X-Git-Url: https://git.carlh.net/gitweb/?p=dcpomatic.git;a=blobdiff_plain;f=src%2Flib%2Futil.cc;h=bff205cfb3496dcef7bd58575cb36a9b4f8d9293;hp=c1ef4245f16b18713dd008bbb9d212ab858b1674;hb=83416808c0b1ca732e7a186d3811f1ec796fea08;hpb=dda7d841eac2305379aa86d11249dbb4b98d5bb7

diff --git a/src/lib/util.cc b/src/lib/util.cc
index c1ef4245f..bff205cfb 100644
--- a/src/lib/util.cc
+++ b/src/lib/util.cc
@@ -45,6 +45,7 @@
 #include "image.h"
 #include "text_decoder.h"
 #include "job_manager.h"
+#include <dcp/decrypted_kdm.h>
 #include <dcp/locale_convert.h>
 #include <dcp/util.h>
 #include <dcp/raw_convert.h>
@@ -1201,3 +1202,29 @@ scale_for_display (dcp::Size s, dcp::Size display_container, dcp::Size film_cont
 	return s;
 }
 
+
+dcp::DecryptedKDM
+decrypt_kdm_with_helpful_error (dcp::EncryptedKDM kdm)
+{
+	try {
+		return dcp::DecryptedKDM (kdm, Config::instance()->decryption_chain()->key().get());
+	} catch (dcp::KDMDecryptionError& e) {
+		/* Try to flesh out the error a bit */
+		string const kdm_subject_name = kdm.recipient_x509_subject_name();
+		bool on_chain = false;
+		shared_ptr<const dcp::CertificateChain> dc = Config::instance()->decryption_chain();
+		BOOST_FOREACH (dcp::Certificate i, dc->root_to_leaf()) {
+			if (i.subject() == kdm_subject_name) {
+				on_chain = true;
+			}
+		}
+		if (!on_chain) {
+			throw KDMError (_("This KDM was not made for DCP-o-matic's decryption certificate."), e.what());
+		} else if (on_chain && kdm_subject_name != dc->leaf().subject()) {
+			throw KDMError (_("This KDM was made for DCP-o-matic but not for its leaf certificate."), e.what());
+		} else {
+			throw;
+		}
+	}
+}
+