2 Copyright (C) 2013-2016 Carl Hetherington <cth@carlh.net>
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 #ifndef LIBDCP_DECRYPTED_KDM_H
21 #define LIBDCP_DECRYPTED_KDM_H
23 /** @file src/decrypted_kdm.h
24 * @brief DecryptedKDM class.
28 #include "local_time.h"
29 #include "decrypted_kdm_key.h"
31 #include "certificate.h"
32 #include <boost/filesystem.hpp>
33 #include <boost/optional.hpp>
37 class DecryptedKDMKey;
39 class CertificateChain;
42 /** @class DecryptedKDM
43 * @brief A decrypted KDM.
45 * This is a KDM that has either been decrypted by a target private key, or one which
46 * has been created (by some other means) ready for encryption later.
48 * A DecryptedKDM object can be created either from an EncryptedKDM and private key file,
49 * or from the details of the assets that the KDM should protect.
54 /** @param kdm Encrypted KDM.
55 * @param private_key Private key as a PEM-format string.
57 DecryptedKDM (EncryptedKDM const & kdm, std::string private_key);
59 /** Create an empty DecryptedKDM. After creation you must call
60 * add_key() to add each key that you want in the KDM.
62 * @param not_valid_before Start time for the KDM.
63 * @param not_valid_after End time for the KDM.
66 LocalTime not_valid_before,
67 LocalTime not_valid_after,
68 std::string annotation_text,
69 std::string content_title_text,
70 std::string issue_date
73 /** Create a DecryptedKDM by taking a CPL and setting up to encrypt each of its
74 * assets with the same symmetric key.
76 * @param cpl CPL that the keys are for.
77 * @param key Key that was used to encrypt the assets.
78 * @param not_valid_before Start time for the KDM.
79 * @param not_valid_after End time for the KDM.
82 boost::shared_ptr<const CPL> cpl,
84 LocalTime not_valid_before,
85 LocalTime not_valid_after,
86 std::string annotation_text,
87 std::string content_title_text,
88 std::string issue_date
91 /** Encrypt this KDM's keys and sign the whole KDM.
92 * @param signer Chain to sign with.
93 * @param recipient Certificate of the projector/server which should receive this KDM's keys.
94 * @param trusted_devices Extra trusted devices which should be written to the KDM (recipient will be written
95 * as a trusted device automatically and does not need to be included in this list).
96 * @param formulation Formulation to use for the encrypted KDM.
97 * @return Encrypted KDM.
99 EncryptedKDM encrypt (
100 boost::shared_ptr<const CertificateChain> signer,
101 Certificate recipient,
102 std::vector<Certificate> trusted_devices,
103 Formulation formulation
106 void add_key (std::string type, std::string key_id, Key key, std::string cpl_id);
107 void add_key (DecryptedKDMKey key);
109 /** @return This KDM's (decrypted) keys, which could be used to decrypt assets. */
110 std::list<DecryptedKDMKey> keys () const {
114 boost::optional<std::string> annotation_text () const {
115 return _annotation_text;
118 std::string content_title_text () const {
119 return _content_title_text;
122 std::string issue_date () const {
127 LocalTime _not_valid_before;
128 LocalTime _not_valid_after;
129 boost::optional<std::string> _annotation_text;
130 std::string _content_title_text;
131 std::string _issue_date;
132 std::list<DecryptedKDMKey> _keys;