2 Copyright (C) 2013 Carl Hetherington <cth@carlh.net>
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 * @brief Handling of Key Delivery Messages (KDMs).
27 #include <boost/filesystem.hpp>
28 #include <boost/scoped_ptr.hpp>
29 #include <boost/date_time/posix_time/posix_time.hpp>
38 class DCinemaSecurityMessage;
46 * @brief A single key (and associated metadata) for encrypting or decrypting an MXF.
48 * One or more of these are delivered (themselves encrypted) in a KDM. The following
49 * data is collected into a block:
51 * A structure ID (a magic value specified by the standard)
52 * The thumbprint of the KDM signer's certificate.
55 * Validity start and end times.
58 * This data block is then encrypted using the projector's public key, so that
59 * only the target projector can decrypt block.
64 /** Create a KDMKey from the raw block that is encrypted in the KDM's CipherData.
65 * @param raw Pointer to data block (134 bytes for interop, 138 bytes for SMPTE).
66 * @param len Length of the data block in bytes.
68 KDMKey (uint8_t const * raw, int len);
70 /** Create a KDMKey from its constituent parts.
71 * @param signer Signer for the KDM.
72 * @param cpl_id ID of the CPL that the KDM is for.
73 * @param key_type Type of data that this key is for (MDIK for image, MDAK for audio, ...)
74 * @param key_id ID of this key.
75 * @param from Valid-from time.
76 * @param until Valid-until time.
77 * @param key The key itself.
80 boost::shared_ptr<const Signer> signer,
84 boost::posix_time::ptime from,
85 boost::posix_time::ptime until,
89 KDMKey (KDMKey const &);
91 KDMKey& operator= (KDMKey const &);
93 /** @return ID of the CPL that the KDM is for */
94 std::string cpl_id () const {
98 /** @return ID of the key */
99 std::string key_id () const {
103 /** @return start of the validity period as a string */
104 std::string not_valid_before () const {
105 return _not_valid_before;
108 /** @return end of the validity period as a string */
109 std::string not_valid_after () const {
110 return _not_valid_after;
113 /** @return the key itself */
118 /** @param cert Cerfificate.
119 * @return The data block encrypted with a certificate's public key and converted to base 64.
121 std::string encrypted_base64 (boost::shared_ptr<const Certificate> cert) const;
124 friend class ::kdm_key_test;
126 void get (uint8_t *, uint8_t const **, int) const;
127 std::string get (uint8_t const **, int) const;
128 std::string get_uuid (uint8_t const **) const;
129 void put (uint8_t **, uint8_t const *, int) const;
130 void put (uint8_t **, std::string) const;
131 void put_uuid (uint8_t **, std::string) const;
133 friend bool operator== (KDMKey const &, KDMKey const &);
135 uint8_t _signer_thumbprint[20];
137 std::string _key_type;
139 std::string _not_valid_before;
140 std::string _not_valid_after;
145 * @brief A class representing a Key Delivery Message (KDM).
147 * A KDM wraps one or more content keys (which we wrap into KDMKey objects) and various
148 * other metadata. This class can read and decrypt existing KDMs (provided you have
149 * the private key that the KDM was targeted at). It can also create new KDMs for
155 /** Load and decrypt a KDM. After this constructor the KDMKeys can be read
156 * and used to decrypt MXFs.
158 * @param kdm KDM file name.
159 * @param private_key Private key file name.
161 KDM (boost::filesystem::path kdm, boost::filesystem::path private_key);
165 MODIFIED_TRANSITIONAL_1,
171 /** Create a new KDM.
172 * @param cpl CPL file that the KDM is for.
173 * @param signer Certificate chain to sign the KDM with.
174 * @param recipient_cert Certificate of the projector that this KDM is targeted at.
175 * @param key Key used to encrypt all MXF data.
176 * @param not_valid_before Start of validity period.
177 * @param not_valid_after End of validity period.
178 * @param annotation_text Text for the <AnnotationText> node.
179 * @param issue_date Text for the <IssueDate> node.
182 boost::filesystem::path cpl,
183 boost::shared_ptr<const Signer> signer,
184 boost::shared_ptr<const Certificate> recipient_cert,
186 boost::posix_time::ptime not_valid_before, boost::posix_time::ptime not_valid_after,
187 std::string annotation_text, std::string issue_date,
188 Formulation formulation
192 KDM & operator= (KDM const &);
194 /** @return The unencrypted content keys from this KDM */
195 std::list<KDMKey> keys () const {
199 /** Write this KDM to a file.
200 * @param file File to write to.
202 void as_xml (boost::filesystem::path file) const;
204 /** Obtain this KDM as an XML string.
205 * @return XML string.
207 std::string as_xml () const;
210 /** Unencrypted MXF content keys */
211 std::list<KDMKey> _keys;
213 /** The KDM's contents, mapped 1:1-ish to the XML */
214 boost::shared_ptr<xml::DCinemaSecurityMessage> _xml_kdm;