Allow a service certificate to be specified for provisioning

[ Merge of http://go/wvgerrit/48400 ]

Client identification information has recently been enabled in
provisioning messages. For privacy concerns this information
is being encrypted with a default service certificate.
Apps need to be able to override the default one to allow
for provisioning with third party provisioning services.

Bug: 78420508
Test: WV unit, integration tests
      New WvCdmRequestLicenseTest.ProvisioningTestWithServiceCertificate test
      GTS MediaDrmTestCases

Change-Id: Iee61ad47d33ce011efbea4eb90f7e4b1f032d15f

libwvdrmengine/cdm/core/test/cdm_engine_test.cpp

@@ -193,13 +193,11 @@ class WvCdmEnginePreProvTest : public testing::Test {
     // try to provision. This is needed for testing nonce floods.
     CryptoSession keep_alive(cdm_engine_.GetMetrics()->GetCryptoMetrics());
 
-    ASSERT_EQ(NO_ERROR, cdm_engine_.SetProvisioningServiceCertificate(
-        g_provisioning_service_certificate));
     CdmResponseType result = NO_ERROR;
     for(int i = 0; i < 2; ++i) {  // Retry once if there is a nonce problem.
       result = cdm_engine_.GetProvisioningRequest(
-          cert_type, cert_authority, &prov_request,
-          &provisioning_server_url);
+          cert_type, cert_authority, g_provisioning_service_certificate,
+          &prov_request, &provisioning_server_url);
       if (result == CERT_PROVISIONING_NONCE_GENERATION_ERROR) {
         LOGW("Woops.  Nonce problem.  Try again?");
         sleep(1);
@@ -295,11 +293,9 @@ class WvCdmEnginePreProvTestUatBinary : public WvCdmEnginePreProvTest {
     CdmCertificateType cert_type = kCertificateWidevine;
     std::string cert_authority;
     std::string cert, wrapped_key;
-    ASSERT_EQ(NO_ERROR, cdm_engine_.SetProvisioningServiceCertificate(
-        g_provisioning_service_certificate));
     ASSERT_EQ(NO_ERROR, cdm_engine_.GetProvisioningRequest(
-        cert_type, cert_authority, &binary_prov_request,
-        &provisioning_server_url));
+        cert_type, cert_authority, g_provisioning_service_certificate,
+        &binary_prov_request, &provisioning_server_url));
 
     // prov_request is binary - base64 encode it
     std::string prov_request(Base64SafeEncodeNoPad(
@@ -508,18 +504,20 @@ class WvCdmEngineTest : public WvCdmEnginePreProvTest {
   std::string server_url_;
 };
 
-// Test that service certificate is initially absent.
-TEST_F(WvCdmEnginePreProvTestStaging,
-       ProvisioningServiceCertificateInitialNoneTest) {
-  ASSERT_FALSE(cdm_engine_.HasProvisioningServiceCertificate());
+// Tests to validate service certificate
+TEST_F(WvCdmEnginePreProvTestUat, ProvisioningServiceCertificateValidTest) {
+  ASSERT_EQ(
+      cdm_engine_.ValidateServiceCertificate(
+          g_provisioning_service_certificate),
+      NO_ERROR);
 };
 
-// Test that service certificate can be properly installed.
-TEST_F(WvCdmEnginePreProvTestStaging, ProvisioningServiceCertificateGoodTest) {
-  ASSERT_EQ(cdm_engine_.SetProvisioningServiceCertificate(
-      g_license_service_certificate),
-      NO_ERROR);
-  ASSERT_TRUE(cdm_engine_.HasProvisioningServiceCertificate());
+TEST_F(WvCdmEnginePreProvTestUat, ProvisioningServiceCertificateInvalidTest) {
+  std::string certificate = g_provisioning_service_certificate;
+  // Add four nulls to the beginning of the cert to invalidate it
+  certificate.insert(0, 4, 0);
+
+  ASSERT_NE(cdm_engine_.ValidateServiceCertificate(certificate), NO_ERROR);
 };
 
 // Test that provisioning works, even if device is already provisioned.