A few more untested bits.

diff --git a/src/certificates.cc b/src/certificates.cc
index c1e71b143bd7114aa76a95b9329f754e35d0df48..fe03f10e3b8a4dffd46ca636d3f473bce434ed57 100644 (file)
--- a/src/certificates.cc
+++ b/src/certificates.cc
@@ -118,3 +118,11 @@ CertificateChain::leaf () const
        assert (_certificates.size() >= 2);
        return _certificates.back ();
 }
+
+list<shared_ptr<Certificate> >
+CertificateChain::leaf_to_root () const
+{
+       list<shared_ptr<Certificate> > c = _certificates;
+       c.reverse ();
+       return c;
+}

diff --git a/src/certificates.h b/src/certificates.h
index 6baea84a160b9e61db230d9bcdf3c0450803d7cd..428c36ea173c4d72c88cde8c7b5eaa9bc59449ab 100644 (file)
--- a/src/certificates.h
+++ b/src/certificates.h
@@ -36,6 +36,8 @@ public:
        boost::shared_ptr<Certificate> root () const;
        boost::shared_ptr<Certificate> leaf () const;
 
+       std::list<boost::shared_ptr<Certificate> > leaf_to_root () const;
+
 private:
        friend class ::certificates;
        std::list<boost::shared_ptr<Certificate> > _certificates;

diff --git a/src/dcp.cc b/src/dcp.cc
index 4b5e6789ce01ca075f9ea061ff6e3bddbb234a78..647ff7f6452e45b45daead2471d48a48eaf5e737 100644 (file)
--- a/src/dcp.cc
+++ b/src/dcp.cc
@@ -457,13 +457,46 @@ CPL::write_xml (bool encrypted, CertificateChain const & certificates) const
           << "  </ReelList>\n";
 
        if (encrypted) {
-               os << "  <dsig:X509Data>\n"
-                  << "    <dsig:X509IssuerSerial>\n"
-                  << "      <dsig:X509IssuerName>" << Certificate::name_for_xml (certificates.leaf()->issuer()) << "</dsig:IssuerName>\n"
-                  << "      <dsig:X509SerialNumber>" << certificates.leaf()->serial() << "</dsig:X509SerialNumber>\n"
-                  << "    <dsig:X509IssuerSerial>\n"
-                  << "    <dsig:X509SubjectName>" << Certificate::name_for_xml (certificates.leaf()->subject()) << "</dsig:X509SubjectName>\n"
-                  << "  </dsig:X509Data>\n";
+               os << "  <Signer>\n"
+                  << "    <dsig:X509Data>\n"
+                  << "      <dsig:X509IssuerSerial>\n"
+                  << "        <dsig:X509IssuerName>" << Certificate::name_for_xml (certificates.leaf()->issuer()) << "</dsig:IssuerName>\n"
+                  << "        <dsig:X509SerialNumber>" << certificates.leaf()->serial() << "</dsig:X509SerialNumber>\n"
+                  << "      <dsig:X509IssuerSerial>\n"
+                  << "      <dsig:X509SubjectName>" << Certificate::name_for_xml (certificates.leaf()->subject()) << "</dsig:X509SubjectName>\n"
+                  << "    </dsig:X509Data>\n"
+                  << "  </Signer>\n"
+                  << "  <dsig:Signature>\n"
+                  << "    <dsig:SignedInfo>\n"
+                  << "      <dsig:CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/>\n"
+                  << "      <dsig:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/>\n"
+                  << "      <dsig:Reference URI=\"\">\n"
+                  << "        <dsig:Transforms>\n"
+                  << "          <dsig:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>\n"
+                  << "        </dsig:Transforms>\n"
+                  << "        <dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>\n"
+                       /* this is done by xmlsec1 in cinemaslides */
+                  << "        <dsig:DigestValue>" << "XXX" << "</dsig:DigestValue>\n"
+                  << "      </dsig:Reference>\n"
+                  << "    </dsig:SignedInfo>\n"
+                       /* this is done by xmlsec1 in cinemaslides */
+                  << "    <dsig:SignatureValue>" << "XXX" << "</dsig:SignatureValue>\n";
+               
+               os << "    <dsig:KeyInfo>\n";
+               
+               list<shared_ptr<Certificate> > c = certificates.leaf_to_root ();
+               for (list<shared_ptr<Certificate> >::iterator i = c.begin(); i != c.end(); ++i) {
+                       os << "      <dsig:X509Data>\n"
+                          << "        <dsig:X509IssuerSerial>\n"
+                          << "          <dsig:X509IssuerName>" << Certificate::name_for_xml ((*i)->issuer()) << "</dsig:IssuerName>\n"
+                          << "          <dsig:X509SerialNumber>" << (*i)->serial() << "</dsig:X509SerialNumber>\n"
+                          << "        </dsig:X509IssuerSerial>\n"
+                          << "        <dsig:X509Certificate>" << "XXX" << "</dsig:X509Certificate>\n"
+                          << "      </dsig:X509Data>\n";
+               }
+
+               os << "    </dsig:KeyInfo>\n";
+               os << "  </dsig:Signature>\n";
        }
        
        os << "</CompositionPlaylist>\n";