lie outside those of the KDMs (#2423).
auto cpl = cpls.front().cpl_file;
+ std::vector<KDMCertificatePeriod> period_checks;
+
try {
list<KDMWithMetadataPtr> kdms;
for (auto i: screens) {
- auto p = kdm_for_screen (film, cpl, i, valid_from, valid_to, formulation, disable_forensic_marking_picture, disable_forensic_marking_audio);
+ auto p = kdm_for_screen(film, cpl, i, valid_from, valid_to, formulation, disable_forensic_marking_picture, disable_forensic_marking_audio, period_checks);
if (p) {
kdms.push_back (p);
}
}
+
+
+ if (find(period_checks.begin(), period_checks.end(), KDMCertificatePeriod::KDM_OUTSIDE_CERTIFICATE) != period_checks.end()) {
+ throw KDMCLIError(
+ "Some KDMs would have validity periods which are completely outside the recipient certificate periods. Such KDMs are very unlikely to work, so will not be created."
+ );
+ }
+
+ if (find(period_checks.begin(), period_checks.end(), KDMCertificatePeriod::KDM_OVERLAPS_CERTIFICATE) != period_checks.end()) {
+ out("For some of these KDMs the recipient certificate's validity period will not cover the whole of the KDM validity period. This might cause problems with the KDMs.");
+ }
+
write_files (kdms, zip, output, container_name_format, filename_format, verbose, out);
if (email) {
send_emails ({kdms}, container_name_format, filename_format, film->dcp_name(), {});
--- /dev/null
+/*
+ Copyright (C) 2023 Carl Hetherington <cth@carlh.net>
+
+ This file is part of DCP-o-matic.
+
+ DCP-o-matic is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ DCP-o-matic is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with DCP-o-matic. If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+
+#include "kdm_util.h"
+#include "screen.h"
+#include <dcp/certificate.h>
+#include <boost/optional.hpp>
+
+#include "i18n.h"
+
+
+using std::list;
+using std::pair;
+using std::shared_ptr;
+using std::string;
+using boost::optional;
+
+
+KDMCertificatePeriod
+check_kdm_and_certificate_validity_periods(dcp::Certificate const& recipient, dcp::LocalTime kdm_from, dcp::LocalTime kdm_to)
+{
+ auto overlaps = [](dcp::LocalTime from_a, dcp::LocalTime to_a, dcp::LocalTime from_b, dcp::LocalTime to_b) {
+ return std::max(from_a, from_b) < std::min(to_a, to_b);
+ };
+
+ auto contains = [](dcp::LocalTime bigger_from, dcp::LocalTime bigger_to, dcp::LocalTime smaller_from, dcp::LocalTime smaller_to) {
+ return bigger_from <= smaller_from && bigger_to >= smaller_to;
+ };
+
+ if (contains(recipient.not_before(), recipient.not_after(), kdm_from, kdm_to)) {
+ return KDMCertificatePeriod::KDM_WITHIN_CERTIFICATE;
+ }
+
+ if (overlaps(recipient.not_before(), recipient.not_after(), kdm_from, kdm_to)) {
+ /* The KDM overlaps the certificate validity: maybe not the end of the world */
+ return KDMCertificatePeriod::KDM_OVERLAPS_CERTIFICATE;
+ } else {
+ /* The KDM validity is totally outside the certificate validity: bad news */
+ return KDMCertificatePeriod::KDM_OUTSIDE_CERTIFICATE;
+ }
+}
+
--- /dev/null
+/*
+ Copyright (C) 2023 Carl Hetherington <cth@carlh.net>
+
+ This file is part of DCP-o-matic.
+
+ DCP-o-matic is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ DCP-o-matic is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with DCP-o-matic. If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+
+#ifndef DCPOMATIC_KDM_UTIL_H
+#define DCPOMATIC_KDM_UTIL_H
+
+
+#include <utility>
+#include <dcp/local_time.h>
+
+
+namespace dcp {
+ class Certificate;
+}
+
+
+enum class KDMCertificatePeriod {
+ KDM_WITHIN_CERTIFICATE,
+ KDM_OVERLAPS_CERTIFICATE,
+ KDM_OUTSIDE_CERTIFICATE
+};
+
+
+/** @param recipient Some KDM recipient certificate.
+ * @param kdm_from Proposed KDM start time.
+ * @param kdm_to Proposed KDM end time.
+ * @return Relationship between certificate and KDM validity periods.
+ */
+
+KDMCertificatePeriod
+check_kdm_and_certificate_validity_periods(dcp::Certificate const& recipient, dcp::LocalTime kdm_from, dcp::LocalTime kdm_to);
+
+
+#endif
+
*/
-#include "screen.h"
-#include "kdm_with_metadata.h"
-#include "film.h"
#include "cinema.h"
+#include "film.h"
+#include "kdm_util.h"
+#include "kdm_with_metadata.h"
+#include "screen.h"
#include <libxml++/libxml++.h>
#include <boost/algorithm/string.hpp>
#include <boost/date_time/posix_time/posix_time.hpp>
boost::posix_time::ptime valid_to,
dcp::Formulation formulation,
bool disable_forensic_marking_picture,
- optional<int> disable_forensic_marking_audio
+ optional<int> disable_forensic_marking_audio,
+ vector<KDMCertificatePeriod>& period_checks
)
{
if (!screen->recipient) {
dcp::LocalTime const begin(valid_from, dcp::UTCOffset(cinema ? cinema->utc_offset_hour() : 0, cinema ? cinema->utc_offset_minute() : 0));
dcp::LocalTime const end (valid_to, dcp::UTCOffset(cinema ? cinema->utc_offset_hour() : 0, cinema ? cinema->utc_offset_minute() : 0));
+ period_checks.push_back(check_kdm_and_certificate_validity_periods(screen->recipient.get(), begin, end));
+
auto const kdm = film->make_kdm (
screen->recipient.get(),
screen->trusted_device_thumbprints(),
#include "kdm_with_metadata.h"
#include "kdm_recipient.h"
+#include "kdm_util.h"
#include "trusted_device.h"
#include <dcp/certificate.h>
#include <libcxml/cxml.h>
boost::posix_time::ptime valid_to,
dcp::Formulation formulation,
bool disable_forensic_marking_picture,
- boost::optional<int> disable_forensic_marking_audio
+ boost::optional<int> disable_forensic_marking_audio,
+ std::vector<KDMCertificatePeriod>& period_checks
);
kdm_cli.cc
kdm_recipient.cc
kdm_with_metadata.cc
+ kdm_util.cc
log.cc
log_entry.cc
make_dcp.cc
#include "lib/exceptions.h"
#include "lib/file_log.h"
#include "lib/job_manager.h"
+#include "lib/kdm_util.h"
#include "lib/kdm_with_metadata.h"
#include "lib/screen.h"
#include "lib/send_kdm_email_job.h"
throw InvalidSignerError ();
}
+ vector<KDMCertificatePeriod> period_checks;
+
for (auto i: _screens->screens()) {
if (!i->recipient) {
dcp::LocalTime begin(_timing->from(), dcp::UTCOffset(i->cinema->utc_offset_hour(), i->cinema->utc_offset_minute()));
dcp::LocalTime end(_timing->until(), dcp::UTCOffset(i->cinema->utc_offset_hour(), i->cinema->utc_offset_minute()));
+ period_checks.push_back(check_kdm_and_certificate_validity_periods(*i->recipient, begin, end));
+
/* Make an empty KDM */
dcp::DecryptedKDM kdm (
begin,
return;
}
+ if (find(period_checks.begin(), period_checks.end(), KDMCertificatePeriod::KDM_OUTSIDE_CERTIFICATE) != period_checks.end()) {
+ error_dialog(
+ this,
+ _("Some KDMs would have validity periods which are completely outside the recipient certificate periods. Such KDMs are very unlikely to work, so will not be created.")
+ );
+ return;
+ }
+
+ if (find(period_checks.begin(), period_checks.end(), KDMCertificatePeriod::KDM_OVERLAPS_CERTIFICATE) != period_checks.end()) {
+ message_dialog(
+ this,
+ _("For some of these KDMs the recipient certificate's validity period will not cover the whole of the KDM validity period. This might cause problems with the KDMs.")
+ );
+ }
+
auto result = _output->make (
kdms, title, bind (&DOMFrame::confirm_overwrite, this, _1)
);
#include "lib/film.h"
#include "lib/job_manager.h"
#include "lib/kdm_with_metadata.h"
+#include "lib/kdm_util.h"
#include "lib/screen.h"
#include <libcxml/cxml.h>
#include <dcp/exceptions.h>
for_audio = _output->forensic_mark_audio_up_to();
}
+ vector<KDMCertificatePeriod> period_checks;
+
for (auto i: _screens->screens()) {
- auto p = kdm_for_screen (film, _cpl->cpl(), i, _timing->from(), _timing->until(), _output->formulation(), !_output->forensic_mark_video(), for_audio);
+ auto p = kdm_for_screen(film, _cpl->cpl(), i, _timing->from(), _timing->until(), _output->formulation(), !_output->forensic_mark_video(), for_audio, period_checks);
if (p) {
kdms.push_back (p);
}
}
+
+ if (find(period_checks.begin(), period_checks.end(), KDMCertificatePeriod::KDM_OUTSIDE_CERTIFICATE) != period_checks.end()) {
+ error_dialog(
+ this,
+ _("Some KDMs would have validity periods which are completely outside the recipient certificate periods. Such KDMs are very unlikely to work, so will not be created.")
+ );
+ return;
+ }
+
+ if (find(period_checks.begin(), period_checks.end(), KDMCertificatePeriod::KDM_OVERLAPS_CERTIFICATE) != period_checks.end()) {
+ message_dialog(
+ this,
+ _("For some of these KDMs the recipient certificate's validity period will not cover the whole of the KDM validity period. This might cause problems with the KDMs.")
+ );
+ }
+
} catch (dcp::BadKDMDateError& e) {
if (e.starts_too_early()) {
error_dialog (this, _("The KDM start period is before (or close to) the start of the signing certificate's validity period. Use a later start time for this KDM."));
auto const from_string = from.date() + " " + from.time_of_day(true, false);
auto const until_string = until.date() + " " + until.time_of_day(true, false);
+ std::vector<KDMCertificatePeriod> period_checks;
+
auto cpl = cpls.front().cpl_file;
auto kdm = kdm_for_screen (
film,
boost::posix_time::time_from_string(until_string),
dcp::Formulation::MODIFIED_TRANSITIONAL_1,
false,
- optional<int>()
+ optional<int>(),
+ period_checks
);
write_files (
auto const cpl = cpls.front().cpl_file;
auto const cpl_id = cpls.front().cpl_id;
+ std::vector<KDMCertificatePeriod> period_checks;
list<KDMWithMetadataPtr> kdms;
for (auto i: screens) {
auto kdm = kdm_for_screen (
boost::posix_time::time_from_string(until_string),
dcp::Formulation::MODIFIED_TRANSITIONAL_1,
false,
- optional<int>()
+ optional<int>(),
+ period_checks
);
kdms.push_back (kdm);
--- /dev/null
+/*
+ Copyright (C) 2023 Carl Hetherington <cth@carlh.net>
+
+ This file is part of DCP-o-matic.
+
+ DCP-o-matic is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ DCP-o-matic is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with DCP-o-matic. If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+
+#include "lib/kdm_util.h"
+#include <dcp/certificate.h>
+#include <dcp/util.h>
+#include <boost/test/unit_test.hpp>
+
+
+BOOST_AUTO_TEST_CASE(check_kdm_and_certificate_validity_periods_good)
+{
+ auto const result = check_kdm_and_certificate_validity_periods(
+ dcp::Certificate(dcp::file_to_string("test/data/cert.pem")),
+ dcp::LocalTime("2023-01-03T10:30:00"),
+ dcp::LocalTime("2050-10-20T14:00:00")
+ );
+
+ BOOST_CHECK(result == KDMCertificatePeriod::KDM_WITHIN_CERTIFICATE);
+}
+
+
+BOOST_AUTO_TEST_CASE(check_kdm_and_certificate_validity_periods_overlap_start)
+{
+ auto const result = check_kdm_and_certificate_validity_periods(
+ dcp::Certificate(dcp::file_to_string("test/data/cert.pem")),
+ dcp::LocalTime("2011-01-03T10:30:00"),
+ dcp::LocalTime("2050-10-20T14:00:00")
+ );
+
+ BOOST_CHECK(result == KDMCertificatePeriod::KDM_OVERLAPS_CERTIFICATE);
+}
+
+
+BOOST_AUTO_TEST_CASE(check_kdm_and_certificate_validity_periods_overlap_end)
+{
+ auto const result = check_kdm_and_certificate_validity_periods(
+ dcp::Certificate(dcp::file_to_string("test/data/cert.pem")),
+ dcp::LocalTime("2033-01-03T10:30:00"),
+ dcp::LocalTime("2095-10-20T14:00:00")
+ );
+
+ BOOST_CHECK(result == KDMCertificatePeriod::KDM_OVERLAPS_CERTIFICATE);
+}
+
+
+BOOST_AUTO_TEST_CASE(check_kdm_and_certificate_validity_periods_overlap_start_and_end)
+{
+ auto const result = check_kdm_and_certificate_validity_periods(
+ dcp::Certificate(dcp::file_to_string("test/data/cert.pem")),
+ dcp::LocalTime("2011-01-03T10:30:00"),
+ dcp::LocalTime("2095-10-20T14:00:00")
+ );
+
+ BOOST_CHECK(result == KDMCertificatePeriod::KDM_OVERLAPS_CERTIFICATE);
+}
+
+
+BOOST_AUTO_TEST_CASE(check_kdm_and_certificate_validity_periods_outside)
+{
+ auto const result = check_kdm_and_certificate_validity_periods(
+ dcp::Certificate(dcp::file_to_string("test/data/cert.pem")),
+ dcp::LocalTime("2011-01-03T10:30:00"),
+ dcp::LocalTime("2012-10-20T14:00:00")
+ );
+
+ BOOST_CHECK(result == KDMCertificatePeriod::KDM_OUTSIDE_CERTIFICATE);
+}
job_manager_test.cc
kdm_cli_test.cc
kdm_naming_test.cc
+ kdm_util_test.cc
low_bitrate_test.cc
markers_test.cc
no_use_video_test.cc
projects / dcpomatic.git / commitdiff