Add more CdmResponseType to help with debugging in the field.

The errors in the range ERROR_DRM_VENDOR_MIN to ERROR_DRM_VENDOR_MAX are reflected in the message that is reported to the app, which is MediaDrmStateException.getDiagnosticInfo(). Many errors map to kErrorCDMGeneric, especially KEY_ERROR is used as a generic error in CDM. This fix defines more specific error codes in the CDM for places where KEY_ERROR is returned. Merge from http://go/wvgerrit/14071 bug: 19244061 Change-Id: I688bf32828f997000fea041dd29567dde18ac677
2015-04-15 11:44:06 -07:00
parent c5f576585b
commit 2eb013691c
11 changed files with 974 additions and 177 deletions
--- a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
+++ b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
@@ -53,7 +53,7 @@ void CertificateProvisioning::ComposeJsonRequestAsQueryString(
 * in *request. It also returns the default url for the provisioning server
 * in *default_url.
 *
- * Returns NO_ERROR for success and UNKNOWN_ERROR if fails.
+ * Returns NO_ERROR for success and CERT_PROVISIONING_REQUEST_ERROR_? if fails.
 */
 CdmResponseType CertificateProvisioning::GetProvisioningRequest(
    SecurityLevel requested_security_level, CdmCertificateType cert_type,
@@ -61,7 +61,7 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequest(
    CdmProvisioningRequest* request, std::string* default_url) {
  if (!default_url) {
    LOGE("GetProvisioningRequest: pointer for returning URL is NULL");
-    return UNKNOWN_ERROR;
+    return CERT_PROVISIONING_REQUEST_ERROR_1;
  }

  default_url->assign(kProvisioningServerUrl);
@@ -79,14 +79,14 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequest(
  std::string token;
  if (!crypto_session_.GetToken(&token)) {
    LOGE("GetProvisioningRequest: fails to get token");
-    return UNKNOWN_ERROR;
+    return CERT_PROVISIONING_GET_KEYBOX_ERROR_1;
  }
  client_id->set_token(token);

  uint32_t nonce;
  if (!crypto_session_.GenerateNonce(&nonce)) {
    LOGE("GetProvisioningRequest: fails to generate a nonce");
-    return UNKNOWN_ERROR;
+    return CERT_PROVISIONING_REQUEST_ERROR_2;
  }

  // The provisioning server does not convert the nonce to uint32_t, it just
@@ -107,7 +107,7 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequest(
      break;
    default:
      LOGE("GetProvisioningRequest: unknown certificate type %ld", cert_type);
-      return UNKNOWN_ERROR;
+      return CERT_PROVISIONING_INVALID_CERT_TYPE;
  }

  cert_type_ = cert_type;
@@ -117,7 +117,7 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequest(
    std::string device_unique_id;
    if (!crypto_session_.GetDeviceUniqueId(&device_unique_id)) {
      LOGE("GetProvisioningRequest: fails to get device unique ID");
-      return UNKNOWN_ERROR;
+      return CERT_PROVISIONING_GET_KEYBOX_ERROR_2;
    }
    provisioning_request.set_stable_id(device_unique_id + origin);
  }
@@ -130,11 +130,11 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequest(
  if (!crypto_session_.PrepareRequest(serialized_message, true,
                                      &request_signature)) {
    LOGE("GetProvisioningRequest: fails to prepare request");
-    return UNKNOWN_ERROR;
+    return CERT_PROVISIONING_REQUEST_ERROR_3;
  }
  if (request_signature.empty()) {
    LOGE("GetProvisioningRequest: request signature is empty");
-    return UNKNOWN_ERROR;
+    return CERT_PROVISIONING_REQUEST_ERROR_4;
  }

  SignedProvisioningMessage signed_provisioning_msg;
@@ -186,7 +186,7 @@ bool CertificateProvisioning::ParseJsonResponse(
 * The device RSA key is stored in the T.E.E. The device certificate is stored
 * in the device.
 *
- * Returns NO_ERROR for success and UNKNOWN_ERROR if fails.
+ * Returns NO_ERROR for success and CERT_PROVISIONING_RESPONSE_ERROR_? if fails.
 */
 CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
    const std::string& origin, CdmProvisioningResponse& response,
@@ -198,7 +198,7 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
  if (!ParseJsonResponse(response, kMessageStart, kMessageEnd,
                         &serialized_signed_response)) {
    LOGE("Fails to extract signed serialized response from JSON response");
-    return UNKNOWN_ERROR;
+    return CERT_PROVISIONING_RESPONSE_ERROR_1;
  }

  // Authenticates provisioning response using D1s (server key derived from
@@ -207,7 +207,7 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
  SignedProvisioningMessage signed_response;
  if (!signed_response.ParseFromString(serialized_signed_response)) {
    LOGE("HandleProvisioningResponse: fails to parse signed response");
-    return UNKNOWN_ERROR;
+    return CERT_PROVISIONING_RESPONSE_ERROR_2;
  }

  bool error = false;
@@ -221,19 +221,19 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
    error = true;
  }

-  if (error) return UNKNOWN_ERROR;
+  if (error) return CERT_PROVISIONING_RESPONSE_ERROR_3;

  const std::string& signed_message = signed_response.message();
  ProvisioningResponse provisioning_response;

  if (!provisioning_response.ParseFromString(signed_message)) {
    LOGE("HandleProvisioningResponse: Fails to parse signed message");
-    return UNKNOWN_ERROR;
+    return CERT_PROVISIONING_RESPONSE_ERROR_4;
  }

  if (!provisioning_response.has_device_rsa_key()) {
    LOGE("HandleProvisioningResponse: key not found");
-    return UNKNOWN_ERROR;
+    return CERT_PROVISIONING_RESPONSE_ERROR_5;
  }

  const std::string& enc_rsa_key = provisioning_response.device_rsa_key();
@@ -245,7 +245,7 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
                                          enc_rsa_key, rsa_key_iv,
                                          &wrapped_rsa_key)) {
    LOGE("HandleProvisioningResponse: RewrapDeviceRSAKey fails");
-    return UNKNOWN_ERROR;
+    return CERT_PROVISIONING_RESPONSE_ERROR_6;
  }

  crypto_session_.Close();
@@ -262,11 +262,11 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
  DeviceFiles handle;
  if (!handle.Init(crypto_session_.GetSecurityLevel())) {
    LOGE("HandleProvisioningResponse: failed to init DeviceFiles");
-    return UNKNOWN_ERROR;
+    return CERT_PROVISIONING_RESPONSE_ERROR_7;
  }
  if (!handle.StoreCertificate(origin, device_certificate, wrapped_rsa_key)) {
    LOGE("HandleProvisioningResponse: failed to save provisioning certificate");
-    return UNKNOWN_ERROR;
+    return CERT_PROVISIONING_RESPONSE_ERROR_8;
  }
  handle.DeleteAllLicenses();