widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

resolved conflicts for merge of 3db90f54 to master

Browse Source 
Change-Id: Ie9e46292e003fefce9ca44a31cb338a0ecf51930
This commit is contained in:
Jeff Tinker
2014-04-01 16:32:36 -07:00
parent c3444dc9e9 3db90f54c1
commit 965cedd5ee
26 changed files with 874 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
libwvdrmengine/cdm/core/src/cdm_engine.cpp
View File

@@ -434,6 +434,8 @@ CdmResponseType CdmEngine::QueryKeyControlInfo(
* Returns NO_ERROR for success and UNKNOWN_ERROR if fails.
*/
CdmResponseType CdmEngine::GetProvisioningRequest(
CdmCertificateType cert_type,
const std::string& cert_authority,
CdmProvisioningRequest* request,
std::string* default_url) {
if (!request || !default_url) {
@@ -442,6 +444,8 @@ CdmResponseType CdmEngine::GetProvisioningRequest(
}
return cert_provisioning_.GetProvisioningRequest(
cert_provisioning_requested_security_level_,
cert_type,
cert_authority,
request,
default_url);
}
@@ -454,12 +458,25 @@ CdmResponseType CdmEngine::GetProvisioningRequest(
* Returns NO_ERROR for success and UNKNOWN_ERROR if fails.
*/
CdmResponseType CdmEngine::HandleProvisioningResponse(
CdmProvisioningResponse& response) {
CdmProvisioningResponse& response,
std::string* cert,
std::string* wrapped_key) {
if (response.empty()) {
LOGE("CdmEngine::HandleProvisioningResponse: Empty provisioning response.");
return UNKNOWN_ERROR;
}
return cert_provisioning_.HandleProvisioningResponse(response);
if (NULL == cert) {
LOGE("CdmEngine::HandleProvisioningResponse: invalid certificate "
"destination");
return UNKNOWN_ERROR;
}
if (NULL == wrapped_key) {
LOGE("CdmEngine::HandleProvisioningResponse: invalid wrapped key "
"destination");
return UNKNOWN_ERROR;
}
return cert_provisioning_.HandleProvisioningResponse(response, cert,
wrapped_key);
}
CdmResponseType CdmEngine::GetSecureStops(

32
libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
View File

@@ -6,6 +6,7 @@
#include "license_protocol.pb.h"
#include "log.h"
#include "string_conversions.h"
#include "wv_cdm_constants.h"
namespace {
const std::string kDefaultProvisioningServerUrl =
@@ -17,6 +18,7 @@ const std::string kDefaultProvisioningServerUrl =
namespace wvcdm {
// Protobuf generated classes.
using video_widevine_server::sdk::ClientIdentification;
using video_widevine_server::sdk::ProvisioningOptions;
using video_widevine_server::sdk::ProvisioningRequest;
using video_widevine_server::sdk::ProvisioningResponse;
using video_widevine_server::sdk::SignedProvisioningMessage;
@@ -54,6 +56,8 @@ void CertificateProvisioning::ComposeJsonRequestAsQueryString(
*/
CdmResponseType CertificateProvisioning::GetProvisioningRequest(
SecurityLevel requested_security_level,
CdmCertificateType cert_type,
const std::string& cert_authority,
CdmProvisioningRequest* request,
std::string* default_url) {
default_url->assign(kDefaultProvisioningServerUrl);
@@ -86,6 +90,24 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequest(
std::string the_nonce(reinterpret_cast<char*>(&nonce), sizeof(nonce));
provisioning_request.set_nonce(the_nonce);
ProvisioningOptions* options = provisioning_request.mutable_options();
switch (cert_type) {
case kCertificateWidevine:
options->set_certificate_type(
video_widevine_server::sdk::ProvisioningOptions_CertificateType_RSA_WIDEVINE);
break;
case kCertificateX509:
options->set_certificate_type(
video_widevine_server::sdk::ProvisioningOptions_CertificateType_X509);
break;
default:
LOGE("GetProvisioningRequest: unknown certificate type %ld", cert_type);
return UNKNOWN_ERROR;
}
cert_type_ = cert_type;
options->set_certificate_authority(cert_authority);
std::string serialized_message;
provisioning_request.SerializeToString(&serialized_message);
@@ -155,7 +177,9 @@ bool CertificateProvisioning::ParseJsonResponse(
* Returns NO_ERROR for success and UNKNOWN_ERROR if fails.
*/
CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
CdmProvisioningResponse& response) {
CdmProvisioningResponse& response,
std::string* cert,
std::string* wrapped_key) {
// Extracts signed response from JSON string, decodes base64 signed response
const std::string kMessageStart = "\"signedResponse\": \"";
@@ -220,6 +244,12 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
crypto_session_.Close();
if (cert_type_ == kCertificateX509) {
*cert = provisioning_response.device_certificate();
*wrapped_key = wrapped_rsa_key;
return NO_ERROR;
}
const std::string& device_certificate =
provisioning_response.device_certificate();

23
libwvdrmengine/cdm/core/src/license_protocol.proto
View File

@@ -292,15 +292,38 @@ message SessionState {
// Public protocol buffer definitions for Widevine Device Certificate
// Provisioning protocol.
// PROPOSED message for customizing provisioning request.
// This could support requesting specificy types of certificates.
// E.g. Cast X.509 certs.
message ProvisioningOptions {
// PROPOSED enum identifying the certificate type.
enum CertificateType {
RSA_WIDEVINE = 0; // Default. The original certificate type.
X509 = 1; // X.509 certificate.
}
optional CertificateType certificate_type = 1;
// OPEN QUESTION: How does the client specify the cert root authority?
// Should this be the cert authority's domain? E.g. foo.com?
optional string certificate_authority = 2;
}
// Provisioning request sent by client devices to provisioning service.
message ProvisioningRequest {
// Device root of trust and other client identification. Required.
optional ClientIdentification client_id = 1;
// Nonce value used to prevent replay attacks. Required.
optional bytes nonce = 2;
// Options for type of certificate to generate. Optional.
optional ProvisioningOptions options = 3;
}
// Provisioning response sent by the provisioning server to client devices.
//
// PROPOSAL: The contents of this message vary depending upon the value of
// CertificateType in options. TODO(blueeyes): Determine the right way to
// transfer X.509 certs.
message ProvisioningResponse {
// AES-128 encrypted device private RSA key. PKCS#1 ASN.1 DER-encoded.
// Required.