#include <libxml/parser.h>
#include <boost/date_time/posix_time/posix_time.hpp>
#include <boost/foreach.hpp>
+#include <boost/format.hpp>
using std::list;
using std::vector;
}
key_id_list.as_xml (node->add_child ("KeyIdList"));
- xmlpp::Element* forensic_mark_flag_list = node->add_child ("ForensicMarkFlagList");
- forensic_mark_flag_list->add_child("ForensicMarkFlag")->add_child_text ("http://www.smpte-ra.org/430-1/2006/KDM#mrkflg-picture-disable");
- forensic_mark_flag_list->add_child("ForensicMarkFlag")->add_child_text ("http://www.smpte-ra.org/430-1/2006/KDM#mrkflg-audio-disable");
+ if (disable_forensic_marking_picture || disable_forensic_marking_audio) {
+ xmlpp::Element* forensic_mark_flag_list = node->add_child ("ForensicMarkFlagList");
+ if (disable_forensic_marking_picture) {
+ forensic_mark_flag_list->add_child("ForensicMarkFlag")->add_child_text ("http://www.smpte-ra.org/430-1/2006/KDM#mrkflg-picture-disable");
+ }
+ if (disable_forensic_marking_audio) {
+ string mrkflg = "http://www.smpte-ra.org/430-1/2006/KDM#mrkflg-audio-disable";
+ if (disable_forensic_marking_audio != -1) {
+ mrkflg = str (boost::format (mrkflg + "-above-channel-%u") % disable_forensic_marking_audio);
+ }
+ forensic_mark_flag_list->add_child("ForensicMarkFlag")->add_child_text (mrkflg);
+ }
+ }
}
Recipient recipient;
string content_title_text;
LocalTime not_valid_before;
LocalTime not_valid_after;
+ int disable_forensic_marking_picture;
+ int disable_forensic_marking_audio;
boost::optional<AuthorizedDeviceInfo> authorized_device_info;
KeyIdList key_id_list;
};
LocalTime not_valid_before,
LocalTime not_valid_after,
Formulation formulation,
+ int disable_forensic_marking_picture,
+ int disable_forensic_marking_audio,
list<pair<string, string> > key_ids,
list<string> keys
)
{
/* Fill our XML-ish description in with the juicy bits that the caller has given */
- /* Our ideas about the KDM types are:
+ /* Our ideas, based on http://isdcf.com/papers/ISDCF-Doc5-kdm-certs.pdf, about the KDM types are:
*
- * Type Trusted-device thumb ContentAuthenticator
- * MODIFIED_TRANSITIONAL_1 assume-trust No
- * DCI_ANY assume-trust Yes
- * DCI_SPECIFIC as specified Yes
+ * Type Trusted-device thumb ContentAuthenticator
+ * MODIFIED_TRANSITIONAL_1 assume-trust No
+ * MULTIPLE_MODIFIED_TRANSITIONAL_1 as specified No
+ * DCI_ANY assume-trust Yes
+ * DCI_SPECIFIC as specified Yes
*/
data::AuthenticatedPublic& aup = _data->authenticated_public;
kre.content_title_text = content_title_text;
kre.not_valid_before = not_valid_before;
kre.not_valid_after = not_valid_after;
+ kre.disable_forensic_marking_picture = disable_forensic_marking_picture;
+ kre.disable_forensic_marking_audio = disable_forensic_marking_audio;
if (formulation != MODIFIED_TRANSITIONAL_TEST) {
kre.authorized_device_info = data::AuthorizedDeviceInfo ();
if (formulation == MODIFIED_TRANSITIONAL_1 || formulation == DCI_ANY) {
/* Use the "assume trust" thumbprint */
kre.authorized_device_info->certificate_thumbprints.push_back ("2jmj7l5rSw0yVb/vlWAYkK/YBwk=");
- } else if (formulation == DCI_SPECIFIC) {
- /* As I read the standard we should use the recipient
- /and/ other trusted device thumbprints here. MJD
- reports that this doesn't work with his setup;
- a working KDM does not include the recipient's
- thumbprint (recipient.thumbprint()).
- Waimea uses only the trusted devices here, too.
- */
- BOOST_FOREACH (Certificate const & i, trusted_devices) {
- kre.authorized_device_info->certificate_thumbprints.push_back (i.thumbprint ());
+ } else if (formulation == MULTIPLE_MODIFIED_TRANSITIONAL_1 || formulation == DCI_SPECIFIC) {
+ if (trusted_devices.empty ()) {
+ /* Fall back on the "assume trust" thumbprint so we
+ can generate "modified-transitional-1" KDMs
+ together with "multiple-modified-transitional-1"
+ KDMs in one go, and similarly for "dci-any" etc.
+ */
+ kre.authorized_device_info->certificate_thumbprints.push_back ("2jmj7l5rSw0yVb/vlWAYkK/YBwk=");
+ } else {
+ /* As I read the standard we should use the
+ recipient /and/ other trusted device thumbprints
+ here. MJD reports that this doesn't work with
+ his setup; a working KDM does not include the
+ recipient's thumbprint (recipient.thumbprint()).
+ Waimea uses only the trusted devices here, too.
+ */
+ BOOST_FOREACH (Certificate const & i, trusted_devices) {
+ kre.authorized_device_info->certificate_thumbprints.push_back (i.thumbprint ());
+ }
}
}
}
return _data->authenticated_private.encrypted_key;
}
+string
+EncryptedKDM::id () const
+{
+ return _data->authenticated_public.message_id;
+}
+
optional<string>
EncryptedKDM::annotation_text () const
{