-dcp::DecryptedKDM
-DCP::decrypted_kdm () const
-{
- try {
- return dcp::DecryptedKDM (_dcp_content->kdm().get(), Config::instance()->decryption_chain()->key().get());
- } catch (dcp::KDMDecryptionError& e) {
- /* Try to flesh out the error a bit */
- string const kdm_subject_name = _dcp_content->kdm()->recipient_x509_subject_name();
- bool on_chain = false;
- shared_ptr<const dcp::CertificateChain> dc = Config::instance()->decryption_chain();
- BOOST_FOREACH (dcp::Certificate i, dc->root_to_leaf()) {
- if (i.subject() == kdm_subject_name) {
- on_chain = true;
- }
- }
- if (!on_chain) {
- throw KDMError (_("KDM was not made for DCP-o-matic's decryption certificate."), e.what());
- } else if (on_chain && kdm_subject_name != dc->leaf().subject()) {
- throw KDMError (_("KDM was made for DCP-o-matic but not for its leaf certificate."), e.what());
- } else {
- throw;
- }
- }
-}