From 7103135fcf2e02458a2cfb53ba98d10cd450af8d Mon Sep 17 00:00:00 2001
From: Carl Hetherington <cth@carlh.net>
Date: Thu, 26 Jun 2014 19:15:13 +0100
Subject: [PATCH] Try to support different KDM formulations.

---
 src/kdm.cc              | 22 ++++++++++++++--------
 src/kdm.h               | 23 ++++++++++++++++++++---
 test/encryption_test.cc |  3 ++-
 test/round_trip_test.cc |  3 ++-
 4 files changed, 38 insertions(+), 13 deletions(-)

diff --git a/src/kdm.cc b/src/kdm.cc
index 21fa0eaa..787d7adf 100644
--- a/src/kdm.cc
+++ b/src/kdm.cc
@@ -91,9 +91,11 @@ KDM::KDM (boost::filesystem::path kdm, boost::filesystem::path private_key)
  *  @param not_valid_after KDM not-valid-after time in local time.
  */
 KDM::KDM (
-	boost::filesystem::path cpl_file, shared_ptr<const Signer> signer, shared_ptr<const Certificate> recipient_cert, Key key,
+	boost::filesystem::path cpl_file,
+	shared_ptr<const Signer> signer,
+	shared_ptr<const Certificate> recipient_cert, Key key,
 	boost::posix_time::ptime not_valid_before, boost::posix_time::ptime not_valid_after,
-	string annotation_text, string issue_date
+	string annotation_text, string issue_date, KDM::Formulation formulation
 	)
 	: _xml_kdm (new xml::DCinemaSecurityMessage)
 {
@@ -119,7 +121,9 @@ KDM::KDM (
 	apu.recipient.x509_issuer_serial.x509_serial_number = recipient_cert->serial ();
 	apu.recipient.x509_subject_name = recipient_cert->subject ();
 	apu.composition_playlist_id = cpl.id;
-//	apu.content_authenticator = signer->certificates().leaf()->thumbprint ();
+	if (formulation == DCI_ANY || formulation == DCI_SPECIFIC) {
+		apu.content_authenticator = signer->certificates().leaf()->thumbprint ();
+	}
 	apu.content_title_text = cpl.annotation_text;
 	apu.content_keys_not_valid_before = ptime_to_string (not_valid_before);
 	apu.content_keys_not_valid_after = ptime_to_string (not_valid_after);
@@ -129,12 +133,14 @@ KDM::KDM (
 		n = n.substr (n.find (".") + 1);
 	}
 	apu.authorized_device_info.device_list_description = n;
-//	apu.authorized_device_info.device_list.push_back (recipient_cert->thumbprint ());
 
-	/* Sometimes digital_cinema_tools uses this magic thumbprint instead of that from an actual
-	   recipient certificate.  KDMs delivered to City Screen appear to use the same thing.
-	*/
-	apu.authorized_device_info.device_list.push_back ("2jmj7l5rSw0yVb/vlWAYkK/YBwk=");
+	if (formulation == MODIFIED_TRANSITIONAL_1 || formulation == DCI_ANY) {
+		/* Use the "assume trust" thumbprint */
+		apu.authorized_device_info.device_list.push_back ("2jmj7l5rSw0yVb/vlWAYkK/YBwk=");
+	} else if (formulation == DCI_SPECIFIC) {
+		/* Use the recipient thumbprint */
+		apu.authorized_device_info.device_list.push_back (recipient_cert->thumbprint ());
+	}
 
 	for (list<shared_ptr<parse::Reel> >::const_iterator i = cpl.reels.begin(); i != cpl.reels.end(); ++i) {
 		/* XXX: subtitle assets? */
diff --git a/src/kdm.h b/src/kdm.h
index c6a03fb1..443712c4 100644
--- a/src/kdm.h
+++ b/src/kdm.h
@@ -78,7 +78,12 @@ public:
 	 */
 	KDMKey (
 		boost::shared_ptr<const Signer> signer,
-		std::string cpl_id, std::string key_type, std::string key_id, boost::posix_time::ptime from, boost::posix_time::ptime until, Key key
+		std::string cpl_id,
+		std::string key_type,
+		std::string key_id,
+		boost::posix_time::ptime from,
+		boost::posix_time::ptime until,
+		Key key
 		);
 	
 	KDMKey (KDMKey const &);
@@ -155,6 +160,14 @@ public:
 	 */
 	KDM (boost::filesystem::path kdm, boost::filesystem::path private_key);
 
+	enum Formulation
+	{
+		MODIFIED_TRANSITIONAL_1,
+		DCI_ANY,
+		DCI_SPECIFIC
+	};
+
+	
 	/** Create a new KDM.
 	 *  @param cpl CPL file that the KDM is for.
 	 *  @param signer Certificate chain to sign the KDM with.
@@ -166,9 +179,13 @@ public:
 	 *  @param issue_date Text for the <IssueDate> node.
 	 */
 	KDM (
-		boost::filesystem::path cpl, boost::shared_ptr<const Signer> signer, boost::shared_ptr<const Certificate> recipient_cert, Key key,
+		boost::filesystem::path cpl,
+		boost::shared_ptr<const Signer> signer,
+		boost::shared_ptr<const Certificate> recipient_cert,
+		Key key,
 		boost::posix_time::ptime not_valid_before, boost::posix_time::ptime not_valid_after,
-		std::string annotation_text, std::string issue_date
+		std::string annotation_text, std::string issue_date,
+		Formulation formulation
 		);
 
 	KDM (KDM const &);
diff --git a/test/encryption_test.cc b/test/encryption_test.cc
index 35e828b9..201d3c35 100644
--- a/test/encryption_test.cc
+++ b/test/encryption_test.cc
@@ -110,7 +110,8 @@ BOOST_AUTO_TEST_CASE (encryption)
 		boost::posix_time::time_from_string ("2013-01-01 00:00:00"),
 		boost::posix_time::time_from_string ("2013-01-08 00:00:00"),
 		"libdcp",
-		"2012-07-17T04:45:18+00:00"
+		"2012-07-17T04:45:18+00:00",
+		libdcp::KDM::MODIFIED_TRANSITIONAL_1
 		);
 
 	kdm.as_xml ("build/test/bar.kdm.xml");
diff --git a/test/round_trip_test.cc b/test/round_trip_test.cc
index e5a22f60..19ed482a 100644
--- a/test/round_trip_test.cc
+++ b/test/round_trip_test.cc
@@ -82,7 +82,8 @@ BOOST_AUTO_TEST_CASE (round_trip_test)
 		boost::posix_time::time_from_string ("2013-01-01 00:00:00"),
 		boost::posix_time::time_from_string ("2013-01-08 00:00:00"),
 		"libdcp",
-		"2012-07-17T04:45:18+00:00"
+		"2012-07-17T04:45:18+00:00",
+		libdcp::KDM::MODIFIED_TRANSITIONAL_1
 		);
 
 	boost::filesystem::path const kdm_file = work_dir / "kdm.xml";
-- 
2.30.2