if (i.has_utf8_strings()) {
bad = BAD_SIGNER_UTF8_STRINGS;
}
+ if ((i.not_after().year() - i.not_before().year()) > 15) {
+ bad = BAD_SIGNER_VALIDITY_TOO_LONG;
+ }
}
if (!_signer_chain->chain_valid() || !_signer_chain->private_key_valid()) {
switch (*bad) {
case BAD_SIGNER_UTF8_STRINGS:
case BAD_SIGNER_INCONSISTENT:
+ case BAD_SIGNER_VALIDITY_TOO_LONG:
_signer_chain = create_certificate_chain ();
break;
case BAD_DECRYPTION_INCONSISTENT:
NAG_DELETE_DKDM,
NAG_32_ON_64,
NAG_TOO_MANY_DROPPED_FRAMES,
+ NAG_BAD_SIGNER_CHAIN_VALIDITY,
NAG_COUNT
};
* true to ask Config to solve the problem (by discarding and recreating the bad thing)
*/
enum BadReason {
- BAD_SIGNER_UTF8_STRINGS, ///< signer chain contains UTF-8 strings (not PRINTABLESTRING)
- BAD_SIGNER_INCONSISTENT, ///< signer chain is somehow inconsistent
- BAD_DECRYPTION_INCONSISTENT, ///< KDM decryption chain is somehow inconsistent
+ BAD_SIGNER_UTF8_STRINGS, ///< signer chain contains UTF-8 strings (not PRINTABLESTRING)
+ BAD_SIGNER_INCONSISTENT, ///< signer chain is somehow inconsistent
+ BAD_DECRYPTION_INCONSISTENT, ///< KDM decryption chain is somehow inconsistent
+ BAD_SIGNER_VALIDITY_TOO_LONG, ///< signer certificate validity periods are >10 years
};
static boost::signals2::signal<bool (BadReason)> Bad;
d->Destroy ();
return r == wxID_OK;
}
+ case Config::BAD_SIGNER_VALIDITY_TOO_LONG:
+ {
+ if (config->nagged(Config::NAG_BAD_SIGNER_CHAIN_VALIDITY)) {
+ return false;
+ }
+ auto d = new RecreateChainDialog (
+ _frame, _("Recreate signing certificates"),
+ _("The certificate chain that DCP-o-matic uses for signing DCPs and KDMs has a validity period\n"
+ "that is too long. This will cause problems playing back DCPs on some systems.\n"
+ "Do you want to re-create the certificate chain for signing DCPs and KDMs?"),
+ _("Do nothing"),
+ Config::NAG_BAD_SIGNER_CHAIN_VALIDITY
+ );
+ int const r = d->ShowModal ();
+ d->Destroy ();
+ return r == wxID_OK;
+ }
case Config::BAD_SIGNER_INCONSISTENT:
{
auto d = new RecreateChainDialog (