From 7b439c9baf719b135922e6c6b53472915fed3573 Mon Sep 17 00:00:00 2001
From: Carl Hetherington <cth@carlh.net>
Date: Mon, 20 Nov 2023 00:25:27 +0100
Subject: [PATCH] Verify encrypted DCPs (more) correctly (#2659).

---
 cscript                       |  2 +-
 src/lib/verify_dcp_job.cc     | 21 +++++++++++++++++++--
 src/lib/verify_dcp_job.h      |  3 ++-
 src/tools/dcpomatic_player.cc |  5 ++++-
 test/reels_test.cc            |  8 ++++----
 test/test.cc                  |  2 +-
 6 files changed, 31 insertions(+), 10 deletions(-)

diff --git a/cscript b/cscript
index 9d5a72eaf..de4fcb122 100644
--- a/cscript
+++ b/cscript
@@ -508,7 +508,7 @@ def dependencies(target, options):
         # Use distro-provided FFmpeg on Arch
         deps = []
 
-    deps.append(('libdcp', 'c46f6125c482f2a3361cd33d1e1163927f038e9d'))
+    deps.append(('libdcp', 'v1.8.88'))
     deps.append(('libsub', 'v1.6.44'))
     deps.append(('leqm-nrt', '30dcaea1373ac62fba050e02ce5b0c1085797a23'))
     deps.append(('rtaudio', 'f619b76'))
diff --git a/src/lib/verify_dcp_job.cc b/src/lib/verify_dcp_job.cc
index e054fae3a..5e50ec51d 100644
--- a/src/lib/verify_dcp_job.cc
+++ b/src/lib/verify_dcp_job.cc
@@ -19,6 +19,7 @@
 */
 
 
+#include "config.h"
 #include "cross.h"
 #include "verify_dcp_job.h"
 #include "content.h"
@@ -35,9 +36,10 @@ using namespace boost::placeholders;
 #endif
 
 
-VerifyDCPJob::VerifyDCPJob (vector<boost::filesystem::path> directories)
+VerifyDCPJob::VerifyDCPJob(vector<boost::filesystem::path> directories, vector<boost::filesystem::path> kdms)
 	: Job (shared_ptr<Film>())
 	, _directories (directories)
+	, _kdms(kdms)
 {
 
 }
@@ -76,7 +78,22 @@ VerifyDCPJob::update_stage (string s, optional<boost::filesystem::path> path)
 void
 VerifyDCPJob::run ()
 {
-	_notes = dcp::verify(_directories, bind(&VerifyDCPJob::update_stage, this, _1, _2), bind(&VerifyDCPJob::set_progress, this, _1, false), {}, libdcp_resources_path() / "xsd");
+	vector<dcp::DecryptedKDM> decrypted_kdms;
+	auto key = Config::instance()->decryption_chain()->key();
+	if (key) {
+		for (auto kdm: _kdms) {
+			decrypted_kdms.push_back(dcp::DecryptedKDM{dcp::EncryptedKDM(dcp::file_to_string(kdm)), *key});
+		}
+	}
+
+	_notes = dcp::verify(
+		_directories,
+		decrypted_kdms,
+		bind(&VerifyDCPJob::update_stage, this, _1, _2),
+		bind(&VerifyDCPJob::set_progress, this, _1, false),
+		{},
+		libdcp_resources_path() / "xsd"
+		);
 
 	bool failed = false;
 	for (auto i: _notes) {
diff --git a/src/lib/verify_dcp_job.h b/src/lib/verify_dcp_job.h
index b00f0128b..61a347507 100644
--- a/src/lib/verify_dcp_job.h
+++ b/src/lib/verify_dcp_job.h
@@ -29,7 +29,7 @@ class Content;
 class VerifyDCPJob : public Job
 {
 public:
-	explicit VerifyDCPJob (std::vector<boost::filesystem::path> directories);
+	VerifyDCPJob(std::vector<boost::filesystem::path> directories, std::vector<boost::filesystem::path> kdms);
 	~VerifyDCPJob ();
 
 	std::string name () const override;
@@ -44,5 +44,6 @@ private:
 	void update_stage (std::string s, boost::optional<boost::filesystem::path> path);
 
 	std::vector<boost::filesystem::path> _directories;
+	std::vector<boost::filesystem::path> _kdms;
 	std::vector<dcp::VerificationNote> _notes;
 };
diff --git a/src/tools/dcpomatic_player.cc b/src/tools/dcpomatic_player.cc
index d1668975c..212169d84 100644
--- a/src/tools/dcpomatic_player.cc
+++ b/src/tools/dcpomatic_player.cc
@@ -713,6 +713,7 @@ private:
 					_viewer.set_coalesce_player_changes(true);
 					for (auto path: dialog.paths()) {
 						dcp->add_kdm(dcp::EncryptedKDM(dcp::file_to_string(path)));
+						_kdms.push_back(path);
 					}
 					examine_content();
 				}
@@ -913,7 +914,7 @@ private:
 		auto dcp = std::dynamic_pointer_cast<DCPContent>(_film->content().front());
 		DCPOMATIC_ASSERT (dcp);
 
-		auto job = make_shared<VerifyDCPJob>(dcp->directories());
+		auto job = make_shared<VerifyDCPJob>(dcp->directories(), _kdms);
 		VerifyDCPProgressDialog progress(this, _("DCP-o-matic Player"));
 		bool const completed = progress.run(job);
 		progress.Close();
@@ -1125,6 +1126,8 @@ private:
 	wxMenuItem* _view_dual_screen = nullptr;
 	wxSizer* _main_sizer = nullptr;
 	PlayerStressTester _stress;
+	/** KDMs that have been loaded, so that we can pass them to the verifier */
+	std::vector<boost::filesystem::path> _kdms;
 };
 
 static const wxCmdLineEntryDesc command_line_description[] = {
diff --git a/test/reels_test.cc b/test/reels_test.cc
index 3d4dd0e6e..2a87ef6b6 100644
--- a/test/reels_test.cc
+++ b/test/reels_test.cc
@@ -503,7 +503,7 @@ BOOST_AUTO_TEST_CASE (reels_should_not_be_short1)
 	make_and_verify_dcp (film);
 
 	vector<boost::filesystem::path> dirs = { film->dir(film->dcp_name(false)) };
-	auto notes = dcp::verify(dirs, boost::bind(&no_op), boost::bind(&no_op), {}, TestPaths::xsd());
+	auto notes = dcp::verify(dirs, {}, boost::bind(&no_op), boost::bind(&no_op), {}, TestPaths::xsd());
 	dump_notes (notes);
 	BOOST_REQUIRE (notes.empty());
 }
@@ -528,7 +528,7 @@ BOOST_AUTO_TEST_CASE (reels_should_not_be_short2)
 	make_and_verify_dcp (film);
 
 	vector<boost::filesystem::path> dirs = { film->dir(film->dcp_name(false)) };
-	auto const notes = dcp::verify(dirs, boost::bind(&no_op), boost::bind(&no_op), {}, TestPaths::xsd());
+	auto const notes = dcp::verify(dirs, {}, boost::bind(&no_op), boost::bind(&no_op), {}, TestPaths::xsd());
 	dump_notes (notes);
 	BOOST_REQUIRE (notes.empty());
 }
@@ -549,7 +549,7 @@ BOOST_AUTO_TEST_CASE (reels_should_not_be_short3)
 
 	make_and_verify_dcp (film);
 
-	auto const notes = dcp::verify({}, boost::bind(&no_op), boost::bind(&no_op), {}, TestPaths::xsd());
+	auto const notes = dcp::verify({}, {}, boost::bind(&no_op), boost::bind(&no_op), {}, TestPaths::xsd());
 	dump_notes (notes);
 	BOOST_REQUIRE (notes.empty());
 }
@@ -579,7 +579,7 @@ BOOST_AUTO_TEST_CASE (reels_should_not_be_short4)
 	BOOST_REQUIRE (!wait_for_jobs());
 
 	vector<boost::filesystem::path> dirs = { film->dir(film->dcp_name(false)) };
-	auto const notes = dcp::verify(dirs, boost::bind(&no_op), boost::bind(&no_op), {}, TestPaths::xsd());
+	auto const notes = dcp::verify(dirs, {}, boost::bind(&no_op), boost::bind(&no_op), {}, TestPaths::xsd());
 	dump_notes (notes);
 	BOOST_REQUIRE (notes.empty());
 }
diff --git a/test/test.cc b/test/test.cc
index 2bd31292a..8ca103a6b 100644
--- a/test/test.cc
+++ b/test/test.cc
@@ -948,7 +948,7 @@ void progress (float) {}
 void
 verify_dcp(boost::filesystem::path dir, vector<dcp::VerificationNote::Code> ignore)
 {
-	auto notes = dcp::verify({dir}, &stage, &progress, {}, TestPaths::xsd());
+	auto notes = dcp::verify({dir}, {}, &stage, &progress, {}, TestPaths::xsd());
 	bool ok = true;
 	for (auto i: notes) {
 		if (find(ignore.begin(), ignore.end(), i.code()) == ignore.end()) {
-- 
2.30.2