A few more untested bits.

3 files changed, 50 insertions, 7 deletions

diff --git a/src/certificates.cc b/src/certificates.cc
index c1e71b14..fe03f10e 100644
--- a/src/certificates.cc
+++ b/src/certificates.cc
@@ -118,3 +118,11 @@ CertificateChain::leaf () const
 	assert (_certificates.size() >= 2);
 	return _certificates.back ();
 }
+
+list<shared_ptr<Certificate> >
+CertificateChain::leaf_to_root () const
+{
+	list<shared_ptr<Certificate> > c = _certificates;
+	c.reverse ();
+	return c;
+}
diff --git a/src/certificates.h b/src/certificates.h
index 6baea84a..428c36ea 100644
--- a/src/certificates.h
+++ b/src/certificates.h
@@ -36,6 +36,8 @@ public:
 	boost::shared_ptr<Certificate> root () const;
 	boost::shared_ptr<Certificate> leaf () const;
 
+	std::list<boost::shared_ptr<Certificate> > leaf_to_root () const;
+
 private:
 	friend class ::certificates;
 	std::list<boost::shared_ptr<Certificate> > _certificates;
diff --git a/src/dcp.cc b/src/dcp.cc
index 4b5e6789..647ff7f6 100644
--- a/src/dcp.cc
+++ b/src/dcp.cc
@@ -457,13 +457,46 @@ CPL::write_xml (bool encrypted, CertificateChain const & certificates) const
 	   << "  </ReelList>\n";
 
 	if (encrypted) {
-		os << "  <dsig:X509Data>\n"
-		   << "    <dsig:X509IssuerSerial>\n"
-		   << "      <dsig:X509IssuerName>" << Certificate::name_for_xml (certificates.leaf()->issuer()) << "</dsig:IssuerName>\n"
-		   << "      <dsig:X509SerialNumber>" << certificates.leaf()->serial() << "</dsig:X509SerialNumber>\n"
-		   << "    <dsig:X509IssuerSerial>\n"
-		   << "    <dsig:X509SubjectName>" << Certificate::name_for_xml (certificates.leaf()->subject()) << "</dsig:X509SubjectName>\n"
-		   << "  </dsig:X509Data>\n";
+		os << "  <Signer>\n"
+		   << "    <dsig:X509Data>\n"
+		   << "      <dsig:X509IssuerSerial>\n"
+		   << "        <dsig:X509IssuerName>" << Certificate::name_for_xml (certificates.leaf()->issuer()) << "</dsig:IssuerName>\n"
+		   << "        <dsig:X509SerialNumber>" << certificates.leaf()->serial() << "</dsig:X509SerialNumber>\n"
+		   << "      <dsig:X509IssuerSerial>\n"
+		   << "      <dsig:X509SubjectName>" << Certificate::name_for_xml (certificates.leaf()->subject()) << "</dsig:X509SubjectName>\n"
+		   << "    </dsig:X509Data>\n"
+		   << "  </Signer>\n"
+		   << "  <dsig:Signature>\n"
+		   << "    <dsig:SignedInfo>\n"
+		   << "      <dsig:CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/>\n"
+		   << "      <dsig:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/>\n"
+		   << "      <dsig:Reference URI=\"\">\n"
+		   << "        <dsig:Transforms>\n"
+		   << "          <dsig:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>\n"
+		   << "        </dsig:Transforms>\n"
+		   << "        <dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>\n"
+			/* this is done by xmlsec1 in cinemaslides */
+		   << "        <dsig:DigestValue>" << "XXX" << "</dsig:DigestValue>\n"
+		   << "      </dsig:Reference>\n"
+		   << "    </dsig:SignedInfo>\n"
+			/* this is done by xmlsec1 in cinemaslides */
+		   << "    <dsig:SignatureValue>" << "XXX" << "</dsig:SignatureValue>\n";
+		
+		os << "    <dsig:KeyInfo>\n";
+		
+		list<shared_ptr<Certificate> > c = certificates.leaf_to_root ();
+		for (list<shared_ptr<Certificate> >::iterator i = c.begin(); i != c.end(); ++i) {
+			os << "      <dsig:X509Data>\n"
+			   << "        <dsig:X509IssuerSerial>\n"
+			   << "          <dsig:X509IssuerName>" << Certificate::name_for_xml ((*i)->issuer()) << "</dsig:IssuerName>\n"
+			   << "          <dsig:X509SerialNumber>" << (*i)->serial() << "</dsig:X509SerialNumber>\n"
+			   << "        </dsig:X509IssuerSerial>\n"
+			   << "        <dsig:X509Certificate>" << "XXX" << "</dsig:X509Certificate>\n"
+			   << "      </dsig:X509Data>\n";
+		}
+
+		os << "    </dsig:KeyInfo>\n";
+		os << "  </dsig:Signature>\n";
 	}
 	
 	os << "</CompositionPlaylist>\n";