From 1e77753ef4119b6d7df7d2255b1a1d8d6af951de Mon Sep 17 00:00:00 2001 From: Carl Hetherington Date: Fri, 9 Nov 2018 00:04:23 +0000 Subject: [PATCH] Allow specification of trusted devices by thumbprint rather than by full certificate. --- ChangeLog | 4 +++ cscript | 4 +-- src/lib/film.cc | 6 ++-- src/lib/film.h | 2 +- src/lib/screen.cc | 56 ++++++++++++++++++++++++++++++++-- src/lib/screen.h | 35 ++++++++++++++++++--- src/tools/dcpomatic.cc | 3 +- src/tools/dcpomatic_kdm.cc | 2 +- src/tools/dcpomatic_kdm_cli.cc | 8 ++--- src/wx/screen_dialog.cc | 56 +++++++++++++++++++++++++++++----- src/wx/screen_dialog.h | 15 ++++----- test/import_dcp_test.cc | 4 ++- test/remake_id_test.cc | 2 +- test/vf_kdm_test.cc | 6 ++-- 14 files changed, 165 insertions(+), 38 deletions(-) diff --git a/ChangeLog b/ChangeLog index a9d6d8bf1..02bb1e71d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2018-11-09 Carl Hetherington + + * Allow specification of trusted devices by thumbprint rather than full certificate. + 2018-11-07 Carl Hetherington * Add button to force re-encode of JPEG2000 content. diff --git a/cscript b/cscript index 9f0460b0e..9f12046ec 100644 --- a/cscript +++ b/cscript @@ -341,8 +341,8 @@ def dependencies(target): # Use distro-provided FFmpeg on Arch deps = [] - deps.append(('libdcp', '7930f76')) - deps.append(('libsub', '7bf99dc')) + deps.append(('libdcp', '27e1378')) + deps.append(('libsub', '2728525')) deps.append(('rtaudio-cdist', '739969e')) return deps diff --git a/src/lib/film.cc b/src/lib/film.cc index 2ff02d799..426c7f81d 100644 --- a/src/lib/film.cc +++ b/src/lib/film.cc @@ -1259,7 +1259,7 @@ Film::frame_size () const } /** @param recipient KDM recipient certificate. - * @param trusted_devices Certificates of other trusted devices (can be empty). + * @param trusted_devices Certificate thumbprints of other trusted devices (can be empty). * @param cpl_file CPL filename. * @param from KDM from time expressed as a local time with an offset from UTC. * @param until KDM to time expressed as a local time with an offset from UTC. @@ -1271,7 +1271,7 @@ Film::frame_size () const dcp::EncryptedKDM Film::make_kdm ( dcp::Certificate recipient, - vector trusted_devices, + vector trusted_devices, boost::filesystem::path cpl_file, dcp::LocalTime from, dcp::LocalTime until, @@ -1357,7 +1357,7 @@ Film::make_kdms ( if (i->recipient) { dcp::EncryptedKDM const kdm = make_kdm ( i->recipient.get(), - i->trusted_devices, + i->trusted_device_thumbprints(), cpl_file, dcp::LocalTime (from, i->cinema->utc_offset_hour(), i->cinema->utc_offset_minute()), dcp::LocalTime (until, i->cinema->utc_offset_hour(), i->cinema->utc_offset_minute()), diff --git a/src/lib/film.h b/src/lib/film.h index d251c7fcc..4656da9de 100644 --- a/src/lib/film.h +++ b/src/lib/film.h @@ -130,7 +130,7 @@ public: dcp::EncryptedKDM make_kdm ( dcp::Certificate recipient, - std::vector trusted_devices, + std::vector trusted_devices, boost::filesystem::path cpl_file, dcp::LocalTime from, dcp::LocalTime until, diff --git a/src/lib/screen.cc b/src/lib/screen.cc index fe8369cb8..5ec00f9c1 100644 --- a/src/lib/screen.cc +++ b/src/lib/screen.cc @@ -21,6 +21,10 @@ #include "screen.h" #include #include +#include + +using std::string; +using std::vector; Screen::Screen (cxml::ConstNodePtr node) : name (node->string_child("Name")) @@ -33,7 +37,11 @@ Screen::Screen (cxml::ConstNodePtr node) } BOOST_FOREACH (cxml::ConstNodePtr i, node->node_children ("TrustedDevice")) { - trusted_devices.push_back (dcp::Certificate (i->content ())); + if (boost::algorithm::starts_with(i->content(), "-----BEGIN CERTIFICATE-----")) { + trusted_devices.push_back (TrustedDevice(dcp::Certificate(i->content()))); + } else { + trusted_devices.push_back (TrustedDevice(i->content())); + } } } @@ -47,7 +55,49 @@ Screen::as_xml (xmlpp::Element* parent) const parent->add_child("Notes")->add_child_text (notes); - BOOST_FOREACH (dcp::Certificate const & i, trusted_devices) { - parent->add_child("TrustedDevice")->add_child_text (i.certificate (true)); + BOOST_FOREACH (TrustedDevice i, trusted_devices) { + parent->add_child("TrustedDevice")->add_child_text(i.as_string()); + } +} + +vector +Screen::trusted_device_thumbprints () const +{ + vector t; + BOOST_FOREACH (TrustedDevice i, trusted_devices) { + t.push_back (i.thumbprint()); } + return t; +} + +TrustedDevice::TrustedDevice (string thumbprint) + : _thumbprint (thumbprint) +{ + +} + +TrustedDevice::TrustedDevice (dcp::Certificate certificate) + : _certificate (certificate) +{ + +} + +string +TrustedDevice::as_string () const +{ + if (_certificate) { + return _certificate->certificate(true); + } + + return *_thumbprint; +} + +string +TrustedDevice::thumbprint () const +{ + if (_certificate) { + return _certificate->thumbprint (); + } + + return *_thumbprint; } diff --git a/src/lib/screen.h b/src/lib/screen.h index 5e8f1f975..eff2e5ffe 100644 --- a/src/lib/screen.h +++ b/src/lib/screen.h @@ -1,5 +1,5 @@ /* - Copyright (C) 2013-2016 Carl Hetherington + Copyright (C) 2013-2018 Carl Hetherington This file is part of DCP-o-matic. @@ -18,6 +18,9 @@ */ +#ifndef DCPOMATIC_SCREEN_H +#define DCPOMATIC_SCREEN_H + #include #include #include @@ -25,16 +28,35 @@ class Cinema; +class TrustedDevice +{ +public: + explicit TrustedDevice (std::string); + explicit TrustedDevice (dcp::Certificate); + + boost::optional certificate () const { + return _certificate; + } + + std::string thumbprint () const; + std::string as_string () const; + +private: + boost::optional _certificate; + boost::optional _thumbprint; +}; + /** @class Screen * @brief A representation of a Screen for KDM generation. * - * This is the name of the screen and the certificate of its - * `recipient' (i.e. the servers). + * This is the name of the screen, the certificate of its + * `recipient' (i.e. the mediablock) and the certificates/thumbprints + * of any trusted devices. */ class Screen { public: - Screen (std::string const & n, boost::optional rec, std::vector td) + Screen (std::string const & n, boost::optional rec, std::vector td) : name (n) , recipient (rec) , trusted_devices (td) @@ -43,10 +65,13 @@ public: explicit Screen (cxml::ConstNodePtr); void as_xml (xmlpp::Element *) const; + std::vector trusted_device_thumbprints () const; boost::shared_ptr cinema; std::string name; std::string notes; boost::optional recipient; - std::vector trusted_devices; + std::vector trusted_devices; }; + +#endif diff --git a/src/tools/dcpomatic.cc b/src/tools/dcpomatic.cc index 4d6a289b5..3d74859dc 100644 --- a/src/tools/dcpomatic.cc +++ b/src/tools/dcpomatic.cc @@ -55,6 +55,7 @@ #include "lib/version.h" #include "lib/signal_manager.h" #include "lib/log.h" +#include "lib/screen.h" #include "lib/job_manager.h" #include "lib/exceptions.h" #include "lib/cinema.h" @@ -823,7 +824,7 @@ private: try { kdm = _film->make_kdm ( Config::instance()->decryption_chain()->leaf(), - vector (), + vector(), d->cpl (), dcp::LocalTime ("2012-01-01T01:00:00+00:00"), dcp::LocalTime ("2112-01-01T01:00:00+00:00"), diff --git a/src/tools/dcpomatic_kdm.cc b/src/tools/dcpomatic_kdm.cc index 184319a5f..e901d2d0c 100644 --- a/src/tools/dcpomatic_kdm.cc +++ b/src/tools/dcpomatic_kdm.cc @@ -332,7 +332,7 @@ private: ScreenKDM ( i, kdm.encrypt ( - signer, i->recipient.get(), i->trusted_devices, _output->formulation(), + signer, i->recipient.get(), i->trusted_device_thumbprints(), _output->formulation(), !_output->forensic_mark_video(), _output->forensic_mark_audio() ? boost::optional() : 0 ) ) diff --git a/src/tools/dcpomatic_kdm_cli.cc b/src/tools/dcpomatic_kdm_cli.cc index f1849adf6..3dc3f21b0 100644 --- a/src/tools/dcpomatic_kdm_cli.cc +++ b/src/tools/dcpomatic_kdm_cli.cc @@ -273,7 +273,7 @@ dcp::EncryptedKDM kdm_from_dkdm ( dcp::DecryptedKDM dkdm, dcp::Certificate target, - vector trusted_devices, + vector trusted_devices, dcp::LocalTime valid_from, dcp::LocalTime valid_to, dcp::Formulation formulation, @@ -337,7 +337,7 @@ from_dkdm ( kdm_from_dkdm ( dkdm, i->recipient.get(), - i->trusted_devices, + i->trusted_device_thumbprints(), dcp::LocalTime(valid_from, i->cinema->utc_offset_hour(), i->cinema->utc_offset_minute()), dcp::LocalTime(valid_to, i->cinema->utc_offset_hour(), i->cinema->utc_offset_minute()), formulation, @@ -500,7 +500,7 @@ int main (int argc, char* argv[]) case 'C': { /* Make a new screen and add it to the current cinema */ - shared_ptr screen (new Screen (screen_description, dcp::Certificate (dcp::file_to_string (optarg)), vector())); + shared_ptr screen (new Screen (screen_description, dcp::Certificate (dcp::file_to_string (optarg)), vector())); if (cinema) { cinema->add_screen (screen); } @@ -510,7 +510,7 @@ int main (int argc, char* argv[]) case 'T': /* A trusted device ends up in the last screen we made */ if (!screens.empty ()) { - screens.back()->trusted_devices.push_back (dcp::Certificate (dcp::file_to_string (optarg))); + screens.back()->trusted_devices.push_back(TrustedDevice(dcp::Certificate(dcp::file_to_string(optarg)))); } break; case 'B': diff --git a/src/wx/screen_dialog.cc b/src/wx/screen_dialog.cc index 8f0086185..f5d4b044a 100644 --- a/src/wx/screen_dialog.cc +++ b/src/wx/screen_dialog.cc @@ -22,6 +22,7 @@ #include "wx_util.h" #include "file_dialog_wrapper.h" #include "download_certificate_dialog.h" +#include "table_dialog.h" #include "lib/compose.hpp" #include "lib/util.h" #include @@ -37,23 +38,64 @@ using boost::optional; using boost::bind; static string -column (dcp::Certificate c) +column (TrustedDevice d) { - return c.thumbprint (); + return d.thumbprint (); } -class CertificateFileDialogWrapper : public FileDialogWrapper +class TrustedDeviceDialog : public TableDialog { public: - explicit CertificateFileDialogWrapper (wxWindow* parent) - : FileDialogWrapper (parent, _("Select certificate file")) + explicit TrustedDeviceDialog (wxWindow* parent) + : TableDialog (parent, _("Trusted Device"), 3, 1, true) { + add (_("Thumbprint"), true); + _thumbprint = add (new wxTextCtrl(this, wxID_ANY, wxT(""), wxDefaultPosition, wxSize(300, -1))); + _file = add (new wxButton(this, wxID_ANY, _("Load certificate..."))); + layout (); + + _file->Bind (wxEVT_BUTTON, bind(&TrustedDeviceDialog::load_certificate, this)); + } + + void load_certificate () + { + wxFileDialog* d = new wxFileDialog (this, _("Trusted Device certificate")); + d->ShowModal (); + try { + _certificate = dcp::Certificate(dcp::file_to_string(wx_to_std(d->GetPath()))); + _thumbprint->SetValue (std_to_wx(_certificate->thumbprint())); + } catch (dcp::MiscError& e) { + error_dialog (this, wxString::Format(_("Could not load certficate (%s)"), std_to_wx(e.what()))); + } + } + + void set (TrustedDevice t) + { + _certificate = t.certificate (); + _thumbprint->SetValue (std_to_wx(t.thumbprint())); } + + optional get () + { + string const t = wx_to_std (_thumbprint->GetValue ()); + if (_certificate && _certificate->thumbprint() == t) { + return TrustedDevice (*_certificate); + } else if (t.length() == 28) { + return TrustedDevice (t); + } + + return optional (); + } + +private: + wxTextCtrl* _thumbprint; + wxButton* _file; + boost::optional _certificate; }; ScreenDialog::ScreenDialog ( - wxWindow* parent, wxString title, string name, string notes, optional recipient, vector trusted_devices + wxWindow* parent, wxString title, string name, string notes, optional recipient, vector trusted_devices ) : wxDialog (parent, wxID_ANY, title) , _recipient (recipient) @@ -100,7 +142,7 @@ ScreenDialog::ScreenDialog ( vector columns; columns.push_back (wx_to_std (_("Thumbprint"))); - _trusted_device_list = new EditableList ( + _trusted_device_list = new EditableList ( this, columns, bind (&ScreenDialog::trusted_devices, this), diff --git a/src/wx/screen_dialog.h b/src/wx/screen_dialog.h index 9bb7d863e..913480d76 100644 --- a/src/wx/screen_dialog.h +++ b/src/wx/screen_dialog.h @@ -1,5 +1,5 @@ /* - Copyright (C) 2012-2016 Carl Hetherington + Copyright (C) 2012-2018 Carl Hetherington This file is part of DCP-o-matic. @@ -19,13 +19,14 @@ */ #include "editable_list.h" +#include "lib/screen.h" #include #include #include #include class Progress; -class CertificateFileDialogWrapper; +class TrustedDeviceDialog; class ScreenDialog : public wxDialog { @@ -36,13 +37,13 @@ public: std::string name = "", std::string notes = "", boost::optional c = boost::optional (), - std::vector d = std::vector () + std::vector d = std::vector() ); std::string name () const; std::string notes () const; boost::optional recipient () const; - std::vector trusted_devices () { + std::vector trusted_devices () { return _trusted_devices; } @@ -53,7 +54,7 @@ private: void setup_sensitivity (); void set_recipient (boost::optional); - void set_trusted_devices (std::vector d) { + void set_trusted_devices (std::vector d) { _trusted_devices = d; } @@ -63,8 +64,8 @@ private: wxStaticText* _recipient_thumbprint; wxButton* _get_recipient_from_file; wxButton* _download_recipient; - EditableList* _trusted_device_list; + EditableList* _trusted_device_list; boost::optional _recipient; - std::vector _trusted_devices; + std::vector _trusted_devices; }; diff --git a/test/import_dcp_test.cc b/test/import_dcp_test.cc index 1f5247392..9bec45354 100644 --- a/test/import_dcp_test.cc +++ b/test/import_dcp_test.cc @@ -25,6 +25,7 @@ #include "test.h" #include "lib/film.h" +#include "lib/screen.h" #include "lib/dcp_subtitle_content.h" #include "lib/ratio.h" #include "lib/dcp_content_type.h" @@ -38,6 +39,7 @@ #include using std::vector; +using std::string; using boost::shared_ptr; /** Make an encrypted DCP, import it and make a new unencrypted DCP */ @@ -64,7 +66,7 @@ BOOST_AUTO_TEST_CASE (import_dcp_test) dcp::EncryptedKDM kdm = A->make_kdm ( Config::instance()->decryption_chain()->leaf (), - vector (), + vector(), A_dcp.cpls().front()->file().get(), dcp::LocalTime ("2014-07-21T00:00:00+00:00"), dcp::LocalTime ("2024-07-21T00:00:00+00:00"), diff --git a/test/remake_id_test.cc b/test/remake_id_test.cc index e7e9c67b2..ac1bfbe14 100644 --- a/test/remake_id_test.cc +++ b/test/remake_id_test.cc @@ -91,7 +91,7 @@ BOOST_AUTO_TEST_CASE (remake_id_test2) /* Make a DKDM */ dcp::EncryptedKDM kdm = film->make_kdm ( Config::instance()->decryption_chain()->leaf(), - vector(), + vector(), *cpl, dcp::LocalTime ("2012-01-01T01:00:00+00:00"), dcp::LocalTime ("2112-01-01T01:00:00+00:00"), diff --git a/test/vf_kdm_test.cc b/test/vf_kdm_test.cc index 8b6e215ba..bbaa3d6d2 100644 --- a/test/vf_kdm_test.cc +++ b/test/vf_kdm_test.cc @@ -32,10 +32,12 @@ #include "lib/ffmpeg_content.h" #include "lib/config.h" #include "lib/cross.h" +#include "lib/screen.h" #include #include using std::vector; +using std::string; using boost::shared_ptr; BOOST_AUTO_TEST_CASE (vf_kdm_test) @@ -62,7 +64,7 @@ BOOST_AUTO_TEST_CASE (vf_kdm_test) dcp::EncryptedKDM A_kdm = A->make_kdm ( Config::instance()->decryption_chain()->leaf (), - vector (), + vector(), A_dcp.cpls().front()->file().get(), dcp::LocalTime ("2014-07-21T00:00:00+00:00"), dcp::LocalTime ("2024-07-21T00:00:00+00:00"), @@ -92,7 +94,7 @@ BOOST_AUTO_TEST_CASE (vf_kdm_test) dcp::EncryptedKDM B_kdm = B->make_kdm ( Config::instance()->decryption_chain()->leaf (), - vector (), + vector(), B_dcp.cpls().front()->file().get(), dcp::LocalTime ("2014-07-21T00:00:00+00:00"), dcp::LocalTime ("2024-07-21T00:00:00+00:00"), -- 2.30.2