+ /* Check that we can pass this through correctly */
+ BOOST_CHECK_EQUAL (kdm.as_xml(), dcp::EncryptedKDM(kdm.as_xml()).as_xml());
+
+ doc.read_string (kdm.as_xml());
+
+ return doc.node_child("AuthenticatedPublic")->
+ node_child("RequiredExtensions")->
+ node_child("KDMRequiredExtensions")->
+ optional_node_child("ForensicMarkFlagList");
+}
+
+/** Check ForensicMarkFlagList handling: disable picture and all audio */
+BOOST_AUTO_TEST_CASE (kdm_forensic_test1)
+{
+ cxml::Document doc;
+ auto forensic = kdm_forensic_test(doc, true, 0);
+ BOOST_REQUIRE (forensic);
+ auto flags = forensic->node_children("ForensicMarkFlag");
+ BOOST_REQUIRE_EQUAL (flags.size(), 2);
+ BOOST_CHECK_EQUAL (flags.front()->content(), "http://www.smpte-ra.org/430-1/2006/KDM#mrkflg-picture-disable");
+ BOOST_CHECK_EQUAL (flags.back()->content(), "http://www.smpte-ra.org/430-1/2006/KDM#mrkflg-audio-disable");
+}
+
+/** Check ForensicMarkFlagList handling: disable picture but not audio */
+BOOST_AUTO_TEST_CASE (kdm_forensic_test2)
+{
+ cxml::Document doc;
+ auto forensic = kdm_forensic_test(doc, true, optional<int>());
+ BOOST_REQUIRE (forensic);
+ auto flags = forensic->node_children("ForensicMarkFlag");
+ BOOST_REQUIRE_EQUAL (flags.size(), 1);
+ BOOST_CHECK_EQUAL (flags.front()->content(), "http://www.smpte-ra.org/430-1/2006/KDM#mrkflg-picture-disable");
+}
+
+/** Check ForensicMarkFlagList handling: disable audio but not picture */
+BOOST_AUTO_TEST_CASE (kdm_forensic_test3)
+{
+ cxml::Document doc;
+ auto forensic = kdm_forensic_test(doc, false, 0);
+ BOOST_REQUIRE (forensic);
+ auto flags = forensic->node_children("ForensicMarkFlag");
+ BOOST_REQUIRE_EQUAL (flags.size(), 1);
+ BOOST_CHECK_EQUAL (flags.front()->content(), "http://www.smpte-ra.org/430-1/2006/KDM#mrkflg-audio-disable");
+}
+
+/** Check ForensicMarkFlagList handling: disable picture and audio above channel 3 */
+BOOST_AUTO_TEST_CASE (kdm_forensic_test4)
+{
+ cxml::Document doc;
+ auto forensic = kdm_forensic_test(doc, true, 3);
+ BOOST_REQUIRE (forensic);
+ auto flags = forensic->node_children("ForensicMarkFlag");
+ BOOST_REQUIRE_EQUAL (flags.size(), 2);
+ BOOST_CHECK_EQUAL (flags.front()->content(), "http://www.smpte-ra.org/430-1/2006/KDM#mrkflg-picture-disable");
+ BOOST_CHECK_EQUAL (flags.back()->content(), "http://www.smpte-ra.org/430-1/2006/KDM#mrkflg-audio-disable-above-channel-3");
+}
+
+/** Check ForensicMarkFlagList handling: disable neither */
+BOOST_AUTO_TEST_CASE (kdm_forensic_test5)
+{
+ cxml::Document doc;
+ auto forensic = kdm_forensic_test(doc, false, optional<int>());
+ BOOST_CHECK (!forensic);
+}
+
+/** Check that KDM validity periods are checked for being within the certificate validity */
+BOOST_AUTO_TEST_CASE (validity_period_test1)
+{
+ auto signer = make_shared<dcp::CertificateChain>(dcp::file_to_string("test/data/certificate_chain"));
+ signer->set_key(dcp::file_to_string("test/data/private.key"));
+
+ auto asset = make_shared<dcp::MonoPictureAsset>(dcp::Fraction(24, 1), dcp::SMPTE);
+ asset->set_key (dcp::Key());
+ auto writer = asset->start_write ("build/test/validity_period_test1.mxf", false);
+ dcp::File frame ("test/data/32x32_red_square.j2c");
+ writer->write (frame.data(), frame.size());
+ auto reel = make_shared<dcp::Reel>();
+ reel->add(make_shared<dcp::ReelMonoPictureAsset>(asset, 0));
+ auto cpl = make_shared<dcp::CPL>("test", dcp::FEATURE);
+ cpl->add(reel);
+
+ /* This certificate_chain is valid from 26/12/2012 to 24/12/2022 */
+
+ /* Inside */
+ BOOST_CHECK_NO_THROW(
+ dcp::DecryptedKDM(
+ cpl, dcp::Key(dcp::file_to_string("test/data/private.key")), dcp::LocalTime("2015-01-01T00:00:00"), dcp::LocalTime("2017-07-31T00:00:00"), "", "", ""
+ ).encrypt(signer, signer->leaf(), vector<string>(), dcp::MODIFIED_TRANSITIONAL_1, true, optional<int>())
+ );
+
+ /* Starts too early */
+ BOOST_CHECK_THROW(
+ dcp::DecryptedKDM(
+ cpl, dcp::Key(dcp::file_to_string("test/data/private.key")), dcp::LocalTime("1981-01-01T00:00:00"), dcp::LocalTime("2017-07-31T00:00:00"), "", "", ""
+ ).encrypt(signer, signer->leaf(), vector<string>(), dcp::MODIFIED_TRANSITIONAL_1, true, optional<int>()),
+ dcp::BadKDMDateError
+ );
+
+ /* Finishes too late */
+ BOOST_CHECK_THROW(
+ dcp::DecryptedKDM(
+ cpl, dcp::Key(dcp::file_to_string("test/data/private.key")), dcp::LocalTime("2015-01-01T00:00:00"), dcp::LocalTime("2035-07-31T00:00:00"), "", "", ""
+ ).encrypt(signer, signer->leaf(), vector<string>(), dcp::MODIFIED_TRANSITIONAL_1, true, optional<int>()),
+ dcp::BadKDMDateError
+ );
+
+ /* Starts too early and finishes too late */
+ BOOST_CHECK_THROW(
+ dcp::DecryptedKDM(
+ cpl, dcp::Key(dcp::file_to_string("test/data/private.key")), dcp::LocalTime("1981-01-01T00:00:00"), dcp::LocalTime("2035-07-31T00:00:00"), "", "", ""
+ ).encrypt(signer, signer->leaf(), vector<string>(), dcp::MODIFIED_TRANSITIONAL_1, true, optional<int>()),
+ dcp::BadKDMDateError
+ );