Consolidate provisioning related protobuf parsing

[ Merge of http://go/wvgerrit/87905 ] Protobuf parsing of the provisioning message has been centralized in certificate_provisioning.cpp since it will be invoked from multiple locations. This will also ease maintainability of the code. Bug: 142731300 Test: android unit/integration tests Change-Id: Idebf6b0145b317698559cac1cf18a3a0b98315ad
2019-10-16 16:30:30 -07:00
parent 3cfd0ae668
commit 8769e12b01
4 changed files with 82 additions and 60 deletions
--- a/libwvdrmengine/cdm/core/include/certificate_provisioning.h
+++ b/libwvdrmengine/cdm/core/include/certificate_provisioning.h
@@ -48,6 +48,19 @@ class CertificateProvisioning {
      FileSystem* file_system, const CdmProvisioningResponse& response,
      std::string* cert, std::string* wrapped_key);

+  // Helper methods
+
+  // Extract serial number and system ID from a DRM Device certificate.
+  // Either |serial_number| or |system_id| may be null, but not both.
+  static bool ExtractDeviceInfo(const std::string& device_certificate,
+                                std::string* serial_number,
+                                uint32_t* system_id);
+
+  // Removes json wrapping if applicable to extract the
+  // SignedProvisioningMessage
+  static bool ExtractAndDecodeSignedMessageForTesting(
+      const std::string& provisioning_response, std::string* result);
+
 private:
  CdmResponseType SetSpoidParameter(
      const std::string& origin, const std::string& spoid,
--- a/libwvdrmengine/cdm/core/include/device_files.h
+++ b/libwvdrmengine/cdm/core/include/device_files.h
@@ -15,7 +15,7 @@
 #include "wv_cdm_types.h"

 #if defined(UNIT_TEST)
-#include <gtest/gtest_prod.h>
+#  include <gtest/gtest_prod.h>
 #endif

 namespace wvcdm {
@@ -218,10 +218,6 @@ class DeviceFiles {
  virtual bool DeleteUsageTableInfo();

 private:
-  // Extract serial number and system ID from DRM Device certificate
-  bool ExtractDeviceInfo(const std::string& device_certificate,
-                         std::string* serial_number, uint32_t* system_id);
-
  // Helpers that wrap the File interface and automatically handle hashing, as
  // well as adding the device files base path to to the file name.
  ResponseType StoreFileWithHash(const std::string& name,
--- a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
+++ b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
@@ -58,43 +58,50 @@ const std::string kCpProductionServiceCertificate = wvcdm::a2bs_hex(
 *
 * If an error occurs during the parse or the decode, return an empty string.
 */
-void ExtractAndDecodeSignedMessage(const std::string& provisioning_response,
+bool ExtractAndDecodeSignedMessage(const std::string& provisioning_response,
                                   std::string* result) {
  const std::string json_start_substr("\"signedResponse\": \"");
  const std::string json_end_substr("\"");
  std::string message_string;

+  if (result == nullptr) {
+    LOGE("Output parameter |result| is not provided");
+    return false;
+  }
+
  size_t start = provisioning_response.find(json_start_substr);

  if (start == provisioning_response.npos) {
    // Message is not properly wrapped - reject it.
    LOGE("Cannot locate start substring");
    result->clear();
-    return;
-  } else {
-    // Appears to be JSON-wrapped protobuf - find end of protobuf portion.
-    size_t end = provisioning_response.find(json_end_substr,
-                                            start + json_start_substr.length());
-    if (end == provisioning_response.npos) {
-      LOGE("Cannot locate end substring");
-      result->clear();
-      return;
-    }
-    size_t b64_string_size = end - start - json_start_substr.length();
-    message_string.assign(provisioning_response,
-                          start + json_start_substr.length(), b64_string_size);
+    return false;
  }

+  // Appears to be JSON-wrapped protobuf - find end of protobuf portion.
+  const size_t end = provisioning_response.find(
+      json_end_substr, start + json_start_substr.length());
+  if (end == provisioning_response.npos) {
+    LOGE("Cannot locate end substring");
+    result->clear();
+    return false;
+  }
+
+  size_t b64_string_size = end - start - json_start_substr.length();
+  message_string.assign(provisioning_response,
+                        start + json_start_substr.length(), b64_string_size);
+
  if (message_string.empty()) {
    LOGE("CDM provisioning response is empty");
    result->clear();
-    return;
+    return false;
  }

  // Decode the base64-encoded message.
  const std::vector<uint8_t> decoded_message =
      wvcdm::Base64SafeDecode(message_string);
  result->assign(decoded_message.begin(), decoded_message.end());
+  return true;
 }

 }  // namespace
@@ -103,10 +110,12 @@ namespace wvcdm {
 // Protobuf generated classes.
 using video_widevine::ClientIdentification_ClientCapabilities;
 using video_widevine::ClientIdentification_NameValue;
+using video_widevine::DrmDeviceCertificate;
 using video_widevine::EncryptedClientIdentification;
 using video_widevine::ProvisioningOptions;
 using video_widevine::ProvisioningRequest;
 using video_widevine::ProvisioningResponse;
+using video_widevine::SignedDrmDeviceCertificate;
 using video_widevine::SignedProvisioningMessage;

 CdmResponseType CertificateProvisioning::Init(
@@ -317,8 +326,8 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
  } else {
    // The response is base64 encoded in a JSON wrapper.
    // Extract it and decode it. On error return an empty string.
-    ExtractAndDecodeSignedMessage(response_message, &response);
-    if (response.empty()) {
+    bool result = ExtractAndDecodeSignedMessage(response_message, &response);
+    if (!result || response.empty()) {
      LOGE("Provisioning response message is an invalid JSON/base64 string");
      return CERT_PROVISIONING_RESPONSE_ERROR_1;
    }
@@ -418,4 +427,43 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
  return NO_ERROR;
 }

+// Static
+bool CertificateProvisioning::ExtractAndDecodeSignedMessageForTesting(
+    const std::string& provisioning_response, std::string* result) {
+  return ExtractAndDecodeSignedMessage(provisioning_response, result);
+}
+
+bool CertificateProvisioning::ExtractDeviceInfo(
+    const std::string& device_certificate, std::string* serial_number,
+    uint32_t* system_id) {
+  LOGV("Extracting device info");
+  if (serial_number == nullptr && system_id == nullptr) {
+    LOGE("Output parameters |serial_number| and |system_id| not provided");
+    return false;
+  }
+
+  // Get serial number and system ID from certificate
+  SignedDrmDeviceCertificate signed_drm_device_certificate;
+  if (!signed_drm_device_certificate.ParseFromString(device_certificate) ||
+      !signed_drm_device_certificate.has_drm_certificate()) {
+    LOGE("Failed to parse signed DRM device certificate");
+    return false;
+  }
+  DrmDeviceCertificate drm_device_certificate;
+  if (!drm_device_certificate.ParseFromString(
+          signed_drm_device_certificate.drm_certificate()) ||
+      (drm_device_certificate.type() !=
+       video_widevine::DrmDeviceCertificate::DRM_USER_DEVICE)) {
+    LOGE("Failed to parse DRM device certificate message");
+    return false;
+  }
+  if (serial_number != nullptr) {
+    *serial_number = drm_device_certificate.serial_number();
+  }
+  if (system_id != nullptr) {
+    *system_id = drm_device_certificate.system_id();
+  }
+  return true;
+}
+
 }  // namespace wvcdm
--- a/libwvdrmengine/cdm/core/src/device_files.cpp
+++ b/libwvdrmengine/cdm/core/src/device_files.cpp
@@ -8,6 +8,7 @@

 #include <string>

+#include "certificate_provisioning.h"
 #include "file_store.h"
 #include "license_protocol.pb.h"
 #include "log.h"
@@ -37,9 +38,6 @@ using video_widevine_client::sdk::
 using video_widevine_client::sdk::
    UsageTableInfo_UsageEntryInfo_UsageEntryStorage_USAGE_INFO;

-using video_widevine::DrmDeviceCertificate;
-using video_widevine::SignedDrmDeviceCertificate;
-
 // Stringify turns macro arguments into static C strings.
 //   Example: STRINGIFY(this_argument) -> "this_argument"
 #define STRINGIFY(PARAM...) #PARAM
@@ -164,41 +162,8 @@ bool DeviceFiles::RetrieveCertificate(std::string* certificate,
  DeviceCertificate device_certificate = file.device_certificate();
  *certificate = device_certificate.certificate();
  *wrapped_private_key = device_certificate.wrapped_private_key();
-  return ExtractDeviceInfo(device_certificate.certificate(), serial_number,
-                           system_id);
-}
-
-bool DeviceFiles::ExtractDeviceInfo(const std::string& device_certificate,
-                                    std::string* serial_number,
-                                    uint32_t* system_id) {
-  LOGV("Extracting device info");
-  if (serial_number == nullptr && system_id == nullptr) {
-    LOGE("Output parameters |serial_number| and |system_id| not provided");
-    return false;
-  }
-
-  // Get serial number and system ID from certificate
-  SignedDrmDeviceCertificate signed_drm_device_certificate;
-  if (!signed_drm_device_certificate.ParseFromString(device_certificate) ||
-      !signed_drm_device_certificate.has_drm_certificate()) {
-    LOGE("Failed to parse signed DRM device certificate");
-    return false;
-  }
-  DrmDeviceCertificate drm_device_certificate;
-  if (!drm_device_certificate.ParseFromString(
-          signed_drm_device_certificate.drm_certificate()) ||
-      (drm_device_certificate.type() !=
-       video_widevine::DrmDeviceCertificate::DRM_USER_DEVICE)) {
-    LOGE("Failed to parse DRM device certificate message");
-    return false;
-  }
-  if (serial_number != nullptr) {
-    *serial_number = drm_device_certificate.serial_number();
-  }
-  if (system_id != nullptr) {
-    *system_id = drm_device_certificate.system_id();
-  }
-  return true;
+  return CertificateProvisioning::ExtractDeviceInfo(
+      device_certificate.certificate(), serial_number, system_id);
 }

 bool DeviceFiles::HasCertificate() {