Apply string obfuscation to license and provisioning strings

String obfuscation hides string literals from static analysis but
requires string literals be used inside protected functions.

- Enable string obfuscation for all function groups.
- Change some global `std::string` to `const char[]` to ensure that
  the `std::string` is constructed inside a protected function so
  that string obfuscation correctly applies to the string literal.

Bug: 270566889
Merged from https://widevine-internal-review.googlesource.com/168485

Merge conflicts were caused by formating changes. Resolved by taking
the newer version.

Merged from https://widevine-internal-review.googlesource.com/169511

Change-Id: Ie7f3e94f89671a34e4792efa174f96a17d713f9e

libwvdrmengine/cdm/core/src/certificate_provisioning.cpp

@@ -23,18 +23,19 @@ const std::string kEmptyString;
 // URL for Google Provisioning Server.
 // The provisioning server supplies the certificate that is needed
 // to communicate with the License Server.
-const std::string kProvisioningServerUrl =
+const char kProvisioningServerUrl[] =
     "https://www.googleapis.com/"
     "certificateprovisioning/v1/devicecertificates/create"
     "?key=AIzaSyB-5OLKTx2iU5mko18DfdwK5611JIjbUhE";
+
 // In case of provisioning 4, the default url is used as a way to inform app of
 // the current provisioning stage. In the first stage, this suffix is appended
 // to kProvisioningServerUrl; in the second stage, there is no change to
 // kProvisioningServerUrl.
-const std::string kProv40FirstStageServerUrlSuffix = "&preProvisioning=true";
+const char kProv40FirstStageServerUrlSuffix[] = "&preProvisioning=true";
 
 // NOTE: Provider ID = widevine.com
-const std::string kCpProductionServiceCertificate = wvutil::a2bs_hex(
+const char kCpProductionServiceCertificate[] =
     "0ab9020803121051434fe2a44c763bcc2c826a2d6ef9a718f7d793d005228e02"
     "3082010a02820101009e27088659dbd9126bc6ed594caf652b0eaab82abb9862"
     "ada1ee6d2cb5247e94b28973fef5a3e11b57d0b0872c930f351b5694354a8c77"
@@ -56,12 +57,12 @@ const std::string kCpProductionServiceCertificate = wvutil::a2bs_hex(
     "76e6f76e2751fbefb669f05703cec8c64cf7a62908d5fb870375eb0cc96c508e"
     "26e0c050f3fd3ebe68cef9903ef6405b25fc6e31f93559fcff05657662b3653a"
     "8598ed5751b38694419242a875d9e00d5a5832933024b934859ec8be78adccbb"
-    "1ec7127ae9afeef9c5cd2e15bd3048e8ce652f7d8c5d595a0323238c598a28");
+    "1ec7127ae9afeef9c5cd2e15bd3048e8ce652f7d8c5d595a0323238c598a28";
 
 // Used in provisioning 4 client identification name value pairs.
-const std::string kKeyAppParameterSpoid = "spoid";
+const char kKeyAppParameterSpoid[] = "spoid";
-const std::string kKeyAppParameterProviderId = "provider_id";
+const char kKeyAppParameterProviderId[] = "provider_id";
-const std::string kKeyAppParameterStableId = "stable_id";
+const char kKeyAppParameterStableId[] = "stable_id";
 
 // Retrieves |stored_oem_cert| from |file_handle|, and load the OEM private key
 // to |crypto_session|. Returns true if all operations are successful.
@@ -109,9 +110,10 @@ void CertificateProvisioning::GetProvisioningServerUrl(
 
 CdmResponseType CertificateProvisioning::Init(
     const std::string& service_certificate) {
-  const std::string certificate = service_certificate.empty()
+  const std::string certificate =
-                                      ? kCpProductionServiceCertificate
+      service_certificate.empty()
-                                      : service_certificate;
+          ? wvutil::a2bs_hex(kCpProductionServiceCertificate)
+          : service_certificate;
   return service_certificate_->Init(certificate);
 }
 
@@ -360,13 +362,14 @@ CdmResponseType CertificateProvisioning::GetProvisioning40RequestInternal(
 
   if (stored_oem_cert.empty()) {
     // This is the first stage provisioning.
-    default_url->assign(kProvisioningServerUrl +
+    default_url->assign(std::string(kProvisioningServerUrl) +
                         kProv40FirstStageServerUrlSuffix);
 
     // First-stage provisioning always uses the WV production service cert for
     // encryption.
     ServiceCertificate wv_service_cert;
-    status = wv_service_cert.Init(kCpProductionServiceCertificate);
+    status = wv_service_cert.Init(
+        wvutil::a2bs_hex(kCpProductionServiceCertificate));
     if (status != NO_ERROR) return status;
 
     // Since |stored_oem_cert| is empty, the client identification token will be

libwvdrmengine/cdm/core/src/system_id_extractor.cpp

@@ -19,7 +19,7 @@ constexpr size_t kKeyboxSystemIdOffset = 4;
 // system ID (0 = leaf/device cert, 1 = intermediate/device family cert).
 constexpr size_t kOemCertSystemIdIndex = 1;
 // OID of X.509 certificate extension containing the Widevine system ID.
-const std::string kWidevineSystemIdExtensionOid = "1.3.6.1.4.1.11129.4.1.1";
+const char kWidevineSystemIdExtensionOid[] = "1.3.6.1.4.1.11129.4.1.1";
 
 constexpr size_t kSystemIdLength = sizeof(uint32_t);