Include SPOID in provisioning 4 request
Merged from https://widevine-internal-review.googlesource.com/148554 This change was merged to master but missed in tm-dev when we stopped the auto merging to tm-dev. Manually cherry picked it. Test: ran OPK unit tests Bug: 230820162 Bug: 180530495 Change-Id: Ib23f07f84096650beb4dd1950105db01e004d484
This commit is contained in:
Lu Chen
@@ -82,12 +82,18 @@ class CertificateProvisioning {
|
|||||||
const std::string& origin, const std::string& spoid,
|
const std::string& origin, const std::string& spoid,
|
||||||
CdmProvisioningRequest* request, std::string* default_url);
|
CdmProvisioningRequest* request, std::string* default_url);
|
||||||
CdmResponseType GetProvisioning40RequestInternal(
|
CdmResponseType GetProvisioning40RequestInternal(
|
||||||
wvutil::FileSystem* file_system, CdmProvisioningRequest* request,
|
wvutil::FileSystem* file_system, const std::string& origin,
|
||||||
|
const std::string& spoid, CdmProvisioningRequest* request,
|
||||||
std::string* default_url);
|
std::string* default_url);
|
||||||
CdmResponseType FillEncryptedClientId(
|
CdmResponseType FillEncryptedClientId(
|
||||||
const std::string& client_token,
|
const std::string& client_token,
|
||||||
video_widevine::ProvisioningRequest& provisioning_request,
|
video_widevine::ProvisioningRequest& provisioning_request,
|
||||||
const ServiceCertificate& service_certificate);
|
const ServiceCertificate& service_certificate);
|
||||||
|
CdmResponseType FillEncryptedClientIdWithAdditionalParameter(
|
||||||
|
const std::string& client_token,
|
||||||
|
const CdmAppParameterMap& additional_parameter,
|
||||||
|
video_widevine::ProvisioningRequest& provisioning_request,
|
||||||
|
const ServiceCertificate& service_certificate);
|
||||||
CdmResponseType HandleProvisioning40Response(
|
CdmResponseType HandleProvisioning40Response(
|
||||||
wvutil::FileSystem* file_system, const std::string& response_message);
|
wvutil::FileSystem* file_system, const std::string& response_message);
|
||||||
|
|
||||||
|
|||||||
@@ -57,6 +57,11 @@ const std::string kCpProductionServiceCertificate = wvutil::a2bs_hex(
|
|||||||
"8598ed5751b38694419242a875d9e00d5a5832933024b934859ec8be78adccbb"
|
"8598ed5751b38694419242a875d9e00d5a5832933024b934859ec8be78adccbb"
|
||||||
"1ec7127ae9afeef9c5cd2e15bd3048e8ce652f7d8c5d595a0323238c598a28");
|
"1ec7127ae9afeef9c5cd2e15bd3048e8ce652f7d8c5d595a0323238c598a28");
|
||||||
|
|
||||||
|
// Used in provisioning 4 client identification name value pairs.
|
||||||
|
const std::string kKeyAppParameterSpoid = "spoid";
|
||||||
|
const std::string kKeyAppParameterProviderId = "provider_id";
|
||||||
|
const std::string kKeyAppParameterStableId = "stable_id";
|
||||||
|
|
||||||
// Retrieves |stored_oem_cert| from |file_handle|, and load the OEM private key
|
// Retrieves |stored_oem_cert| from |file_handle|, and load the OEM private key
|
||||||
// to |crypto_session|. Returns true if all operations are successful.
|
// to |crypto_session|. Returns true if all operations are successful.
|
||||||
bool RetrieveOemCertificateAndLoadPrivateKey(CryptoSession& crypto_session,
|
bool RetrieveOemCertificateAndLoadPrivateKey(CryptoSession& crypto_session,
|
||||||
@@ -212,7 +217,8 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequestInternal(
|
|||||||
|
|
||||||
if (crypto_session_->GetPreProvisionTokenType() ==
|
if (crypto_session_->GetPreProvisionTokenType() ==
|
||||||
kClientTokenBootCertChain) {
|
kClientTokenBootCertChain) {
|
||||||
return GetProvisioning40RequestInternal(file_system, request, default_url);
|
return GetProvisioning40RequestInternal(file_system, origin, spoid, request,
|
||||||
|
default_url);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Prepare device provisioning request.
|
// Prepare device provisioning request.
|
||||||
@@ -304,7 +310,8 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequestInternal(
|
|||||||
}
|
}
|
||||||
|
|
||||||
CdmResponseType CertificateProvisioning::GetProvisioning40RequestInternal(
|
CdmResponseType CertificateProvisioning::GetProvisioning40RequestInternal(
|
||||||
wvutil::FileSystem* file_system, CdmProvisioningRequest* request,
|
wvutil::FileSystem* file_system, const std::string& origin,
|
||||||
|
const std::string& spoid, CdmProvisioningRequest* request,
|
||||||
std::string* default_url) {
|
std::string* default_url) {
|
||||||
if (!crypto_session_->IsOpen()) {
|
if (!crypto_session_->IsOpen()) {
|
||||||
LOGE("Crypto session is not open");
|
LOGE("Crypto session is not open");
|
||||||
@@ -340,7 +347,27 @@ CdmResponseType CertificateProvisioning::GetProvisioning40RequestInternal(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
CdmResponseType status = NO_ERROR;
|
// Retrieve the Spoid, but put it to the client identification instead, so it
|
||||||
|
// is encrypted.
|
||||||
|
CdmAppParameterMap additional_parameter;
|
||||||
|
CdmResponseType status =
|
||||||
|
SetSpoidParameter(origin, spoid, &provisioning_request);
|
||||||
|
if (status != NO_ERROR) return status;
|
||||||
|
if (provisioning_request.has_spoid()) {
|
||||||
|
additional_parameter[kKeyAppParameterSpoid] = provisioning_request.spoid();
|
||||||
|
provisioning_request.clear_spoid();
|
||||||
|
}
|
||||||
|
if (provisioning_request.has_provider_id()) {
|
||||||
|
additional_parameter[kKeyAppParameterProviderId] =
|
||||||
|
provisioning_request.provider_id();
|
||||||
|
provisioning_request.clear_provider_id();
|
||||||
|
}
|
||||||
|
if (provisioning_request.has_stable_id()) {
|
||||||
|
additional_parameter[kKeyAppParameterStableId] =
|
||||||
|
provisioning_request.stable_id();
|
||||||
|
provisioning_request.clear_stable_id();
|
||||||
|
}
|
||||||
|
|
||||||
if (stored_oem_cert.empty()) {
|
if (stored_oem_cert.empty()) {
|
||||||
// This is the first stage provisioning.
|
// This is the first stage provisioning.
|
||||||
default_url->assign(kProvisioningServerUrl +
|
default_url->assign(kProvisioningServerUrl +
|
||||||
@@ -354,16 +381,18 @@ CdmResponseType CertificateProvisioning::GetProvisioning40RequestInternal(
|
|||||||
|
|
||||||
// Since |stored_oem_cert| is empty, the client identification token will be
|
// Since |stored_oem_cert| is empty, the client identification token will be
|
||||||
// retrieved from OEMCrypto, which is the BCC in this case.
|
// retrieved from OEMCrypto, which is the BCC in this case.
|
||||||
status = FillEncryptedClientId(stored_oem_cert, provisioning_request,
|
status = FillEncryptedClientIdWithAdditionalParameter(
|
||||||
wv_service_cert);
|
stored_oem_cert, additional_parameter, provisioning_request,
|
||||||
|
wv_service_cert);
|
||||||
if (status != NO_ERROR) return status;
|
if (status != NO_ERROR) return status;
|
||||||
} else {
|
} else {
|
||||||
// This is the second stage provisioning.
|
// This is the second stage provisioning.
|
||||||
default_url->assign(kProvisioningServerUrl);
|
default_url->assign(kProvisioningServerUrl);
|
||||||
// Since |stored_oem_cert| is non-empty, it will be used as the client
|
// Since |stored_oem_cert| is non-empty, it will be used as the client
|
||||||
// identification token.
|
// identification token.
|
||||||
status = FillEncryptedClientId(stored_oem_cert, provisioning_request,
|
status = FillEncryptedClientIdWithAdditionalParameter(
|
||||||
*service_certificate_);
|
stored_oem_cert, additional_parameter, provisioning_request,
|
||||||
|
*service_certificate_);
|
||||||
if (status != NO_ERROR) return status;
|
if (status != NO_ERROR) return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -408,6 +437,17 @@ CdmResponseType CertificateProvisioning::GetProvisioning40RequestInternal(
|
|||||||
CdmResponseType CertificateProvisioning::FillEncryptedClientId(
|
CdmResponseType CertificateProvisioning::FillEncryptedClientId(
|
||||||
const std::string& client_token, ProvisioningRequest& provisioning_request,
|
const std::string& client_token, ProvisioningRequest& provisioning_request,
|
||||||
const ServiceCertificate& service_certificate) {
|
const ServiceCertificate& service_certificate) {
|
||||||
|
CdmAppParameterMap app_parameter;
|
||||||
|
return FillEncryptedClientIdWithAdditionalParameter(
|
||||||
|
client_token, app_parameter, provisioning_request, service_certificate);
|
||||||
|
}
|
||||||
|
|
||||||
|
CdmResponseType
|
||||||
|
CertificateProvisioning::FillEncryptedClientIdWithAdditionalParameter(
|
||||||
|
const std::string& client_token,
|
||||||
|
const CdmAppParameterMap& additional_parameter,
|
||||||
|
ProvisioningRequest& provisioning_request,
|
||||||
|
const ServiceCertificate& service_certificate) {
|
||||||
if (!crypto_session_->IsOpen()) {
|
if (!crypto_session_->IsOpen()) {
|
||||||
return UNKNOWN_ERROR;
|
return UNKNOWN_ERROR;
|
||||||
}
|
}
|
||||||
@@ -418,8 +458,7 @@ CdmResponseType CertificateProvisioning::FillEncryptedClientId(
|
|||||||
if (status != NO_ERROR) return status;
|
if (status != NO_ERROR) return status;
|
||||||
|
|
||||||
video_widevine::ClientIdentification client_id;
|
video_widevine::ClientIdentification client_id;
|
||||||
CdmAppParameterMap app_parameter;
|
status = id.Prepare(additional_parameter, kEmptyString, &client_id);
|
||||||
status = id.Prepare(app_parameter, kEmptyString, &client_id);
|
|
||||||
if (status != NO_ERROR) return status;
|
if (status != NO_ERROR) return status;
|
||||||
|
|
||||||
if (!service_certificate.has_certificate()) {
|
if (!service_certificate.has_certificate()) {
|
||||||
|
|||||||
Reference in New Issue
Block a user