Refactoring to cache service certs and initialization data

* Extend CdmLicense's stored_init_data_

  [ Merge of http://go/wvgerrit/14661 ]

  CdmLicense will store init data when a server cert must be
  provisioned.  After provisioning, the original init data can be used
  to generate the originally-intended license request.

  To do this before, the caller had to call CdmSession's
  GenerateKeyRequest with an empty InitializationData object.  However,
  the init data's type still had to be set, as did the license type.

  This CL allows the caller to use a truly empty InitializationData
  without a type.  To permit this, CdmLicense now stores a full
  InitializationData object, rather than just a copy of it's data field.

  With this CL, the caller also avoid storing the original license type.
  To accomplish this, CdmSession uses the already-set is_offline_ and
  is_release_ flags from the original call to reconstruct the intended
  license type.  The caller uses the new type kLicenseTypeDeferred.

  To facilitate storing whole InitializationData objects, they are now
  copyable.

  This ultimately simplifies server cert code for the new CE CDM.

* Store service certs in Properties

  [ Merge of http://go/wvgerrit/14664 ]

  This allows CE devices to mimic the Chrome CDM's behavior of sharing
  server certs between sessions.

  This also affects Android behavior.  Previously, provisioned service
  certificates were per-session, while explicitly-set service certs
  were per-DRM-plugin.  Now, both are per-DRM-plugin.

  A DRM plugin is associated with a mediaDrm object. Content
  providers will still be able to retrieve and use different
  certificates. The change here requires an app, that wishes to use
  different provisioned service certificates will have to use
  multiple mediaDrm objects. This is an unlikely scenario.

Change-Id: If2586932784ed046ecab72b5720ff30547e84b97

libwvdrmengine/cdm/core/src/license.cpp

@@ -126,13 +126,20 @@ static std::vector<CryptoKey> ExtractContentKeys(const License& license) {
   return key_array;
 }
 
-CdmLicense::CdmLicense()
+CdmLicense::CdmLicense(const CdmSessionId& session_id)
     : session_(NULL),
+      policy_engine_(NULL),
+      session_id_(session_id),
       initialized_(false),
       renew_with_client_id_(false),
       clock_(new Clock()) {}
 
-CdmLicense::CdmLicense(Clock* clock) : session_(NULL), initialized_(false) {
+CdmLicense::CdmLicense(const CdmSessionId& session_id, Clock* clock)
+    : session_(NULL),
+      policy_engine_(NULL),
+      session_id_(session_id),
+      initialized_(false),
+      renew_with_client_id_(false) {
   if (NULL == clock) {
     LOGE("CdmLicense::CdmLicense: clock parameter not provided");
     return;
@@ -144,6 +151,14 @@ CdmLicense::~CdmLicense() {}
 
 bool CdmLicense::Init(const std::string& token, CryptoSession* session,
                       PolicyEngine* policy_engine) {
+  if (clock_.get() == NULL) {
+    LOGE("CdmLicense::Init: clock parameter not provided");
+    return false;
+  }
+  if (session_id_.empty()) {
+    LOGE("CdmLicense::Init: empty session id provided");
+    return false;
+  }
   if (token.size() == 0) {
     LOGE("CdmLicense::Init: empty token provided");
     return false;
@@ -165,25 +180,27 @@ bool CdmLicense::Init(const std::string& token, CryptoSession* session,
 
 CdmResponseType CdmLicense::PrepareKeyRequest(
     const InitializationData& init_data, const CdmLicenseType license_type,
-    const CdmAppParameterMap& app_parameters, const CdmSessionId& session_id,
-    CdmKeyMessage* signed_request, std::string* server_url) {
+    const CdmAppParameterMap& app_parameters, CdmKeyMessage* signed_request,
+    std::string* server_url) {
   if (!initialized_) {
     LOGE("CdmLicense::PrepareKeyRequest: not initialized");
     return LICENSE_PARSER_NOT_INITIALIZED_4;
   }
+  if (init_data.IsEmpty() && stored_init_data_.get()) {
+    InitializationData restored_init_data = *stored_init_data_;
+    stored_init_data_.reset();
+    return PrepareKeyRequest(restored_init_data, license_type, app_parameters,
+                             signed_request, server_url);
+  }
   if (!init_data.is_supported()) {
     LOGE("CdmLicense::PrepareKeyRequest: unsupported init data type (%s)",
          init_data.type().c_str());
     return INVALID_PARAMETERS_LIC_3;
   }
-  if (init_data.IsEmpty() && stored_init_data_.empty()) {
+  if (init_data.IsEmpty()) {
     LOGE("CdmLicense::PrepareKeyRequest: empty init data provided");
     return INVALID_PARAMETERS_LIC_4;
   }
-  if (session_id.empty()) {
-    LOGE("CdmLicense::PrepareKeyRequest: empty session id provided");
-    return INVALID_PARAMETERS_LIC_5;
-  }
   if (!signed_request) {
     LOGE("CdmLicense::PrepareKeyRequest: no signed request provided");
     return INVALID_PARAMETERS_LIC_6;
@@ -194,10 +211,10 @@ CdmResponseType CdmLicense::PrepareKeyRequest(
   }
 
   std::string service_certificate;
-  bool privacy_mode_enabled = Properties::UsePrivacyMode(session_id);
+  bool privacy_mode_enabled = Properties::UsePrivacyMode(session_id_);
   if (privacy_mode_enabled) {
-    if (!GetServiceCertificate(session_id, &service_certificate)) {
-      stored_init_data_ = init_data.data();
+    if (!GetServiceCertificate(&service_certificate)) {
+      stored_init_data_.reset(new InitializationData(init_data));
       return PrepareServiceCertificateRequest(signed_request, server_url)
                  ? KEY_MESSAGE
                  : LICENSE_REQUEST_SERVICE_CERTIFICATE_GENERATION_ERROR;
@@ -223,8 +240,6 @@ CdmResponseType CdmLicense::PrepareKeyRequest(
 
     if (!init_data.IsEmpty()) {
       cenc_content_id->add_pssh(init_data.data());
-    } else if (privacy_mode_enabled && !stored_init_data_.empty()) {
-      cenc_content_id->add_pssh(stored_init_data_);
     } else {
       LOGE("CdmLicense::PrepareKeyRequest: ISO-CENC init data not available");
       return CENC_INIT_DATA_UNAVAILABLE;
@@ -239,8 +254,6 @@ CdmResponseType CdmLicense::PrepareKeyRequest(
 
     if (!init_data.IsEmpty()) {
       webm_content_id->set_header(init_data.data());
-    } else if (privacy_mode_enabled && !stored_init_data_.empty()) {
-      webm_content_id->set_header(stored_init_data_);
     } else {
       LOGE("CdmLicense::PrepareKeyRequest: WebM init data not available");
       return WEBM_INIT_DATA_UNAVAILABLE;
@@ -304,8 +317,7 @@ CdmResponseType CdmLicense::PrepareKeyRequest(
 
 CdmResponseType CdmLicense::PrepareKeyUpdateRequest(
     bool is_renewal, const CdmAppParameterMap& app_parameters,
-    const CdmSessionId& session_id, CdmKeyMessage* signed_request,
-    std::string* server_url) {
+    CdmKeyMessage* signed_request, std::string* server_url) {
   if (!initialized_) {
     LOGE("CdmLicense::PrepareKeyUpdateRequest: not initialized");
     return LICENSE_PARSER_NOT_INITIALIZED_1;
@@ -334,9 +346,9 @@ CdmResponseType CdmLicense::PrepareKeyUpdateRequest(
 
   if (renew_with_client_id_) {
     std::string service_certificate;
-    bool privacy_mode_enabled = Properties::UsePrivacyMode(session_id);
+    bool privacy_mode_enabled = Properties::UsePrivacyMode(session_id_);
     if (privacy_mode_enabled) {
-      if (!GetServiceCertificate(session_id, &service_certificate)) {
+      if (!GetServiceCertificate(&service_certificate)) {
         return PrepareServiceCertificateRequest(signed_request, server_url)
                    ? KEY_MESSAGE
                    : LICENSE_RENEWAL_SERVICE_CERTIFICATE_GENERATION_ERROR;
@@ -447,9 +459,13 @@ CdmResponseType CdmLicense::HandleKeyResponse(
     case SignedMessage::LICENSE:
       break;
     case SignedMessage::SERVICE_CERTIFICATE: {
-      CdmResponseType status = VerifyAndExtractSignedServiceCertificate(
-          signed_response.msg(), &service_certificate_);
-      return status == NO_ERROR ? NEED_KEY : status;
+      CdmResponseType status =
+          VerifySignedServiceCertificate(signed_response.msg());
+      if (status != NO_ERROR) {
+        return status;
+      }
+      Properties::SetServiceCertificate(session_id_, signed_response.msg());
+      return NEED_KEY;
     }
     case SignedMessage::ERROR_RESPONSE:
       return HandleKeyErrorResponse(signed_response);
@@ -558,9 +574,13 @@ CdmResponseType CdmLicense::HandleKeyUpdateResponse(
     case SignedMessage::LICENSE:
       break;
     case SignedMessage::SERVICE_CERTIFICATE: {
-      CdmResponseType status = VerifyAndExtractSignedServiceCertificate(
-          signed_response.msg(), &service_certificate_);
-      return status == NO_ERROR ? NEED_KEY : status;
+      CdmResponseType status =
+          VerifySignedServiceCertificate(signed_response.msg());
+      if (status != NO_ERROR) {
+        return status;
+      }
+      Properties::SetServiceCertificate(session_id_, signed_response.msg());
+      return NEED_KEY;
     }
     case SignedMessage::ERROR_RESPONSE:
       return HandleKeyErrorResponse(signed_response);
@@ -1067,19 +1087,14 @@ CdmResponseType CdmLicense::PrepareClientId(
   return NO_ERROR;
 }
 
-bool CdmLicense::GetServiceCertificate(const CdmSessionId& session_id,
-                                       std::string* service_certificate) {
+bool CdmLicense::GetServiceCertificate(std::string* service_certificate) {
   std::string signed_service_certificate;
-  if (!Properties::GetServiceCertificate(session_id,
-                                         &signed_service_certificate) ||
-      signed_service_certificate.empty() ||
-      NO_ERROR != VerifyAndExtractSignedServiceCertificate(
-                      signed_service_certificate, service_certificate)) {
-    *service_certificate = service_certificate_;
-  }
-
-  if (service_certificate->size() > 0) return true;
-  return false;
+  return Properties::GetServiceCertificate(session_id_,
+                                           &signed_service_certificate) &&
+         !signed_service_certificate.empty() &&
+         NO_ERROR == VerifyAndExtractSignedServiceCertificate(
+                         signed_service_certificate, service_certificate) &&
+         !service_certificate->empty();
 }
 
 template <typename T>