Move keybox and root certificate handling into new class.

Merge from Widevine repo of http://go/wvgerrit/22804

Create a class, AuthenticationRoot, to encapsulate the objects and
logic for managing either keyboxes or certificates as the device's
root of trust.

Currently the class provides the existing keybox-related functions
needed by oemcrypto's CryptoEngine. It will be extended to provide
both keybox and certificate related functions, and the logic to
determine whether keybox or certificate based authentication should
be performed.

Change-Id: I792d1bfc8e9a81bbfd2baec20e3b3d182f0392f7

libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_mock.h

@@ -15,8 +15,9 @@
 #include "OEMCryptoCENC.h"  // Needed for enums only.
 #include "file_store.h"
 #include "lock.h"
+#include "oemcrypto_auth_mock.h"
 #include "oemcrypto_key_mock.h"
-#include "oemcrypto_keybox_mock.h"
+#include "oemcrypto_rsa_key_shared.h"
 #include "wv_cdm_types.h"
 
 namespace wvoec_mock {
@@ -73,27 +74,6 @@ class NonceTable {
   uint32_t nonces_[kTableSize];
 };
 
-// Shared pointer with specialized destructor.  This pointer is only shared
-// from a CryptoEngine to a Session -- so we don't have to use full reference
-// counting.
-class RSA_shared_ptr {
- public:
-  RSA_shared_ptr() : rsa_key_(NULL), key_owned_(false) {}
-  ~RSA_shared_ptr() { reset(); };
-  // Explicitly allow copy as share.
-  explicit RSA_shared_ptr(const RSA_shared_ptr& other) :
-      rsa_key_(other.rsa_key_), key_owned_(false) {}
-  RSA* get() { return rsa_key_; }
-  void reset();
-  bool LoadPkcs8RsaKey(const uint8_t* buffer, size_t length);
-
- private:
-  void operator=(const RSA_shared_ptr);  // disallow assign.
-
-  RSA* rsa_key_;
-  bool key_owned_;
-};
-
 class SessionContext {
  private:
   SessionContext() {}
@@ -260,14 +240,35 @@ class CryptoEngine {
 
   bool Initialized() { return true; }
 
-  void Terminate();
+  bool ValidRootOfTrust() { return root_of_trust_.Validate(); }
 
-  KeyboxError ValidateKeybox();
-  WvKeybox& keybox() { return use_test_keybox_ ? test_keybox_ : keybox_; }
-  WvKeybox& real_keybox() { return keybox_; }
-  void UseTestKeybox() { use_test_keybox_ = true; }
-  RSA* rsa_key() { return rsa_key_.get(); }
-  bool LoadTestRSAKey();
+  bool InstallKeybox(const uint8_t* keybox, size_t keybox_length) {
+    return root_of_trust_.InstallKeybox(keybox, keybox_length);
+  }
+
+  void UseTestKeybox() { root_of_trust_.UseTestKeybox(); }
+
+  bool LoadTestRsaKey() { return root_of_trust_.LoadTestRsaKey(); }
+
+  KeyboxError ValidateKeybox() { return root_of_trust_.ValidateKeybox(); }
+
+  const std::vector<uint8_t>& DeviceRootKey(bool override_to_real = false) {
+    return root_of_trust_.DeviceKey(override_to_real);
+  }
+
+  const std::vector<uint8_t>& DeviceRootId() {
+    return root_of_trust_.DeviceId();
+  }
+
+  size_t DeviceRootTokenLength() {
+    return root_of_trust_.DeviceTokenLength();
+  }
+
+  const uint8_t* const  DeviceRootToken() {
+    return root_of_trust_.DeviceToken();
+  }
+
+  void Terminate();
 
   SessionId CreateSession();
 
@@ -302,13 +303,10 @@ class CryptoEngine {
 
  private:
   ActiveSessions sessions_;
-  WvKeybox keybox_;
-  WvTestKeybox test_keybox_;
-  bool use_test_keybox_;
+  AuthenticationRoot root_of_trust_;
   wvcdm::Lock session_table_lock_;
   wvcdm::FileSystem* file_system_;
   UsageTable* usage_table_;
-  RSA_shared_ptr rsa_key_;  // If no keybox, this is baked in certificate.
 
   CORE_DISALLOW_COPY_AND_ASSIGN(CryptoEngine);
 };