</chapter>
+<chapter xml:id="ch-encryption" xmlns="http://docbook.org/ns/docbook" version="5.0" xml:lang="en">
+<title>Encryption</title>
+
+<para>
+It is not required that DCPs be encrypted, but they can be. This
+chapter describes how DCPs are signed and encrypted, and how KDMs
+work. It also discusses how DCP-o-matic can create encrypted DCPs and
+KDMs for them.
+</para>
+
+</chapter>
+
<chapter xml:id="ch-preferences" xmlns="http://docbook.org/ns/docbook" version="5.0" xml:lang="en">
<title>Preferences</title>
}
/** @return Filename to write configuration to */
-string
+boost::filesystem::path
Config::file (bool old) const
{
boost::filesystem::path p;
} else {
p /= "dcpomatic.xml";
}
- return p.string ();
+ return p;
}
-string
-Config::crypt_chain_directory () const
+boost::filesystem::path
+Config::signer_chain_directory () const
{
boost::filesystem::path p;
p /= g_get_user_config_dir ();
p /= "dvdomatic";
p /= "crypt";
boost::filesystem::create_directories (p);
- return p.string ();
+ return p;
}
/** @return Singleton instance */
xmlpp::Element* root = doc.create_root_node ("Config");
root->add_child("NumLocalEncodingThreads")->add_child_text (lexical_cast<string> (_num_local_encoding_threads));
- root->add_child("DefaultDirectory")->add_child_text (_default_directory);
+ root->add_child("DefaultDirectory")->add_child_text (_default_directory.string ());
root->add_child("ServerPort")->add_child_text (lexical_cast<string> (_server_port));
for (vector<ServerDescription>::const_iterator i = _servers.begin(); i != _servers.end(); ++i) {
i->as_xml (root->add_child ("ColourConversion"));
}
- doc.write_to_file_formatted (file (false));
+ doc.write_to_file_formatted (file(false).string ());
}
-string
-Config::default_directory_or (string a) const
+boost::filesystem::path
+Config::default_directory_or (boost::filesystem::path a) const
{
if (_default_directory.empty() || !boost::filesystem::exists (_default_directory)) {
return a;
#include <vector>
#include <boost/shared_ptr.hpp>
#include <boost/signals2.hpp>
+#include <boost/filesystem.hpp>
#include <libdcp/metadata.h>
#include "dci_metadata.h"
#include "colour_conversion.h"
return _num_local_encoding_threads;
}
- std::string default_directory () const {
+ boost::filesystem::path default_directory () const {
return _default_directory;
}
- std::string default_directory_or (std::string a) const;
+ boost::filesystem::path default_directory_or (boost::filesystem::path a) const;
/** @return port to use for J2K encoding servers */
int server_port () const {
_num_local_encoding_threads = n;
}
- void set_default_directory (std::string d) {
+ void set_default_directory (boost::filesystem::path d) {
_default_directory = d;
}
void write () const;
- std::string crypt_chain_directory () const;
+ boost::filesystem::path signer_chain_directory () const;
static Config* instance ();
static void drop ();
private:
Config ();
- std::string file (bool) const;
+ boost::filesystem::path file (bool) const;
void read ();
void read_old_metadata ();
/** number of threads to use for J2K encoding on the local machine */
int _num_local_encoding_threads;
/** default directory to put new films in */
- std::string _default_directory;
+ boost::filesystem::path _default_directory;
/** port to use for J2K encoding servers */
int _server_port;
#include <boost/date_time.hpp>
#include <libxml++/libxml++.h>
#include <libcxml/cxml.h>
-#include <libdcp/crypt_chain.h>
+#include <libdcp/signer_chain.h>
#include <libdcp/cpl.h>
+#include <libdcp/signer.h>
#include "film.h"
#include "job.h"
#include "util.h"
using boost::starts_with;
using boost::optional;
using libdcp::Size;
+using libdcp::Signer;
int const Film::state_version = 4;
string directory
) const
{
- string const cd = Config::instance()->crypt_chain_directory ();
- if (boost::filesystem::is_empty (cd)) {
- libdcp::make_crypt_chain (cd);
+ boost::filesystem::path const sd = Config::instance()->signer_chain_directory ();
+ if (boost::filesystem::is_empty (sd)) {
+ libdcp::make_signer_chain (sd);
}
libdcp::CertificateChain chain;
{
- boost::filesystem::path p (cd);
+ boost::filesystem::path p (sd);
p /= "ca.self-signed.pem";
chain.add (shared_ptr<libdcp::Certificate> (new libdcp::Certificate (p.string ())));
}
{
- boost::filesystem::path p (cd);
+ boost::filesystem::path p (sd);
p /= "intermediate.signed.pem";
chain.add (shared_ptr<libdcp::Certificate> (new libdcp::Certificate (p.string ())));
}
{
- boost::filesystem::path p (cd);
+ boost::filesystem::path p (sd);
p /= "leaf.signed.pem";
chain.add (shared_ptr<libdcp::Certificate> (new libdcp::Certificate (p.string ())));
}
- boost::filesystem::path signer_key (cd);
+ boost::filesystem::path signer_key (sd);
signer_key /= "leaf.key";
+ shared_ptr<const Signer> signer (new Signer (chain, signer_key));
+
/* Find the DCP to make the KDM for */
string const dir = this->directory ();
list<string> dcps;
/* XXX: single CPL only */
shared_ptr<xmlpp::Document> kdm = dcp.cpls().front()->make_kdm (
- chain, signer_key.string(), (*i)->certificate, from, until, _interop, libdcp::MXFMetadata (), Config::instance()->dcp_metadata ()
+ signer, (*i)->certificate, from, until, _interop, libdcp::MXFMetadata (), Config::instance()->dcp_metadata ()
);
boost::filesystem::path out = directory;
it into the DCP later.
*/
- if (f->three_d ()) {
+ if (_film->three_d ()) {
_picture_asset.reset (
new libdcp::StereoPictureAsset (
_film->internal_video_mxf_dir (),
_film->internal_video_mxf_filename (),
_film->video_frame_rate (),
- _film->container()->size (_film->full_frame ())
+ _film->container()->size (_film->full_frame ()),
+ _film->encrypted ()
)
);
_film->internal_video_mxf_dir (),
_film->internal_video_mxf_filename (),
_film->video_frame_rate (),
- _film->container()->size (_film->full_frame ())
+ _film->container()->size (_film->full_frame ()),
+ _film->encrypted ()
)
);
_film->audio_mxf_filename (),
_film->video_frame_rate (),
_film->audio_channels (),
- _film->audio_frame_rate ()
+ _film->audio_frame_rate (),
+ _film->encrypted ()
)
);
_default_still_length->SetValue (config->default_still_length ());
_default_still_length->Bind (wxEVT_COMMAND_SPINCTRL_UPDATED, boost::bind (&ConfigDialog::default_still_length_changed, this));
- _default_directory->SetPath (std_to_wx (config->default_directory_or (wx_to_std (wxStandardPaths::Get().GetDocumentsDir()))));
+ _default_directory->SetPath (std_to_wx (config->default_directory_or (wx_to_std (wxStandardPaths::Get().GetDocumentsDir())).string ()));
_default_directory->Bind (wxEVT_COMMAND_DIRPICKER_CHANGED, boost::bind (&ConfigDialog::default_directory_changed, this));
_default_dci_metadata_button->Bind (wxEVT_COMMAND_BUTTON_CLICKED, boost::bind (&ConfigDialog::edit_default_dci_metadata_clicked, this));
using namespace std;
using namespace boost;
-boost::optional<string> NewFilmDialog::_directory;
+boost::optional<boost::filesystem::path> NewFilmDialog::_directory;
NewFilmDialog::NewFilmDialog (wxWindow* parent)
: wxDialog (parent, wxID_ANY, _("New Film"))
_directory = Config::instance()->default_directory_or (wx_to_std (wxStandardPaths::Get().GetDocumentsDir()));
}
- _folder->SetPath (std_to_wx (_directory.get()));
+ _folder->SetPath (std_to_wx (_directory.get().string()));
table->Add (_folder, 1, wxEXPAND);
wxSizer* buttons = CreateSeparatedButtonSizer (wxOK | wxCANCEL);
#else
wxDirPickerCtrl* _folder;
#endif
- static boost::optional<std::string> _directory;
+ static boost::optional<boost::filesystem::path> _directory;
};