Adjust provisioning retry

Merge from Widevine repo of http://go/wvgerrit/94243 When generating a second provisioning request, a new session should be opened because a session can only have one nonce for v16. For Provisioning 3.0 devices, the OEM Cert's private key must be loaded in the new session. Test: WvCdmRequestLicenseTest.ProvisioningInterposedRetryTest Bug: 135288420 Nonce reuse Bug: 141655126 Cert reload Change-Id: I8a96566142c4d4380e2bdd571e8d363a7a1f74d4
2020-02-18 14:29:05 -08:00
parent 3708c4d53f
commit 18da273c42
3 changed files with 41 additions and 66 deletions
--- a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
+++ b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
@@ -199,6 +199,7 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequest(

  default_url->assign(kProvisioningServerUrl);

+  if (crypto_session_->IsOpen()) crypto_session_->Close();
  CdmResponseType status = crypto_session_->Open(requested_security_level);
  if (NO_ERROR != status) {
    LOGE("Failed to create a crypto session: status = %d",
--- a/libwvdrmengine/cdm/core/src/crypto_session.cpp
+++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp
@@ -359,14 +359,6 @@ CdmResponseType CryptoSession::GetTokenFromOemCert(std::string* token) {
    return NO_ERROR;
  }

-  // TODO(b/141655126): This function can be optimized to not load private
-  // key when it isn't needed.
-  status = OEMCrypto_LoadOEMPrivateKey(oec_session_id_);
-  if (status != OEMCrypto_SUCCESS) {
-    return MapOEMCryptoResult(status, GET_TOKEN_FROM_OEM_CERT_ERROR,
-                              "GetTokenFromOemCert");
-  }
-
  std::string temp_buffer(CERTIFICATE_DATA_SIZE, '\0');
  bool retrying = false;
  while (true) {
@@ -1089,6 +1081,15 @@ CdmResponseType CryptoSession::PrepareAndSignProvisioningRequest(
  if (pre_provision_token_type_ == kClientTokenKeybox) {
    const CdmResponseType status = GenerateDerivedKeys(message);
    if (status != NO_ERROR) return status;
+  } else if (pre_provision_token_type_ == kClientTokenOemCert) {
+    const OEMCryptoResult status = OEMCrypto_LoadOEMPrivateKey(oec_session_id_);
+    if (status != OEMCrypto_SUCCESS) {
+      return MapOEMCryptoResult(status, GET_TOKEN_FROM_OEM_CERT_ERROR,
+                                "GetTokenFromOemCert");
+    }
+  } else {
+    LOGE("Unknown method %d", pre_provision_token_type_);
+    return UNKNOWN_CLIENT_TOKEN_TYPE;
  }

  OEMCryptoResult sts;