+ apu.forensic_mark_flag_list.push_back ("http://www.smpte-ra.org/430-1/2006/KDM#mrkflg-picture-disable");
+ apu.forensic_mark_flag_list.push_back ("http://www.smpte-ra.org/430-1/2006/KDM#mrkflg-audio-disable");
+
+ /* AuthenticatedPrivate */
+
+ for (list<shared_ptr<const Asset> >::iterator i = assets.begin(); i != assets.end(); ++i) {
+ /* XXX: non-MXF assets? */
+ shared_ptr<const MXFAsset> mxf = boost::dynamic_pointer_cast<const MXFAsset> (*i);
+ if (mxf) {
+ KDMKey kkey (
+ signer, cpl->id (), mxf->key_type (), mxf->key_id (),
+ not_valid_before, not_valid_after, mxf->key().get()
+ );
+
+ _keys.push_back (kkey);
+ _xml_kdm->authenticated_private.encrypted_keys.push_back (kkey.encrypted_base64 (recipient_cert));
+ }
+ }
+
+ /* Signature */
+
+ shared_ptr<xmlpp::Document> doc = _xml_kdm->as_xml ();
+ shared_ptr<cxml::Node> root (new cxml::Node (doc->get_root_node ()));
+ xmlpp::Node* signature = root->node_child("Signature")->node();
+ signer->add_signature_value (signature, "ds");
+ _xml_kdm->signature = xml::Signature (shared_ptr<cxml::Node> (new cxml::Node (signature)));
+}
+
+KDM::KDM (KDM const & other)
+ : _keys (other._keys)
+ , _xml_kdm (new xml::DCinemaSecurityMessage (*other._xml_kdm.get()))
+{
+
+}
+
+KDM &
+KDM::operator= (KDM const & other)
+{
+ if (this == &other) {
+ return *this;
+ }
+
+ _keys = other._keys;
+ _xml_kdm.reset (new xml::DCinemaSecurityMessage (*other._xml_kdm.get ()));
+
+ return *this;
+}
+
+void
+KDM::as_xml (boost::filesystem::path path) const
+{
+ shared_ptr<xmlpp::Document> doc = _xml_kdm->as_xml ();
+ /* This must *not* be the _formatted version, otherwise the signature
+ will be wrong.
+ */
+ doc->write_to_file (path.string(), "UTF-8");
+}
+
+string
+KDM::as_xml () const
+{
+ shared_ptr<xmlpp::Document> doc = _xml_kdm->as_xml ();
+ /* This must *not* be the _formatted version, otherwise the signature
+ will be wrong.
+ */
+ return doc->write_to_string ("UTF-8");
+}
+
+KDMKey::KDMKey (
+ shared_ptr<const Signer> signer, string cpl_id, string key_type, string key_id, boost::posix_time::ptime from, boost::posix_time::ptime until, Key key
+ )
+ : _cpl_id (cpl_id)
+ , _key_type (key_type)
+ , _key_id (key_id)
+ , _not_valid_before (ptime_to_string (from))
+ , _not_valid_after (ptime_to_string (until))
+ , _key (key)
+{
+ base64_decode (signer->certificates().leaf()->thumbprint (), _signer_thumbprint, 20);
+}
+
+KDMKey::KDMKey (uint8_t const * raw, int len)