diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/decrypted_kdm.cc | 3 | ||||
| -rw-r--r-- | src/decrypted_kdm.h | 4 | ||||
| -rw-r--r-- | src/encrypted_kdm.cc | 31 | ||||
| -rw-r--r-- | src/encrypted_kdm.h | 6 | ||||
| -rw-r--r-- | src/types.h | 6 |
5 files changed, 38 insertions, 12 deletions
diff --git a/src/decrypted_kdm.cc b/src/decrypted_kdm.cc index 3d442ce7..8a714b1e 100644 --- a/src/decrypted_kdm.cc +++ b/src/decrypted_kdm.cc @@ -211,7 +211,7 @@ DecryptedKDM::DecryptedKDM ( } EncryptedKDM -DecryptedKDM::encrypt (shared_ptr<const Signer> signer, shared_ptr<const Certificate> recipient) const +DecryptedKDM::encrypt (shared_ptr<const Signer> signer, shared_ptr<const Certificate> recipient, Formulation formulation) const { list<pair<string, string> > key_ids; list<string> keys; @@ -273,6 +273,7 @@ DecryptedKDM::encrypt (shared_ptr<const Signer> signer, shared_ptr<const Certifi _content_title_text, _not_valid_before, _not_valid_after, + formulation, key_ids, keys ); diff --git a/src/decrypted_kdm.h b/src/decrypted_kdm.h index bb50d6ad..3c3d07db 100644 --- a/src/decrypted_kdm.h +++ b/src/decrypted_kdm.h @@ -24,6 +24,7 @@ #include "key.h" #include "local_time.h" #include "decrypted_kdm_key.h" +#include "types.h" #include <boost/filesystem.hpp> namespace dcp { @@ -75,9 +76,10 @@ public: /** Encrypt this KDM's keys and sign the whole KDM. * @param signer Signer. * @param recipient Certificate of the projector/server which should receive this KDM's keys. + * @param formulation Formulation to use for the encrypted KDM. * @return Encrypted KDM. */ - EncryptedKDM encrypt (boost::shared_ptr<const Signer> signer, boost::shared_ptr<const Certificate> recipient) const; + EncryptedKDM encrypt (boost::shared_ptr<const Signer> signer, boost::shared_ptr<const Certificate> recipient, Formulation formulation) const; /** @return This KDM's (decrypted) keys, which could be used to decrypt MXFs. */ std::list<DecryptedKDMKey> keys () const { diff --git a/src/encrypted_kdm.cc b/src/encrypted_kdm.cc index 5330490f..be22ca5b 100644 --- a/src/encrypted_kdm.cc +++ b/src/encrypted_kdm.cc @@ -265,13 +265,7 @@ public: class AuthorizedDeviceInfo { public: - AuthorizedDeviceInfo () - : device_list_identifier (make_uuid ()) - /* Sometimes digital_cinema_tools uses this magic thumbprint instead of that from an actual - recipient certificate. KDMs delivered to City Screen appear to use the same thing. - */ - , certificate_thumbprint ("2jmj7l5rSw0yVb/vlWAYkK/YBwk=") - {} + AuthorizedDeviceInfo () {} AuthorizedDeviceInfo (shared_ptr<const cxml::Node> node) : device_list_identifier (node->string_child ("DeviceListIdentifier").substr (9)) @@ -361,7 +355,9 @@ public: recipient.as_xml (node->add_child ("Recipient")); node->add_child("CompositionPlaylistId")->add_child_text ("urn:uuid:" + composition_playlist_id); - /* XXX: no ContentAuthenticator */ + if (content_authenticator) { + node->add_child("ContentAuthenticator")->add_child_text (content_authenticator.get ()); + } node->add_child("ContentTitleText")->add_child_text (content_title_text); node->add_child("ContentKeysNotValidBefore")->add_child_text (not_valid_before.as_string ()); node->add_child("ContentKeysNotValidAfter")->add_child_text (not_valid_after.as_string ()); @@ -375,6 +371,7 @@ public: Recipient recipient; string composition_playlist_id; + boost::optional<string> content_authenticator; string content_title_text; LocalTime not_valid_before; LocalTime not_valid_after; @@ -500,6 +497,7 @@ EncryptedKDM::EncryptedKDM ( string content_title_text, LocalTime not_valid_before, LocalTime not_valid_after, + Formulation formulation, list<pair<string, string> > key_ids, list<string> keys ) @@ -517,9 +515,26 @@ EncryptedKDM::EncryptedKDM ( kre.recipient.x509_subject_name = recipient->subject (); kre.authorized_device_info.device_list_description = device_list_description; kre.composition_playlist_id = cpl_id; + if (formulation == DCI_ANY || formulation == DCI_SPECIFIC) { + kre.content_authenticator = signer->certificates().leaf()->thumbprint (); + } kre.content_title_text = content_title_text; kre.not_valid_before = not_valid_before; kre.not_valid_after = not_valid_after; + kre.authorized_device_info.device_list_identifier = "urn:uuid:" + make_uuid (); + string n = recipient->common_name (); + if (n.find (".") != string::npos) { + n = n.substr (n.find (".") + 1); + } + kre.authorized_device_info.device_list_description = n; + + if (formulation == MODIFIED_TRANSITIONAL_1 || formulation == DCI_ANY) { + /* Use the "assume trust" thumbprint */ + kre.authorized_device_info.certificate_thumbprint = "2jmj7l5rSw0yVb/vlWAYkK/YBwk="; + } else if (formulation == DCI_SPECIFIC) { + /* Use the recipient thumbprint */ + kre.authorized_device_info.certificate_thumbprint = recipient->thumbprint (); + } for (list<pair<string, string> >::const_iterator i = key_ids.begin(); i != key_ids.end(); ++i) { kre.key_id_list.typed_key_id.push_back (data::TypedKeyId (i->first, i->second)); diff --git a/src/encrypted_kdm.h b/src/encrypted_kdm.h index 41231c2e..0d459d5a 100644 --- a/src/encrypted_kdm.h +++ b/src/encrypted_kdm.h @@ -25,6 +25,7 @@ #define LIBDCP_ENCRYPTED_KDM_H #include "local_time.h" +#include "types.h" #include <boost/filesystem.hpp> #include <boost/date_time/local_time/local_time.hpp> @@ -85,8 +86,9 @@ private: std::string device_list_description, std::string cpl_id, std::string cpl_content_title_text, - LocalTime _not_valid_before, - LocalTime _not_valid_after, + LocalTime not_valid_before, + LocalTime not_valid_after, + Formulation formulation, std::list<std::pair<std::string, std::string> > key_ids, std::list<std::string> keys ); diff --git a/src/types.h b/src/types.h index 5ef04bd3..680f7be8 100644 --- a/src/types.h +++ b/src/types.h @@ -151,6 +151,12 @@ enum Standard { SMPTE }; +enum Formulation { + MODIFIED_TRANSITIONAL_1, + DCI_ANY, + DCI_SPECIFIC +}; + /** @class Color * @brief An RGB color (aka colour). */ |