*/
+#include "certificate_chain.h"
+#include "compose.hpp"
+#include "cpl.h"
+#include "dcp_assert.h"
#include "decrypted_kdm.h"
#include "decrypted_kdm_key.h"
#include "encrypted_kdm.h"
-#include "reel_file_asset.h"
+#include "exceptions.h"
#include "reel_asset.h"
+#include "reel_file_asset.h"
#include "util.h"
-#include "exceptions.h"
-#include "cpl.h"
-#include "certificate_chain.h"
-#include "dcp_assert.h"
-#include "compose.hpp"
#include <asdcp/AS_DCP.h>
#include <asdcp/KM_util.h>
#include <openssl/rsa.h>
/* Use the private key to decrypt the keys */
+ bool first = true;
+
for (auto const& i: kdm.keys()) {
/* Decode the base-64-encoded cipher value from the KDM */
unsigned char cipher_value[256];
#endif
}
+ dcp::LocalTime not_valid_before;
+ dcp::LocalTime not_valid_after;
+
unsigned char* p = decrypted;
switch (decrypted_len) {
case 134:
/* 52 is key id [16 bytes] */
string const key_id = get_uuid (&p);
/* 68 is not-valid-before (a string) [25 bytes] */
+ not_valid_before = dcp::LocalTime(std::string(reinterpret_cast<char*>(p), 25));
p += 25;
/* 93 is not-valid-after (a string) [25 bytes] */
+ not_valid_after = dcp::LocalTime(std::string(reinterpret_cast<char*>(p), 25));
p += 25;
/* 118 is the key [ASDCP::KeyLen bytes] */
add_key (optional<string>(), key_id, Key(p), cpl_id, Standard::INTEROP);
/* 56 is key id [16 bytes] */
string const key_id = get_uuid (&p);
/* 72 is not-valid-before (a string) [25 bytes] */
+ not_valid_before = dcp::LocalTime(std::string(reinterpret_cast<char*>(p), 25));
p += 25;
/* 97 is not-valid-after (a string) [25 bytes] */
+ not_valid_after = dcp::LocalTime(std::string(reinterpret_cast<char*>(p), 25));
p += 25;
/* 112 is the key [ASDCP::KeyLen bytes] */
add_key (key_type, key_id, Key(p), cpl_id, Standard::SMPTE);
}
delete[] decrypted;
+
+ if (first) {
+ _not_valid_before = not_valid_before;
+ _not_valid_after = not_valid_after;
+ first = false;
+ } else {
+ if (not_valid_before != _not_valid_before || not_valid_after != _not_valid_after) {
+ throw InconsistentValidityPeriodError();
+ }
+ }
}
RSA_free (rsa);
, _content_title_text (content_title_text)
, _issue_date (issue_date)
{
- for (map<shared_ptr<const ReelFileAsset>, Key>::const_iterator i = keys.begin(); i != keys.end(); ++i) {
- add_key (i->first->key_type(), i->first->key_id().get(), i->second, cpl_id, Standard::SMPTE);
+ for (auto const& i: keys) {
+ add_key (i.first->key_type(), i.first->key_id().get(), i.second, cpl_id, Standard::SMPTE);
}
}
/* Create DecryptedKDMKey objects for each encryptable asset */
bool did_one = false;
for (auto i: cpl->reel_file_assets()) {
- if (i->key_id()) {
- add_key (i->key_type(), i->key_id().get(), key, cpl->id(), Standard::SMPTE);
+ if (i->encryptable()) {
+ add_key (i->key_type().get(), i->key_id().get(), key, cpl->id(), Standard::SMPTE);
did_one = true;
}
}
DCP_ASSERT (!_keys.empty ());
for (auto i: signer->leaf_to_root()) {
- if (day_greater_than_or_equal(dcp::LocalTime(i.not_before()), _not_valid_before)) {
+ if (day_greater_than_or_equal(i.not_before(), _not_valid_before)) {
throw BadKDMDateError (true);
- } else if (day_less_than_or_equal(dcp::LocalTime(i.not_after()), _not_valid_after)) {
+ } else if (day_less_than_or_equal(i.not_after(), _not_valid_after)) {
throw BadKDMDateError (false);
}
}
keys.push_back (lines);
}
- string device_list_description = recipient.subject_common_name ();
- if (device_list_description.find (".") != string::npos) {
- device_list_description = device_list_description.substr (device_list_description.find (".") + 1);
- }
-
return EncryptedKDM (
signer,
recipient,