+
+ list<cxml::NodePtr> his = f.node_children ("History");
+ for (list<cxml::NodePtr>::const_iterator i = his.begin(); i != his.end(); ++i) {
+ _history.push_back ((*i)->content ());
+ }
+
+ cxml::NodePtr signer = f.optional_node_child ("Signer");
+ dcp::CertificateChain signer_chain;
+ if (signer) {
+ /* Read the signing certificates and private key in from the config file */
+ list<cxml::NodePtr> certificates = signer->node_children ("Certificate");
+ for (list<cxml::NodePtr>::const_iterator i = certificates.begin(); i != certificates.end(); ++i) {
+ signer_chain.add (dcp::Certificate ((*i)->content ()));
+ }
+
+ _signer.reset (new dcp::Signer (signer_chain, signer->string_child ("PrivateKey")));
+ } else {
+ /* Make a new set of signing certificates and key */
+ _signer.reset (new dcp::Signer (openssl_path ()));
+ }
+
+ if (f.optional_string_child ("DecryptionCertificate")) {
+ _decryption_certificate = dcp::Certificate (f.string_child ("DecryptionCertificate"));
+ }
+
+ if (f.optional_string_child ("DecryptionPrivateKey")) {
+ _decryption_private_key = f.string_child ("DecryptionPrivateKey");
+ }
+
+ if (!f.optional_string_child ("DecryptionCertificate") || !f.optional_string_child ("DecryptionPrivateKey")) {
+ /* Generate our own decryption certificate and key if either is not present in config */
+ make_decryption_keys ();
+ }
+}
+
+void
+Config::make_decryption_keys ()
+{
+ boost::filesystem::path p = dcp::make_certificate_chain (openssl_path ());
+ _decryption_certificate = dcp::Certificate (dcp::file_to_string (p / "leaf.signed.pem"));
+ _decryption_private_key = dcp::file_to_string (p / "leaf.key");
+ boost::filesystem::remove_all (p);