Support Per-Origin Provisioning

This is a merge of several Widevine-side commits that, cumulatively, allow callers to specify an origin to be used to isolate data storage as specified in the W3C Encrypted Media Extension specification. Separate origins have separate certificates, and consequently cannot share device identifiers with each other. The changes included in this are: Add Ability to Check for Existing Certificates http://go/wvgerrit/13974 Add Ability to Remove the Certificate http://go/wvgerrit/13975 Make CDM Origin-Aware http://go/wvgerrit/13977 Add Per-Origin Storage to Widevine CDM on Android http://go/wvgerrit/14026 Remove Automatic Origin Generation http://go/wvgerrit/14031 Bug: 19771858 Change-Id: I6a01c705d9b6b4887a9c7e6ff4399a125f781569
2015-04-09 19:02:31 -07:00
parent 786bbba499
commit 59811eed57
19 changed files with 627 additions and 313 deletions
--- a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
+++ b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
@@ -57,8 +57,8 @@ void CertificateProvisioning::ComposeJsonRequestAsQueryString(
 */
 CdmResponseType CertificateProvisioning::GetProvisioningRequest(
    SecurityLevel requested_security_level, CdmCertificateType cert_type,
-    const std::string& cert_authority, CdmProvisioningRequest* request,
-    std::string* default_url) {
+    const std::string& cert_authority, const std::string& origin,
+    CdmProvisioningRequest* request, std::string* default_url) {
  if (!default_url) {
    LOGE("GetProvisioningRequest: pointer for returning URL is NULL");
    return UNKNOWN_ERROR;
@@ -113,6 +113,15 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequest(
  cert_type_ = cert_type;
  options->set_certificate_authority(cert_authority);

+  if (origin != EMPTY_ORIGIN) {
+    std::string device_unique_id;
+    if (!crypto_session_.GetDeviceUniqueId(&device_unique_id)) {
+      LOGE("GetProvisioningRequest: fails to get device unique ID");
+      return UNKNOWN_ERROR;
+    }
+    provisioning_request.set_stable_id(device_unique_id + origin);
+  }
+
  std::string serialized_message;
  provisioning_request.SerializeToString(&serialized_message);

@@ -180,8 +189,8 @@ bool CertificateProvisioning::ParseJsonResponse(
 * Returns NO_ERROR for success and UNKNOWN_ERROR if fails.
 */
 CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
-    CdmProvisioningResponse& response, std::string* cert,
-    std::string* wrapped_key) {
+    const std::string& origin, CdmProvisioningResponse& response,
+    std::string* cert, std::string* wrapped_key) {
  // Extracts signed response from JSON string, decodes base64 signed response
  const std::string kMessageStart = "\"signedResponse\": \"";
  const std::string kMessageEnd = "\"";
@@ -255,7 +264,7 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
    LOGE("HandleProvisioningResponse: failed to init DeviceFiles");
    return UNKNOWN_ERROR;
  }
-  if (!handle.StoreCertificate(device_certificate, wrapped_rsa_key)) {
+  if (!handle.StoreCertificate(origin, device_certificate, wrapped_rsa_key)) {
    LOGE("HandleProvisioningResponse: failed to save provisioning certificate");
    return UNKNOWN_ERROR;
  }