From 19f51503621a57794bd79bac053c9e6549a69f46 Mon Sep 17 00:00:00 2001
From: Carl Hetherington <cth@carlh.net>
Date: Sun, 22 Sep 2019 23:59:49 +0200
Subject: [PATCH] Fix failure to playback encrypted DCPs, introduced when
 adding DCPDecoder re-use optimisation.

---
 src/lib/dcp.cc         | 45 +++++++++++++++++++++++++-----------------
 src/lib/dcp.h          |  1 +
 src/lib/dcp_decoder.cc |  9 +++++++++
 3 files changed, 37 insertions(+), 18 deletions(-)

diff --git a/src/lib/dcp.cc b/src/lib/dcp.cc
index 0b80a3737..f3b3b4496 100644
--- a/src/lib/dcp.cc
+++ b/src/lib/dcp.cc
@@ -36,6 +36,31 @@ using std::list;
 using std::string;
 using boost::shared_ptr;
 
+dcp::DecryptedKDM
+DCP::decrypted_kdm () const
+{
+	try {
+		return dcp::DecryptedKDM (_dcp_content->kdm().get(), Config::instance()->decryption_chain()->key().get());
+	} catch (dcp::KDMDecryptionError& e) {
+		/* Try to flesh out the error a bit */
+		string const kdm_subject_name = _dcp_content->kdm()->recipient_x509_subject_name();
+		bool on_chain = false;
+		shared_ptr<const dcp::CertificateChain> dc = Config::instance()->decryption_chain();
+		BOOST_FOREACH (dcp::Certificate i, dc->root_to_leaf()) {
+			if (i.subject() == kdm_subject_name) {
+				on_chain = true;
+			}
+		}
+		if (!on_chain) {
+			throw KDMError (_("KDM was not made for DCP-o-matic's decryption certificate."), e.what());
+		} else if (on_chain && kdm_subject_name != dc->leaf().subject()) {
+			throw KDMError (_("KDM was made for DCP-o-matic but not for its leaf certificate."), e.what());
+		} else {
+			throw;
+		}
+	}
+}
+
 /** Find all the CPLs in our directories, cross-add assets and return the CPLs */
 list<shared_ptr<dcp::CPL> >
 DCP::cpls () const
@@ -63,25 +88,9 @@ DCP::cpls () const
 	}
 
 	if (_dcp_content->kdm ()) {
+		dcp::DecryptedKDM k = decrypted_kdm ();
 		BOOST_FOREACH (shared_ptr<dcp::DCP> i, dcps) {
-			try {
-				i->add (dcp::DecryptedKDM (_dcp_content->kdm().get(), Config::instance()->decryption_chain()->key().get ()));
-			} catch (dcp::KDMDecryptionError& e) {
-				/* Flesh out the error a bit */
-				string const kdm_subject_name = _dcp_content->kdm()->recipient_x509_subject_name();
-				bool on_chain = false;
-				shared_ptr<const dcp::CertificateChain> dc = Config::instance()->decryption_chain();
-				BOOST_FOREACH (dcp::Certificate i, dc->root_to_leaf()) {
-					if (i.subject() == kdm_subject_name) {
-						on_chain = true;
-					}
-				}
-				if (!on_chain) {
-					throw KDMError (_("KDM was not made for DCP-o-matic's decryption certificate."), e.what());
-				} else if (on_chain && kdm_subject_name != dc->leaf().subject()) {
-					throw KDMError (_("KDM was made for DCP-o-matic but not for its leaf certificate."), e.what());
-				}
-			}
+			i->add (k);
 		}
 	}
 
diff --git a/src/lib/dcp.h b/src/lib/dcp.h
index d449fdb39..b98dce5d4 100644
--- a/src/lib/dcp.h
+++ b/src/lib/dcp.h
@@ -32,6 +32,7 @@ class DCP
 {
 public:
 	std::list<boost::shared_ptr<dcp::CPL> > cpls () const;
+	dcp::DecryptedKDM decrypted_kdm () const;
 
 protected:
 	explicit DCP (boost::shared_ptr<const DCPContent> content, bool tolerant)
diff --git a/src/lib/dcp_decoder.cc b/src/lib/dcp_decoder.cc
index 90b730f5b..95cad9266 100644
--- a/src/lib/dcp_decoder.cc
+++ b/src/lib/dcp_decoder.cc
@@ -44,6 +44,7 @@
 #include <dcp/sound_frame.h>
 #include <dcp/sound_asset_reader.h>
 #include <dcp/subtitle_image.h>
+#include <dcp/decrypted_kdm.h>
 #include <boost/foreach.hpp>
 #include <iostream>
 
@@ -76,6 +77,14 @@ DCPDecoder::DCPDecoder (shared_ptr<const Film> film, shared_ptr<const DCPContent
 
 	if (old) {
 		_reels = old->_reels;
+
+		/* We might have gained a KDM since we made the Reel objects */
+		if (_dcp_content->kdm ()) {
+			dcp::DecryptedKDM k = decrypted_kdm ();
+			BOOST_FOREACH (shared_ptr<dcp::Reel> i, _reels) {
+				i->add (k);
+			}
+		}
 	} else {
 
 		list<shared_ptr<dcp::CPL> > cpl_list = cpls ();
-- 
2.30.2