- if (f.optional_string_child ("DecryptionCertificate")) {
- _decryption_certificate = dcp::Certificate (f.string_child ("DecryptionCertificate"));
- }
-
- if (f.optional_string_child ("DecryptionPrivateKey")) {
- _decryption_private_key = f.string_child ("DecryptionPrivateKey");
- }
-
- if (!f.optional_string_child ("DecryptionCertificate") || !f.optional_string_child ("DecryptionPrivateKey")) {
- /* Generate our own decryption certificate and key if either is not present in config */
- make_decryption_keys ();
+ cxml::NodePtr decryption = f.optional_node_child ("Decryption");
+ if (decryption) {
+ shared_ptr<dcp::CertificateChain> c (new dcp::CertificateChain ());
+ BOOST_FOREACH (cxml::NodePtr i, decryption->node_children ("Certificate")) {
+ c->add (dcp::Certificate (i->content ()));
+ }
+ c->set_key (decryption->string_child ("PrivateKey"));
+ _decryption_chain = c;
+ } else {
+ _decryption_chain.reset (new dcp::CertificateChain (openssl_path ()));