out (" -S, --screen <name> screen name (when using -C) or screen name (to filter screens when using -c)");
out (" -C, --projector-certificate <file> file containing projector certificate");
out (" -T, --trusted-device-certificate <file> file containing a trusted device's certificate");
+ out (" --decryption-key <file> file containing the private key which can decrypt the given DKDM");
+ out (" (DCP-o-matic's configured private key will be used otherwise)");
out (" --cinemas-file <file> use the given file as a list of cinemas instead of the current configuration");
out (" --list-cinemas list known cinemas from the DCP-o-matic settings");
out (" --list-dkdm-cpls list CPLs for which DCP-o-matic has DKDMs");
optional<string> cinema_name;
shared_ptr<Cinema> cinema;
optional<boost::filesystem::path> projector_certificate;
+ optional<boost::filesystem::path> decryption_key;
optional<string> screen;
vector<shared_ptr<Screen>> screens;
optional<dcp::EncryptedKDM> dkdm;
{ "screen", required_argument, 0, 'S' },
{ "projector-certificate", required_argument, 0, 'C' },
{ "trusted-device-certificate", required_argument, 0, 'T' },
+ { "decryption-key", required_argument, 0, 'G' },
{ "list-cinemas", no_argument, 0, 'B' },
{ "list-dkdm-cpls", no_argument, 0, 'D' },
{ "cinemas-file", required_argument, 0, 'E' },
{ 0, 0, 0, 0 }
};
- int c = getopt_long (argc, argv, "ho:K:Z:f:t:d:F:pae::zvc:S:C:T:BDE:", long_options, &option_index);
+ int c = getopt_long (argc, argv, "ho:K:Z:f:t:d:F:pae::zvc:S:C:T:BDE:G:", long_options, &option_index);
if (c == -1) {
break;
screens.back()->trusted_devices.push_back(TrustedDevice(dcp::Certificate(dcp::file_to_string(optarg))));
}
break;
+ case 'G':
+ decryption_key = optarg;
+ break;
case 'B':
list_cinemas = true;
break;
throw KDMCLIError ("could not find film or CPL ID corresponding to " + thing);
}
+ string const key = decryption_key ? dcp::file_to_string(*decryption_key) : Config::instance()->decryption_chain()->key().get();
+
from_dkdm (
screens,
- dcp::DecryptedKDM (*dkdm, Config::instance()->decryption_chain()->key().get()),
+ dcp::DecryptedKDM(*dkdm, key),
verbose,
output,
container_name_format,
#include "lib/cinema.h"
#include "lib/config.h"
#include "lib/content_factory.h"
+#include "lib/cross.h"
#include "lib/film.h"
#include "lib/kdm_cli.h"
#include "lib/screen.h"
optional<string>
-run(vector<string> const& args, vector<string>& output)
+run(vector<string> const& args, vector<string>& output, bool dump_errors = true)
{
std::vector<char*> argv(args.size());
for (auto i = 0U; i < args.size(); ++i) {
}
auto error = kdm_cli(args.size(), argv.data(), [&output](string s) { output.push_back(s); });
- if (error) {
+ if (error && dump_errors) {
std::cout << *error << "\n";
}
}
+BOOST_AUTO_TEST_CASE(kdm_cli_specify_decryption_key_test)
+{
+ using boost::filesystem::path;
+
+ ConfigRestorer cr;
+
+ path const dir = "build/test/kdm_cli_specify_decryption_key_test";
+
+ boost::system::error_code ec;
+ boost::filesystem::remove_all(dir, ec);
+ boost::filesystem::create_directories(dir);
+
+ dcp::CertificateChain chain(openssl_path(), 365);
+ dcp::write_string_to_file(chain.leaf().certificate(true), dir / "cert.pem");
+ dcp::write_string_to_file(*chain.key(), dir / "key.pem");
+
+ vector<string> make_args = {
+ "kdm_cli",
+ "--valid-from", "now",
+ "--valid-duration", "2 weeks",
+ "--projector-certificate", path(dir / "cert.pem").string(),
+ "-S", "base",
+ "-o", dir.string(),
+ "test/data/dkdm.xml"
+ };
+
+ vector<string> output;
+ auto error = run(make_args, output);
+ BOOST_CHECK(!error);
+
+ vector<string> bad_args = {
+ "kdm_cli",
+ "--valid-from", "now",
+ "--valid-duration", "2 weeks",
+ "--projector-certificate", path(dir / "cert.pem").string(),
+ "-S", "bad",
+ "-o", dir.string(),
+ path(dir / "KDM_Test_FTR-1_F-133_XX-XX_MOS_2K_20220109_SMPTE_OV__base.xml").string()
+ };
+
+ /* This should fail because we're using the wrong decryption certificate */
+ output.clear();
+ error = run(bad_args, output, false);
+ BOOST_REQUIRE(error);
+ BOOST_CHECK(error->find("oaep decoding error") != string::npos);
+
+ vector<string> good_args = {
+ "kdm_cli",
+ "--valid-from", "now",
+ "--valid-duration", "2 weeks",
+ "--projector-certificate", path(dir / "cert.pem").string(),
+ "--decryption-key", path(dir / "key.pem").string(),
+ "-S", "good",
+ "-o", dir.string(),
+ path(dir / "KDM_Test_FTR-1_F-133_XX-XX_MOS_2K_20220109_SMPTE_OV__base.xml").string()
+ };
+
+ /* This should succeed */
+ output.clear();
+ error = run(good_args, output);
+ BOOST_CHECK(!error);
+}
+
+
static
void
setup_test_config()