Support Per-Origin Provisioning

This is a merge of several Widevine-side commits that, cumulatively, allow callers to specify an origin to be used to isolate data storage as specified in the W3C Encrypted Media Extension specification. Separate origins have separate certificates, and consequently cannot share device identifiers with each other. The changes included in this are: Add Ability to Check for Existing Certificates http://go/wvgerrit/13974 Add Ability to Remove the Certificate http://go/wvgerrit/13975 Make CDM Origin-Aware http://go/wvgerrit/13977 Add Per-Origin Storage to Widevine CDM on Android http://go/wvgerrit/14026 Remove Automatic Origin Generation http://go/wvgerrit/14031 Bug: 19771858 Change-Id: I6a01c705d9b6b4887a9c7e6ff4399a125f781569
2015-04-09 19:02:31 -07:00
parent 786bbba499
commit 59811eed57
19 changed files with 627 additions and 313 deletions
--- a/libwvdrmengine/cdm/core/include/cdm_engine.h
+++ b/libwvdrmengine/cdm/core/include/cdm_engine.h
@@ -32,13 +32,14 @@ class CdmEngine {
  // Session related methods
  virtual CdmResponseType OpenSession(const CdmKeySystem& key_system,
                                      const CdmClientPropertySet* property_set,
+                                      const std::string& origin,
                                      WvCdmEventListener* event_listener,
                                      CdmSessionId* session_id);
  virtual CdmResponseType CloseSession(const CdmSessionId& session_id);

  virtual CdmResponseType OpenKeySetSession(
      const CdmKeySetId& key_set_id, const CdmClientPropertySet* property_set,
-      WvCdmEventListener* event_listener);
+      const std::string& origin, WvCdmEventListener* event_listener);
  virtual CdmResponseType CloseKeySetSession(const CdmKeySetId& key_set_id);

  // License related methods
@@ -113,13 +114,18 @@ class CdmEngine {
  // Provisioning related methods
  virtual CdmResponseType GetProvisioningRequest(
      CdmCertificateType cert_type, const std::string& cert_authority,
-      CdmProvisioningRequest* request, std::string* default_url);
+      const std::string& origin, CdmProvisioningRequest* request,
+      std::string* default_url);

  virtual CdmResponseType HandleProvisioningResponse(
-      CdmProvisioningResponse& response, std::string* cert,
-      std::string* wrapped_key);
+      const std::string& origin, CdmProvisioningResponse& response,
+      std::string* cert, std::string* wrapped_key);

-  virtual CdmResponseType Unprovision(CdmSecurityLevel security_level);
+  virtual bool IsProvisioned(CdmSecurityLevel security_level,
+                             const std::string& origin);
+
+  virtual CdmResponseType Unprovision(CdmSecurityLevel security_level,
+                                      const std::string& origin);

  // Usage related methods for streaming licenses
  // Retrieve a random usage info from the list of all usage infos for this app
--- a/libwvdrmengine/cdm/core/include/cdm_session.h
+++ b/libwvdrmengine/cdm/core/include/cdm_session.h
@@ -4,6 +4,7 @@
 #define WVCDM_CORE_CDM_SESSION_H_

 #include <set>
+#include <string>

 #include "crypto_session.h"
 #include "device_files.h"
@@ -22,7 +23,7 @@ class WvCdmEventListener;
 class CdmSession {
 public:
  CdmSession(const CdmClientPropertySet* cdm_client_property_set,
-             WvCdmEventListener* event_listener);
+             const std::string& origin, WvCdmEventListener* event_listener);
  virtual ~CdmSession();

  virtual CdmResponseType Init();
@@ -128,6 +129,7 @@ class CdmSession {
  // instance variables
  bool initialized_;
  CdmSessionId session_id_;
+  const std::string origin_;
  scoped_ptr<CdmLicense> license_parser_;
  scoped_ptr<CryptoSession> crypto_session_;
  scoped_ptr<PolicyEngine> policy_engine_;
--- a/libwvdrmengine/cdm/core/include/certificate_provisioning.h
+++ b/libwvdrmengine/cdm/core/include/certificate_provisioning.h
@@ -3,6 +3,8 @@
 #ifndef WVCDM_CORE_CERTIFICATE_PROVISIONING_H_
 #define WVCDM_CORE_CERTIFICATE_PROVISIONING_H_

+#include <string>
+
 #include "crypto_session.h"
 #include "oemcrypto_adapter.h"
 #include "wv_cdm_types.h"
@@ -20,9 +22,11 @@ class CertificateProvisioning {
  CdmResponseType GetProvisioningRequest(SecurityLevel requested_security_level,
                                         CdmCertificateType cert_type,
                                         const std::string& cert_authority,
+                                         const std::string& origin,
                                         CdmProvisioningRequest* request,
                                         std::string* default_url);
-  CdmResponseType HandleProvisioningResponse(CdmProvisioningResponse& response,
+  CdmResponseType HandleProvisioningResponse(const std::string& origin,
+                                             CdmProvisioningResponse& response,
                                             std::string* cert,
                                             std::string* wrapped_key);

--- a/libwvdrmengine/cdm/core/include/device_files.h
+++ b/libwvdrmengine/cdm/core/include/device_files.h
@@ -4,6 +4,7 @@
 #define WVCDM_CORE_DEVICE_FILES_H_

 #include <unistd.h>
+#include <string>

 #include "scoped_ptr.h"
 #include "wv_cdm_types.h"
@@ -32,10 +33,14 @@ class DeviceFiles {
    return Init(security_level);
  }

-  virtual bool StoreCertificate(const std::string& certificate,
+  virtual bool StoreCertificate(const std::string& origin,
+                                const std::string& certificate,
                                const std::string& wrapped_private_key);
-  virtual bool RetrieveCertificate(std::string* certificate,
+  virtual bool RetrieveCertificate(const std::string& origin,
+                                   std::string* certificate,
                                   std::string* wrapped_private_key);
+  virtual bool HasCertificate(const std::string& origin);
+  virtual bool RemoveCertificate(const std::string& origin);

  virtual bool StoreLicense(const std::string& key_set_id,
                            const LicenseState state,
@@ -100,18 +105,21 @@ class DeviceFiles {
  // stored in a common directory and need to be copied over.
  virtual void SecurityLevelPathBackwardCompatibility();

-  // For testing only:
-  static std::string GetCertificateFileName();
+  static std::string GetCertificateFileName(const std::string& origin);
  static std::string GetLicenseFileNameExtension();
  static std::string GetUsageInfoFileName(const std::string& app_id);
  static std::string GetBlankFileData();
+  static std::string GetFileNameSafeHash(const std::string& input);
+
+  // For testing only:
  void SetTestFile(File* file);
 #if defined(UNIT_TEST)
  FRIEND_TEST(DeviceFilesSecurityLevelTest, SecurityLevel);
-  FRIEND_TEST(DeviceFilesStoreTest, StoreCertificate);
+  FRIEND_TEST(DeviceCertificateStoreTest, StoreCertificate);
+  FRIEND_TEST(DeviceCertificateTest, ReadCertificate);
+  FRIEND_TEST(DeviceCertificateTest, HasCertificate);
  FRIEND_TEST(DeviceFilesStoreTest, StoreLicense);
  FRIEND_TEST(DeviceFilesTest, DeleteLicense);
-  FRIEND_TEST(DeviceFilesTest, ReadCertificate);
  FRIEND_TEST(DeviceFilesTest, ReserveLicenseIds);
  FRIEND_TEST(DeviceFilesTest, RetrieveLicenses);
  FRIEND_TEST(DeviceFilesTest, SecurityLevelPathBackwardCompatibility);
--- a/libwvdrmengine/cdm/core/include/wv_cdm_constants.h
+++ b/libwvdrmengine/cdm/core/include/wv_cdm_constants.h
@@ -75,6 +75,8 @@ static const std::string WEBM_VIDEO_MIME_TYPE = "video/webm";
 static const std::string WEBM_AUDIO_MIME_TYPE = "audio/webm";
 static const std::string CENC_INIT_DATA_FORMAT = "cenc";
 static const std::string WEBM_INIT_DATA_FORMAT = "webm";
+
+static const char EMPTY_ORIGIN[] = "";
 }  // namespace wvcdm

 #endif  // WVCDM_CORE_WV_CDM_CONSTANTS_H_