Merge "Add "bootCertificateChainSignature" to Drm plugin getPropertyByteArray()" into vic-widevine-dev

libwvdrmengine/cdm/core/include/wv_cdm_constants.h

@@ -124,6 +124,8 @@ static const std::string QUERY_KEY_PRODUCTION_READY = "ProductionReady";
 // Internal query key.  Should not be exposed to Android apps.
 static const std::string QUERY_KEY_DEBUG_BOOT_CERTIFICATE_CHAIN =
     "DebugBootCertificateChain";
+static const std::string QUERY_KEY_DEBUG_BOOT_CERTIFICATE_CHAIN_SIGNATURE =
+    "DebugBootCertificateChainSignature";
 static const std::string QUERY_KEY_DEVICE_INFORMATION = "DeviceInformation";
 
 static const std::string QUERY_VALUE_TRUE = "True";

libwvdrmengine/cdm/core/src/cdm_engine.cpp

@@ -903,6 +903,26 @@ CdmResponseType CdmEngine::QueryStatus(RequestedSecurityLevel security_level,
     LOGE("Failed to extract BCC: status = %d", status.ToInt());
     return status;
   }
+  if (query_token == QUERY_KEY_DEBUG_BOOT_CERTIFICATE_CHAIN_SIGNATURE) {
+    std::string bcc_unused;
+    std::string signature;
+    const CdmResponseType status = crypto_session->GetBootCertificateChain(
+        security_level, &bcc_unused, &signature);
+    if (status == NO_ERROR) {
+      LOGV("BCC signature length: %zu", signature.size());
+      *query_response = std::move(signature);
+      return CdmResponseType(NO_ERROR);
+    }
+    if (status == NOT_IMPLEMENTED_ERROR ||
+        status == PROVISIONING_TYPE_IS_NOT_BOOT_CERTIFICATE_CHAIN_ERROR) {
+      LOGD("BCC signature not available: %s", status.ToString().c_str());
+      *query_response = QUERY_VALUE_NONE;
+      return CdmResponseType(NO_ERROR);
+    }
+    LOGE("Failed to extract BCC signature: status = %s",
+         status.ToString().c_str());
+    return status;
+  }
   if (query_token == QUERY_KEY_DEVICE_INFORMATION) {
     std::string device_info;
     const CdmResponseType status =

libwvdrmengine/cdm/test/request_license_test.cpp

@@ -5388,6 +5388,12 @@ TEST_F(WvCdmRequestLicenseTest, QueryStatus) {
     // actual value.
     EXPECT_FALSE(value.empty()) << "BCC is empty";
     EXPECT_NE(value, wvcdm::QUERY_VALUE_NONE) << "BCC is none";
+    // BCC signature is optional. Do not validate the actual value.
+    EXPECT_EQ(
+        wvcdm::NO_ERROR,
+        decryptor_->QueryStatus(
+            kLevelDefault,
+            wvcdm::QUERY_KEY_DEBUG_BOOT_CERTIFICATE_CHAIN_SIGNATURE, &value));
   } else {
     EXPECT_EQ(value, wvcdm::QUERY_VALUE_NONE);
   }

libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp

@@ -1296,6 +1296,18 @@ static WvStatus getDeviceSignedCsrPayload(
     } else {
       value = StrToVector(boot_certificate_chain);
     }
+  } else if (name == "bootCertificateChainSignature" && isCsrAccessAllowed()) {
+    std::string boot_certificate_chain_signature;
+    const CdmResponseType res = mCDM->QueryStatus(wvcdm::kLevelDefault,
+        wvcdm::QUERY_KEY_DEBUG_BOOT_CERTIFICATE_CHAIN_SIGNATURE,
+        &boot_certificate_chain_signature);
+    if (res != wvcdm::NO_ERROR) {
+      ALOGE("Error querying CDM boot certificate chain signature: %d",
+            static_cast<int>(res));
+      status = mapCdmResponseType(res);
+    } else {
+      value = StrToVector(boot_certificate_chain_signature);
+    }
   } else if (name == "verifiedDeviceInfo" && isCsrAccessAllowed()) {
     std::string verified_device_info;
     CdmResponseType res = mCDM->QueryStatus(wvcdm::kLevelDefault,

libwvdrmengine/src/WVDrmFactory.cpp

@@ -346,6 +346,8 @@ void WVDrmFactory::printCdmProperties(int fd) {
       // Debug properties.  Not exposed to app.
       {"boot_certificate_chain",
        wvcdm::QUERY_KEY_DEBUG_BOOT_CERTIFICATE_CHAIN},
+      {"boot_certificate_chain_signature",
+       wvcdm::QUERY_KEY_DEBUG_BOOT_CERTIFICATE_CHAIN_SIGNATURE},
       {"device_information", wvcdm::QUERY_KEY_DEVICE_INFORMATION},
   };