widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove Stale Licenses on Reprovisioning

Browse Source 
Merges change 267713c (Remove stale licenses on reprovisioning) from
the Widevine CDM repository.  This change removes licenses belonging
to the previous provisioning when provisioning changes.

Bug: 9761923
Change-Id: I473816dd11dd950f4fb009b5b004630bd2d2b579
This commit is contained in:
John "Juce" Bruce
2013-08-08 14:57:40 -07:00
parent ba66224ef4
commit 0fa3e16999
13 changed files with 250 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
libwvdrmengine/cdm/core/src/cdm_engine.cpp
View File

@@ -347,17 +347,17 @@ CdmResponseType CdmEngine::QueryStatus(CdmQueryMap* key_info) {
LOGI("CdmEngine::QueryStatus");
CryptoSession crypto_session;
switch (crypto_session.GetSecurityLevel()) {
case CryptoSession::kSecurityLevelL1:
case kSecurityLevelL1:
(*key_info)[QUERY_KEY_SECURITY_LEVEL] = QUERY_VALUE_SECURITY_LEVEL_L1;
break;
case CryptoSession::kSecurityLevelL2:
case kSecurityLevelL2:
(*key_info)[QUERY_KEY_SECURITY_LEVEL] = QUERY_VALUE_SECURITY_LEVEL_L2;
break;
case CryptoSession::kSecurityLevelL3:
case kSecurityLevelL3:
(*key_info)[QUERY_KEY_SECURITY_LEVEL] = QUERY_VALUE_SECURITY_LEVEL_L3;
break;
case CryptoSession::kSecurityLevelUninitialized:
case CryptoSession::kSecurityLevelUnknown:
case kSecurityLevelUninitialized:
case kSecurityLevelUnknown:
(*key_info)[QUERY_KEY_SECURITY_LEVEL] = QUERY_VALUE_SECURITY_LEVEL_Unknown;
break;
default:

15
libwvdrmengine/cdm/core/src/cdm_session.cpp
View File

@@ -54,7 +54,8 @@ CdmResponseType CdmSession::RestoreOfflineSession(
// Retrieve license information from persistent store
File file;
DeviceFiles handle;
if (!handle.Init(&file)) return UNKNOWN_ERROR;
if (!handle.Init(&file, crypto_session_->GetSecurityLevel()))
return UNKNOWN_ERROR;
DeviceFiles::LicenseState license_state;
@@ -302,7 +303,8 @@ CdmResponseType CdmSession::ReleaseKey(const CdmKeyResponse& key_response) {
license_parser_.HandleKeyUpdateResponse(false, key_response);
File file;
DeviceFiles handle;
if (handle.Init(&file)) handle.DeleteLicense(key_set_id_);
if (handle.Init(&file, crypto_session_->GetSecurityLevel()))
handle.DeleteLicense(key_set_id_);
return sts;
}
@@ -331,7 +333,8 @@ bool CdmSession::GenerateKeySetId(CdmKeySetId* key_set_id) {
File file;
DeviceFiles handle;
if (!handle.Init(&file)) return false;
if (!handle.Init(&file, crypto_session_->GetSecurityLevel()))
return false;
while (key_set_id->empty()) {
if (!crypto_session_->GetRandom(&random_data[0], random_data.size()))
@@ -351,7 +354,8 @@ bool CdmSession::LoadDeviceCertificate(std::string* certificate,
std::string* wrapped_key) {
File file;
DeviceFiles handle;
if (!handle.Init(&file)) return false;
if (!handle.Init(&file, crypto_session_->GetSecurityLevel()))
return false;
return handle.RetrieveCertificate(certificate, wrapped_key);
}
@@ -359,7 +363,8 @@ bool CdmSession::LoadDeviceCertificate(std::string* certificate,
bool CdmSession::StoreLicense(DeviceFiles::LicenseState state) {
File file;
DeviceFiles handle;
if (!handle.Init(&file)) return false;
if (!handle.Init(&file, crypto_session_->GetSecurityLevel()))
return false;
return handle.StoreLicense(
key_set_id_, state, offline_pssh_data_, offline_key_request_,

3
libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
View File

@@ -215,7 +215,7 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
File file;
DeviceFiles handle;
if (!handle.Init(&file)) {
if (!handle.Init(&file, crypto_session_.GetSecurityLevel())) {
LOGE("HandleProvisioningResponse: failed to init DeviceFiles");
return UNKNOWN_ERROR;
}
@@ -223,6 +223,7 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
LOGE("HandleProvisioningResponse: failed to save provisioning certificate");
return UNKNOWN_ERROR;
}
handle.DeleteAllLicenses();
return NO_ERROR;
}

46
libwvdrmengine/cdm/core/src/crypto_session.cpp
View File

@@ -35,7 +35,9 @@ bool CryptoSession::initialized_ = false;
int CryptoSession::session_count_ = 0;
CryptoSession::CryptoSession()
: open_(false), is_destination_buffer_type_valid_(false) {
: open_(false),
is_destination_buffer_type_valid_(false),
security_level_(kSecurityLevelUninitialized) {
Init();
}
@@ -101,12 +103,22 @@ bool CryptoSession::GetToken(std::string* token) {
return true;
}
CryptoSession::SecurityLevel CryptoSession::GetSecurityLevel() {
CdmSecurityLevel CryptoSession::GetSecurityLevel() {
LOGV("CryptoSession::GetSecurityLevel: Lock");
AutoLock auto_lock(crypto_lock_);
if (!initialized_) {
return kSecurityLevelUninitialized;
}
switch (security_level_) {
case kSecurityLevelL1:
case kSecurityLevelL2:
case kSecurityLevelL3:
return security_level_;
default:
break;
}
std::string security_level = OEMCrypto_SecurityLevel();
if ((security_level.size() != 2) || (security_level.at(0) != 'L')) {
@@ -115,16 +127,20 @@ CryptoSession::SecurityLevel CryptoSession::GetSecurityLevel() {
switch (security_level.at(1)) {
case '1':
return kSecurityLevelL1;
security_level_ = kSecurityLevelL1;
break;
case '2':
return kSecurityLevelL2;
security_level_ = kSecurityLevelL2;
break;
case '3':
return kSecurityLevelL3;
security_level_ = kSecurityLevelL3;
break;
default:
return kSecurityLevelUnknown;
security_level_ = kSecurityLevelUnknown;
break;
}
return kSecurityLevelUnknown;
return security_level_;
}
bool CryptoSession::GetDeviceUniqueId(std::string* device_id) {
@@ -552,7 +568,8 @@ CdmResponseType CryptoSession::Decrypt(const CdmDecryptionParameters& params) {
switch (buffer_descriptor.type) {
case OEMCrypto_BufferType_Clear:
buffer_descriptor.buffer.clear.address =
static_cast<uint8_t*>(params.decrypt_buffer) + params.decrypt_buffer_offset;
static_cast<uint8_t*>(params.decrypt_buffer) +
params.decrypt_buffer_offset;
buffer_descriptor.buffer.clear.max_length = params.decrypt_buffer_length;
break;
case OEMCrypto_BufferType_Secure:
@@ -567,14 +584,9 @@ CdmResponseType CryptoSession::Decrypt(const CdmDecryptionParameters& params) {
}
OEMCryptoResult sts = OEMCrypto_DecryptCTR(
oec_session_id_,
params.encrypt_buffer,
params.encrypt_length,
params.is_encrypted,
&(*params.iv).front(),
params.block_offset,
&buffer_descriptor,
params.subsample_flags);
oec_session_id_, params.encrypt_buffer, params.encrypt_length,
params.is_encrypted, &(*params.iv).front(), params.block_offset,
&buffer_descriptor, params.subsample_flags);
if (OEMCrypto_ERROR_INSUFFICIENT_RESOURCES == sts) {
return INSUFFICIENT_CRYPTO_RESOURCES;
@@ -598,7 +610,7 @@ bool CryptoSession::GenerateNonce(uint32_t* nonce) {
bool CryptoSession::SetDestinationBufferType() {
if (Properties::oem_crypto_use_secure_buffers()) {
if (GetSecurityLevel() == CryptoSession::kSecurityLevelL1) {
if (GetSecurityLevel() == kSecurityLevelL1) {
destination_buffer_type_ = OEMCrypto_BufferType_Secure;
} else {
destination_buffer_type_ = OEMCrypto_BufferType_Clear;

118
libwvdrmengine/cdm/core/src/device_files.cpp
View File

@@ -21,22 +21,38 @@ using video_widevine_client::sdk::License_LicenseState_RELEASING;
namespace {
const char kCertificateFileName[] = "cert.bin";
const char kLicenseFileNameExt[] = ".lic";
} // namespace
const char kWildcard[] = "*";
} // namespace
namespace wvcdm {
bool DeviceFiles::Init(File* handle) {
file_ = handle;
bool DeviceFiles::Init(const File* handle, CdmSecurityLevel security_level) {
if (handle == NULL) {
LOGW("DeviceFiles::Init: Invalid file handle parameter");
return false;
}
switch (security_level) {
case kSecurityLevelL1:
case kSecurityLevelL2:
case kSecurityLevelL3:
break;
default:
LOGW("DeviceFiles::Init: Unsupported security level %d", security_level);
return false;
}
file_ = const_cast<File*>(handle);
security_level_ = security_level;
initialized_ = true;
return true;
}
bool DeviceFiles::StoreCertificate(const std::string& certificate,
const std::string& wrapped_private_key) {
if (!initialized_) {
LOGW("DeviceFiles::StoreCertificate: not initialized");
return false;
}
// Fill in file information
video_widevine_client::sdk::File file;
@@ -69,6 +85,11 @@ bool DeviceFiles::StoreCertificate(const std::string& certificate,
bool DeviceFiles::RetrieveCertificate(std::string* certificate,
std::string* wrapped_private_key) {
if (!initialized_) {
LOGW("DeviceFiles::RetrieveCertificate: not initialized");
return false;
}
std::string serialized_hashed_file;
if (!RetrieveFile(kCertificateFileName, &serialized_hashed_file))
return false;
@@ -118,15 +139,19 @@ bool DeviceFiles::RetrieveCertificate(std::string* certificate,
return true;
}
bool DeviceFiles::StoreLicense(
const std::string& key_set_id,
const LicenseState state,
const CdmInitData& pssh_data,
const CdmKeyMessage& license_request,
const CdmKeyResponse& license_message,
const CdmKeyMessage& license_renewal_request,
const CdmKeyResponse& license_renewal,
const std::string& release_server_url) {
bool DeviceFiles::StoreLicense(const std::string& key_set_id,
const LicenseState state,
const CdmInitData& pssh_data,
const CdmKeyMessage& license_request,
const CdmKeyResponse& license_message,
const CdmKeyMessage& license_renewal_request,
const CdmKeyResponse& license_renewal,
const std::string& release_server_url) {
if (!initialized_) {
LOGW("DeviceFiles::StoreLicense: not initialized");
return false;
}
// Fill in file information
video_widevine_client::sdk::File file;
@@ -134,7 +159,7 @@ bool DeviceFiles::StoreLicense(
file.set_version(video_widevine_client::sdk::File::VERSION_1);
License* license = file.mutable_license();
switch(state) {
switch (state) {
case kLicenseStateActive:
license->set_state(License_LicenseState_ACTIVE);
break;
@@ -174,19 +199,21 @@ bool DeviceFiles::StoreLicense(
return StoreFile(file_name.c_str(), serialized_string);
}
bool DeviceFiles::RetrieveLicense(
const std::string& key_set_id,
LicenseState* state,
CdmInitData* pssh_data,
CdmKeyMessage* license_request,
CdmKeyResponse* license_message,
CdmKeyMessage* license_renewal_request,
CdmKeyResponse* license_renewal,
std::string* release_server_url) {
bool DeviceFiles::RetrieveLicense(const std::string& key_set_id,
LicenseState* state, CdmInitData* pssh_data,
CdmKeyMessage* license_request,
CdmKeyResponse* license_message,
CdmKeyMessage* license_renewal_request,
CdmKeyResponse* license_renewal,
std::string* release_server_url) {
if (!initialized_) {
LOGW("DeviceFiles::RetrieveLicense: not initialized");
return false;
}
std::string serialized_hashed_file;
std::string file_name = key_set_id + kLicenseFileNameExt;
if (!RetrieveFile(file_name.c_str(), &serialized_hashed_file))
return false;
if (!RetrieveFile(file_name.c_str(), &serialized_hashed_file)) return false;
HashedFile hashed_file;
if (!hashed_file.ParseFromString(serialized_hashed_file)) {
@@ -228,7 +255,7 @@ bool DeviceFiles::RetrieveLicense(
License license = file.license();
switch(license.state()) {
switch (license.state()) {
case License_LicenseState_ACTIVE:
*state = kLicenseStateActive;
break;
@@ -237,7 +264,7 @@ bool DeviceFiles::RetrieveLicense(
break;
default:
LOGW("DeviceFiles::RetrieveLicense: Unrecognized license state: %u",
kLicenseStateUnknown);
kLicenseStateUnknown);
*state = kLicenseStateUnknown;
break;
}
@@ -251,13 +278,13 @@ bool DeviceFiles::RetrieveLicense(
}
bool DeviceFiles::DeleteLicense(const std::string& key_set_id) {
if (!file_) {
LOGW("DeviceFiles::DeleteLicense: Invalid file handle");
if (!initialized_) {
LOGW("DeviceFiles::DeleteLicense: not initialized");
return false;
}
std::string path;
if (!Properties::GetDeviceFilesBasePath(&path)) {
if (!Properties::GetDeviceFilesBasePath(security_level_, &path)) {
LOGW("DeviceFiles::StoreFile: Unable to get base path");
return false;
}
@@ -267,14 +294,31 @@ bool DeviceFiles::DeleteLicense(const std::string& key_set_id) {
return file_->Remove(path);
}
bool DeviceFiles::LicenseExists(const std::string& key_set_id) {
if (!file_) {
LOGW("DeviceFiles::LicenseExists: Invalid file handle");
bool DeviceFiles::DeleteAllLicenses() {
if (!initialized_) {
LOGW("DeviceFiles::DeleteLicense: not initialized");
return false;
}
std::string path;
if (!Properties::GetDeviceFilesBasePath(&path)) {
if (!Properties::GetDeviceFilesBasePath(security_level_, &path)) {
LOGW("DeviceFiles::StoreFile: Unable to get base path");
return false;
}
path.append(kWildcard);
path.append(kLicenseFileNameExt);
return file_->Remove(path);
}
bool DeviceFiles::LicenseExists(const std::string& key_set_id) {
if (!initialized_) {
LOGW("DeviceFiles::LicenseExists: not initialized");
return false;
}
std::string path;
if (!Properties::GetDeviceFilesBasePath(security_level_, &path)) {
LOGW("DeviceFiles::StoreFile: Unable to get base path");
return false;
}
@@ -307,7 +351,7 @@ bool DeviceFiles::StoreFile(const char* name, const std::string& data) {
}
std::string path;
if (!Properties::GetDeviceFilesBasePath(&path)) {
if (!Properties::GetDeviceFilesBasePath(security_level_, &path)) {
LOGW("DeviceFiles::StoreFile: Unable to get base path");
return false;
}
@@ -352,7 +396,7 @@ bool DeviceFiles::RetrieveFile(const char* name, std::string* data) {
}
std::string path;
if (!Properties::GetDeviceFilesBasePath(&path)) {
if (!Properties::GetDeviceFilesBasePath(security_level_, &path)) {
LOGW("DeviceFiles::StoreFile: Unable to get base path");
return false;
}
@@ -385,7 +429,7 @@ bool DeviceFiles::RetrieveFile(const char* name, std::string* data) {
}
LOGV("DeviceFiles::RetrieveFile: success: %s (%db)", path.c_str(),
data->size());
data->size());
return true;
}