Support Keybox, DRM Cert, and OEM Cert for Client ID

[ Merge of http://go/wvgerrit/22900 ] Add GetClientToken(), GetProvisioningToken(), GetPreProvisionTokenType() to CryptoSession. They return the correct token bytes and token type for preparing the ClientIdentification message for provisioning and license server transactions. Also refactor service certificate handling. OEM certs are introduced in Provisioning 3.0 b/30811184 * Address build breaks [ Merge of http://go/wvgerrit/23162 ] This addresses issues introduced by http://go/wvgerrit/22900 b/30811184 * When http://go/wvgerrit/18012 was merged (ag/1446934) some changes were not merged for mapErrors-inl.h. These changes are included in this CL. * When ag/1678104 was reverse merged to http//go/wvgerrit/21981/ a variable was renamed and some comments were added to add clarity in cdm_engine.cpp. These changes are included in this CL. Test: All unittests other than some oemcrypto, request_license_test passed. Those tests failed with or without this CL. Change-Id: Ie0215509f2f985f2a610f5a4c865db47edec8662
2017-01-20 15:46:15 -08:00
parent 7c01f954da
commit 2812c3d2ac
21 changed files with 898 additions and 382 deletions
--- a/libwvdrmengine/cdm/core/src/license_protocol.proto
+++ b/libwvdrmengine/cdm/core/src/license_protocol.proto
@@ -422,12 +422,16 @@ message ProvisioningRequest {
  optional bytes nonce = 2;
  // Options for type of certificate to generate.  Optional.
  optional ProvisioningOptions options = 3;
-  //oneof origin_id {
+  //oneof spoid_param {
    // Stable identifier, unique for each device + application (or origin).
-    // Required if doing per-origin provisioning.
+    // To be deprecated.
    optional bytes stable_id = 4;
-    // Stable content provider ID.
+    // Service provider ID from the service certificate's provider_id field.
+    // Preferred parameter.
    optional bytes provider_id = 6;
+    // Client-generated stable per-origin identifier to be copied directly
+    // to the client certificater serial number.
+    optional bytes spoid = 7;
  //}
 }

@@ -533,9 +537,9 @@ message ClientIdentification {
 // EncryptedClientIdentification message used to hold ClientIdentification
 // messages encrypted for privacy purposes.
 message EncryptedClientIdentification {
-  // Service ID for which the ClientIdentifcation is encrypted (owner of service
-  // certificate).
-  optional string service_id = 1;
+  // Provider ID for which the ClientIdentifcation is encrypted (owner of
+  // service certificate).
+  optional string provider_id = 1;
  // Serial number for the service certificate for which ClientIdentification is
  // encrypted.
  optional bytes service_certificate_serial_number = 2;
@@ -562,7 +566,7 @@ message DrmDeviceCertificate {
    DRM_INTERMEDIATE = 1;
    DRM_USER_DEVICE = 2;
    SERVICE = 3;
-    PROVISIONING_PROVIDER = 4;
+    PROVISIONER = 4;
  }

  // Type of certificate. Required.
@@ -581,9 +585,9 @@ message DrmDeviceCertificate {
  // (non-production) device. The test_device field in ProvisionedDeviceInfo
  // below should be observed instead.
  optional bool test_device_deprecated = 6 [deprecated = true];
-  // Service identifier (web origin) for the service which owns the certificate.
-  // Required for service certificates.
-  optional string service_id = 7;
+  // Service identifier (web origin) for the provider which owns the
+  // certificate. Required for service and provisioner certificates.
+  optional string provider_id = 7;
 }

 // Contains DRM and OEM certificate status and device information for a