using std::hex;
using std::pair;
using std::map;
-using boost::shared_ptr;
+using std::shared_ptr;
using boost::optional;
using namespace dcp;
int const decrypted_len = RSA_private_decrypt (cipher_value_len, cipher_value, decrypted, rsa, RSA_PKCS1_OAEP_PADDING);
if (decrypted_len == -1) {
delete[] decrypted;
+#if OPENSSL_VERSION_NUMBER > 0x10100000L
+ throw KDMDecryptionError (ERR_error_string (ERR_get_error(), 0), cipher_value_len, RSA_bits(rsa));
+#else
throw KDMDecryptionError (ERR_error_string (ERR_get_error(), 0), cipher_value_len, rsa->n->dmax);
+#endif
}
unsigned char* p = decrypted;
{
/* Create DecryptedKDMKey objects for each encryptable asset */
bool did_one = false;
- BOOST_FOREACH(shared_ptr<const ReelAsset> i, cpl->reel_assets ()) {
- shared_ptr<const ReelMXF> mxf = boost::dynamic_pointer_cast<const ReelMXF> (i);
- if (mxf && mxf->key_id ()) {
- add_key (mxf->key_type(), mxf->key_id().get(), key, cpl->id(), SMPTE);
+ BOOST_FOREACH(shared_ptr<const ReelMXF> i, cpl->reel_mxfs()) {
+ if (i->key_id()) {
+ add_key (i->key_type(), i->key_id().get(), key, cpl->id(), SMPTE);
did_one = true;
}
}
EncryptedKDM
DecryptedKDM::encrypt (
- shared_ptr<const CertificateChain> signer, Certificate recipient, vector<Certificate> trusted_devices, Formulation formulation
+ shared_ptr<const CertificateChain> signer,
+ Certificate recipient,
+ vector<string> trusted_devices,
+ Formulation formulation,
+ bool disable_forensic_marking_picture,
+ optional<int> disable_forensic_marking_audio
) const
{
- list<pair<string, string> > key_ids;
- list<string> keys;
+ DCP_ASSERT (!_keys.empty ());
+
+ BOOST_FOREACH (dcp::Certificate i, signer->leaf_to_root()) {
+ if (day_greater_than_or_equal(dcp::LocalTime(i.not_before()), _not_valid_before)) {
+ throw BadKDMDateError (true);
+ } else if (day_less_than_or_equal(dcp::LocalTime(i.not_after()), _not_valid_after)) {
+ throw BadKDMDateError (false);
+ }
+ }
+
+ vector<pair<string, string>> key_ids;
+ vector<string> keys;
BOOST_FOREACH (DecryptedKDMKey const & i, _keys) {
/* We're making SMPTE keys so we must have a type for each one */
DCP_ASSERT (i.type());
_not_valid_before,
_not_valid_after,
formulation,
+ disable_forensic_marking_picture,
+ disable_forensic_marking_audio,
key_ids,
keys
);