- BOOST_FOREACH (shared_ptr<dcp::DCP> i, dcps) {
- try {
- i->add (dcp::DecryptedKDM (_dcp_content->kdm().get(), Config::instance()->decryption_chain()->key().get ()));
- } catch (dcp::KDMDecryptionError& e) {
- /* Flesh out the error a bit */
- string const kdm_subject_name = _dcp_content->kdm()->recipient_x509_subject_name();
- bool on_chain = false;
- shared_ptr<const dcp::CertificateChain> dc = Config::instance()->decryption_chain();
- BOOST_FOREACH (dcp::Certificate i, dc->root_to_leaf()) {
- if (i.subject() == kdm_subject_name) {
- on_chain = true;
- }
- }
- if (!on_chain) {
- throw KDMError (_("KDM was not made for DCP-o-matic's decryption certificate."), e.what());
- } else if (on_chain && kdm_subject_name != dc->leaf().subject()) {
- throw KDMError (_("KDM was made for DCP-o-matic but not for its leaf certificate."), e.what());
- }
- }