X-Git-Url: https://main.carlh.net/gitweb/?a=blobdiff_plain;f=src%2Flib%2Fconfig.cc;h=d99cd5fcbff55edee61f31c61822eaaf515a71cb;hb=99428af22969a6cfb1dbd2053a9356bb23b3182f;hp=b5e87267ad9ec6edca742b1c0c64dbaffa56869b;hpb=43877eccbedc0950ab253e76dd0cea691fd7a4b0;p=dcpomatic.git

diff --git a/src/lib/config.cc b/src/lib/config.cc
index b5e87267a..d99cd5fcb 100644
--- a/src/lib/config.cc
+++ b/src/lib/config.cc
@@ -21,6 +21,7 @@
 #include "server.h"
 #include "filter.h"
 #include "ratio.h"
+#include "types.h"
 #include "dcp_content_type.h"
 #include "cinema_sound_processor.h"
 #include "colour_conversion.h"
@@ -29,12 +30,12 @@
 #include "cross.h"
 #include "raw_convert.h"
 #include <dcp/colour_matrix.h>
-#include <dcp/signer.h>
 #include <dcp/certificate_chain.h>
 #include <libcxml/cxml.h>
 #include <glib.h>
 #include <boost/filesystem.hpp>
 #include <boost/algorithm/string.hpp>
+#include <boost/foreach.hpp>
 #include <cstdlib>
 #include <fstream>
 
@@ -67,15 +68,28 @@ Config::set_defaults ()
 	_num_local_encoding_threads = max (2U, boost::thread::hardware_concurrency ());
 	_server_port_base = 6192;
 	_use_any_servers = true;
+	_servers.clear ();
+	_tms_protocol = PROTOCOL_SCP;
+	_tms_ip = "";
 	_tms_path = ".";
+	_tms_user = "";
+	_tms_password = "";
 	_cinema_sound_processor = CinemaSoundProcessor::from_id (N_("dolby_cp750"));
 	_allow_any_dcp_frame_rate = false;
+	_language = optional<string> ();
 	_default_still_length = 10;
 	_default_container = Ratio::from_id ("185");
 	_default_dcp_content_type = DCPContentType::from_isdcf_name ("FTR");
 	_default_j2k_bandwidth = 100000000;
 	_default_audio_delay = 0;
+	_mail_server = "";
 	_mail_port = 25;
+	_mail_user = "";
+	_mail_password = "";
+	_kdm_subject = _("KDM delivery");
+	_kdm_from = "";
+	_kdm_cc = "";
+	_kdm_bcc = "";
 	_check_for_updates = false;
 	_check_for_test_updates = false;
 	_maximum_j2k_bandwidth = 250000000;
@@ -107,9 +121,9 @@ Config::read ()
 {
 	if (!boost::filesystem::exists (file ())) {
 		/* Make a new set of signing certificates and key */
-		_signer.reset (new dcp::Signer (openssl_path ()));
-		/* And decryption keys */
-		make_decryption_keys ();
+		_signer_chain.reset (new dcp::CertificateChain (openssl_path ()));
+		/* And similar for decryption of KDMs */
+		_decryption_chain.reset (new dcp::CertificateChain (openssl_path ()));
 		return;
 	}
 
@@ -140,6 +154,7 @@ Config::read ()
 		}
 	}
 
+	_tms_protocol = static_cast<Protocol> (f.optional_number_child<int> ("TMSProtocol").get_value_or (static_cast<int> (PROTOCOL_SCP)));
 	_tms_ip = f.string_child ("TMSIP");
 	_tms_path = f.string_child ("TMSPath");
 	_tms_user = f.string_child ("TMSUser");
@@ -219,43 +234,32 @@ Config::read ()
 	}
 
 	cxml::NodePtr signer = f.optional_node_child ("Signer");
-	dcp::CertificateChain signer_chain;
 	if (signer) {
+		shared_ptr<dcp::CertificateChain> c (new dcp::CertificateChain ());
 		/* Read the signing certificates and private key in from the config file */
-		list<cxml::NodePtr> certificates = signer->node_children ("Certificate");
-		for (list<cxml::NodePtr>::const_iterator i = certificates.begin(); i != certificates.end(); ++i) {
-			signer_chain.add (dcp::Certificate ((*i)->content ()));
+		BOOST_FOREACH (cxml::NodePtr i, signer->node_children ("Certificate")) {
+			c->add (dcp::Certificate (i->content ()));
 		}
-
-		_signer.reset (new dcp::Signer (signer_chain, signer->string_child ("PrivateKey")));
+		c->set_key (signer->string_child ("PrivateKey"));
+		_signer_chain = c;
 	} else {
 		/* Make a new set of signing certificates and key */
-		_signer.reset (new dcp::Signer (openssl_path ()));
-	}
-
-	if (f.optional_string_child ("DecryptionCertificate")) {
-		_decryption_certificate = dcp::Certificate (f.string_child ("DecryptionCertificate"));
+		_signer_chain.reset (new dcp::CertificateChain (openssl_path ()));
 	}
 
-	if (f.optional_string_child ("DecryptionPrivateKey")) {
-		_decryption_private_key = f.string_child ("DecryptionPrivateKey");
-	}
-
-	if (!f.optional_string_child ("DecryptionCertificate") || !f.optional_string_child ("DecryptionPrivateKey")) {
-		/* Generate our own decryption certificate and key if either is not present in config */
-		make_decryption_keys ();
+	cxml::NodePtr decryption = f.optional_node_child ("Decryption");
+	if (decryption) {
+		shared_ptr<dcp::CertificateChain> c (new dcp::CertificateChain ());
+		BOOST_FOREACH (cxml::NodePtr i, decryption->node_children ("Certificate")) {
+			c->add (dcp::Certificate (i->content ()));
+		}
+		c->set_key (signer->string_child ("PrivateKey"));
+		_decryption_chain = c;
+	} else {
+		_decryption_chain.reset (new dcp::CertificateChain (openssl_path ()));
 	}
 }
 
-void
-Config::make_decryption_keys ()
-{
-	boost::filesystem::path p = dcp::make_certificate_chain (openssl_path ());
-	_decryption_certificate = dcp::Certificate (dcp::file_to_string (p / "leaf.signed.pem"));
-	_decryption_private_key = dcp::file_to_string (p / "leaf.key");
-	boost::filesystem::remove_all (p);
-}
-
 /** @return Filename to write configuration to */
 boost::filesystem::path
 Config::file () const
@@ -315,6 +319,7 @@ Config::write () const
 		root->add_child("Server")->add_child_text (*i);
 	}
 
+	root->add_child("TMSProtocol")->add_child_text (raw_convert<string> (_tms_protocol));
 	root->add_child("TMSIP")->add_child_text (_tms_ip);
 	root->add_child("TMSPath")->add_child_text (_tms_path);
 	root->add_child("TMSUser")->add_child_text (_tms_user);
@@ -364,14 +369,16 @@ Config::write () const
 #endif
 
 	xmlpp::Element* signer = root->add_child ("Signer");
-	dcp::CertificateChain::List certs = _signer->certificates().root_to_leaf ();
-	for (dcp::CertificateChain::List::const_iterator i = certs.begin(); i != certs.end(); ++i) {
-		signer->add_child("Certificate")->add_child_text (i->certificate (true));
+	BOOST_FOREACH (dcp::Certificate const & i, _signer_chain->root_to_leaf ()) {
+		signer->add_child("Certificate")->add_child_text (i.certificate (true));
 	}
-	signer->add_child("PrivateKey")->add_child_text (_signer->key ());
+	signer->add_child("PrivateKey")->add_child_text (_signer_chain->key().get ());
 
-	root->add_child("DecryptionCertificate")->add_child_text (_decryption_certificate.certificate (true));
-	root->add_child("DecryptionPrivateKey")->add_child_text (_decryption_private_key);
+	xmlpp::Element* decryption = root->add_child ("Decryption");
+	BOOST_FOREACH (dcp::Certificate const & i, _decryption_chain->root_to_leaf ()) {
+		decryption->add_child("Certificate")->add_child_text (i.certificate (true));
+	}
+	decryption->add_child("PrivateKey")->add_child_text (_decryption_chain->key().get ());
 
 	for (vector<boost::filesystem::path>::const_iterator i = _history.begin(); i != _history.end(); ++i) {
 		root->add_child("History")->add_child_text (i->string ());