From e18630852de1ac02c23c74cbe7643845b6f4bd17 Mon Sep 17 00:00:00 2001 From: Carl Hetherington Date: Sun, 29 Jan 2023 00:07:10 +0100 Subject: [PATCH] Cleanup: extract encrypt() call from Film::make_kdm(). --- src/lib/dkdm_recipient.cc | 18 ++++++++---------- src/lib/film.cc | 27 ++++----------------------- src/lib/film.h | 11 +---------- src/lib/screen.cc | 18 ++++++++---------- src/tools/dcpomatic.cc | 36 ++++++++++++++++-------------------- test/atmos_test.cc | 15 +++++---------- test/dcp_decoder_test.cc | 13 ++++--------- test/dcp_digest_file_test.cc | 14 +++++--------- test/encryption_test.cc | 15 +++++---------- test/import_dcp_test.cc | 14 +++++--------- test/remake_id_test.cc | 15 +++++---------- test/vf_kdm_test.cc | 25 +++++++------------------ 12 files changed, 73 insertions(+), 148 deletions(-) diff --git a/src/lib/dkdm_recipient.cc b/src/lib/dkdm_recipient.cc index f25934083..c73379bed 100644 --- a/src/lib/dkdm_recipient.cc +++ b/src/lib/dkdm_recipient.cc @@ -19,6 +19,7 @@ */ +#include "config.h" #include "dkdm_recipient.h" #include "film.h" #include "kdm_with_metadata.h" @@ -75,16 +76,13 @@ kdm_for_dkdm_recipient ( dcp::LocalTime const begin(valid_from, dcp::UTCOffset(recipient->utc_offset_hour, recipient->utc_offset_minute)); dcp::LocalTime const end (valid_to, dcp::UTCOffset(recipient->utc_offset_hour, recipient->utc_offset_minute)); - auto const kdm = film->make_kdm ( - recipient->recipient.get(), - vector(), - cpl, - begin, - end, - dcp::Formulation::MODIFIED_TRANSITIONAL_1, - true, - 0 - ); + auto signer = Config::instance()->signer_chain(); + if (!signer->valid()) { + throw InvalidSignerError(); + } + + auto const decrypted_kdm = film->make_kdm(cpl, begin, end); + auto const kdm = decrypted_kdm.encrypt(signer, recipient->recipient.get(), {}, dcp::Formulation::MODIFIED_TRANSITIONAL_1, true, 0); dcp::NameFormat::Map name_values; name_values['f'] = kdm.content_title_text(); diff --git a/src/lib/film.cc b/src/lib/film.cc index e0aa08a77..8e409fc69 100644 --- a/src/lib/film.cc +++ b/src/lib/film.cc @@ -1634,37 +1634,18 @@ Film::active_area () const } -/** @param recipient KDM recipient certificate. - * @param trusted_devices Certificate thumbprints of other trusted devices (can be empty). - * @param cpl_file CPL filename. +/* @param cpl_file CPL filename. * @param from KDM from time expressed as a local time with an offset from UTC. * @param until KDM to time expressed as a local time with an offset from UTC. - * @param formulation KDM formulation to use. - * @param disable_forensic_marking_picture true to disable forensic marking of picture. - * @param disable_forensic_marking_audio if not set, don't disable forensic marking of audio. If set to 0, - * disable all forensic marking; if set above 0, disable forensic marking above that channel. */ -dcp::EncryptedKDM -Film::make_kdm ( - dcp::Certificate recipient, - vector trusted_devices, - boost::filesystem::path cpl_file, - dcp::LocalTime from, - dcp::LocalTime until, - dcp::Formulation formulation, - bool disable_forensic_marking_picture, - optional disable_forensic_marking_audio - ) const +dcp::DecryptedKDM +Film::make_kdm(boost::filesystem::path cpl_file, dcp::LocalTime from, dcp::LocalTime until) const { if (!_encrypted) { throw runtime_error (_("Cannot make a KDM as this project is not encrypted.")); } auto cpl = make_shared(cpl_file); - auto signer = Config::instance()->signer_chain(); - if (!signer->valid ()) { - throw InvalidSignerError (); - } /* Find keys that have been added to imported, encrypted DCP content */ list imported_keys; @@ -1703,7 +1684,7 @@ Film::make_kdm ( return dcp::DecryptedKDM ( cpl->id(), keys, from, until, cpl->content_title_text(), cpl->content_title_text(), dcp::LocalTime().as_string() - ).encrypt (signer, recipient, trusted_devices, formulation, disable_forensic_marking_picture, disable_forensic_marking_audio); + ); } diff --git a/src/lib/film.h b/src/lib/film.h index babc14a29..d059099ee 100644 --- a/src/lib/film.h +++ b/src/lib/film.h @@ -167,16 +167,7 @@ public: FrameRateChange active_frame_rate_change (dcpomatic::DCPTime) const; std::pair speed_up_range (int dcp_frame_rate) const; - dcp::EncryptedKDM make_kdm ( - dcp::Certificate recipient, - std::vector trusted_devices, - boost::filesystem::path cpl_file, - dcp::LocalTime from, - dcp::LocalTime until, - dcp::Formulation formulation, - bool disable_forensic_marking_picture, - boost::optional disable_forensic_marking_audio - ) const; + dcp::DecryptedKDM make_kdm(boost::filesystem::path cpl_file, dcp::LocalTime from, dcp::LocalTime until) const; int state_version () const { return _state_version; diff --git a/src/lib/screen.cc b/src/lib/screen.cc index 453a833d7..5ef007214 100644 --- a/src/lib/screen.cc +++ b/src/lib/screen.cc @@ -20,6 +20,7 @@ #include "cinema.h" +#include "config.h" #include "film.h" #include "kdm_util.h" #include "kdm_with_metadata.h" @@ -95,16 +96,13 @@ kdm_for_screen ( period_checks.push_back(check_kdm_and_certificate_validity_periods(screen->recipient.get(), begin, end)); - auto const kdm = film->make_kdm ( - screen->recipient.get(), - screen->trusted_device_thumbprints(), - cpl, - begin, - end, - formulation, - disable_forensic_marking_picture, - disable_forensic_marking_audio - ); + auto signer = Config::instance()->signer_chain(); + if (!signer->valid()) { + throw InvalidSignerError(); + } + + auto const decrypted_kdm = film->make_kdm(cpl, begin, end); + auto kdm = decrypted_kdm.encrypt(signer, screen->recipient.get(), screen->trusted_device_thumbprints(), formulation, disable_forensic_marking_picture, disable_forensic_marking_audio); dcp::NameFormat::Map name_values; if (cinema) { diff --git a/src/tools/dcpomatic.cc b/src/tools/dcpomatic.cc index deaa15afd..1923a12a3 100644 --- a/src/tools/dcpomatic.cc +++ b/src/tools/dcpomatic.cc @@ -944,34 +944,30 @@ private: dcp::LocalTime to (Config::instance()->signer_chain()->leaf().not_after()); to.add_days (-1); - optional kdm; - try { - kdm = _film->make_kdm ( - Config::instance()->decryption_chain()->leaf(), - vector(), - dialog.cpl(), - from, to, - dcp::Formulation::MODIFIED_TRANSITIONAL_1, - true, - 0 - ); - } catch (dcp::NotEncryptedError& e) { - error_dialog (this, _("CPL's content is not encrypted.")); - } catch (exception& e) { - error_dialog (this, e.what ()); - } catch (...) { - error_dialog (this, _("An unknown exception occurred.")); + auto signer = Config::instance()->signer_chain(); + if (!signer->valid()) { + error_dialog(this, _("The certificate chain for signing is invalid")); + return; } - if (kdm) { + optional kdm; + try { + auto const decrypted_kdm = _film->make_kdm(dialog.cpl(), from, to); + auto const kdm = decrypted_kdm.encrypt(signer, Config::instance()->decryption_chain()->leaf(), {}, dcp::Formulation::MODIFIED_TRANSITIONAL_1, true, 0); if (dialog.internal()) { auto dkdms = Config::instance()->dkdms(); - dkdms->add (make_shared(kdm.get())); + dkdms->add(make_shared(kdm)); Config::instance()->changed (); } else { auto path = dialog.directory() / (_film->dcp_name(false) + "_DKDM.xml"); - kdm->as_xml (path); + kdm.as_xml(path); } + } catch (dcp::NotEncryptedError& e) { + error_dialog (this, _("CPL's content is not encrypted.")); + } catch (exception& e) { + error_dialog (this, e.what ()); + } catch (...) { + error_dialog (this, _("An unknown exception occurred.")); } } diff --git a/test/atmos_test.cc b/test/atmos_test.cc index c2b0cb6d8..170736825 100644 --- a/test/atmos_test.cc +++ b/test/atmos_test.cc @@ -74,16 +74,11 @@ BOOST_AUTO_TEST_CASE (atmos_encrypted_passthrough_test) BOOST_REQUIRE (!mxf_atmos_files_same(ref, dcp_file(film, "atmos"))); - auto kdm = film->make_kdm ( - Config::instance()->decryption_chain()->leaf(), - vector(), - dcp_file(film, "cpl"), - dcp::LocalTime(), - dcp::LocalTime(), - dcp::Formulation::MODIFIED_TRANSITIONAL_1, - false, - optional() - ); + auto signer = Config::instance()->signer_chain(); + BOOST_REQUIRE(signer->valid()); + + auto const decrypted_kdm = film->make_kdm(dcp_file(film, "cpl"), dcp::LocalTime(), dcp::LocalTime()); + auto const kdm = decrypted_kdm.encrypt(signer, Config::instance()->decryption_chain()->leaf(), {}, dcp::Formulation::MODIFIED_TRANSITIONAL_1, false, {}); auto content2 = make_shared(film->dir(film->dcp_name())); content2->add_kdm (kdm); diff --git a/test/dcp_decoder_test.cc b/test/dcp_decoder_test.cc index c9474b998..a37b60ee8 100644 --- a/test/dcp_decoder_test.cc +++ b/test/dcp_decoder_test.cc @@ -69,16 +69,11 @@ BOOST_AUTO_TEST_CASE (check_reuse_old_data_test) dcp::DCP encrypted_dcp (encrypted->dir(encrypted->dcp_name())); encrypted_dcp.read (); - auto kdm = encrypted->make_kdm ( - Config::instance()->decryption_chain()->leaf(), - vector(), - encrypted_dcp.cpls().front()->file().get(), - dcp::LocalTime ("2030-07-21T00:00:00+00:00"), - dcp::LocalTime ("2031-07-21T00:00:00+00:00"), - dcp::Formulation::MODIFIED_TRANSITIONAL_1, - true, 0 - ); + auto signer = Config::instance()->signer_chain(); + BOOST_REQUIRE(signer->valid()); + auto const decrypted_kdm = encrypted->make_kdm(encrypted_dcp.cpls().front()->file().get(), dcp::LocalTime ("2030-07-21T00:00:00+00:00"), dcp::LocalTime ("2031-07-21T00:00:00+00:00")); + auto const kdm = decrypted_kdm.encrypt(signer, Config::instance()->decryption_chain()->leaf(), {}, dcp::Formulation::MODIFIED_TRANSITIONAL_1, true, 0); /* Add just the OV to a new project, move it around a bit and check that the _reels get reused. diff --git a/test/dcp_digest_file_test.cc b/test/dcp_digest_file_test.cc index 16fe4a5bb..d67c734c1 100644 --- a/test/dcp_digest_file_test.cc +++ b/test/dcp_digest_file_test.cc @@ -80,15 +80,11 @@ BOOST_AUTO_TEST_CASE (dcp_digest_file_test2) auto ov_cpl = find_cpl.cpls()[0]->file(); BOOST_REQUIRE (static_cast(ov_cpl)); - auto kdm = ov->make_kdm ( - Config::instance()->decryption_chain()->leaf(), - {}, - ov_cpl.get(), - dcp::LocalTime(), dcp::LocalTime(), - dcp::Formulation::MODIFIED_TRANSITIONAL_1, - true, - 0 - ); + auto signer = Config::instance()->signer_chain(); + BOOST_REQUIRE(signer->valid()); + + auto decrypted_kdm = ov->make_kdm(ov_cpl.get(), dcp::LocalTime(), dcp::LocalTime()); + auto kdm = decrypted_kdm.encrypt(signer, Config::instance()->decryption_chain()->leaf(), {}, dcp::Formulation::MODIFIED_TRANSITIONAL_1, true, 0); auto ov_dcp = make_shared(ov->dir(ov->dcp_name())); ov_dcp->add_kdm (kdm); diff --git a/test/encryption_test.cc b/test/encryption_test.cc index b7703f4e9..9cadd087e 100644 --- a/test/encryption_test.cc +++ b/test/encryption_test.cc @@ -55,16 +55,11 @@ BOOST_AUTO_TEST_CASE (smpte_dcp_with_subtitles_can_be_decrypted) auto cpl = dcp.cpls()[0]; BOOST_REQUIRE (cpl->file()); - auto kdm = film->make_kdm ( - Config::instance()->decryption_chain()->leaf(), - {}, - *cpl->file(), - dcp::LocalTime(), - dcp::LocalTime(), - dcp::Formulation::MODIFIED_TRANSITIONAL_1, - true, - 0 - ); + auto signer = Config::instance()->signer_chain(); + BOOST_REQUIRE(signer->valid()); + + auto const decrypted_kdm = film->make_kdm(*cpl->file(), dcp::LocalTime(), dcp::LocalTime()); + auto const kdm = decrypted_kdm.encrypt(signer, Config::instance()->decryption_chain()->leaf(), {}, dcp::Formulation::MODIFIED_TRANSITIONAL_1, true, 0); auto dcp_content = make_shared(film->dir(film->dcp_name())); dcp_content->add_kdm (kdm); diff --git a/test/import_dcp_test.cc b/test/import_dcp_test.cc index e4545b7b0..acac79051 100644 --- a/test/import_dcp_test.cc +++ b/test/import_dcp_test.cc @@ -74,15 +74,11 @@ BOOST_AUTO_TEST_CASE (import_dcp_test) Config::instance()->set_decryption_chain (make_shared(openssl_path(), CERTIFICATE_VALIDITY_PERIOD)); - auto kdm = A->make_kdm ( - Config::instance()->decryption_chain()->leaf (), - vector(), - A_dcp.cpls().front()->file().get(), - dcp::LocalTime ("2030-07-21T00:00:00+00:00"), - dcp::LocalTime ("2031-07-21T00:00:00+00:00"), - dcp::Formulation::MODIFIED_TRANSITIONAL_1, - true, 0 - ); + auto signer = Config::instance()->signer_chain(); + BOOST_REQUIRE(signer->valid()); + + auto const decrypted_kdm = A->make_kdm(A_dcp.cpls().front()->file().get(), dcp::LocalTime ("2030-07-21T00:00:00+00:00"), dcp::LocalTime ("2031-07-21T00:00:00+00:00")); + auto const kdm = decrypted_kdm.encrypt(signer, Config::instance()->decryption_chain()->leaf(), {}, dcp::Formulation::MODIFIED_TRANSITIONAL_1, true, 0); auto B = new_test_film ("import_dcp_test2"); B->set_container (Ratio::from_id ("185")); diff --git a/test/remake_id_test.cc b/test/remake_id_test.cc index 0a29f9461..816a43feb 100644 --- a/test/remake_id_test.cc +++ b/test/remake_id_test.cc @@ -84,17 +84,12 @@ BOOST_AUTO_TEST_CASE (remake_id_test2) } BOOST_REQUIRE(cpl); + auto signer = Config::instance()->signer_chain(); + BOOST_REQUIRE(signer->valid()); + /* Make a DKDM */ - auto kdm = film->make_kdm ( - Config::instance()->decryption_chain()->leaf(), - vector(), - *cpl, - dcp::LocalTime ("2030-01-01T01:00:00+00:00"), - dcp::LocalTime ("2031-01-01T01:00:00+00:00"), - dcp::Formulation::MODIFIED_TRANSITIONAL_1, - true, - 0 - ); + auto const decrypted_kdm = film->make_kdm(*cpl, dcp::LocalTime ("2030-01-01T01:00:00+00:00"), dcp::LocalTime ("2031-01-01T01:00:00+00:00")); + auto const kdm = decrypted_kdm.encrypt(signer, Config::instance()->decryption_chain()->leaf(), {}, dcp::Formulation::MODIFIED_TRANSITIONAL_1, true, 0); /* Import the DCP into a new film */ auto dcp_content = make_shared(film->dir(film->dcp_name())); diff --git a/test/vf_kdm_test.cc b/test/vf_kdm_test.cc index 259f54031..665cf72a0 100644 --- a/test/vf_kdm_test.cc +++ b/test/vf_kdm_test.cc @@ -68,15 +68,11 @@ BOOST_AUTO_TEST_CASE (vf_kdm_test) Config::instance()->set_decryption_chain (make_shared(openssl_path(), CERTIFICATE_VALIDITY_PERIOD)); - auto A_kdm = A->make_kdm ( - Config::instance()->decryption_chain()->leaf(), - vector(), - A_dcp.cpls().front()->file().get(), - dcp::LocalTime("2030-07-21T00:00:00+00:00"), - dcp::LocalTime("2031-07-21T00:00:00+00:00"), - dcp::Formulation::MODIFIED_TRANSITIONAL_1, - true, 0 - ); + auto signer = Config::instance()->signer_chain(); + BOOST_REQUIRE(signer->valid()); + + auto const A_decrypted_kdm = A->make_kdm(A_dcp.cpls().front()->file().get(), dcp::LocalTime("2030-07-21T00:00:00+00:00"), dcp::LocalTime("2031-07-21T00:00:00+00:00")); + auto const A_kdm = A_decrypted_kdm.encrypt(signer, Config::instance()->decryption_chain()->leaf(), {}, dcp::Formulation::MODIFIED_TRANSITIONAL_1, true, 0); /* Import A into a new project, with the required KDM, and make a VF that refers to it */ @@ -97,15 +93,8 @@ BOOST_AUTO_TEST_CASE (vf_kdm_test) dcp::DCP B_dcp ("build/test/vf_kdm_test_vf/" + B->dcp_name()); B_dcp.read (); - auto B_kdm = B->make_kdm ( - Config::instance()->decryption_chain()->leaf (), - vector(), - B_dcp.cpls().front()->file().get(), - dcp::LocalTime ("2030-07-21T00:00:00+00:00"), - dcp::LocalTime ("2031-07-21T00:00:00+00:00"), - dcp::Formulation::MODIFIED_TRANSITIONAL_1, - true, 0 - ); + auto const B_decrypted_kdm = B->make_kdm(B_dcp.cpls().front()->file().get(), dcp::LocalTime ("2030-07-21T00:00:00+00:00"), dcp::LocalTime ("2031-07-21T00:00:00+00:00")); + auto const B_kdm = B_decrypted_kdm.encrypt(signer, Config::instance()->decryption_chain()->leaf(), {}, dcp::Formulation::MODIFIED_TRANSITIONAL_1, true, 0); /* Import the OV and VF into a new project with the KDM that was created for the VF. This KDM should decrypt assets from the OV too. -- 2.30.2