From: Carl Hetherington Date: Fri, 18 Jul 2014 12:12:41 +0000 (+0100) Subject: Keep signing certificates / keys in config.xml rather than on disk; allow configuration. X-Git-Tag: v2.0.48~712 X-Git-Url: https://main.carlh.net/gitweb/?p=dcpomatic.git;a=commitdiff_plain;h=5ea52a08f45b0cb8b8fe7221244cdcdeeaca0ed7 Keep signing certificates / keys in config.xml rather than on disk; allow configuration. --- diff --git a/src/lib/config.cc b/src/lib/config.cc index f2f25efe9..0d6a55054 100644 --- a/src/lib/config.cc +++ b/src/lib/config.cc @@ -25,6 +25,8 @@ #include #include #include +#include +#include #include #include "config.h" #include "server.h" @@ -36,6 +38,7 @@ #include "colour_conversion.h" #include "cinema.h" #include "util.h" +#include "cross.h" #include "i18n.h" @@ -207,6 +210,37 @@ Config::read () _allow_any_dcp_frame_rate = f.optional_bool_child ("AllowAnyDCPFrameRate"); _log_types = f.optional_number_child ("LogTypes").get_value_or (Log::TYPE_GENERAL | Log::TYPE_WARNING | Log::TYPE_ERROR); + + cxml::NodePtr signer = f.optional_node_child ("Signer"); + dcp::CertificateChain signer_chain; + if (signer) { + /* Read the signing certificates and private key in from the config file */ + list certificates = signer->node_children ("Certificate"); + for (list::const_iterator i = certificates.begin(); i != certificates.end(); ++i) { + signer_chain.add (shared_ptr (new dcp::Certificate ((*i)->content ()))); + } + + _signer.reset (new dcp::Signer (signer_chain, signer->string_child ("PrivateKey"))); + } else { + /* Make a new set of signing certificates and key */ + _signer.reset (new dcp::Signer (openssl_path ())); + } + + if (f.optional_string_child ("DecryptionCertificate")) { + _decryption_certificate = dcp::Certificate (f.string_child ("DecryptionCertificate")); + } + + if (f.optional_string_child ("DecryptionPrivateKey")) { + _decryption_private_key = f.string_child ("DecryptionPrivateKey"); + } + + if (!f.optional_string_child ("DecryptionCertificate") || !f.optional_string_child ("DecryptionPrivateKey")) { + /* Generate our own decryption certificate and key if either is not present in config */ + boost::filesystem::path p = dcp::make_certificate_chain (openssl_path ()); + _decryption_certificate = dcp::Certificate (dcp::file_to_string (p / "leaf.signed.pem")); + _decryption_private_key = dcp::file_to_string (p / "leaf.key"); + boost::filesystem::remove_all (p); + } } /** @return Filename to write configuration to */ @@ -227,17 +261,6 @@ Config::file (bool old) const return p; } -boost::filesystem::path -Config::signer_chain_directory () const -{ - boost::filesystem::path p; - p /= g_get_user_config_dir (); - p /= "dcpomatic"; - p /= "crypt"; - boost::filesystem::create_directories (p); - return p; -} - /** @return Singleton instance */ Config * Config::instance () @@ -326,7 +349,17 @@ Config::write () const root->add_child("MaximumJ2KBandwidth")->add_child_text (raw_convert (_maximum_j2k_bandwidth)); root->add_child("AllowAnyDCPFrameRate")->add_child_text (_allow_any_dcp_frame_rate ? "1" : "0"); root->add_child("LogTypes")->add_child_text (raw_convert (_log_types)); - + + xmlpp::Element* signer = root->add_child ("Signer"); + dcp::CertificateChain::List certs = _signer->certificates().root_to_leaf (); + for (dcp::CertificateChain::List::const_iterator i = certs.begin(); i != certs.end(); ++i) { + signer->add_child("Certificate")->add_child_text ((*i)->certificate (true)); + } + signer->add_child("PrivateKey")->add_child_text (_signer->key ()); + + root->add_child("DecryptionCertificate")->add_child_text (_decryption_certificate.certificate (true)); + root->add_child("DecryptionPrivateKey")->add_child_text (_decryption_private_key); + doc.write_to_file_formatted (file(false).string ()); } diff --git a/src/lib/config.h b/src/lib/config.h index 03dd9c0fe..d8ac75bed 100644 --- a/src/lib/config.h +++ b/src/lib/config.h @@ -29,6 +29,8 @@ #include #include #include +#include +#include #include "isdcf_metadata.h" #include "colour_conversion.h" @@ -188,6 +190,18 @@ public: return _kdm_email; } + boost::shared_ptr signer () const { + return _signer; + } + + dcp::Certificate decryption_certificate () const { + return _decryption_certificate; + } + + std::string decryption_private_key () const { + return _decryption_private_key; + } + bool check_for_updates () const { return _check_for_updates; } @@ -357,6 +371,21 @@ public: void reset_kdm_email (); + void set_signer (boost::shared_ptr s) { + _signer = s; + changed (); + } + + void set_decryption_certificate (dcp::Certificate c) { + _decryption_certificate = c; + changed (); + } + + void set_decryption_private_key (std::string k) { + _decryption_private_key = k; + changed (); + } + void set_check_for_updates (bool c) { _check_for_updates = c; changed (); @@ -377,8 +406,6 @@ public: changed (); } - boost::filesystem::path signer_chain_directory () const; - void changed (); boost::signals2::signal Changed; @@ -435,6 +462,9 @@ private: std::string _kdm_from; std::string _kdm_cc; std::string _kdm_email; + boost::shared_ptr _signer; + dcp::Certificate _decryption_certificate; + std::string _decryption_private_key; /** true to check for updates on startup */ bool _check_for_updates; bool _check_for_test_updates; diff --git a/src/lib/exceptions.cc b/src/lib/exceptions.cc index f34cebbfe..95d4c8cce 100644 --- a/src/lib/exceptions.cc +++ b/src/lib/exceptions.cc @@ -67,3 +67,9 @@ SubRipError::SubRipError (string saw, string expecting, boost::filesystem::path { } + +InvalidSignerError::InvalidSignerError () + : StringError (_("The certificate chain for signing is invalid")) +{ + +} diff --git a/src/lib/exceptions.h b/src/lib/exceptions.h index a8969d702..52f257a8d 100644 --- a/src/lib/exceptions.h +++ b/src/lib/exceptions.h @@ -253,6 +253,12 @@ public: {} }; +class InvalidSignerError : public StringError +{ +public: + InvalidSignerError (); +}; + /** @class ExceptionStore * @brief A parent class for classes which have a need to catch and * re-throw exceptions. @@ -295,6 +301,4 @@ private: mutable boost::mutex _mutex; }; - - #endif diff --git a/src/lib/film.cc b/src/lib/film.cc index 85dc5b168..eaf738b8b 100644 --- a/src/lib/film.cc +++ b/src/lib/film.cc @@ -1078,9 +1078,14 @@ Film::make_kdm ( ) const { shared_ptr cpl (new dcp::CPL (cpl_file)); + shared_ptr signer = Config::instance()->signer(); + if (!signer->valid ()) { + throw InvalidSignerError (); + } + return dcp::DecryptedKDM ( cpl, from, until, "DCP-o-matic", cpl->content_title_text(), dcp::LocalTime().as_string() - ).encrypt (make_signer(), target, formulation); + ).encrypt (signer, target, formulation); } list diff --git a/src/lib/util.cc b/src/lib/util.cc index 837f3cdf3..c7ef40a1c 100644 --- a/src/lib/util.cc +++ b/src/lib/util.cc @@ -791,59 +791,6 @@ tidy_for_filename (string f) return t; } -shared_ptr -make_signer () -{ - boost::filesystem::path const sd = Config::instance()->signer_chain_directory (); - - /* Remake the chain if any of it is missing */ - - list files; - files.push_back ("ca.self-signed.pem"); - files.push_back ("intermediate.signed.pem"); - files.push_back ("leaf.signed.pem"); - files.push_back ("leaf.key"); - - list::const_iterator i = files.begin(); - while (i != files.end()) { - boost::filesystem::path p (sd); - p /= *i; - if (!boost::filesystem::exists (p)) { - boost::filesystem::remove_all (sd); - boost::filesystem::create_directories (sd); - dcp::make_signer_chain (sd, openssl_path ()); - break; - } - - ++i; - } - - dcp::CertificateChain chain; - - { - boost::filesystem::path p (sd); - p /= "ca.self-signed.pem"; - chain.add (shared_ptr (new dcp::Certificate (p))); - } - - { - boost::filesystem::path p (sd); - p /= "intermediate.signed.pem"; - chain.add (shared_ptr (new dcp::Certificate (p))); - } - - { - boost::filesystem::path p (sd); - p /= "leaf.signed.pem"; - chain.add (shared_ptr (new dcp::Certificate (p))); - } - - boost::filesystem::path signer_key (sd); - signer_key /= "leaf.key"; - - return shared_ptr (new dcp::Signer (chain, signer_key)); -} - map split_get_request (string url) { diff --git a/src/lib/util.h b/src/lib/util.h index 094d57f40..b7dc978e3 100644 --- a/src/lib/util.h +++ b/src/lib/util.h @@ -32,7 +32,6 @@ #include #include #include -#include extern "C" { #include #include @@ -48,10 +47,6 @@ extern "C" { #define DCPOMATIC_HELLO "Boys, you gotta learn not to talk to nuns that way" -namespace dcp { - class Signer; -} - class Job; struct AVSubtitle; @@ -71,7 +66,6 @@ extern bool valid_image_file (boost::filesystem::path); extern boost::filesystem::path mo_path (); #endif extern std::string tidy_for_filename (std::string); -extern boost::shared_ptr make_signer (); extern dcp::Size fit_ratio_within (float ratio, dcp::Size); extern std::string entities_to_text (std::string e); extern std::map split_get_request (std::string url); diff --git a/src/lib/writer.cc b/src/lib/writer.cc index b165545c7..c34a6a66d 100644 --- a/src/lib/writer.cc +++ b/src/lib/writer.cc @@ -30,6 +30,7 @@ #include #include #include +#include #include "writer.h" #include "compose.hpp" #include "film.h" @@ -124,6 +125,11 @@ Writer::Writer (shared_ptr f, weak_ptr j) _sound_mxf_writer = _sound_mxf->start_write (_film->directory() / _film->audio_mxf_filename(), _film->interop() ? dcp::INTEROP : dcp::SMPTE); } + /* Check that the signer is OK if we need one */ + if (_film->is_signed() && !Config::instance()->signer()->valid ()) { + throw InvalidSignerError (); + } + _thread = new boost::thread (boost::bind (&Writer::thread, this)); job->sub (_("Encoding image data")); @@ -484,7 +490,16 @@ Writer::finish () dcp::XMLMetadata meta = Config::instance()->dcp_metadata (); meta.set_issue_date_now (); - dcp.write_xml (_film->interop () ? dcp::INTEROP : dcp::SMPTE, meta, _film->is_signed() ? make_signer () : shared_ptr ()); + shared_ptr signer; + if (_film->is_signed ()) { + signer = Config::instance()->signer (); + /* We did check earlier, but check again here to be on the safe side */ + if (!signer->valid ()) { + throw InvalidSignerError (); + } + } + + dcp.write_xml (_film->interop () ? dcp::INTEROP : dcp::SMPTE, meta, signer); LOG_GENERAL ( N_("Wrote %1 FULL, %2 FAKE, %3 pushed to disk"), _full_written, _fake_written, _pushed_to_disk diff --git a/src/tools/dcpomatic_kdm.cc b/src/tools/dcpomatic_kdm.cc index 2ad07cce7..4068dc51a 100644 --- a/src/tools/dcpomatic_kdm.cc +++ b/src/tools/dcpomatic_kdm.cc @@ -248,7 +248,7 @@ int main (int argc, char* argv[]) error ("you must specify --output"); } - shared_ptr certificate (new dcp::Certificate (boost::filesystem::path (certificate_file))); + shared_ptr certificate (new dcp::Certificate (dcp::file_to_string (certificate_file))); dcp::EncryptedKDM kdm = film->make_kdm (certificate, cpl, valid_from.get(), valid_to.get(), formulation); kdm.as_xml (output); if (verbose) { diff --git a/src/wx/config_dialog.cc b/src/wx/config_dialog.cc index 306e1f208..ee660832f 100644 --- a/src/wx/config_dialog.cc +++ b/src/wx/config_dialog.cc @@ -29,6 +29,8 @@ #include #include #include +#include +#include #include "lib/config.h" #include "lib/ratio.h" #include "lib/scaler.h" @@ -36,6 +38,7 @@ #include "lib/dcp_content_type.h" #include "lib/colour_conversion.h" #include "lib/log.h" +#include "lib/util.h" #include "config_dialog.h" #include "wx_util.h" #include "editable_list.h" @@ -107,7 +110,6 @@ public: _num_local_encoding_threads = new wxSpinCtrl (panel); table->Add (_num_local_encoding_threads, 1); - _check_for_updates = new wxCheckBox (panel, wxID_ANY, _("Check for updates on startup")); table->Add (_check_for_updates, 1, wxEXPAND | wxALL); table->AddSpacer (0); @@ -547,6 +549,284 @@ private: } }; +class KeysPage : public wxPreferencesPage, public Page +{ +public: + KeysPage (wxSize panel_size, int border) + : Page (panel_size, border) + {} + + wxString GetName () const + { + return _("Keys"); + } + +#ifdef DCPOMATIC_OSX + wxBitmap GetLargeIcon () const + { + return wxBitmap ("keys", wxBITMAP_TYPE_PNG_RESOURCE); + } +#endif + + wxWindow* CreateWindow (wxWindow* parent) + { + _panel = new wxPanel (parent, wxID_ANY, wxDefaultPosition, _panel_size); + wxBoxSizer* overall_sizer = new wxBoxSizer (wxVERTICAL); + _panel->SetSizer (overall_sizer); + + wxStaticText* m = new wxStaticText (_panel, wxID_ANY, _("Certificate chain for signing DCPs and KDMs:")); + overall_sizer->Add (m, 0, wxALL, _border); + + wxBoxSizer* certificates_sizer = new wxBoxSizer (wxHORIZONTAL); + overall_sizer->Add (certificates_sizer, 0, wxLEFT | wxRIGHT, _border); + + _certificates = new wxListCtrl (_panel, wxID_ANY, wxDefaultPosition, wxSize (400, 200), wxLC_REPORT | wxLC_SINGLE_SEL); + + { + wxListItem ip; + ip.SetId (0); + ip.SetText (_("Type")); + ip.SetWidth (100); + _certificates->InsertColumn (0, ip); + } + + { + wxListItem ip; + ip.SetId (1); + ip.SetText (_("Thumbprint")); + ip.SetWidth (300); + + wxFont font = ip.GetFont (); + font.SetFamily (wxFONTFAMILY_TELETYPE); + ip.SetFont (font); + + _certificates->InsertColumn (1, ip); + } + + certificates_sizer->Add (_certificates, 1, wxEXPAND); + + { + wxSizer* s = new wxBoxSizer (wxVERTICAL); + _add_certificate = new wxButton (_panel, wxID_ANY, _("Add...")); + s->Add (_add_certificate, 0, wxTOP | wxBOTTOM, DCPOMATIC_BUTTON_STACK_GAP); + _remove_certificate = new wxButton (_panel, wxID_ANY, _("Remove")); + s->Add (_remove_certificate, 0, wxTOP | wxBOTTOM, DCPOMATIC_BUTTON_STACK_GAP); + certificates_sizer->Add (s, 0, wxLEFT, DCPOMATIC_SIZER_X_GAP); + } + + wxFlexGridSizer* table = new wxFlexGridSizer (2, DCPOMATIC_SIZER_X_GAP, DCPOMATIC_SIZER_Y_GAP); + table->AddGrowableCol (1, 1); + overall_sizer->Add (table, 1, wxALL | wxEXPAND, _border); + + add_label_to_sizer (table, _panel, _("Private key for leaf certificate"), true); + { + wxSizer* s = new wxBoxSizer (wxHORIZONTAL); + _signer_private_key = new wxStaticText (_panel, wxID_ANY, wxT ("")); + wxFont font = _signer_private_key->GetFont (); + font.SetFamily (wxFONTFAMILY_TELETYPE); + _signer_private_key->SetFont (font); + s->Add (_signer_private_key, 1, wxLEFT | wxRIGHT | wxALIGN_CENTER_VERTICAL, DCPOMATIC_SIZER_X_GAP); + _load_signer_private_key = new wxButton (_panel, wxID_ANY, _("Load...")); + s->Add (_load_signer_private_key, 0, wxLEFT, DCPOMATIC_SIZER_X_GAP); + table->Add (s, 0); + } + + add_label_to_sizer (table, _panel, _("Certificate for decrypting DCPs"), true); + { + wxSizer* s = new wxBoxSizer (wxHORIZONTAL); + _decryption_certificate = new wxStaticText (_panel, wxID_ANY, wxT ("")); + wxFont font = _decryption_certificate->GetFont (); + font.SetFamily (wxFONTFAMILY_TELETYPE); + _decryption_certificate->SetFont (font); + s->Add (_decryption_certificate, 1, wxLEFT | wxRIGHT | wxALIGN_CENTER_VERTICAL, DCPOMATIC_SIZER_X_GAP); + _load_decryption_certificate = new wxButton (_panel, wxID_ANY, _("Load...")); + s->Add (_load_decryption_certificate, 0, wxLEFT, DCPOMATIC_SIZER_X_GAP); + table->Add (s, 0); + } + + add_label_to_sizer (table, _panel, _("Private key for decrypting DCPs"), true); + { + wxSizer* s = new wxBoxSizer (wxHORIZONTAL); + _decryption_private_key = new wxStaticText (_panel, wxID_ANY, wxT ("")); + wxFont font = _decryption_private_key->GetFont (); + font.SetFamily (wxFONTFAMILY_TELETYPE); + _decryption_private_key->SetFont (font); + s->Add (_decryption_private_key, 1, wxLEFT | wxRIGHT | wxALIGN_CENTER_VERTICAL, DCPOMATIC_SIZER_X_GAP); + _load_decryption_private_key = new wxButton (_panel, wxID_ANY, _("Load...")); + s->Add (_load_decryption_private_key, 0, wxLEFT, DCPOMATIC_SIZER_X_GAP); + table->Add (s, 0); + } + + _add_certificate->Bind (wxEVT_COMMAND_BUTTON_CLICKED, boost::bind (&KeysPage::add_certificate, this)); + _remove_certificate->Bind (wxEVT_COMMAND_BUTTON_CLICKED, boost::bind (&KeysPage::remove_certificate, this)); + _certificates->Bind (wxEVT_COMMAND_LIST_ITEM_SELECTED, boost::bind (&KeysPage::update_sensitivity, this)); + _certificates->Bind (wxEVT_COMMAND_LIST_ITEM_DESELECTED, boost::bind (&KeysPage::update_sensitivity, this)); + _load_signer_private_key->Bind (wxEVT_COMMAND_BUTTON_CLICKED, boost::bind (&KeysPage::load_signer_private_key, this)); + _load_decryption_certificate->Bind (wxEVT_COMMAND_BUTTON_CLICKED, boost::bind (&KeysPage::load_decryption_certificate, this)); + _load_decryption_private_key->Bind (wxEVT_COMMAND_BUTTON_CLICKED, boost::bind (&KeysPage::load_decryption_private_key, this)); + + _signer.reset (new dcp::Signer (*Config::instance()->signer().get ())); + + update_certificate_list (); + update_signer_private_key (); + update_decryption_certificate (); + update_decryption_private_key (); + update_sensitivity (); + + return _panel; + } + +private: + void add_certificate () + { + wxFileDialog* d = new wxFileDialog (_panel, _("Select Certificate File")); + + if (d->ShowModal() == wxID_OK) { + try { + shared_ptr c (new dcp::Certificate (dcp::file_to_string (wx_to_std (d->GetPath ())))); + _signer->certificates().add (c); + Config::instance()->set_signer (_signer); + update_certificate_list (); + } catch (dcp::MiscError& e) { + error_dialog (_panel, wxString::Format (_("Could not read certificate file (%s)"), e.what ())); + } + } + + d->Destroy (); + + update_sensitivity (); + } + + void remove_certificate () + { + int i = _certificates->GetNextItem (-1, wxLIST_NEXT_ALL, wxLIST_STATE_SELECTED); + if (i == -1) { + return; + } + + _certificates->DeleteItem (i); + _signer->certificates().remove (i); + Config::instance()->set_signer (_signer); + + update_sensitivity (); + } + + void update_certificate_list () + { + _certificates->DeleteAllItems (); + dcp::CertificateChain::List certs = _signer->certificates().root_to_leaf (); + size_t n = 0; + for (dcp::CertificateChain::List::const_iterator i = certs.begin(); i != certs.end(); ++i) { + wxListItem item; + item.SetId (n); + _certificates->InsertItem (item); + _certificates->SetItem (n, 1, std_to_wx ((*i)->thumbprint ())); + + if (n == 0) { + _certificates->SetItem (n, 0, _("Root")); + } else if (n == (certs.size() - 1)) { + _certificates->SetItem (n, 0, _("Leaf")); + } else { + _certificates->SetItem (n, 0, _("Intermediate")); + } + + ++n; + } + } + + void update_sensitivity () + { + _remove_certificate->Enable (_certificates->GetNextItem (-1, wxLIST_NEXT_ALL, wxLIST_STATE_SELECTED) != -1); + } + + void update_signer_private_key () + { + _signer_private_key->SetLabel (std_to_wx (dcp::private_key_fingerprint (_signer->key ()))); + } + + void load_signer_private_key () + { + wxFileDialog* d = new wxFileDialog (_panel, _("Select Key File")); + + if (d->ShowModal() == wxID_OK) { + try { + boost::filesystem::path p (wx_to_std (d->GetPath ())); + if (boost::filesystem::file_size (p) > 1024) { + error_dialog (_panel, wxString::Format (_("Could not read key file (%s)"), std_to_wx (p.string ()))); + return; + } + + _signer->set_key (dcp::file_to_string (p)); + Config::instance()->set_signer (_signer); + update_signer_private_key (); + } catch (dcp::MiscError& e) { + error_dialog (_panel, wxString::Format (_("Could not read certificate file (%s)"), e.what ())); + } + } + + d->Destroy (); + + update_sensitivity (); + + } + + void load_decryption_certificate () + { + wxFileDialog* d = new wxFileDialog (_panel, _("Select Certificate File")); + + if (d->ShowModal() == wxID_OK) { + try { + dcp::Certificate c (dcp::file_to_string (wx_to_std (d->GetPath ()))); + Config::instance()->set_decryption_certificate (c); + update_decryption_certificate (); + } catch (dcp::MiscError& e) { + error_dialog (_panel, wxString::Format (_("Could not read certificate file (%s)"), e.what ())); + } + } + + d->Destroy (); + } + + void update_decryption_certificate () + { + _decryption_certificate->SetLabel (std_to_wx (Config::instance()->decryption_certificate().thumbprint ())); + } + + void load_decryption_private_key () + { + wxFileDialog* d = new wxFileDialog (_panel, _("Select Key File")); + + if (d->ShowModal() == wxID_OK) { + try { + boost::filesystem::path p (wx_to_std (d->GetPath ())); + Config::instance()->set_decryption_private_key (dcp::file_to_string (p)); + update_decryption_private_key (); + } catch (dcp::MiscError& e) { + error_dialog (_panel, wxString::Format (_("Could not read key file (%s)"), e.what ())); + } + } + + d->Destroy (); + } + + void update_decryption_private_key () + { + _decryption_private_key->SetLabel (std_to_wx (dcp::private_key_fingerprint (Config::instance()->decryption_private_key()))); + } + + wxPanel* _panel; + wxListCtrl* _certificates; + wxButton* _add_certificate; + wxButton* _remove_certificate; + wxStaticText* _signer_private_key; + wxButton* _load_signer_private_key; + wxStaticText* _decryption_certificate; + wxButton* _load_decryption_certificate; + wxStaticText* _decryption_private_key; + wxButton* _load_decryption_private_key; + shared_ptr _signer; +}; + class TMSPage : public wxPreferencesPage, public Page { public: @@ -901,6 +1181,7 @@ create_config_dialog () e->AddPage (new DefaultsPage (ps, border)); e->AddPage (new EncodingServersPage (ps, border)); e->AddPage (new ColourConversionsPage (ps, border)); + e->AddPage (new KeysPage (ps, border)); e->AddPage (new TMSPage (ps, border)); e->AddPage (new KDMEmailPage (ps, border)); e->AddPage (new AdvancedPage (ps, border)); diff --git a/src/wx/editable_list.h b/src/wx/editable_list.h index 470be2d09..a282bba69 100644 --- a/src/wx/editable_list.h +++ b/src/wx/editable_list.h @@ -43,7 +43,7 @@ public: wxFlexGridSizer* table = new wxFlexGridSizer (2, DCPOMATIC_SIZER_X_GAP, DCPOMATIC_SIZER_Y_GAP); table->AddGrowableCol (0, 1); - s->Add (table, 1, wxALL | wxEXPAND, 8); + s->Add (table, 1, wxEXPAND); _list = new wxListCtrl (this, wxID_ANY, wxDefaultPosition, wxSize (columns.size() * 200, height), wxLC_REPORT | wxLC_SINGLE_SEL); diff --git a/src/wx/screen_dialog.cc b/src/wx/screen_dialog.cc index 6b58145eb..10650263b 100644 --- a/src/wx/screen_dialog.cc +++ b/src/wx/screen_dialog.cc @@ -89,7 +89,7 @@ void ScreenDialog::load_certificate (boost::filesystem::path file) { try { - _certificate.reset (new dcp::Certificate (file)); + _certificate.reset (new dcp::Certificate (dcp::file_to_string (file))); _certificate_text->SetValue (_certificate->certificate ()); } catch (dcp::MiscError& e) { error_dialog (this, wxString::Format (_("Could not read certificate file (%s)"), e.what()));