Accept signed service certificates

[ Merge of http://go/wvgerrit/14410 ] When specifying a service certificate though mediaDrm, the CDM earlier expected serialized service certificates rather than signed ones. b/21334970 Change-Id: I39af2aa25e8dc2a651cbdce84eb32f266b5b3382
2015-05-26 10:33:50 -07:00
parent 3cdc43caeb
commit 997ea4f447
3 changed files with 50 additions and 28 deletions
--- a/libwvdrmengine/cdm/core/src/license.cpp
+++ b/libwvdrmengine/cdm/core/src/license.cpp
@@ -441,8 +441,11 @@ CdmResponseType CdmLicense::HandleKeyResponse(
  switch (signed_response.type()) {
    case SignedMessage::LICENSE:
      break;
-    case SignedMessage::SERVICE_CERTIFICATE:
-      return CdmLicense::HandleServiceCertificateResponse(signed_response);
+    case SignedMessage::SERVICE_CERTIFICATE: {
+      CdmResponseType status = CdmLicense::VerifySignedServiceCertificate(
+          signed_response.msg(), &service_certificate_);
+      return status == NO_ERROR ? NEED_KEY : status;
+    }
    case SignedMessage::ERROR_RESPONSE:
      return HandleKeyErrorResponse(signed_response);
    default:
@@ -549,8 +552,11 @@ CdmResponseType CdmLicense::HandleKeyUpdateResponse(
  switch (signed_response.type()) {
    case SignedMessage::LICENSE:
      break;
-    case SignedMessage::SERVICE_CERTIFICATE:
-      return CdmLicense::HandleServiceCertificateResponse(signed_response);
+    case SignedMessage::SERVICE_CERTIFICATE: {
+      CdmResponseType status = CdmLicense::VerifySignedServiceCertificate(
+          signed_response.msg(), &service_certificate_);
+      return status == NO_ERROR ? NEED_KEY : status;
+    }
    case SignedMessage::ERROR_RESPONSE:
      return HandleKeyErrorResponse(signed_response);
    default:
@@ -803,12 +809,12 @@ bool CdmLicense::PrepareServiceCertificateRequest(CdmKeyMessage* signed_request,
  return true;
 }

-CdmResponseType CdmLicense::HandleServiceCertificateResponse(
-    const video_widevine_server::sdk::SignedMessage& signed_response) {
+CdmResponseType CdmLicense::VerifySignedServiceCertificate(
+    const std::string& signed_certificate, std::string* certificate) {
  SignedDeviceCertificate signed_service_certificate;
-  if (!signed_service_certificate.ParseFromString(signed_response.msg())) {
+  if (!signed_service_certificate.ParseFromString(signed_certificate)) {
    LOGE(
-        "CdmLicense::HandleServiceCertificateResponse: unable to parse"
+        "CdmLicense::VerifySignedServiceCertificate: unable to parse"
        "signed device certificate");
    return DEVICE_CERTIFICATE_ERROR_1;
  }
@@ -819,7 +825,7 @@ CdmResponseType CdmLicense::HandleServiceCertificateResponse(
      &kServiceCertificateCAPublicKey[sizeof(kServiceCertificateCAPublicKey)]);
  if (!root_ca_key.Init(ca_public_key)) {
    LOGE(
-        "CdmLicense::HandleServiceCertificateResponse: public key "
+        "CdmLicense::VerifySignedServiceCertificate: public key "
        "initialization failed");
    return DEVICE_CERTIFICATE_ERROR_2;
  }
@@ -828,7 +834,7 @@ CdmResponseType CdmLicense::HandleServiceCertificateResponse(
          signed_service_certificate.device_certificate(),
          signed_service_certificate.signature())) {
    LOGE(
-        "CdmLicense::HandleServiceCertificateResponse: service "
+        "CdmLicense::VerifySignedServiceCertificate: service "
        "certificate verification failed");
    return DEVICE_CERTIFICATE_ERROR_3;
  }
@@ -837,7 +843,7 @@ CdmResponseType CdmLicense::HandleServiceCertificateResponse(
  if (!service_certificate.ParseFromString(
          signed_service_certificate.device_certificate())) {
    LOGE(
-        "CdmLicense::HandleServiceCertificateResponse: unable to parse "
+        "CdmLicense::VerifySignedServiceCertificate: unable to parse "
        "retrieved service certificate");
    return DEVICE_CERTIFICATE_ERROR_4;
  }
@@ -845,14 +851,14 @@ CdmResponseType CdmLicense::HandleServiceCertificateResponse(
  if (service_certificate.type() !=
      video_widevine_server::sdk::DeviceCertificate_CertificateType_SERVICE) {
    LOGE(
-        "CdmLicense::HandleServiceCertificateResponse: certificate not of type"
+        "CdmLicense::VerifySignedServiceCertificate: certificate not of type"
        " service, %d",
        service_certificate.type());
    return INVALID_DEVICE_CERTIFICATE_TYPE;
  }

-  service_certificate_ = signed_service_certificate.device_certificate();
-  return NEED_KEY;
+  *certificate = signed_service_certificate.device_certificate();
+  return NO_ERROR;
 }

 CdmResponseType CdmLicense::HandleKeyErrorResponse(
@@ -1045,9 +1051,14 @@ CdmResponseType CdmLicense::PrepareClientId(

 bool CdmLicense::GetServiceCertificate(const CdmSessionId& session_id,
                                       std::string* service_certificate) {
-  if (!Properties::GetServiceCertificate(session_id, service_certificate) ||
-      service_certificate->empty())
+  std::string signed_service_certificate;
+  if (!Properties::GetServiceCertificate(session_id,
+                                         &signed_service_certificate) ||
+      signed_service_certificate.empty() ||
+      NO_ERROR != VerifySignedServiceCertificate(signed_service_certificate,
+                                                 service_certificate)) {
    *service_certificate = service_certificate_;
+  }

  if (service_certificate->size() > 0) return true;
  return false;