Use license.widevine.com cert for provisioning server
Merge from Widevine repo of http://go/wvgerrit/44505 This CL changes the certificate provisioning code to verify the provisioning message using a cert from license.widevine.com instead of the staging certificate. It also adjusts the certificates in config_test_env.cpp because the license and provisioning servers are different and may probably have different certs. bug: 73031756 test: unit tests with mock oemcrypto, and read oemcrypto on sailfish Change-Id: I4b457a369a49ef07bda9e5632ab59e5f621ec966
This commit is contained in:
Fred Gylys-Colwell
@@ -21,32 +21,29 @@ const std::string kProvisioningServerUrl =
|
||||
"certificateprovisioning/v1/devicecertificates/create"
|
||||
"?key=AIzaSyB-5OLKTx2iU5mko18DfdwK5611JIjbUhE";
|
||||
|
||||
// NOTE: Provider ID = staging.google.com
|
||||
// TODO(b/69133499): update to new default cert.
|
||||
// NOTE: Provider ID = license.widevine.com
|
||||
const std::string kCpProductionServiceCertificate = wvcdm::a2bs_hex(
|
||||
"0ABF020803121028703454C008F63618ADE7443DB6C4C8188BE7F9900522"
|
||||
"8E023082010A0282010100B52112B8D05D023FCC5D95E2C251C1C649B417"
|
||||
"7CD8D2BEEF355BB06743DE661E3D2ABC3182B79946D55FDC08DFE9540781"
|
||||
"5E9A6274B322A2C7F5E067BB5F0AC07A89D45AEA94B2516F075B66EF811D"
|
||||
"0D26E1B9A6B894F2B9857962AA171C4F66630D3E4C602718897F5E1EF9B6"
|
||||
"AAF5AD4DBA2A7E14176DF134A1D3185B5A218AC05A4C41F081EFFF80A3A0"
|
||||
"40C50B09BBC740EEDCD8F14D675A91980F92CA7DDC646A06ADAD5101F74A"
|
||||
"0E498CC01F00532BAC217850BD905E90923656B7DFEFEF42486767F33EF6"
|
||||
"283D4F4254AB72589390BEE55808F1D668080D45D893C2BCA2F74D60A0C0"
|
||||
"D0A0993CEF01604703334C3638139486BC9DAF24FD67A07F9AD943020301"
|
||||
"00013A1273746167696E672E676F6F676C652E636F6D128003983E303526"
|
||||
"75F40BA715FC249BDAE5D4AC7249A2666521E43655739529721FF880E0AA"
|
||||
"EFC5E27BC980DAEADABF3FC386D084A02C82537848CC753FF497B011A7DA"
|
||||
"97788A00E2AA6B84CD7D71C07A48EBF61602CCA5A3F32030A7295C30DA91"
|
||||
"5B91DC18B9BC9593B8DE8BB50F0DEDC12938B8E9E039CDDE18FA82E81BB0"
|
||||
"32630FE955D85A566CE154300BF6D4C1BD126966356B287D657B18CE63D0"
|
||||
"EFD45FC5269E97EAB11CB563E55643B26FF49F109C2101AFCAF35B832F28"
|
||||
"8F0D9D45960E259E85FB5D24DBD2CF82764C5DD9BF727EFBE9C861F86932"
|
||||
"1F6ADE18905F4D92F9A6DA6536DB8475871D168E870BB2303CF70C6E9784"
|
||||
"C93D2DE845AD8262BE7E0D4E2E4A0759CEF82D109D2592C72429F8C01742"
|
||||
"BAE2B3DECADBC33C3E5F4BAF5E16ECB74EADBAFCB7C6705F7A9E3B6F3940"
|
||||
"383F9C5116D202A20C9229EE969C2519718303B50D0130C3352E06B014D8"
|
||||
"38540F8A0C227C0011E0F5B38E4E298ED2CB301EB4564965F55C5D79757A"
|
||||
"250A4EB9C84AB3E6539F6B6FDF56899EA29914");
|
||||
"0ac102080312101705b917cc1204868b06333a2f772a8c1882b4829205228e023082010a02"
|
||||
"8201010099ed5b3b327dab5e24efc3b62a95b598520ad5bccb37503e0645b814d876b8df40"
|
||||
"510441ad8ce3adb11bb88c4e725a5e4a9e0795291d58584023a7e1af0e38a9127939300861"
|
||||
"0b6f158c878c7e21bffbfeea77e1019e1e5781e8a45f46263d14e60e8058a8607adce04fac"
|
||||
"8457b137a8d67ccdeb33705d983a21fb4eecbd4a10ca47490ca47eaa5d438218ddbaf1cade"
|
||||
"3392f13d6ffb6442fd31e1bf40b0c604d1c4ba4c9520a4bf97eebd60929afceef55bbaf564"
|
||||
"e2d0e76cd7c55c73a082b996120b8359edce24707082680d6f67c6d82c4ac5f3134490a74e"
|
||||
"ec37af4b2f010c59e82843e2582f0b6b9f5db0fc5e6edf64fbd308b4711bcf1250019c9f5a"
|
||||
"0902030100013a146c6963656e73652e7769646576696e652e636f6d128003ae347314b5a8"
|
||||
"35297f271388fb7bb8cb5277d249823cddd1da30b93339511eb3ccbdea04b944b927c12134"
|
||||
"6efdbdeac9d413917e6ec176a10438460a503bc1952b9ba4e4ce0fc4bfc20a9808aaaf4bfc"
|
||||
"d19c1dcfcdf574ccac28d1b410416cf9de8804301cbdb334cafcd0d40978423a642e54613d"
|
||||
"f0afcf96ca4a9249d855e42b3a703ef1767f6a9bd36d6bf82be76bbf0cba4fde59d2abcc76"
|
||||
"feb64247b85c431fbca52266b619fc36979543fca9cbbdbbfafa0e1a55e755a3c7bce655f9"
|
||||
"646f582ab9cf70aa08b979f867f63a0b2b7fdb362c5bc4ecd555d85bcaa9c593c383c857d4"
|
||||
"9daab77e40b7851ddfd24998808e35b258e75d78eac0ca16f7047304c20d93ede4e8ff1c6f"
|
||||
"17e6243e3f3da8fc1709870ec45fba823a263f0cefa1f7093b1909928326333705043a29bd"
|
||||
"a6f9b4342cc8df543cb1a1182f7c5fff33f10490faca5b25360b76015e9c5a06ab8ee02f00"
|
||||
"d2e8d5986104aacc4dd475fd96ee9ce4e326f21b83c7058577b38732cddabc6a6bed13fb0d"
|
||||
"49d38a45eb87a5f4");
|
||||
|
||||
/*
|
||||
* Provisioning response is a base64-encoded protobuf, optionally within a
|
||||
@@ -356,6 +353,7 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
|
||||
if (crypto_session_.GetPreProvisionTokenType() == kClientTokenOemCert) {
|
||||
if (service_certificate_->VerifySignedMessage(signed_message, signature)
|
||||
!= NO_ERROR) {
|
||||
// TODO(b/69562876): if the cert is bad, request a new one.
|
||||
LOGE("HandleProvisioningResponse: message not properly signed");
|
||||
return CERT_PROVISIONING_RESPONSE_ERROR_6;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user