Take thumbprint rather than a full dcp::Certificate for trusted devices.

diff --git a/src/decrypted_kdm.cc b/src/decrypted_kdm.cc
index 0fa95f9a714399acd27927586a64d782faa82326..756028d15e18d6f563e3aa989a0fd3a4d5470d4e 100644 (file)
--- a/src/decrypted_kdm.cc
+++ b/src/decrypted_kdm.cc
@@ -305,7 +305,7 @@ EncryptedKDM
 DecryptedKDM::encrypt (
        shared_ptr<const CertificateChain> signer,
        Certificate recipient,
-       vector<Certificate> trusted_devices,
+       vector<string> trusted_devices,
        Formulation formulation,
        bool disable_forensic_marking_picture,
        optional<int> disable_forensic_marking_audio

diff --git a/src/decrypted_kdm.h b/src/decrypted_kdm.h
index 7ae1d161feaf1efefb5820985b68bbe5646371b6..1cf1e0d48f2a4303b2889ad2ef571d6a97130f69 100644 (file)
--- a/src/decrypted_kdm.h
+++ b/src/decrypted_kdm.h
@@ -1,5 +1,5 @@
 /*
-    Copyright (C) 2013-2017 Carl Hetherington <cth@carlh.net>
+    Copyright (C) 2013-2018 Carl Hetherington <cth@carlh.net>
 
     This file is part of libdcp.
 
@@ -121,7 +121,7 @@ public:
        /** Encrypt this KDM's keys and sign the whole KDM.
         *  @param signer Chain to sign with.
         *  @param recipient Certificate of the projector/server which should receive this KDM's keys.
-        *  @param trusted_devices Extra trusted devices which should be written to the KDM (recipient will be written
+        *  @param trusted_devices Thumbprints of extra trusted devices which should be written to the KDM (recipient will be written
         *  as a trusted device automatically and does not need to be included in this list).
         *  @param formulation Formulation to use for the encrypted KDM.
         *  @param disable_forensic_marking_picture true to disable forensic marking of picture.
@@ -132,7 +132,7 @@ public:
        EncryptedKDM encrypt (
                boost::shared_ptr<const CertificateChain> signer,
                Certificate recipient,
-               std::vector<Certificate> trusted_devices,
+               std::vector<std::string> trusted_devices,
                Formulation formulation,
                bool disable_forensic_marking_picture,
                boost::optional<int> disable_forensic_marking_audio

diff --git a/src/encrypted_kdm.cc b/src/encrypted_kdm.cc
index 7a7d98c1fb16858d2f26a9d52042217caafbaf62..23052f8a2c438bd358acb3e0b8f63628a68c5b30 100644 (file)
--- a/src/encrypted_kdm.cc
+++ b/src/encrypted_kdm.cc
@@ -576,10 +576,11 @@ EncryptedKDM::EncryptedKDM (string s)
        }
 }
 
+/** @param trusted_devices Trusted device thumbprints */
 EncryptedKDM::EncryptedKDM (
        shared_ptr<const CertificateChain> signer,
        Certificate recipient,
-       vector<Certificate> trusted_devices,
+       vector<string> trusted_devices,
        string cpl_id,
        string content_title_text,
        optional<string> annotation_text,
@@ -651,8 +652,8 @@ EncryptedKDM::EncryptedKDM (
                                   recipient's thumbprint (recipient.thumbprint()).
                                   Waimea uses only the trusted devices here, too.
                                */
-                               BOOST_FOREACH (Certificate const & i, trusted_devices) {
-                                       kre.authorized_device_info->certificate_thumbprints.push_back (i.thumbprint ());
+                               BOOST_FOREACH (string i, trusted_devices) {
+                                       kre.authorized_device_info->certificate_thumbprints.push_back (i);
                                }
                        }
                }

diff --git a/src/encrypted_kdm.h b/src/encrypted_kdm.h
index 3ac15864058390b9f9170afd7de0e7a7037d26f6..e52fa0a132ba9e163890b6e841b0df9403c56de6 100644 (file)
--- a/src/encrypted_kdm.h
+++ b/src/encrypted_kdm.h
@@ -103,7 +103,7 @@ private:
        EncryptedKDM (
                boost::shared_ptr<const CertificateChain> signer,
                Certificate recipient,
-               std::vector<Certificate> trusted_devices,
+               std::vector<std::string> trusted_devices,
                std::string cpl_id,
                std::string cpl_content_title_text,
                boost::optional<std::string> annotation_text,

diff --git a/test/encryption_test.cc b/test/encryption_test.cc
index 42b93bb0830b885bedff702069e4eac1cae1c04e..d7b9aefa1c5738579d4657b927675d6efbd10a0d 100644 (file)
--- a/test/encryption_test.cc
+++ b/test/encryption_test.cc
@@ -1,5 +1,5 @@
 /*
-    Copyright (C) 2013-2015 Carl Hetherington <cth@carlh.net>
+    Copyright (C) 2013-2018 Carl Hetherington <cth@carlh.net>
 
     This file is part of libdcp.
 
@@ -40,6 +40,7 @@
 #include <boost/shared_ptr.hpp>
 
 using std::vector;
+using std::string;
 using boost::shared_ptr;
 
 /** Load a certificate chain from build/test/data/ *.pem and then build
@@ -135,7 +136,7 @@ BOOST_AUTO_TEST_CASE (encryption_test)
                "2012-07-17T04:45:18+00:00"
                );
 
-       kdm.encrypt (signer, signer->leaf(), vector<dcp::Certificate>(), dcp::MODIFIED_TRANSITIONAL_1, true, 0).as_xml ("build/test/encryption_test.kdm.xml");
+       kdm.encrypt (signer, signer->leaf(), vector<string>(), dcp::MODIFIED_TRANSITIONAL_1, true, 0).as_xml ("build/test/encryption_test.kdm.xml");
 
        int r = system (
                "xmllint --path schema --nonet --noout --schema schema/SMPTE-430-1-2006-Amd-1-2009-KDM.xsd build/test/encryption_test.kdm.xml "

diff --git a/test/kdm_test.cc b/test/kdm_test.cc
index 53aabd87b9c5a094495fa7bbda98f115575b6ea5..4a9d4ff8a8efb5fb517b79e2c710e7b1865b7a6f 100644 (file)
--- a/test/kdm_test.cc
+++ b/test/kdm_test.cc
@@ -146,7 +146,7 @@ kdm_forensic_test (cxml::Document& doc, bool picture, optional<int> audio)
        signer->set_key(dcp::file_to_string("test/data/private.key"));
 
        dcp::EncryptedKDM kdm = decrypted.encrypt (
-               signer, signer->leaf(), vector<dcp::Certificate>(), dcp::MODIFIED_TRANSITIONAL_1, picture, audio
+               signer, signer->leaf(), vector<string>(), dcp::MODIFIED_TRANSITIONAL_1, picture, audio
                );
 
        /* Check that we can pass this through correctly */

diff --git a/test/round_trip_test.cc b/test/round_trip_test.cc
index 567d3aa45bae3add498fc7b1d9e387fb6c5c944e..9c1001249af0ddb89dcacd22612c0665728501ce 100644 (file)
--- a/test/round_trip_test.cc
+++ b/test/round_trip_test.cc
@@ -1,5 +1,5 @@
 /*
-    Copyright (C) 2013-2015 Carl Hetherington <cth@carlh.net>
+    Copyright (C) 2013-2018 Carl Hetherington <cth@carlh.net>
 
     This file is part of libdcp.
 
@@ -42,6 +42,7 @@
 
 using std::list;
 using std::vector;
+using std::string;
 using boost::shared_ptr;
 using boost::scoped_array;
 
@@ -83,7 +84,7 @@ BOOST_AUTO_TEST_CASE (round_trip_test)
 
        boost::filesystem::path const kdm_file = work_dir / "kdm.xml";
 
-       kdm_A.encrypt(signer, signer->leaf(), vector<dcp::Certificate>(), dcp::MODIFIED_TRANSITIONAL_1, true, 0).as_xml (kdm_file);
+       kdm_A.encrypt(signer, signer->leaf(), vector<string>(), dcp::MODIFIED_TRANSITIONAL_1, true, 0).as_xml (kdm_file);
 
        /* Reload the KDM, using our private key to decrypt it */
        dcp::DecryptedKDM kdm_B (dcp::EncryptedKDM (dcp::file_to_string (kdm_file)), signer->key().get ());