From b0b83d69f38a8239f3df1e2872b6cfebf9f84af8 Mon Sep 17 00:00:00 2001 From: Carl Hetherington Date: Mon, 23 Sep 2013 23:33:39 +0100 Subject: [PATCH] KDM passthrough works ok. --- src/xml/kdm_smpte.cc | 278 +++++++++++++++++++++++++++++++++++++++++++ src/xml/kdm_smpte.h | 167 ++++++++++++++++++++++++++ test/kdm_test.cc | 17 ++- 3 files changed, 461 insertions(+), 1 deletion(-) create mode 100644 src/xml/kdm_smpte.cc create mode 100644 src/xml/kdm_smpte.h diff --git a/src/xml/kdm_smpte.cc b/src/xml/kdm_smpte.cc new file mode 100644 index 00000000..310eb8a4 --- /dev/null +++ b/src/xml/kdm_smpte.cc @@ -0,0 +1,278 @@ +/* + Copyright (C) 2013 Carl Hetherington + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +*/ + +#include +#include +#include "kdm_smpte.h" + +using std::list; +using std::string; +using boost::shared_ptr; +using namespace libdcp::xml; + +DCinemaSecurityMessage::DCinemaSecurityMessage (boost::filesystem::path file) +{ + cxml::Document f ("DCinemaSecurityMessage"); + f.read_file (file.string ()); + + authenticated_public = AuthenticatedPublic (f.node_child ("AuthenticatedPublic")); + authenticated_private = AuthenticatedPrivate (f.node_child ("AuthenticatedPrivate")); + signature = Signature (f.node_child ("Signature")); + + f.done (); +} + +void +DCinemaSecurityMessage::as_xml (boost::filesystem::path file) const +{ + xmlpp::Document doc; + xmlpp::Element* root = doc.create_root_node ("DCinemaSecurityMessage", "http://www.smpte-ra.org/schemas/430-3/2006/ETM"); + root->set_namespace_declaration ("http://www.w3.org/2000/09/xmldsig#", "ds"); + root->set_namespace_declaration ("http://www.w3.org/2001/04/xmlenc#", "enc"); + + authenticated_public.as_xml (root->add_child ("AuthenticatedPublic")); + authenticated_private.as_xml (root->add_child ("AuthenticatedPrivate")); + signature.as_xml (root->add_child ("Signature", "ds")); + + doc.write_to_file_formatted (file.string (), "UTF-8"); +} + +AuthenticatedPublic::AuthenticatedPublic (shared_ptr node) + : message_id (node->string_child ("MessageId")) + , message_type (node->string_child ("MessageType")) + , annotation_text (node->optional_string_child ("AnnotationText")) + , issue_date (node->string_child ("IssueDate")) + , signer (node->node_child ("Signer")) +{ + shared_ptr c = node->node_child ("RequiredExtensions"); + c = c->node_child ("KDMRequiredExtensions"); + recipient = Recipient (c->node_child ("Recipient")); + composition_playlist_id = c->string_child ("CompositionPlaylistId"); + content_title_text = c->string_child ("ContentTitleText"); + content_keys_not_valid_before = c->string_child ("ContentKeysNotValidBefore"); + content_keys_not_valid_after = c->string_child ("ContentKeysNotValidAfter"); + authorized_device_info = AuthorizedDeviceInfo (c->node_child ("AuthorizedDeviceInfo")); + + list > kil = c->node_child("KeyIdList")->node_children("TypedKeyId"); + for (list >::iterator i = kil.begin(); i != kil.end(); ++i) { + key_id_list.push_back (TypedKeyId (*i)); + } + + list > fmf = c->node_child("ForensicMarkFlagList")->node_children("ForensicMarkFlag"); + for (list >::iterator i = fmf.begin(); i != fmf.end(); ++i) { + forensic_mark_flag_list.push_back ((*i)->content ()); + } + + node->ignore_child ("NonCriticalExtensions"); + node->done (); +} + +void +AuthenticatedPublic::as_xml (xmlpp::Element* node) const +{ + node->set_attribute ("Id", "ID_AuthenticatedPublic"); + + node->add_child("MessageId")->add_child_text (message_id); + node->add_child("MessageType")->add_child_text (message_type); + if (annotation_text) { + node->add_child("AnnotationText")->add_child_text (annotation_text.get ()); + } + node->add_child("IssueDate")->add_child_text (issue_date); + signer.as_xml (node->add_child("Signer")); + + xmlpp::Element* kdm_required_extensions = node->add_child("RequiredExtensions")->add_child("KDMRequiredExtensions"); + kdm_required_extensions->set_attribute ("xmlns", "http://www.smpte-ra.org/schemas/430-1/2006/KDM"); + recipient.as_xml (kdm_required_extensions->add_child ("Recipient")); + + kdm_required_extensions->add_child("CompositionPlaylistId")->add_child_text (composition_playlist_id); + kdm_required_extensions->add_child("ContentTitleText")->add_child_text (content_title_text); + kdm_required_extensions->add_child("ContentKeysNotValidBefore")->add_child_text (content_keys_not_valid_before); + kdm_required_extensions->add_child("ContentKeysNotValidAfter")->add_child_text (content_keys_not_valid_after); + authorized_device_info.as_xml (kdm_required_extensions->add_child("AuthorizedDeviceInfo")); + + xmlpp::Element* kil = kdm_required_extensions->add_child("KeyIdList"); + for (list::const_iterator i = key_id_list.begin(); i != key_id_list.end(); ++i) { + i->as_xml (kil->add_child ("TypedKeyId")); + } + + xmlpp::Element* fmfl = kdm_required_extensions->add_child ("ForensicMarkFlagList"); + for (list::const_iterator i = forensic_mark_flag_list.begin(); i != forensic_mark_flag_list.end(); ++i) { + fmfl->add_child("ForensicMarkFlag")->add_child_text (*i); + } + + node->add_child ("NonCriticalExtensions"); +} + +Signer::Signer (shared_ptr node) + : x509_issuer_name (node->string_child ("X509IssuerName")) + , x509_serial_number (node->string_child ("X509SerialNumber")) +{ + node->done (); +} + +void +Signer::as_xml (xmlpp::Element* node) const +{ + node->add_child("X509IssuerName", "ds")->add_child_text (x509_issuer_name); + node->add_child("X509SerialNumber", "ds")->add_child_text (x509_serial_number); +} + +Recipient::Recipient (shared_ptr node) + : x509_issuer_serial (node->node_child ("X509IssuerSerial")) + , x509_subject_name (node->string_child ("X509SubjectName")) +{ + node->done (); +} + +void +Recipient::as_xml (xmlpp::Element* node) const +{ + x509_issuer_serial.as_xml (node->add_child ("X509IssuerSerial")); + node->add_child("X509SubjectName")->add_child_text (x509_subject_name); +} + +AuthorizedDeviceInfo::AuthorizedDeviceInfo (shared_ptr node) + : device_list_identifier (node->string_child ("DeviceListIdentifier")) + , device_list_description (node->string_child ("DeviceListDescription")) +{ + list > ct = node->node_child("DeviceList")->node_children("CertificateThumbprint"); + for (list >::const_iterator i = ct.begin(); i != ct.end(); ++i) { + device_list.push_back ((*i)->content ()); + } + + node->done (); +} + +void +AuthorizedDeviceInfo::as_xml (xmlpp::Element* node) const +{ + node->add_child ("DeviceListIdentifier")->add_child_text (device_list_identifier); + node->add_child ("DeviceListDescription")->add_child_text (device_list_description); + xmlpp::Element* dl = node->add_child ("DeviceList"); + for (list::const_iterator i = device_list.begin(); i != device_list.end(); ++i) { + dl->add_child("CertificateThumbprint")->add_child_text (*i); + } +} + +TypedKeyId::TypedKeyId (shared_ptr node) + : key_type (node->string_child ("KeyType")) + , key_id (node->string_child ("KeyId")) +{ + node->done (); +} + +void +TypedKeyId::as_xml (xmlpp::Element* node) const +{ + node->add_child("KeyType")->add_child_text (key_type); + node->add_child("KeyId")->add_child_text (key_id); +} + +AuthenticatedPrivate::AuthenticatedPrivate (shared_ptr node) +{ + list > ek = node->node_children ("EncryptedKey"); + for (list >::const_iterator i = ek.begin(); i != ek.end(); ++i) { + encrypted_keys.push_back ((*i)->node_child("CipherData")->string_child("CipherValue")); + } + + node->done (); +} + +void +AuthenticatedPrivate::as_xml (xmlpp::Element* node) const +{ + node->set_attribute ("Id", "ID_AuthenticatedPrivate"); + + for (list::const_iterator i = encrypted_keys.begin(); i != encrypted_keys.end(); ++i) { + xmlpp::Element* encrypted_key = node->add_child ("EncryptedKey", "enc"); + xmlpp::Element* encryption_method = encrypted_key->add_child ("EncryptionMethod", "enc"); + encryption_method->set_attribute ("Algorithm", "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"); + xmlpp::Element* digest_method = encryption_method->add_child ("DigestMethod", "ds"); + digest_method->set_attribute ("Algorithm", "http://www.w3.org/2000/09/xmldsig#sha1"); + xmlpp::Element* cipher_data = encrypted_key->add_child ("CipherData", "enc"); + cipher_data->add_child("CipherValue", "enc")->add_child_text (*i); + } +} + +Signature::Signature (shared_ptr node) + : signature_value (node->string_child ("SignatureValue")) +{ + list > refs = node->node_child("SignedInfo")->node_children ("Reference"); + for (list >::const_iterator i = refs.begin(); i != refs.end(); ++i) { + signed_info.push_back (Reference (*i)); + } + + list > data = node->node_child("KeyInfo")->node_children ("X509Data"); + for (list >::const_iterator i = data.begin(); i != data.end(); ++i) { + key_info.push_back (X509Data (*i)); + } + + node->done (); +} + +void +Signature::as_xml (xmlpp::Element* node) const +{ + xmlpp::Element* si = node->add_child ("SignedInfo", "ds"); + si->add_child ("CanonicalizationMethod", "ds")->set_attribute ("Algorithm", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"); + si->add_child ("SignatureMethod", "ds")->set_attribute ("Algorithm", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); + for (list::const_iterator i = signed_info.begin(); i != signed_info.end(); ++i) { + i->as_xml (si); + } + + node->add_child("SignatureValue", "ds")->add_child_text (signature_value); + + xmlpp::Element* ki = node->add_child ("KeyInfo", "ds"); + for (list::const_iterator i = key_info.begin(); i != key_info.end(); ++i) { + i->as_xml (ki->add_child ("X509Data", "ds")); + } +} + +Reference::Reference (shared_ptr node) +{ + uri = node->string_attribute ("URI"); + digest_value = node->string_child ("DigestValue"); + + node->ignore_child ("DigestMethod"); + node->done (); +} + +void +Reference::as_xml (xmlpp::Element* node) const +{ + xmlpp::Element* reference = node->add_child ("Reference", "ds"); + reference->set_attribute ("URI", uri); + reference->add_child("DigestMethod", "ds")->set_attribute ("Algorithm", "http://www.w3.org/2001/04/xmlenc#sha256"); + reference->add_child("DigestValue", "ds")->add_child_text (digest_value); +} + +X509Data::X509Data (shared_ptr node) +{ + x509_issuer_serial = Signer (node->node_child ("X509IssuerSerial")); + x509_certificate = node->string_child ("X509Certificate"); + + node->done (); +} + +void +X509Data::as_xml (xmlpp::Element* node) const +{ + x509_issuer_serial.as_xml (node->add_child ("X509IssuerSerial", "ds")); + node->add_child("X509Certificate", "ds")->add_child_text (x509_certificate); +} diff --git a/src/xml/kdm_smpte.h b/src/xml/kdm_smpte.h new file mode 100644 index 00000000..989d05de --- /dev/null +++ b/src/xml/kdm_smpte.h @@ -0,0 +1,167 @@ +/* + Copyright (C) 2013 Carl Hetherington + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +*/ + +#ifndef LIBDCP_XML_KDM_SMPTE_H +#define LIBDCP_XML_KDM_SMPTE_H + +#include +#include +#include +#include + +namespace libdcp { +namespace xml { + +class Signer +{ +public: + Signer () {} + Signer (boost::shared_ptr); + + void as_xml (xmlpp::Element *) const; + + std::string x509_issuer_name; + std::string x509_serial_number; +}; + +class Recipient +{ +public: + Recipient () {} + Recipient (boost::shared_ptr); + + void as_xml (xmlpp::Element *) const; + + Signer x509_issuer_serial; + std::string x509_subject_name; +}; + +class AuthorizedDeviceInfo +{ +public: + AuthorizedDeviceInfo () {} + AuthorizedDeviceInfo (boost::shared_ptr); + + void as_xml (xmlpp::Element *) const; + + std::string device_list_identifier; + std::string device_list_description; + std::list device_list; +}; + +class TypedKeyId +{ +public: + TypedKeyId () {} + TypedKeyId (boost::shared_ptr); + + void as_xml (xmlpp::Element *) const; + + std::string key_type; + std::string key_id; +}; + +class AuthenticatedPublic +{ +public: + AuthenticatedPublic () {} + AuthenticatedPublic (boost::shared_ptr); + + void as_xml (xmlpp::Element *) const; + + std::string message_id; + std::string message_type; + boost::optional annotation_text; + std::string issue_date; + Signer signer; + Recipient recipient; + std::string composition_playlist_id; + std::string content_title_text; + std::string content_keys_not_valid_before; + std::string content_keys_not_valid_after; + AuthorizedDeviceInfo authorized_device_info; + std::list key_id_list; + std::list forensic_mark_flag_list; +}; + +class AuthenticatedPrivate +{ +public: + AuthenticatedPrivate () {} + AuthenticatedPrivate (boost::shared_ptr); + + void as_xml (xmlpp::Element *) const; + + std::list encrypted_keys; +}; + +class X509Data +{ +public: + X509Data () {} + X509Data (boost::shared_ptr); + + void as_xml (xmlpp::Element *) const; + + Signer x509_issuer_serial; + std::string x509_certificate; +}; + +class Reference +{ +public: + Reference () {} + Reference (boost::shared_ptr); + + void as_xml (xmlpp::Element *) const; + + std::string uri; + std::string digest_value; +}; + +class Signature +{ +public: + Signature () {} + Signature (boost::shared_ptr); + + void as_xml (xmlpp::Element *) const; + + std::list signed_info; + std::string signature_value; + std::list key_info; +}; + +class DCinemaSecurityMessage +{ +public: + DCinemaSecurityMessage (boost::filesystem::path); + + void as_xml (boost::filesystem::path) const; + + AuthenticatedPublic authenticated_public; + AuthenticatedPrivate authenticated_private; + Signature signature; +}; + +} +} + +#endif + diff --git a/test/kdm_test.cc b/test/kdm_test.cc index d2a80ad2..5d071074 100644 --- a/test/kdm_test.cc +++ b/test/kdm_test.cc @@ -18,6 +18,7 @@ */ #include "kdm.h" +#include "xml/kdm_smpte.h" BOOST_AUTO_TEST_CASE (kdm_test) { @@ -42,4 +43,18 @@ BOOST_AUTO_TEST_CASE (kdm_test) BOOST_CHECK_EQUAL (keys.back().not_valid_after(), "2023-07-02T20:04:56+00:00"); BOOST_CHECK_EQUAL (keys.back().key().hex(), "5327fb7ec2e807bd57059615bf8a169d"); } - + +/* Check that we can read in a KDM and then write it back out again the same */ +BOOST_AUTO_TEST_CASE (kdm_passthrough_test) +{ + libdcp::xml::DCinemaSecurityMessage kdm ( + "test/data/kdm_TONEPLATES-SMPTE-ENC_.smpte-430-2.ROOT.NOT_FOR_PRODUCTION_20130706_20230702_CAR_OV_t1_8971c838.xml" + ); + + kdm.as_xml ("build/kdm.xml"); + int const r = system ( + "xmldiff -c test/data/kdm_TONEPLATES-SMPTE-ENC_.smpte-430-2.ROOT.NOT_FOR_PRODUCTION_20130706_20230702_CAR_OV_t1_8971c838.xml build/kdm.xml" + ); + + BOOST_CHECK_EQUAL (WEXITSTATUS (r), 0); +} -- 2.30.2