterator i = key_ids.begin(); i != key_ids.end(); ++i) { kre.key_id_list.typed_key_id.push_back (data::TypedKeyId (i->first, i->second)); diff --git a/src/encrypted_kdm.h b/src/encrypted_kdm.h index 41231c2e..0d459d5a 100644 --- a/src/encrypted_kdm.h +++ b/src/encrypted_kdm.h @@ -25,6 +25,7 @@ #define LIBDCP_ENCRYPTED_KDM_H #include "local_time.h" +#include "types.h" #include <boost/filesystem.hpp> #include <boost/date_time/local_time/local_time.hpp> @@ -85,8 +86,9 @@ private: std::string device_list_description, std::string cpl_id, std::string cpl_content_title_text, - LocalTime _not_valid_before, - LocalTime _not_valid_after, + LocalTime not_valid_before, + LocalTime not_valid_after, + Formulation formulation, std::list<std::pair<std::string, std::string> > key_ids, std::list<std::string> keys ); diff --git a/src/types.h b/src/types.h index 5ef04bd3..680f7be8 100644 --- a/src/types.h +++ b/src/types.h @@ -151,6 +151,12 @@ enum Standard { SMPTE }; +enum Formulation { + MODIFIED_TRANSITIONAL_1, + DCI_ANY, + DCI_SPECIFIC +}; + /** @class Color * @brief An RGB color (aka colour). */ diff --git a/test/encryption_test.cc b/test/encryption_test.cc index d5cd46d4..9a3660f9 100644 --- a/test/encryption_test.cc +++ b/test/encryption_test.cc @@ -136,7 +136,7 @@ BOOST_AUTO_TEST_CASE (encryption_test) "2012-07-17T04:45:18+00:00" ); - kdm.encrypt(signer, signer->certificates().leaf()).as_xml ("build/test/bar.kdm.xml"); + kdm.encrypt(signer, signer->certificates().leaf(), dcp::MODIFIED_TRANSITIONAL_1).as_xml ("build/test/bar.kdm.xml"); int r = system ( "xmllint --path schema --nonet --noout --schema schema/SMPTE-430-1-2006-Amd-1-2009-KDM.xsd build/test/bar.kdm.xml " diff --git a/test/round_trip_test.cc b/test/round_trip_test.cc index ef1f1f41..311fe6d5 100644 --- a/test/round_trip_test.cc +++ b/test/round_trip_test.cc @@ -90,7 +90,7 @@ BOOST_AUTO_TEST_CASE (round_trip_test) boost::filesystem::path const kdm_file = work_dir / "kdm.xml"; - kdm_A.encrypt(signer, signer->certificates().leaf()).as_xml (kdm_file); + kdm_A.encrypt(signer, signer->certificates().leaf(), dcp::MODIFIED_TRANSITIONAL_1).as_xml (kdm_file); /* Reload the KDM, using our private key to decrypt it */ dcp::DecryptedKDM kdm_B (dcp::EncryptedKDM (kdm_file), "build/test/signer/leaf.key"); |