+BOOST_AUTO_TEST_CASE(kdm_cli_specify_decryption_key_test)
+{
+ using boost::filesystem::path;
+
+ ConfigRestorer cr;
+
+ path const dir = "build/test/kdm_cli_specify_decryption_key_test";
+
+ boost::system::error_code ec;
+ boost::filesystem::remove_all(dir, ec);
+ boost::filesystem::create_directories(dir);
+
+ dcp::CertificateChain chain(openssl_path(), 365);
+ dcp::write_string_to_file(chain.leaf().certificate(true), dir / "cert.pem");
+ dcp::write_string_to_file(*chain.key(), dir / "key.pem");
+
+ vector<string> make_args = {
+ "kdm_cli",
+ "--valid-from", "now",
+ "--valid-duration", "2 weeks",
+ "--projector-certificate", path(dir / "cert.pem").string(),
+ "-S", "base",
+ "-o", dir.string(),
+ "test/data/dkdm.xml"
+ };
+
+ vector<string> output;
+ auto error = run(make_args, output);
+ BOOST_CHECK(!error);
+
+ vector<string> bad_args = {
+ "kdm_cli",
+ "--valid-from", "now",
+ "--valid-duration", "2 weeks",
+ "--projector-certificate", path(dir / "cert.pem").string(),
+ "-S", "bad",
+ "-o", dir.string(),
+ path(dir / "KDM_Test_FTR-1_F-133_XX-XX_MOS_2K_20220109_SMPTE_OV__base.xml").string()
+ };
+
+ /* This should fail because we're using the wrong decryption certificate */
+ output.clear();
+ error = run(bad_args, output, false);
+ BOOST_REQUIRE(error);
+ BOOST_CHECK(error->find("oaep decoding error") != string::npos);
+
+ vector<string> good_args = {
+ "kdm_cli",
+ "--valid-from", "now",
+ "--valid-duration", "2 weeks",
+ "--projector-certificate", path(dir / "cert.pem").string(),
+ "--decryption-key", path(dir / "key.pem").string(),
+ "-S", "good",
+ "-o", dir.string(),
+ path(dir / "KDM_Test_FTR-1_F-133_XX-XX_MOS_2K_20220109_SMPTE_OV__base.xml").string()
+ };
+
+ /* This should succeed */
+ output.clear();
+ error = run(good_args, output);
+ BOOST_CHECK(!error);
+}
+
+