Support Per-Origin Provisioning

This is a merge of several Widevine-side commits that, cumulatively, allow callers to specify an origin to be used to isolate data storage as specified in the W3C Encrypted Media Extension specification. Separate origins have separate certificates, and consequently cannot share device identifiers with each other. The changes included in this are: Add Ability to Check for Existing Certificates http://go/wvgerrit/13974 Add Ability to Remove the Certificate http://go/wvgerrit/13975 Make CDM Origin-Aware http://go/wvgerrit/13977 Add Per-Origin Storage to Widevine CDM on Android http://go/wvgerrit/14026 Remove Automatic Origin Generation http://go/wvgerrit/14031 Bug: 19771858 Change-Id: I6a01c705d9b6b4887a9c7e6ff4399a125f781569
2015-04-09 19:02:31 -07:00
parent 786bbba499
commit 59811eed57
19 changed files with 627 additions and 313 deletions
--- a/libwvdrmengine/cdm/core/src/device_files.cpp
+++ b/libwvdrmengine/cdm/core/src/device_files.cpp
@@ -10,6 +10,7 @@
 #include "log.h"
 #include "properties.h"
 #include "string_conversions.h"
+#include "wv_cdm_constants.h"

 #if defined(__APPLE__)
 #include <CommonCrypto/CommonDigest.h>
@@ -31,7 +32,8 @@ using video_widevine_client::sdk::UsageInfo_ProviderSession;

 namespace {

-const char kCertificateFileName[] = "cert.bin";
+const char kCertificateFileNamePrefix[] = "cert";
+const char kCertificateFileNameExt[] = ".bin";
 const char kUsageInfoFileNamePrefix[] = "usage";
 const char kUsageInfoFileNameExt[] = ".bin";
 const char kLicenseFileNameExt[] = ".lic";
@@ -86,7 +88,8 @@ bool DeviceFiles::Init(CdmSecurityLevel security_level) {
  return true;
 }

-bool DeviceFiles::StoreCertificate(const std::string& certificate,
+bool DeviceFiles::StoreCertificate(const std::string& origin,
+                                   const std::string& certificate,
                                   const std::string& wrapped_private_key) {
  if (!initialized_) {
    LOGW("DeviceFiles::StoreCertificate: not initialized");
@@ -106,10 +109,11 @@ bool DeviceFiles::StoreCertificate(const std::string& certificate,
  std::string serialized_file;
  file.SerializeToString(&serialized_file);

-  return StoreFileWithHash(kCertificateFileName, serialized_file);
+  return StoreFileWithHash(GetCertificateFileName(origin), serialized_file);
 }

-bool DeviceFiles::RetrieveCertificate(std::string* certificate,
+bool DeviceFiles::RetrieveCertificate(const std::string& origin,
+                                      std::string* certificate,
                                      std::string* wrapped_private_key) {
  if (!initialized_) {
    LOGW("DeviceFiles::RetrieveCertificate: not initialized");
@@ -121,7 +125,9 @@ bool DeviceFiles::RetrieveCertificate(std::string* certificate,
  }

  std::string serialized_file;
-  if (!RetrieveHashedFile(kCertificateFileName, &serialized_file)) return false;
+  if (!RetrieveHashedFile(GetCertificateFileName(origin), &serialized_file)) {
+    return false;
+  }

  video_widevine_client::sdk::File file;
  if (!file.ParseFromString(serialized_file)) {
@@ -151,6 +157,24 @@ bool DeviceFiles::RetrieveCertificate(std::string* certificate,
  return true;
 }

+bool DeviceFiles::HasCertificate(const std::string& origin) {
+  if (!initialized_) {
+    LOGW("DeviceFiles::HasCertificate: not initialized");
+    return false;
+  }
+
+  return FileExists(GetCertificateFileName(origin));
+}
+
+bool DeviceFiles::RemoveCertificate(const std::string& origin) {
+  if (!initialized_) {
+    LOGW("DeviceFiles::RemoveCertificate: not initialized");
+    return false;
+  }
+
+  return RemoveFile(GetCertificateFileName(origin));
+}
+
 bool DeviceFiles::StoreLicense(const std::string& key_set_id,
                               const LicenseState state,
                               const CdmInitData& pssh_data,
@@ -749,8 +773,12 @@ void DeviceFiles::SecurityLevelPathBackwardCompatibility() {
  }
 }

-std::string DeviceFiles::GetCertificateFileName() {
-  return kCertificateFileName;
+std::string DeviceFiles::GetCertificateFileName(const std::string& origin) {
+  std::string hash;
+  if (origin != EMPTY_ORIGIN) {
+    hash = GetFileNameSafeHash(origin);
+  }
+  return kCertificateFileNamePrefix + hash + kCertificateFileNameExt;
 }

 std::string DeviceFiles::GetLicenseFileNameExtension() {
@@ -758,20 +786,23 @@ std::string DeviceFiles::GetLicenseFileNameExtension() {
 }

 std::string DeviceFiles::GetUsageInfoFileName(const std::string& app_id) {
-  if (app_id == "") {
-    return std::string(kUsageInfoFileNamePrefix) +
-           std::string(kUsageInfoFileNameExt);
+  std::string hash;
+  if (app_id != "") {
+    hash = GetFileNameSafeHash(app_id);
  }
-  std::vector<uint8_t> hash(MD5_DIGEST_LENGTH);
-  const unsigned char* input =
-      reinterpret_cast<const unsigned char*>(app_id.data());
-  MD5(input, app_id.size(), &hash[0]);
-  return std::string(kUsageInfoFileNamePrefix) + wvcdm::Base64SafeEncode(hash) +
-         std::string(kUsageInfoFileNameExt);
+  return kUsageInfoFileNamePrefix + hash + kUsageInfoFileNameExt;
 }

 std::string DeviceFiles::GetBlankFileData() { return kBlankFileData; }

+std::string DeviceFiles::GetFileNameSafeHash(const std::string& input) {
+  std::vector<uint8_t> hash(MD5_DIGEST_LENGTH);
+  const unsigned char* input_ptr =
+      reinterpret_cast<const unsigned char*>(input.data());
+  MD5(input_ptr, input.size(), &hash[0]);
+  return wvcdm::Base64SafeEncode(hash);
+}
+
 void DeviceFiles::SetTestFile(File* file) {
  file_.reset(file);
  test_file_ = true;