From 7ed6f9aeb2b0d321c6e2d93bf558eb9b508415bd Mon Sep 17 00:00:00 2001
From: Carl Hetherington <cth@carlh.net>
Date: Thu, 14 May 2020 20:35:32 +0200
Subject: [PATCH] Christie FTP contains certificate chains, not just leaf
 certificates.

Backported from 2c844e57ed5c54e65a2b4484f02907122a03361e in v2.15.x.
---
 src/wx/barco_alchemy_certificate_panel.cc |  2 +-
 src/wx/christie_certificate_panel.cc      |  4 ++--
 src/wx/dolby_doremi_certificate_panel.cc  |  2 +-
 src/wx/download_certificate_panel.cc      | 17 ++++++++++++++++-
 src/wx/download_certificate_panel.h       |  3 ++-
 src/wx/gdc_certificate_panel.cc           |  2 +-
 6 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/src/wx/barco_alchemy_certificate_panel.cc b/src/wx/barco_alchemy_certificate_panel.cc
index 84048c65c..a4156a0e6 100644
--- a/src/wx/barco_alchemy_certificate_panel.cc
+++ b/src/wx/barco_alchemy_certificate_panel.cc
@@ -60,7 +60,7 @@ BarcoAlchemyCertificatePanel::do_download ()
 		serial
 		);
 
-	optional<string> error = get_from_url (url, true, false, boost::bind (&DownloadCertificatePanel::load, this, _1));
+	optional<string> error = get_from_url (url, true, false, boost::bind (&DownloadCertificatePanel::load_certificate, this, _1));
 	if (error) {
 		_dialog->message()->SetLabel(wxT(""));
 		error_dialog (this, std_to_wx(*error));
diff --git a/src/wx/christie_certificate_panel.cc b/src/wx/christie_certificate_panel.cc
index 9e95aa994..43a9a2432 100644
--- a/src/wx/christie_certificate_panel.cc
+++ b/src/wx/christie_certificate_panel.cc
@@ -57,13 +57,13 @@ ChristieCertificatePanel::do_download ()
 
 	optional<string> all_errors;
 
-	optional<string> error = get_from_url (url, true, false, boost::bind (&DownloadCertificatePanel::load, this, _1));
+	optional<string> error = get_from_url (url, true, false, boost::bind(&DownloadCertificatePanel::load_certificate_from_chain, this, _1));
 	if (error) {
 		all_errors = *error;
 
 		string const url = String::compose ("%1IMB-S2/IMB-S2_%2_sha256.pem", prefix, serial);
 
-		error = get_from_url (url, true, false, boost::bind (&DownloadCertificatePanel::load, this, _1));
+		error = get_from_url (url, true, false, boost::bind(&DownloadCertificatePanel::load_certificate_from_chain, this, _1));
 		if (error) {
 			*all_errors += "\n" + *error;
 		}
diff --git a/src/wx/dolby_doremi_certificate_panel.cc b/src/wx/dolby_doremi_certificate_panel.cc
index c37b42e43..b047f6468 100644
--- a/src/wx/dolby_doremi_certificate_panel.cc
+++ b/src/wx/dolby_doremi_certificate_panel.cc
@@ -177,7 +177,7 @@ DolbyDoremiCertificatePanel::do_download ()
 	list<string>::const_iterator i = urls.begin ();
 	list<string>::const_iterator j = files.begin ();
 	while (!ok && i != urls.end ()) {
-		optional<string> error = get_from_zip_url (*i++, *j++, true, true, boost::bind (&DownloadCertificatePanel::load, this, _1));
+		optional<string> error = get_from_zip_url (*i++, *j++, true, true, boost::bind (&DownloadCertificatePanel::load_certificate, this, _1));
 		if (error) {
 			errors.push_back (error.get ());
 		} else {
diff --git a/src/wx/download_certificate_panel.cc b/src/wx/download_certificate_panel.cc
index 461c68966..34e6136ae 100644
--- a/src/wx/download_certificate_panel.cc
+++ b/src/wx/download_certificate_panel.cc
@@ -24,6 +24,7 @@
 #include "lib/signal_manager.h"
 #include "lib/compose.hpp"
 #include <dcp/util.h>
+#include <dcp/certificate_chain.h>
 #include <dcp/exceptions.h>
 #include <boost/bind.hpp>
 
@@ -53,8 +54,9 @@ DownloadCertificatePanel::DownloadCertificatePanel (DownloadCertificateDialog* d
 	_overall_sizer->SetSizeHints (this);
 }
 
+
 optional<string>
-DownloadCertificatePanel::load (boost::filesystem::path file)
+DownloadCertificatePanel::load_certificate (boost::filesystem::path file)
 {
 	try {
 		_certificate = dcp::Certificate (dcp::file_to_string (file));
@@ -64,6 +66,19 @@ DownloadCertificatePanel::load (boost::filesystem::path file)
 	return optional<string>();
 }
 
+
+optional<string>
+DownloadCertificatePanel::load_certificate_from_chain (boost::filesystem::path file)
+{
+	try {
+		_certificate = dcp::CertificateChain (dcp::file_to_string(file)).leaf();
+	} catch (dcp::MiscError& e) {
+		return String::compose(wx_to_std(_("Could not read certificate file (%1)")), e.what());
+	}
+	return optional<string>();
+}
+
+
 optional<dcp::Certificate>
 DownloadCertificatePanel::certificate () const
 {
diff --git a/src/wx/download_certificate_panel.h b/src/wx/download_certificate_panel.h
index dee76c435..f10b42b00 100644
--- a/src/wx/download_certificate_panel.h
+++ b/src/wx/download_certificate_panel.h
@@ -37,7 +37,8 @@ public:
 	virtual bool ready_to_download () const;
 
 	void download ();
-	boost::optional<std::string> load (boost::filesystem::path);
+	boost::optional<std::string> load_certificate (boost::filesystem::path);
+	boost::optional<std::string> load_certificate_from_chain (boost::filesystem::path);
 	boost::optional<dcp::Certificate> certificate () const;
 
 protected:
diff --git a/src/wx/gdc_certificate_panel.cc b/src/wx/gdc_certificate_panel.cc
index b0bb31674..2d47b427e 100644
--- a/src/wx/gdc_certificate_panel.cc
+++ b/src/wx/gdc_certificate_panel.cc
@@ -51,7 +51,7 @@ GDCCertificatePanel::do_download ()
 		wx_to_std(_serial->GetValue())
 		);
 
-	optional<string> error = get_from_url (url, true, false, boost::bind (&DownloadCertificatePanel::load, this, _1));
+	optional<string> error = get_from_url (url, true, false, boost::bind(&DownloadCertificatePanel::load_certificate, this, _1));
 
 	if (error) {
 		_dialog->message()->SetLabel(wxT(""));
-- 
2.30.2