1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
|
/*
Copyright (C) 2013-2017 Carl Hetherington <cth@carlh.net>
This file is part of libdcp.
libdcp is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
libdcp is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with libdcp. If not, see <http://www.gnu.org/licenses/>.
In addition, as a special exception, the copyright holders give
permission to link the code of portions of this program with the
OpenSSL library under certain conditions as described in each
individual source file, and distribute linked combinations
including the two.
You must obey the GNU General Public License in all respects
for all of the code used other than OpenSSL. If you modify
file(s) with this exception, you may extend this exception to your
version of the file(s), but you are not obligated to do so. If you
do not wish to do so, delete this exception statement from your
version. If you delete this exception statement from all source
files in the program, then also delete it here.
*/
#ifndef LIBDCP_DECRYPTED_KDM_H
#define LIBDCP_DECRYPTED_KDM_H
/** @file src/decrypted_kdm.h
* @brief DecryptedKDM class.
*/
#include "key.h"
#include "local_time.h"
#include "decrypted_kdm_key.h"
#include "types.h"
#include "certificate.h"
#include <boost/filesystem.hpp>
#include <boost/optional.hpp>
class decrypted_kdm_test;
namespace dcp {
class DecryptedKDMKey;
class EncryptedKDM;
class CertificateChain;
class CPL;
class ReelMXF;
/** @class DecryptedKDM
* @brief A decrypted KDM.
*
* This is a KDM that has either been decrypted by a target private key, or one which
* has been created (by some other means) ready for encryption later.
*
* A DecryptedKDM object can be created either from an EncryptedKDM and private key file,
* or from the details of the assets that the KDM should protect.
*/
class DecryptedKDM
{
public:
/** @param kdm Encrypted KDM.
* @param private_key Private key as a PEM-format string.
*/
DecryptedKDM (EncryptedKDM const & kdm, std::string private_key);
/** Create an empty DecryptedKDM. After creation you must call
* add_key() to add each key that you want in the KDM.
*
* @param not_valid_before Start time for the KDM.
* @param not_valid_after End time for the KDM.
*/
DecryptedKDM (
LocalTime not_valid_before,
LocalTime not_valid_after,
std::string annotation_text,
std::string content_title_text,
std::string issue_date
);
/** Construct a DecryptedKDM containing a given set of keys.
* @param keys Keys to be included in the DecryptedKDM.
*/
DecryptedKDM (
std::string cpl_id,
std::map<boost::shared_ptr<const ReelMXF>, Key> keys,
LocalTime not_valid_before,
LocalTime not_valid_after,
std::string annotation_text,
std::string content_title_text,
std::string issue_date
);
/** Create a DecryptedKDM by taking a CPL and setting up to encrypt each of its
* assets with the same symmetric key.
*
* @param cpl CPL that the keys are for.
* @param key Key that was used to encrypt the assets.
* @param not_valid_before Start time for the KDM.
* @param not_valid_after End time for the KDM.
*/
DecryptedKDM (
boost::shared_ptr<const CPL> cpl,
Key key,
LocalTime not_valid_before,
LocalTime not_valid_after,
std::string annotation_text,
std::string content_title_text,
std::string issue_date
);
/** Encrypt this KDM's keys and sign the whole KDM.
* @param signer Chain to sign with.
* @param recipient Certificate of the projector/server which should receive this KDM's keys.
* @param trusted_devices Extra trusted devices which should be written to the KDM (recipient will be written
* as a trusted device automatically and does not need to be included in this list).
* @param formulation Formulation to use for the encrypted KDM.
* @return Encrypted KDM.
*/
EncryptedKDM encrypt (
boost::shared_ptr<const CertificateChain> signer,
Certificate recipient,
std::vector<Certificate> trusted_devices,
Formulation formulation
) const;
void add_key (boost::optional<std::string> type, std::string key_id, Key key, std::string cpl_id, Standard standard);
void add_key (DecryptedKDMKey key);
/** @return This KDM's (decrypted) keys, which could be used to decrypt assets. */
std::list<DecryptedKDMKey> keys () const {
return _keys;
}
boost::optional<std::string> annotation_text () const {
return _annotation_text;
}
std::string content_title_text () const {
return _content_title_text;
}
std::string issue_date () const {
return _issue_date;
}
private:
friend class ::decrypted_kdm_test;
static void put_uuid (uint8_t ** d, std::string id);
static std::string get_uuid (unsigned char ** p);
LocalTime _not_valid_before;
LocalTime _not_valid_after;
boost::optional<std::string> _annotation_text;
std::string _content_title_text;
std::string _issue_date;
std::list<DecryptedKDMKey> _keys;
};
}
#endif
|
