diff options
| author | Carl Hetherington <cth@carlh.net> | 2014-03-19 09:30:38 +0000 |
|---|---|---|
| committer | Carl Hetherington <cth@carlh.net> | 2014-03-19 09:30:38 +0000 |
| commit | c91aa27e13703874c944fed763b5b039ceae71d2 (patch) | |
| tree | 44ad2c16ba04371bb22bf068813f361a2fd6dcf4 /src | |
| parent | 77b0ffe6c50796b8fb132f56394995e0df089713 (diff) | |
Partial tidy-up of KDM classes.
Diffstat (limited to 'src')
| -rw-r--r-- | src/kdm.cc | 219 | ||||
| -rw-r--r-- | src/kdm.h | 32 | ||||
| -rw-r--r-- | src/kdm_smpte_xml.h | 430 | ||||
| -rw-r--r-- | src/mxf.cc | 2 |
4 files changed, 171 insertions, 512 deletions
@@ -42,6 +42,7 @@ using std::list; using std::string; using std::stringstream; +using std::map; using std::hex; using std::setw; using std::setfill; @@ -50,7 +51,6 @@ using boost::shared_ptr; using namespace dcp; KDM::KDM (boost::filesystem::path kdm, boost::filesystem::path private_key) - : _xml_kdm (new xml::DCinemaSecurityMessage (kdm)) { /* Read the private key */ @@ -65,9 +65,20 @@ KDM::KDM (boost::filesystem::path kdm, boost::filesystem::path private_key) throw FileError ("could not read RSA private key file", private_key, errno); } - /* Use it to decrypt the keys */ + /* Read the encrypted keys from the XML */ + /* XXX: this should be reading more stuff from the XML to fill our member variables */ - list<string> encrypted_keys = _xml_kdm->authenticated_private.encrypted_keys; + list<string> encrypted_keys; + cxml::Document doc ("DCinemaSecurityMessage"); + doc.read_file (kdm.string ()); + + shared_ptr<cxml::Node> authenticated_private = doc.node_child ("AuthenticatedPrivate"); + list<shared_ptr<cxml::Node> > encrypted_key_tags = authenticated_private->node_children ("EncryptedKey"); + for (list<shared_ptr<cxml::Node> >::const_iterator i = encrypted_key_tags.begin(); i != encrypted_key_tags.end(); ++i) { + encrypted_keys.push_back ((*i)->node_child("CipherData")->string_child ("CipherValue")); + } + + /* Use the private key to decrypt the keys */ for (list<string>::iterator i = encrypted_keys.begin(); i != encrypted_keys.end(); ++i) { @@ -97,114 +108,168 @@ KDM::KDM ( boost::posix_time::ptime not_valid_before, boost::posix_time::ptime not_valid_after, string annotation_text, string issue_date ) - : _xml_kdm (new xml::DCinemaSecurityMessage) + : _id (make_uuid ()) + , _annotation_text (annotation_text) + , _issue_date (issue_date) + , _recipient_cert (recipient_cert) + , _cpl (cpl) + , _signer (signer) + , _not_valid_before (not_valid_before) + , _not_valid_after (not_valid_after) + , _device_list_identifier_id (make_uuid ()) { - xml::AuthenticatedPublic& apu = _xml_kdm->authenticated_public; - - /* AuthenticatedPublic */ - - apu.message_id = "urn:uuid:" + make_uuid (); - apu.message_type = "http://www.smpte-ra.org/430-1/2006/KDM#kdm-key-type"; - apu.annotation_text = annotation_text; - apu.issue_date = issue_date; - apu.signer.x509_issuer_name = signer->certificates().leaf()->issuer (); - apu.signer.x509_serial_number = signer->certificates().leaf()->serial (); - apu.recipient.x509_issuer_serial.x509_issuer_name = recipient_cert->issuer (); - apu.recipient.x509_issuer_serial.x509_serial_number = recipient_cert->serial (); - apu.recipient.x509_subject_name = recipient_cert->subject (); - apu.composition_playlist_id = "urn:uuid:" + cpl->id (); -// apu.content_authenticator = signer->certificates().leaf()->thumbprint (); - apu.content_title_text = cpl->content_title_text (); - apu.content_keys_not_valid_before = ptime_to_string (not_valid_before); - apu.content_keys_not_valid_after = ptime_to_string (not_valid_after); - apu.authorized_device_info.device_list_identifier = "urn:uuid:" + make_uuid (); - string n = recipient_cert->common_name (); - if (n.find (".") != string::npos) { - n = n.substr (n.find (".") + 1); - } - apu.authorized_device_info.device_list_description = n; -// apu.authorized_device_info.device_list.push_back (recipient_cert->thumbprint ()); - - /* Sometimes digital_cinema_tools uses this magic thumbprint instead of that from an actual - recipient certificate. KDMs delivered to City Screen appear to use the same thing. + /* Set up our KDMKey objects. This extracts Key objects from each MXF asset and + puts them (with other stuff) into KDMKey objects. */ - apu.authorized_device_info.device_list.push_back ("2jmj7l5rSw0yVb/vlWAYkK/YBwk="); - list<shared_ptr<const Content> > content = cpl->content (); for (list<shared_ptr<const Content> >::iterator i = content.begin(); i != content.end(); ++i) { /* XXX: non-MXF assets? */ shared_ptr<const MXF> mxf = boost::dynamic_pointer_cast<const MXF> (*i); if (mxf) { - apu.key_id_list.push_back (xml::TypedKeyId (mxf->key_type(), "urn:uuid:" + mxf->key_id())); + _keys.push_back ( + KDMKey ( + signer, cpl->id (), mxf->key_type (), mxf->key_id (), + not_valid_before, not_valid_after, mxf->key().get() + ) + ); } } +} - apu.forensic_mark_flag_list.push_back ("http://www.smpte-ra.org/430-1/2006/KDM#mrkflg-picture-disable"); - apu.forensic_mark_flag_list.push_back ("http://www.smpte-ra.org/430-1/2006/KDM#mrkflg-audio-disable"); - - /* AuthenticatedPrivate */ - +void +KDM::authenticated_public (xmlpp::Element* node, map<string, xmlpp::Attribute *>& references) const +{ + references["ID_AuthenticatedPublic"] = node->set_attribute ("Id", "ID_AuthenticatedPublic"); + node->add_child("MessageId")->add_child_text ("urn:uuid:" + _id); + node->add_child("MessageType")->add_child_text ("http://www.smpte-ra.org/430-1/2006/KDM#kdm-key-type"); + node->add_child("AnnotationText")->add_child_text (_annotation_text); + node->add_child("IssueDate")->add_child_text (_issue_date); + + /* Signer */ + xmlpp::Element* signer = node->add_child ("Signer"); + signer->add_child("X509IssuerName", "ds")->add_child_text (_signer->certificates().leaf()->issuer ()); + signer->add_child("X509SerialNumber", "ds")->add_child_text (_signer->certificates().leaf()->serial ()); + + /* Everything else is in RequiredExtensions/KDMRequiredExtensions */ + xmlpp::Element* kdm_required_extensions = node->add_child("RequiredExtensions")->add_child("KDMRequiredExtensions"); + kdm_required_extensions->set_attribute ("xmlns", "http://www.smpte-ra.org/schemas/430-1/2006/KDM"); + + /* Recipient */ + xmlpp::Element* recipient = kdm_required_extensions->add_child ("Recipient"); + xmlpp::Element* x509_issuer_serial = recipient->add_child ("X509IssuerSerial"); + x509_issuer_serial->add_child("X509IssuerName", "ds")->add_child_text (_recipient_cert->issuer ()); + x509_issuer_serial->add_child("X509SerialNumber", "ds")->add_child_text (_recipient_cert->serial ()); + recipient->add_child("X509SubjectName")->add_child_text (_recipient_cert->subject ()); + + kdm_required_extensions->add_child("CompositionPlaylistId")->add_child_text ("urn:uuid:" + _cpl->id ()); + /* XXX: no ContentAuthenticator */ + kdm_required_extensions->add_child("ContentTitleText")->add_child_text (_cpl->content_title_text ()); + kdm_required_extensions->add_child("ContentKeysNotValidBefore")->add_child_text (ptime_to_string (_not_valid_before)); + kdm_required_extensions->add_child("ContentKeysNotValidAfter")->add_child_text (ptime_to_string (_not_valid_after)); + + /* AuthorizedDeviceInfo */ + xmlpp::Element* authorized_device_info = kdm_required_extensions->add_child("AuthorizedDeviceInfo"); + authorized_device_info->add_child ("DeviceListIdentifier")->add_child_text ("urn:uuid:" + _device_list_identifier_id); + string n = _recipient_cert->common_name (); + if (n.find (".") != string::npos) { + n = n.substr (n.find (".") + 1); + } + authorized_device_info->add_child ("DeviceListDescription")->add_child_text (n); + xmlpp::Element* device_list = authorized_device_info->add_child ("DeviceList"); + /* Sometimes digital_cinema_tools uses this magic thumbprint instead of that from an actual + recipient certificate. KDMs delivered to City Screen appear to use the same thing. + */ + device_list->add_child("CertificateThumbprint")->add_child_text ("2jmj7l5rSw0yVb/vlWAYkK/YBwk="); + + /* KeyIdList */ + xmlpp::Element* key_id_list = kdm_required_extensions->add_child("KeyIdList"); + list<shared_ptr<const Content> > content = _cpl->content (); for (list<shared_ptr<const Content> >::iterator i = content.begin(); i != content.end(); ++i) { /* XXX: non-MXF assets? */ shared_ptr<const MXF> mxf = boost::dynamic_pointer_cast<const MXF> (*i); if (mxf) { - KDMKey kkey ( - signer, cpl->id (), mxf->key_type (), mxf->key_id (), - not_valid_before, not_valid_after, mxf->key().get() - ); - - _keys.push_back (kkey); - _xml_kdm->authenticated_private.encrypted_keys.push_back (kkey.encrypted_base64 (recipient_cert)); + xmlpp::Element* typed_key_id = key_id_list->add_child ("TypedKeyId"); + typed_key_id->add_child("KeyType")->add_child_text (mxf->key_type ()); + typed_key_id->add_child("KeyId")->add_child_text ("urn:uuid:" + mxf->key_id ()); } } - - /* Signature */ - - shared_ptr<xmlpp::Document> doc = _xml_kdm->as_xml (); - shared_ptr<cxml::Node> root (new cxml::Node (doc->get_root_node ())); - xmlpp::Node* signature = root->node_child("Signature")->node(); - signer->add_signature_value (signature, "ds"); - _xml_kdm->signature = xml::Signature (shared_ptr<cxml::Node> (new cxml::Node (signature))); + + /* ForensicMarkFlagList */ + xmlpp::Element* forensic_mark_flag_list = kdm_required_extensions->add_child ("ForensicMarkFlagList"); + forensic_mark_flag_list->add_child("ForensicMarkFlag")->add_child_text ("http://www.smpte-ra.org/430-1/2006/KDM#mrkflg-picture-disable"); + forensic_mark_flag_list->add_child("ForensicMarkFlag")->add_child_text ("http://www.smpte-ra.org/430-1/2006/KDM#mrkflg-audio-disable"); + + node->add_child ("NonCriticalExtensions"); } -KDM::KDM (KDM const & other) - : _keys (other._keys) - , _xml_kdm (new xml::DCinemaSecurityMessage (*other._xml_kdm.get())) +void +KDM::authenticated_private (xmlpp::Element* node, map<string, xmlpp::Attribute *>& references) const { - + references["ID_AuthenticatedPrivate"] = node->set_attribute ("Id", "ID_AuthenticatedPrivate"); + + for (list<KDMKey>::const_iterator i = _keys.begin(); i != _keys.end(); ++i) { + xmlpp::Element* encrypted_key = node->add_child ("EncryptedKey", "enc"); + xmlpp::Element* encryption_method = encrypted_key->add_child ("EncryptionMethod", "enc"); + encryption_method->set_attribute ("Algorithm", "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"); + xmlpp::Element* digest_method = encryption_method->add_child ("DigestMethod", "ds"); + digest_method->set_attribute ("Algorithm", "http://www.w3.org/2000/09/xmldsig#sha1"); + xmlpp::Element* cipher_data = encrypted_key->add_child ("CipherData", "enc"); + cipher_data->add_child("CipherValue", "enc")->add_child_text (i->encrypted_base64 (_recipient_cert)); + } } -KDM & -KDM::operator= (KDM const & other) +void +KDM::signature (xmlpp::Element* node, map<string, xmlpp::Attribute *> const & references) const { - if (this == &other) { - return *this; + xmlpp::Element* signed_info = node->add_child ("SignedInfo", "ds"); + signed_info->add_child ("CanonicalizationMethod", "ds")->set_attribute ("Algorithm", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"); + signed_info->add_child ("SignatureMethod", "ds")->set_attribute ("Algorithm", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); + + for (map<string, xmlpp::Attribute *>::const_iterator i = references.begin(); i != references.end(); ++i) { + xmlpp::Element* reference = signed_info->add_child ("Reference", "ds"); + reference->set_attribute ("URI", "#" + i->first); + reference->add_child("DigestMethod", "ds")->set_attribute ("Algorithm", "http://www.w3.org/2001/04/xmlenc#sha256"); + reference->add_child("DigestValue", "ds")->add_child_text (""); } - - _keys = other._keys; - _xml_kdm.reset (new xml::DCinemaSecurityMessage (*other._xml_kdm.get ())); - - return *this; + + node->add_child("SignatureValue", "ds")->add_child_text (""); + node->add_child("KeyInfo", "ds"); } - + void KDM::as_xml (boost::filesystem::path path) const { - shared_ptr<xmlpp::Document> doc = _xml_kdm->as_xml (); - /* This must *not* be the _formatted version, otherwise the signature - will be wrong. - */ - doc->write_to_file (path.string(), "UTF-8"); + FILE* f = fopen_boost (path, "w"); + string const x = as_xml (); + fwrite (x.c_str(), 1, x.length(), f); + fclose (f); } - + string KDM::as_xml () const { - shared_ptr<xmlpp::Document> doc = _xml_kdm->as_xml (); + xmlpp::Document document; + xmlpp::Element* root = document.create_root_node ("DCinemaSecurityMessage", "http://www.smpte-ra.org/schemas/430-3/2006/ETM"); + root->set_namespace_declaration ("http://www.w3.org/2000/09/xmldsig#", "ds"); + root->set_namespace_declaration ("http://www.w3.org/2001/04/xmlenc#", "enc"); + + map<string, xmlpp::Attribute *> references; + authenticated_public (root->add_child ("AuthenticatedPublic"), references); + authenticated_private (root->add_child ("AuthenticatedPrivate"), references); + + xmlpp::Element* signature_node = root->add_child ("Signature", "ds"); + signature (signature_node, references); + + for (map<string, xmlpp::Attribute*>::const_iterator i = references.begin(); i != references.end(); ++i) { + xmlAddID (0, document.cobj(), (const xmlChar *) i->first.c_str(), i->second->cobj ()); + } + + _signer->add_signature_value (signature_node, "ds"); + /* This must *not* be the _formatted version, otherwise the signature will be wrong. */ - return doc->write_to_string ("UTF-8"); + return document.write_to_string ("UTF-8"); } KDMKey::KDMKey ( @@ -32,11 +32,16 @@ class kdm_key_test; +namespace xmlpp { + class Element; + class Attribute; +} + namespace dcp { namespace xml { class DCinemaSecurityMessage; -}; +} class Signer; class Certificate; @@ -82,7 +87,7 @@ public: ); KDMKey (KDMKey const &); - + KDMKey& operator= (KDMKey const &); /** @return ID of the CPL that the KDM is for */ @@ -189,11 +194,30 @@ public: std::string as_xml () const; private: + void authenticated_public (xmlpp::Element *, std::map<std::string, xmlpp::Attribute *>& references) const; + void authenticated_private (xmlpp::Element *, std::map<std::string, xmlpp::Attribute *>& references) const; + void signature (xmlpp::Element *, std::map<std::string, xmlpp::Attribute *> const & references) const; + /** Unencrypted MXF content keys */ std::list<KDMKey> _keys; - /** The KDM's contents, mapped 1:1-ish to the XML */ - boost::shared_ptr<xml::DCinemaSecurityMessage> _xml_kdm; + /** AuthenticatedPublic/MessageId (without the urn:uuid: prefix) */ + std::string _id; + /** AuthenticatedPublic/AnnotationText */ + std::string _annotation_text; + /** AuthenticatedPublic/IssueDate */ + std::string _issue_date; + /** Certificate of recipient */ + boost::shared_ptr<const Certificate> _recipient_cert; + /** CPL that this KDM is for, or 0 if we do not have a CPL object */ + boost::shared_ptr<const CPL> _cpl; + boost::shared_ptr<const Signer> _signer; + /** Start time for this KDM */ + boost::posix_time::ptime _not_valid_before; + /** End time for this KDM */ + boost::posix_time::ptime _not_valid_after; + /** KDMRequiredExtensions/AuthorizedDeviceInfo/DeviceListIdentifier */ + std::string _device_list_identifier_id; }; diff --git a/src/kdm_smpte_xml.h b/src/kdm_smpte_xml.h deleted file mode 100644 index 70b7847e..00000000 --- a/src/kdm_smpte_xml.h +++ /dev/null @@ -1,430 +0,0 @@ -/* - Copyright (C) 2013-2014 Carl Hetherington <cth@carlh.net> - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - -*/ - -/** @file src/kdm_smpte_xml.h - * @brief 1:1ish C++ representations of the XML schema for a SMPTE KDM. - * - * This file contains classes which map pretty-much 1:1 to the elements in a SMPTE KDM - * (Key Delivery Message). The `main' KDM class contains a pointer to a DCinemaSecurityMessage - * from this file. - * - * This should probably have been automatically generated from the XSD, - * but I think it's too much trouble considering that the XSD does not - * change very often. - */ - -#ifndef LIBDCP_KDM_SMPTE_XML_H -#define LIBDCP_KDM_SMPTE_XML_H - -#include "exceptions.h" -#include <libcxml/cxml.h> -#include <libxml/parser.h> -#include <libxml++/libxml++.h> -#include <boost/optional.hpp> -#include <boost/filesystem.hpp> -#include <string> -#include <list> - -namespace dcp { -namespace xml { - -class Writer -{ -public: - Writer () - : document (new xmlpp::Document) - {} - - boost::shared_ptr<xmlpp::Document> document; - std::map<std::string, xmlpp::Attribute *> references; -}; - -class Signer -{ -public: - Signer () {} - Signer (boost::shared_ptr<const cxml::Node> node) - : x509_issuer_name (node->string_child ("X509IssuerName")) - , x509_serial_number (node->string_child ("X509SerialNumber")) - { - node->done (); - } - - void as_xml (xmlpp::Element* node) const - { - node->add_child("X509IssuerName", "ds")->add_child_text (x509_issuer_name); - node->add_child("X509SerialNumber", "ds")->add_child_text (x509_serial_number); - } - - std::string x509_issuer_name; - std::string x509_serial_number; -}; - -class Recipient -{ -public: - Recipient () {} - Recipient (boost::shared_ptr<const cxml::Node> node) - : x509_issuer_serial (node->node_child ("X509IssuerSerial")) - , x509_subject_name (node->string_child ("X509SubjectName")) - { - node->done (); - } - - void as_xml (xmlpp::Element* node) const - { - x509_issuer_serial.as_xml (node->add_child ("X509IssuerSerial")); - node->add_child("X509SubjectName")->add_child_text (x509_subject_name); - } - - Signer x509_issuer_serial; - std::string x509_subject_name; -}; - -class AuthorizedDeviceInfo -{ -public: - AuthorizedDeviceInfo () {} - AuthorizedDeviceInfo (boost::shared_ptr<const cxml::Node> node) - : device_list_identifier (node->string_child ("DeviceListIdentifier")) - , device_list_description (node->string_child ("DeviceListDescription")) - { - std::list<boost::shared_ptr<cxml::Node> > ct = node->node_child("DeviceList")->node_children("CertificateThumbprint"); - for (std::list<boost::shared_ptr<cxml::Node> >::const_iterator i = ct.begin(); i != ct.end(); ++i) { - device_list.push_back ((*i)->content ()); - } - - node->done (); - } - - void as_xml (xmlpp::Element* node) const - { - node->add_child ("DeviceListIdentifier")->add_child_text (device_list_identifier); - node->add_child ("DeviceListDescription")->add_child_text (device_list_description); - xmlpp::Element* dl = node->add_child ("DeviceList"); - for (std::list<std::string>::const_iterator i = device_list.begin(); i != device_list.end(); ++i) { - dl->add_child("CertificateThumbprint")->add_child_text (*i); - } - } - - std::string device_list_identifier; - std::string device_list_description; - std::list<std::string> device_list; -}; - -class TypedKeyId -{ -public: - TypedKeyId () {} - - TypedKeyId (std::string t, std::string i) - : key_type (t) - , key_id (i) - {} - - TypedKeyId (boost::shared_ptr<const cxml::Node> node) - : key_type (node->string_child ("KeyType")) - , key_id (node->string_child ("KeyId")) - { - node->done (); - } - - void as_xml (xmlpp::Element* node) const - { - node->add_child("KeyType")->add_child_text (key_type); - node->add_child("KeyId")->add_child_text (key_id); - } - - std::string key_type; - std::string key_id; -}; - -class AuthenticatedPublic -{ -public: - AuthenticatedPublic () {} - AuthenticatedPublic (boost::shared_ptr<const cxml::Node> node) - : message_id (node->string_child ("MessageId")) - , message_type (node->string_child ("MessageType")) - , annotation_text (node->optional_string_child ("AnnotationText")) - , issue_date (node->string_child ("IssueDate")) - , signer (node->node_child ("Signer")) - { - boost::shared_ptr<const cxml::Node> c = node->node_child ("RequiredExtensions"); - c = c->node_child ("KDMRequiredExtensions"); - recipient = Recipient (c->node_child ("Recipient")); - composition_playlist_id = c->string_child ("CompositionPlaylistId"); - content_authenticator = c->optional_string_child ("ContentAuthenticator"); - content_title_text = c->string_child ("ContentTitleText"); - content_keys_not_valid_before = c->string_child ("ContentKeysNotValidBefore"); - content_keys_not_valid_after = c->string_child ("ContentKeysNotValidAfter"); - authorized_device_info = AuthorizedDeviceInfo (c->node_child ("AuthorizedDeviceInfo")); - - std::list<boost::shared_ptr<cxml::Node> > kil = c->node_child("KeyIdList")->node_children("TypedKeyId"); - for (std::list<boost::shared_ptr<cxml::Node> >::iterator i = kil.begin(); i != kil.end(); ++i) { - key_id_list.push_back (TypedKeyId (*i)); - } - - boost::shared_ptr<cxml::Node> fmfl = c->optional_node_child("ForensicMarkFlagList"); - if (fmfl) { - std::list<boost::shared_ptr<cxml::Node> > fmf = fmfl->node_children("ForensicMarkFlag"); - for (std::list<boost::shared_ptr<cxml::Node> >::iterator i = fmf.begin(); i != fmf.end(); ++i) { - forensic_mark_flag_list.push_back ((*i)->content ()); - } - } - - node->ignore_child ("NonCriticalExtensions"); - node->done (); - } - - void as_xml (Writer& writer, xmlpp::Element* node) const - { - writer.references["ID_AuthenticatedPublic"] = node->set_attribute ("Id", "ID_AuthenticatedPublic"); - - node->add_child("MessageId")->add_child_text (message_id); - node->add_child("MessageType")->add_child_text (message_type); - if (annotation_text) { - node->add_child("AnnotationText")->add_child_text (annotation_text.get ()); - } - node->add_child("IssueDate")->add_child_text (issue_date); - signer.as_xml (node->add_child("Signer")); - - xmlpp::Element* kdm_required_extensions = node->add_child("RequiredExtensions")->add_child("KDMRequiredExtensions"); - kdm_required_extensions->set_attribute ("xmlns", "http://www.smpte-ra.org/schemas/430-1/2006/KDM"); - recipient.as_xml (kdm_required_extensions->add_child ("Recipient")); - - kdm_required_extensions->add_child("CompositionPlaylistId")->add_child_text (composition_playlist_id); - if (content_authenticator) { - kdm_required_extensions->add_child("ContentAuthenticator")->add_child_text (content_authenticator.get ()); - } - kdm_required_extensions->add_child("ContentTitleText")->add_child_text (content_title_text); - kdm_required_extensions->add_child("ContentKeysNotValidBefore")->add_child_text (content_keys_not_valid_before); - kdm_required_extensions->add_child("ContentKeysNotValidAfter")->add_child_text (content_keys_not_valid_after); - authorized_device_info.as_xml (kdm_required_extensions->add_child("AuthorizedDeviceInfo")); - - xmlpp::Element* kil = kdm_required_extensions->add_child("KeyIdList"); - for (std::list<TypedKeyId>::const_iterator i = key_id_list.begin(); i != key_id_list.end(); ++i) { - i->as_xml (kil->add_child ("TypedKeyId")); - } - - xmlpp::Element* fmfl = kdm_required_extensions->add_child ("ForensicMarkFlagList"); - for (std::list<std::string>::const_iterator i = forensic_mark_flag_list.begin(); i != forensic_mark_flag_list.end(); ++i) { - fmfl->add_child("ForensicMarkFlag")->add_child_text (*i); - } - - node->add_child ("NonCriticalExtensions"); - } - - std::string message_id; - std::string message_type; - boost::optional<std::string> annotation_text; - std::string issue_date; - Signer signer; - Recipient recipient; - std::string composition_playlist_id; - boost::optional<std::string> content_authenticator; - std::string content_title_text; - std::string content_keys_not_valid_before; - std::string content_keys_not_valid_after; - AuthorizedDeviceInfo authorized_device_info; - std::list<TypedKeyId> key_id_list; - std::list<std::string> forensic_mark_flag_list; -}; - -class AuthenticatedPrivate -{ -public: - AuthenticatedPrivate () {} - - AuthenticatedPrivate (boost::shared_ptr<const cxml::Node> node) - { - std::list<boost::shared_ptr<cxml::Node> > ek = node->node_children ("EncryptedKey"); - for (std::list<boost::shared_ptr<cxml::Node> >::const_iterator i = ek.begin(); i != ek.end(); ++i) { - encrypted_keys.push_back ((*i)->node_child("CipherData")->string_child("CipherValue")); - } - - node->done (); - } - - void as_xml (Writer& writer, xmlpp::Element* node) const - { - writer.references["ID_AuthenticatedPrivate"] = node->set_attribute ("Id", "ID_AuthenticatedPrivate"); - - for (std::list<std::string>::const_iterator i = encrypted_keys.begin(); i != encrypted_keys.end(); ++i) { - xmlpp::Element* encrypted_key = node->add_child ("EncryptedKey", "enc"); - xmlpp::Element* encryption_method = encrypted_key->add_child ("EncryptionMethod", "enc"); - encryption_method->set_attribute ("Algorithm", "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"); - xmlpp::Element* digest_method = encryption_method->add_child ("DigestMethod", "ds"); - digest_method->set_attribute ("Algorithm", "http://www.w3.org/2000/09/xmldsig#sha1"); - xmlpp::Element* cipher_data = encrypted_key->add_child ("CipherData", "enc"); - cipher_data->add_child("CipherValue", "enc")->add_child_text (*i); - } - } - - std::list<std::string> encrypted_keys; -}; - -class X509Data -{ -public: - X509Data () {} - X509Data (boost::shared_ptr<const cxml::Node> node) - : x509_issuer_serial (Signer (node->node_child ("X509IssuerSerial"))) - , x509_certificate (node->string_child ("X509Certificate")) - { - node->done (); - } - - void as_xml (xmlpp::Element* node) const - { - x509_issuer_serial.as_xml (node->add_child ("X509IssuerSerial", "ds")); - node->add_child("X509Certificate", "ds")->add_child_text (x509_certificate); - } - - Signer x509_issuer_serial; - std::string x509_certificate; -}; - -class Reference -{ -public: - Reference () {} - Reference (std::string u) - : uri (u) - {} - - Reference (boost::shared_ptr<const cxml::Node> node) - : uri (node->string_attribute ("URI")) - , digest_value (node->string_child ("DigestValue")) - { - node->ignore_child ("DigestMethod"); - node->done (); - } - - void as_xml (xmlpp::Element* node) const - { - xmlpp::Element* reference = node->add_child ("Reference", "ds"); - reference->set_attribute ("URI", uri); - reference->add_child("DigestMethod", "ds")->set_attribute ("Algorithm", "http://www.w3.org/2001/04/xmlenc#sha256"); - reference->add_child("DigestValue", "ds")->add_child_text (digest_value); - } - - std::string uri; - std::string digest_value; -}; - -class Signature -{ -public: - Signature () - : authenticated_public ("#ID_AuthenticatedPublic") - , authenticated_private ("#ID_AuthenticatedPrivate") - {} - - Signature (boost::shared_ptr<const cxml::Node> node) - { - std::list<boost::shared_ptr<cxml::Node> > refs = node->node_child("SignedInfo")->node_children ("Reference"); - for (std::list<boost::shared_ptr<cxml::Node> >::const_iterator i = refs.begin(); i != refs.end(); ++i) { - if ((*i)->string_attribute("URI") == "#ID_AuthenticatedPublic") { - authenticated_public = Reference (*i); - } else if ((*i)->string_attribute("URI") == "#ID_AuthenticatedPrivate") { - authenticated_private = Reference (*i); - } else { - throw XMLError ("unrecognised reference URI"); - } - } - - std::list<boost::shared_ptr<cxml::Node> > data = node->node_child("KeyInfo")->node_children ("X509Data"); - for (std::list<boost::shared_ptr<cxml::Node> >::const_iterator i = data.begin(); i != data.end(); ++i) { - key_info.push_back (X509Data (*i)); - } - - signature_value = node->string_child ("SignatureValue"); - - node->done (); - } - - void as_xml (xmlpp::Element* node) const - { - xmlpp::Element* si = node->add_child ("SignedInfo", "ds"); - si->add_child ("CanonicalizationMethod", "ds")->set_attribute ("Algorithm", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"); - si->add_child ("SignatureMethod", "ds")->set_attribute ("Algorithm", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); - - authenticated_public.as_xml (si); - authenticated_private.as_xml (si); - - node->add_child("SignatureValue", "ds")->add_child_text (signature_value); - - xmlpp::Element* ki = node->add_child ("KeyInfo", "ds"); - for (std::list<X509Data>::const_iterator i = key_info.begin(); i != key_info.end(); ++i) { - i->as_xml (ki->add_child ("X509Data", "ds")); - } - } - - Reference authenticated_public; - Reference authenticated_private; - std::string signature_value; - std::list<X509Data> key_info; -}; - -class DCinemaSecurityMessage -{ -public: - DCinemaSecurityMessage () {} - DCinemaSecurityMessage (boost::filesystem::path file) - { - cxml::Document f ("DCinemaSecurityMessage"); - f.read_file (file.string ()); - - authenticated_public = AuthenticatedPublic (f.node_child ("AuthenticatedPublic")); - authenticated_private = AuthenticatedPrivate (f.node_child ("AuthenticatedPrivate")); - signature = Signature (f.node_child ("Signature")); - - f.done (); - } - - boost::shared_ptr<xmlpp::Document> as_xml () const - { - Writer writer; - - xmlpp::Element* root = writer.document->create_root_node ("DCinemaSecurityMessage", "http://www.smpte-ra.org/schemas/430-3/2006/ETM"); - root->set_namespace_declaration ("http://www.w3.org/2000/09/xmldsig#", "ds"); - root->set_namespace_declaration ("http://www.w3.org/2001/04/xmlenc#", "enc"); - - authenticated_public.as_xml (writer, root->add_child ("AuthenticatedPublic")); - authenticated_private.as_xml (writer, root->add_child ("AuthenticatedPrivate")); - signature.as_xml (root->add_child ("Signature", "ds")); - - for (std::map<std::string, xmlpp::Attribute*>::const_iterator i = writer.references.begin(); i != writer.references.end(); ++i) { - xmlAddID (0, writer.document->cobj(), (const xmlChar *) i->first.c_str(), i->second->cobj ()); - } - - return writer.document; - } - - AuthenticatedPublic authenticated_public; - AuthenticatedPrivate authenticated_private; - Signature signature; -}; - -} -} - -#endif - @@ -161,7 +161,7 @@ MXF::pkl_type (Standard standard) const case INTEROP: return String::compose ("application/x-smpte-mxf;asdcpKind=%1", asdcp_kind ()); case SMPTE: - return "application/x-smpte-mxf"; + return "application/mxf"; default: assert (false); } |