Device unable to recover from a bad certificate
In the android media DRM api test, provisioning is indicated, when a generate license request command is issued after a switch between L1 and L3. This is as expected as oemcrypto is unable to decrypt the key wrapped earlier (bad padding). Subsequent provisioning request and storage of wrapped keys complete successfully. If the same session is used to reissue a generate license request command, the wrapped keys and cert used are those present in memory from the initial retrival, rather than rereading the new ones from persistent storage. This results in a cycle of successful provisioning attempts followed by generation of license requests commands which return a provisioning needed error. A change has been added to reinitialize the session and reload the wrapped keys. b/8878324 Merge of https://widevine-internal-review.googlesource.com/#/c/5600/ from the Widevine CDM repository. Change-Id: Iaf47d15d104fd681706df5f64be583af24186abe
This commit is contained in:
Jeff Tinker
@@ -18,10 +18,12 @@ namespace wvcdm {
|
||||
|
||||
class CdmSession {
|
||||
public:
|
||||
CdmSession() : session_id_(GenerateSessionId()), license_received_(false) {}
|
||||
CdmSession() : session_id_(GenerateSessionId()), license_received_(false),
|
||||
reinitialize_session_(false) {}
|
||||
~CdmSession() {}
|
||||
|
||||
CdmResponseType Init();
|
||||
CdmResponseType ReInit();
|
||||
|
||||
bool DestroySession();
|
||||
|
||||
@@ -93,6 +95,7 @@ class CdmSession {
|
||||
CryptoSession* crypto_session_;
|
||||
PolicyEngine policy_engine_;
|
||||
bool license_received_;
|
||||
bool reinitialize_session_;
|
||||
|
||||
KeyId key_id_;
|
||||
|
||||
|
||||
@@ -47,6 +47,11 @@ CdmResponseType CdmSession::Init() {
|
||||
return UNKNOWN_ERROR;
|
||||
}
|
||||
|
||||
CdmResponseType CdmSession::ReInit() {
|
||||
DestroySession();
|
||||
return Init();
|
||||
}
|
||||
|
||||
bool CdmSession::DestroySession() {
|
||||
if (crypto_session_) {
|
||||
delete crypto_session_;
|
||||
@@ -68,6 +73,16 @@ CdmResponseType CdmSession::GenerateKeyRequest(
|
||||
CdmAppParameterMap& app_parameters,
|
||||
CdmKeyMessage* key_request,
|
||||
std::string* server_url) {
|
||||
|
||||
if (reinitialize_session_) {
|
||||
CdmResponseType sts = ReInit();
|
||||
if (sts != NO_ERROR) {
|
||||
return sts;
|
||||
}
|
||||
reinitialize_session_ = false;
|
||||
}
|
||||
|
||||
|
||||
if (!crypto_session_) {
|
||||
LOGW("CdmSession::GenerateKeyRequest: Invalid crypto session");
|
||||
return UNKNOWN_ERROR;
|
||||
@@ -90,8 +105,10 @@ CdmResponseType CdmSession::GenerateKeyRequest(
|
||||
}
|
||||
|
||||
if (Properties::use_certificates_as_identification()) {
|
||||
if (!crypto_session_->LoadCertificatePrivateKey(wrapped_key_))
|
||||
if (!crypto_session_->LoadCertificatePrivateKey(wrapped_key_)) {
|
||||
reinitialize_session_ = true;
|
||||
return NEED_PROVISIONING;
|
||||
}
|
||||
}
|
||||
|
||||
if (!license_parser_.PrepareKeyRequest(pssh_data,
|
||||
|
||||
Reference in New Issue
Block a user