From 723779c27ffdafe27b3f23840eea4777ae838a83 Mon Sep 17 00:00:00 2001 From: Carl Hetherington Date: Mon, 14 Feb 2022 10:56:39 +0100 Subject: [PATCH] Add hint about excessive certificate validity. --- src/lib/hints.cc | 32 +++++++++++++++++++++++++++++++- src/lib/hints.h | 1 + test/hints_test.cc | 21 ++++++++++++++++++++- 3 files changed, 52 insertions(+), 2 deletions(-) diff --git a/src/lib/hints.cc b/src/lib/hints.cc index 40b51e817..0f1cfece8 100644 --- a/src/lib/hints.cc +++ b/src/lib/hints.cc @@ -1,5 +1,5 @@ /* - Copyright (C) 2016-2021 Carl Hetherington + Copyright (C) 2016-2022 Carl Hetherington This file is part of DCP-o-matic. @@ -23,6 +23,7 @@ #include "audio_content.h" #include "audio_processor.h" #include "compose.hpp" +#include "config.h" #include "content.h" #include "cross.h" #include "dcp_content_type.h" @@ -381,6 +382,7 @@ try auto content = film->content (); + check_certificates (); check_interop (); check_big_font_files (); check_few_audio_channels (); @@ -652,3 +654,31 @@ Hints::check_audio_language () } } + +void +Hints::check_certificates () +{ + auto bad = Config::instance()->check_certificates(); + if (!bad) { + return; + } + + switch (*bad) { + case Config::BAD_SIGNER_UTF8_STRINGS: + hint(_("The certificate chain that DCP-o-matic uses for signing DCPs and KDMs contains a small error " + "which will prevent DCPs from being validated correctly on some systems. You are advised to " + "re-create the signing certificate chain by clicking the \"Re-make certificates and key...\" " + "button in the Keys page of Preferences.")); + break; + case Config::BAD_SIGNER_VALIDITY_TOO_LONG: + hint(_("The certificate chain that DCP-o-matic uses for signing DCPs and KDMs has a validity period " + "that is too long. This will cause problems playing back DCPs on some systems. " + "You are advised to re-create the signing certificate chain by clicking the " + "\"Re-make certificates and key...\" button in the Keys page of Preferences.")); + break; + default: + /* Some bad situations can't happen here as DCP-o-matic would have refused to start until they are fixed */ + break; + } +} + diff --git a/src/lib/hints.h b/src/lib/hints.h index 6553593a0..985fa1910 100644 --- a/src/lib/hints.h +++ b/src/lib/hints.h @@ -65,6 +65,7 @@ private: void closed_caption (PlayerText text, dcpomatic::DCPTimePeriod period); void open_subtitle (PlayerText text, dcpomatic::DCPTimePeriod period); + void check_certificates (); void check_interop (); void check_big_font_files (); void check_few_audio_channels (); diff --git a/test/hints_test.cc b/test/hints_test.cc index c228cd07a..51374b274 100644 --- a/test/hints_test.cc +++ b/test/hints_test.cc @@ -1,5 +1,5 @@ /* - Copyright (C) 2020-2021 Carl Hetherington + Copyright (C) 2020-2022 Carl Hetherington This file is part of DCP-o-matic. @@ -20,6 +20,7 @@ #include "lib/audio_content.h" +#include "lib/config.h" #include "lib/content.h" #include "lib/content_factory.h" #include "lib/cross.h" @@ -254,6 +255,24 @@ BOOST_AUTO_TEST_CASE (hints_audio_with_no_language) "Some of your content has audio but you have not set the audio language. It is advisable to set the audio language " "in the \"DCP\" tab unless your audio has no spoken parts." ); +} + + +BOOST_AUTO_TEST_CASE (hints_certificate_validity) +{ + ConfigRestorer cr; + + Config::instance()->set_signer_chain(make_shared(openssl_path(), 40 * 365)); + auto film = new_test_film2 ("hints_certificate_validity"); + auto hints = get_hints (film); + BOOST_REQUIRE_EQUAL (hints.size(), 1U); + BOOST_CHECK_EQUAL ( + hints[0], + "The certificate chain that DCP-o-matic uses for signing DCPs and KDMs has a validity period " + "that is too long. This will cause problems playing back DCPs on some systems. " + "You are advised to re-create the signing certificate chain by clicking the " + "\"Re-make certificates and key...\" button in the Keys page of Preferences." + ); } -- 2.30.2