Merge "Provide BCC in WVDrmFactory dumpsys." into tm-widevine-release

libwvdrmengine/cdm/core/include/wv_cdm_constants.h

@@ -118,6 +118,9 @@ static const std::string QUERY_KEY_CAN_DISABLE_ANALOG_OUTPUT =
     "CanDisableAnalogOutput";
 static const std::string QUERY_KEY_WATERMARKING_SUPPORT = "WatermarkingSupport";
 static const std::string QUERY_KEY_PRODUCTION_READY = "ProductionReady";
+// Internal query key.  Should not be exposed to Android apps.
+static const std::string QUERY_KEY_DEBUG_BOOT_CERTIFICATE_CHAIN =
+    "DebugBootCertificateChain";
 
 static const std::string QUERY_VALUE_TRUE = "True";
 static const std::string QUERY_VALUE_FALSE = "False";

libwvdrmengine/cdm/core/src/cdm_engine.cpp

@@ -851,6 +851,25 @@ CdmResponseType CdmEngine::QueryStatus(RequestedSecurityLevel security_level,
     *query_response = std::to_string(system_id);
     return NO_ERROR;
   }
+  if (query_token == QUERY_KEY_DEBUG_BOOT_CERTIFICATE_CHAIN) {
+    std::string bcc;
+    std::string signature_unused;
+    const CdmResponseType status = crypto_session->GetBootCertificateChain(
+        security_level, &bcc, &signature_unused);
+    if (status == NO_ERROR) {
+      LOGD("BCC length: %zu", bcc.size());
+      *query_response = std::move(bcc);
+      return CdmResponseType(NO_ERROR);
+    }
+    if (status == NOT_IMPLEMENTED_ERROR ||
+        status == PROVISIONING_TYPE_IS_NOT_BOOT_CERTIFICATE_CHAIN_ERROR) {
+      LOGD("BCC not available: %d", static_cast<int>(status));
+      *query_response = QUERY_VALUE_NONE;
+      return CdmResponseType(NO_ERROR);
+    }
+    LOGE("Failed to extract BCC: status = %d", static_cast<int>(status));
+    return status;
+  }
 
   CdmResponseType status;
   M_TIME(status = crypto_session->Open(security_level),

libwvdrmengine/cdm/core/src/crypto_session.cpp

@@ -810,17 +810,16 @@ CdmResponseType CryptoSession::GetProvisioningId(std::string* provisioning_id) {
   RETURN_IF_NULL(provisioning_id, PARAMETER_NULL);
   RETURN_IF_NOT_OPEN(CRYPTO_SESSION_NOT_OPEN);
 
-  if (pre_provision_token_type_ == kClientTokenOemCert) {
-    // OEM Cert devices have no provisioning-unique ID embedded in them, so we
-    // synthesize one by using the External Device-Unique ID and inverting all
-    // the bits.
-    CdmResponseType status = GetExternalDeviceUniqueId(provisioning_id);
-
+  if (pre_provision_token_type_ == kClientTokenOemCert ||
+      pre_provision_token_type_ == kClientTokenBootCertChain) {
+    // OEM Cert and BCC devices have no provisioning-unique ID embedded in
+    // them, so we synthesize one by using the External Device-Unique ID
+    // and inverting all the bits.
+    const CdmResponseType status = GetExternalDeviceUniqueId(provisioning_id);
     if (status != NO_ERROR) return status;
 
-    for (size_t i = 0; i < provisioning_id->size(); ++i) {
-      char value = (*provisioning_id)[i];
-      (*provisioning_id)[i] = ~value;
+    for (char& c : *provisioning_id) {
+      c ^= 0xff;
     }
 
     return NO_ERROR;
@@ -1377,7 +1376,14 @@ CdmResponseType CryptoSession::GetBootCertificateChain(
   RETURN_IF_UNINITIALIZED(CRYPTO_SESSION_NOT_INITIALIZED);
   LOGV("requested_security_level = %s",
        RequestedSecurityLevelToString(requested_security_level));
-  if (pre_provision_token_type_ != kClientTokenBootCertChain) {
+  CdmClientTokenType token_type = kClientTokenUninitialized;
+  const CdmResponseType status =
+      GetProvisioningMethod(requested_security_level, &token_type);
+  if (status != NO_ERROR) {
+    LOGE("Failed to get token type");
+    return status;
+  }
+  if (token_type != kClientTokenBootCertChain) {
     return PROVISIONING_TYPE_IS_NOT_BOOT_CERTIFICATE_CHAIN_ERROR;
   }
   if (requested_security_level != kLevelDefault) {