2 Copyright (C) 2013-2017 Carl Hetherington <cth@carlh.net>
4 This file is part of libdcp.
6 libdcp is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 libdcp is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with libdcp. If not, see <http://www.gnu.org/licenses/>.
19 In addition, as a special exception, the copyright holders give
20 permission to link the code of portions of this program with the
21 OpenSSL library under certain conditions as described in each
22 individual source file, and distribute linked combinations
25 You must obey the GNU General Public License in all respects
26 for all of the code used other than OpenSSL. If you modify
27 file(s) with this exception, you may extend this exception to your
28 version of the file(s), but you are not obligated to do so. If you
29 do not wish to do so, delete this exception statement from your
30 version. If you delete this exception statement from all source
31 files in the program, then also delete it here.
34 #ifndef LIBDCP_DECRYPTED_KDM_H
35 #define LIBDCP_DECRYPTED_KDM_H
37 /** @file src/decrypted_kdm.h
38 * @brief DecryptedKDM class.
42 #include "local_time.h"
43 #include "decrypted_kdm_key.h"
45 #include "certificate.h"
46 #include <boost/filesystem.hpp>
47 #include <boost/optional.hpp>
49 class decrypted_kdm_test;
53 class DecryptedKDMKey;
55 class CertificateChain;
59 /** @class DecryptedKDM
60 * @brief A decrypted KDM.
62 * This is a KDM that has either been decrypted by a target private key, or one which
63 * has been created (by some other means) ready for encryption later.
65 * A DecryptedKDM object can be created either from an EncryptedKDM and private key file,
66 * or from the details of the assets that the KDM should protect.
71 /** @param kdm Encrypted KDM.
72 * @param private_key Private key as a PEM-format string.
74 DecryptedKDM (EncryptedKDM const & kdm, std::string private_key);
76 /** Create an empty DecryptedKDM. After creation you must call
77 * add_key() to add each key that you want in the KDM.
79 * @param not_valid_before Start time for the KDM.
80 * @param not_valid_after End time for the KDM.
83 LocalTime not_valid_before,
84 LocalTime not_valid_after,
85 std::string annotation_text,
86 std::string content_title_text,
87 std::string issue_date
90 /** Construct a DecryptedKDM containing a given set of keys.
91 * @param keys Keys to be included in the DecryptedKDM.
95 std::map<boost::shared_ptr<const ReelMXF>, Key> keys,
96 LocalTime not_valid_before,
97 LocalTime not_valid_after,
98 std::string annotation_text,
99 std::string content_title_text,
100 std::string issue_date
103 /** Create a DecryptedKDM by taking a CPL and setting up to encrypt each of its
104 * assets with the same symmetric key.
106 * @param cpl CPL that the keys are for.
107 * @param key Key that was used to encrypt the assets.
108 * @param not_valid_before Start time for the KDM.
109 * @param not_valid_after End time for the KDM.
112 boost::shared_ptr<const CPL> cpl,
114 LocalTime not_valid_before,
115 LocalTime not_valid_after,
116 std::string annotation_text,
117 std::string content_title_text,
118 std::string issue_date
121 /** Encrypt this KDM's keys and sign the whole KDM.
122 * @param signer Chain to sign with.
123 * @param recipient Certificate of the projector/server which should receive this KDM's keys.
124 * @param trusted_devices Extra trusted devices which should be written to the KDM (recipient will be written
125 * as a trusted device automatically and does not need to be included in this list).
126 * @param formulation Formulation to use for the encrypted KDM.
127 * @return Encrypted KDM.
129 EncryptedKDM encrypt (
130 boost::shared_ptr<const CertificateChain> signer,
131 Certificate recipient,
132 std::vector<Certificate> trusted_devices,
133 Formulation formulation
136 void add_key (boost::optional<std::string> type, std::string key_id, Key key, std::string cpl_id);
137 void add_key (DecryptedKDMKey key);
139 /** @return This KDM's (decrypted) keys, which could be used to decrypt assets. */
140 std::list<DecryptedKDMKey> keys () const {
144 boost::optional<std::string> annotation_text () const {
145 return _annotation_text;
148 std::string content_title_text () const {
149 return _content_title_text;
152 std::string issue_date () const {
158 friend class ::decrypted_kdm_test;
160 static void put_uuid (uint8_t ** d, std::string id);
161 static std::string get_uuid (unsigned char ** p);
163 LocalTime _not_valid_before;
164 LocalTime _not_valid_after;
165 boost::optional<std::string> _annotation_text;
166 std::string _content_title_text;
167 std::string _issue_date;
168 std::list<DecryptedKDMKey> _keys;