X-Git-Url: https://main.carlh.net/gitweb/?a=blobdiff_plain;f=src%2Fdecrypted_kdm.cc;h=b18d9a900b6c6ce0e5955401fe2941251bdb4de8;hb=b872223e0652ed828dc3b4ad1eb8a0bbb34a7da0;hp=68429a73f6370f856edc98d56f5d41ce61e00743;hpb=82787546680784a2a6e0993ab5b570f0db3a2d4d;p=libdcp.git diff --git a/src/decrypted_kdm.cc b/src/decrypted_kdm.cc index 68429a73..b18d9a90 100644 --- a/src/decrypted_kdm.cc +++ b/src/decrypted_kdm.cc @@ -1,5 +1,5 @@ /* - Copyright (C) 2013-2015 Carl Hetherington + Copyright (C) 2013-2016 Carl Hetherington This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -20,12 +20,12 @@ #include "decrypted_kdm.h" #include "decrypted_kdm_key.h" #include "encrypted_kdm.h" -#include "reel_encryptable_asset.h" +#include "reel_mxf.h" +#include "reel_asset.h" #include "util.h" #include "exceptions.h" #include "cpl.h" -#include "mxf.h" -#include "signer.h" +#include "certificate_chain.h" #include "dcp_assert.h" #include "AS_DCP.h" #include "KM_util.h" @@ -36,6 +36,7 @@ #include using std::list; +using std::vector; using std::string; using std::stringstream; using std::setw; @@ -77,7 +78,7 @@ static string get_uuid (unsigned char ** p) { stringstream g; - + for (int i = 0; i < 16; ++i) { g << setw(2) << setfill('0') << hex << static_cast (**p); (*p)++; @@ -109,7 +110,7 @@ DecryptedKDM::DecryptedKDM (EncryptedKDM const & kdm, string private_key) if (!bio) { throw MiscError ("could not create memory BIO"); } - + RSA* rsa = PEM_read_bio_RSAPrivateKey (bio, 0, 0, 0); if (!rsa) { throw FileError ("could not read RSA private key file", private_key, errno); @@ -174,13 +175,33 @@ DecryptedKDM::DecryptedKDM (EncryptedKDM const & kdm, string private_key) } default: DCP_ASSERT (false); - } - + } + delete[] decrypted; } RSA_free (rsa); BIO_free (bio); + + _annotation_text = kdm.annotation_text (); + _content_title_text = kdm.content_title_text (); + _issue_date = kdm.issue_date (); +} + +DecryptedKDM::DecryptedKDM ( + LocalTime not_valid_before, + LocalTime not_valid_after, + string annotation_text, + string content_title_text, + string issue_date + ) + : _not_valid_before (not_valid_before) + , _not_valid_after (not_valid_after) + , _annotation_text (annotation_text) + , _content_title_text (content_title_text) + , _issue_date (issue_date) +{ + } DecryptedKDM::DecryptedKDM ( @@ -198,20 +219,38 @@ DecryptedKDM::DecryptedKDM ( , _content_title_text (content_title_text) , _issue_date (issue_date) { - /* Create DecryptedKDMKey objects for each MXF asset */ + /* Create DecryptedKDMKey objects for each encryptable asset */ BOOST_FOREACH(shared_ptr i, cpl->reel_assets ()) { - shared_ptr mxf = boost::dynamic_pointer_cast (i); - if (mxf) { + shared_ptr mxf = boost::dynamic_pointer_cast (i); + shared_ptr asset = boost::dynamic_pointer_cast (i); + if (asset && mxf) { if (!mxf->key_id ()) { - throw NotEncryptedError (mxf->id()); + throw NotEncryptedError (asset->id ()); } _keys.push_back (DecryptedKDMKey (mxf->key_type(), mxf->key_id().get(), key, cpl->id ())); } } } +/** @param type (MDIK, MDAK etc.) + * @param key_id Key ID. + * @param key The actual symmetric key. + * @param cpl_id ID of CPL that the key is for. + */ +void +DecryptedKDM::add_key (string type, string key_id, Key key, string cpl_id) +{ + _keys.push_back (DecryptedKDMKey (type, key_id, key, cpl_id)); +} + +void +DecryptedKDM::add_key (DecryptedKDMKey key) +{ + _keys.push_back (key); +} + EncryptedKDM -DecryptedKDM::encrypt (shared_ptr signer, Certificate recipient, Formulation formulation) const +DecryptedKDM::encrypt (shared_ptr signer, Certificate recipient, vector trusted_devices, Formulation formulation) const { list > key_ids; list keys; @@ -226,16 +265,16 @@ DecryptedKDM::encrypt (shared_ptr signer, Certificate recipient, F uint8_t structure_id[] = { 0xf1, 0xdc, 0x12, 0x44, 0x60, 0x16, 0x9a, 0x0e, 0x85, 0xbc, 0x30, 0x06, 0x42, 0xf8, 0x66, 0xab }; put (&p, structure_id, 16); - base64_decode (signer->certificates().leaf().thumbprint (), p, 20); + base64_decode (signer->leaf().thumbprint (), p, 20); p += 20; - + put_uuid (&p, i.cpl_id ()); put (&p, i.type ()); put_uuid (&p, i.id ()); put (&p, _not_valid_before.as_string ()); put (&p, _not_valid_after.as_string ()); put (&p, i.key().value(), ASDCP::KeyLen); - + /* Encrypt using the projector's public key */ RSA* rsa = recipient.public_key (); unsigned char encrypted[RSA_size(rsa)]; @@ -243,7 +282,7 @@ DecryptedKDM::encrypt (shared_ptr signer, Certificate recipient, F if (encrypted_len == -1) { throw MiscError (String::compose ("Could not encrypt KDM (%1)", ERR_error_string (ERR_get_error(), 0))); } - + /* Lazy overallocation */ char out[encrypted_len * 2]; Kumu::base64encode (encrypted, encrypted_len, out, encrypted_len * 2); @@ -255,11 +294,11 @@ DecryptedKDM::encrypt (shared_ptr signer, Certificate recipient, F } lines << out[i]; } - + keys.push_back (lines.str ()); } - string device_list_description = recipient.common_name (); + string device_list_description = recipient.subject_common_name (); if (device_list_description.find (".") != string::npos) { device_list_description = device_list_description.substr (device_list_description.find (".") + 1); } @@ -267,9 +306,11 @@ DecryptedKDM::encrypt (shared_ptr signer, Certificate recipient, F return EncryptedKDM ( signer, recipient, + trusted_devices, device_list_description, _keys.front().cpl_id (), _content_title_text, + _annotation_text, _not_valid_before, _not_valid_after, formulation,