2 Copyright (C) 2013 Carl Hetherington <cth@carlh.net>
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 * @brief Handling of Key Delivery Messages (KDMs).
27 #include <boost/filesystem.hpp>
28 #include <boost/scoped_ptr.hpp>
29 #include <boost/date_time/posix_time/posix_time.hpp>
36 class DCinemaSecurityMessage;
44 * @brief A single key (and associated metadata) for encrypting or decrypting an MXF.
46 * One or more of these are delivered (themselves encrypted) in a KDM. The following
47 * data is collected into a block:
49 * A structure ID (a magic value specified by the standard)
50 * The thumbprint of the KDM signer's certificate.
53 * Validity start and end times.
56 * This data block is then encrypted using the projector's public key, so that
57 * only the target projector can decrypt block.
62 /** Create a KDMKey from the raw block that is encrypted in the KDM's CipherData.
63 * @param raw Pointer to data block (134 bytes for interop, 138 bytes for SMPTE).
64 * @param len Length of the data block in bytes.
66 KDMKey (uint8_t const * raw, int len);
68 /** Create a KDMKey from its constituent parts.
69 * @param signer Signer for the KDM.
70 * @param cpl_id ID of the CPL that the KDM is for.
71 * @param key_type Type of data that this key is for (MDIK for image, MDAK for audio, ...)
72 * @param key_id ID of this key.
73 * @param from Valid-from time.
74 * @param until Valid-until time.
75 * @param key The key itself.
78 boost::shared_ptr<const Signer> signer,
79 std::string cpl_id, std::string key_type, std::string key_id, boost::posix_time::ptime from, boost::posix_time::ptime until, Key key
82 KDMKey (KDMKey const &);
84 KDMKey& operator= (KDMKey const &);
86 /** @return ID of the CPL that the KDM is for */
87 std::string cpl_id () const {
91 /** @return ID of the key */
92 std::string key_id () const {
96 /** @return start of the validity period as a string */
97 std::string not_valid_before () const {
98 return _not_valid_before;
101 /** @return end of the validity period as a string */
102 std::string not_valid_after () const {
103 return _not_valid_after;
106 /** @return the key itself */
111 /** @param cert Cerfificate.
112 * @return The data block encrypted with a certificate's public key and converted to base 64.
114 std::string encrypted_base64 (boost::shared_ptr<const Certificate> cert) const;
117 void get (uint8_t *, uint8_t const **, int) const;
118 std::string get (uint8_t const **, int) const;
119 std::string get_uuid (uint8_t const **) const;
120 void put (uint8_t **, uint8_t const *, int) const;
121 void put (uint8_t **, std::string) const;
122 void put_uuid (uint8_t **, std::string) const;
124 uint8_t _signer_thumbprint[20];
126 std::string _key_type;
128 std::string _not_valid_before;
129 std::string _not_valid_after;
134 * @brief A class representing a Key Delivery Message (KDM).
136 * A KDM wraps one or more content keys (which we wrap into KDMKey objects) and various
137 * other metadata. This class can read and decrypt existing KDMs (provided you have
138 * the private key that the KDM was targeted at). It can also create new KDMs for
144 /** Load and decrypt a KDM. After this constructor the KDMKeys can be read
145 * and used to decrypt MXFs.
147 * @param kdm KDM file name.
148 * @param private_key Private key file name.
150 KDM (boost::filesystem::path kdm, boost::filesystem::path private_key);
152 /** Create a new KDM.
153 * @param cpl CPL that the KDM is for.
154 * @param signer Certificate chain to sign the KDM with.
155 * @param recipient_cert Certificate of the projector that this KDM is targeted at.
156 * @param not_valid_before Start of validity period.
157 * @param not_valid_after End of validity period.
158 * @param annotation_text Text for the <AnnotationText> node.
159 * @param issue_date Text for the <IssueDate> node.
162 boost::shared_ptr<const CPL> cpl, boost::shared_ptr<const Signer> signer, boost::shared_ptr<const Certificate> recipient_cert,
163 boost::posix_time::ptime not_valid_before, boost::posix_time::ptime not_valid_after,
164 std::string annotation_text, std::string issue_date
167 /** @return The unencrypted content keys from this KDM */
168 std::list<KDMKey> keys () const {
172 /** Write this KDM to a file.
173 * @param file File to write to.
175 void as_xml (boost::filesystem::path file) const;
177 /** Obtain this KDM as an XML string.
178 * @return XML string.
180 std::string as_xml () const;
183 /** Unencrypted MXF content keys */
184 std::list<KDMKey> _keys;
186 /** The KDM's contents, mapped 1:1-ish to the XML */
187 boost::shared_ptr<xml::DCinemaSecurityMessage> xml_kdm;