From 151d0b15d39af343e67d9869542c122bd3631f17 Mon Sep 17 00:00:00 2001
From: Rahul Frias <rfrias@google.com>
Date: Wed, 30 Jun 2021 02:47:57 -0700
Subject: [PATCH] Disable expiration for legacy DRM certificates

[ Merge of http://go/wvgerrit/128163 ]

In android S, we added a feature b/169740403 [Limited lifespan DRM
certificates with license preservation]

Due to uncertainties of when the provisioning service will
launch, we are disabling expiration for legacy DRM certificates.
If the feature does not launch in time, existing DRM certificates
will expire and be replaced. Offline licenses associated with these
expired DRM certificates will fail to load.

Expiration of legacy certificates will be reenabled at a later time.
The main portion of feature, the issuing of new DRM certificates with
expiration time will still be supported.

Bug: 192428783
Bug: 169740403
Test: WV unit/integration tests
Change-Id: I1d1184249848f215953a837f369528d3b74c9618
---
 libwvdrmengine/cdm/core/src/device_files.cpp       | 10 ++++++++--
 .../cdm/core/test/device_files_unittest.cpp        | 14 ++++++++++++--
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/libwvdrmengine/cdm/core/src/device_files.cpp b/libwvdrmengine/cdm/core/src/device_files.cpp
index e9925da3..3871af80 100644
--- a/libwvdrmengine/cdm/core/src/device_files.cpp
+++ b/libwvdrmengine/cdm/core/src/device_files.cpp
@@ -96,7 +96,8 @@ const char kUsageInfoFileNameExt[] = ".bin";
 const char kUsageInfoFileNamePrefix[] = "usage";
 const char kUsageTableFileName[] = "usgtable.bin";
 const char kWildcard[] = "*";
-constexpr int64_t kFourMonthsInSeconds = (2 * 30 + 2 * 31) * 24 * 60 * 60;
+// TODO(b/192430982): Renable expiration of legacy DRM certificates
+// constexpr int64_t kFourMonthsInSeconds = (2 * 30 + 2 * 31) * 24 * 60 * 60;
 
 // Helper methods
 bool SetDeviceCertificate(const std::string& certificate,
@@ -427,7 +428,9 @@ bool DeviceFiles::StoreCertificate(const std::string& certificate,
   if (default_certificate) {
     Clock clock;
     device_certificate->set_acquisition_time_seconds(clock.GetCurrentTime());
-  } else {
+  }
+  /* TODO(b/192430982): Renable expiration of legacy DRM certificates
+       else {
     // Since certificates of type kCertificateAtsc are not allowed to be
     // stored, this is a certificate of type kCertificateLegacy.
     // The only time when a legacy certificate is stored is when it does not
@@ -440,6 +443,7 @@ bool DeviceFiles::StoreCertificate(const std::string& certificate,
         current_time + kFourMonthsInSeconds +
         rng.RandomInRange(kFourMonthsInSeconds));
   }
+  */
 
   std::string serialized_file;
   file.SerializeToString(&serialized_file);
@@ -595,6 +599,7 @@ DeviceFiles::CertificateState DeviceFiles::RetrieveCertificate(
     }
 
     case kCertificateLegacy: {
+      /* TODO(b/192430982): Renable expiration of legacy DRM certificates
       // Validation check for DRM certificate without an expiration
       // time set by the provisioning service. Add an expiry time
       // within the next 6 months +/- 2 months, if one has not been set.
@@ -611,6 +616,7 @@ DeviceFiles::CertificateState DeviceFiles::RetrieveCertificate(
       }
 
       if (current_time > expiration_time_seconds) return kCertificateExpired;
+      */
 
       return kCertificateValid;
     }
diff --git a/libwvdrmengine/cdm/core/test/device_files_unittest.cpp b/libwvdrmengine/cdm/core/test/device_files_unittest.cpp
index 39e2865b..2aab53f0 100644
--- a/libwvdrmengine/cdm/core/test/device_files_unittest.cpp
+++ b/libwvdrmengine/cdm/core/test/device_files_unittest.cpp
@@ -1568,8 +1568,10 @@ const CertificateErrorData kRetrieveLegacyCertificateErrorData[] = {
      kTestLegacyCertificateFileDataInvalidClientExpiration},
 };
 
+/* TODO(b/192430982): Renable expiration of legacy DRM certificates
 constexpr size_t kNumberOfLegacyCertificates =
     ArraySize(kRetrieveLegacyCertificateErrorData);
+*/
 
 const CertificateErrorData kRetrieveDefaultCertificateErrorData[] = {
     // Certificate expired
@@ -4020,6 +4022,7 @@ TEST_F(DeviceFilesTest, RetrieveAtscCertificateNotFound) {
                                              &serial_number, &system_id));
 }
 
+/* TODO(b/192430982): Renable expiration of legacy DRM certificates
 TEST_F(DeviceFilesTest, RetrieveLegacyCertificateWithoutExpirationTime) {
   MockFileSystem file_system;
   std::string certificate_file_name;
@@ -4221,6 +4224,7 @@ TEST_F(DeviceFilesTest, RetrieveDefaultCertificate) {
   EXPECT_EQ(kTestWrappedKey, private_key);
   EXPECT_EQ("7CB49F987A635E1E0A52184694582D6E", b2a_hex(serial_number));
 }
+*/
 
 TEST_F(DeviceFilesTest, RetrieveDefaultCertificateNeverExpires) {
   MockFileSystem file_system;
@@ -4331,7 +4335,9 @@ TEST_F(DeviceFilesTest, RetrieveCertificateWithoutKeyType) {
   // Call to Open will return a unique_ptr, freeing this object.
   // The file will be re-written with a new client expiration time
   MockFile* read_file = new MockFile();
+  /* TODO(b/192430982): Renable expiration of legacy DRM certificates
   MockFile* write_file = new MockFile();
+  */
   EXPECT_CALL(file_system, Exists(StrEq(device_legacy_certificate_path)))
       .Times(AtLeast(1))
       .WillRepeatedly(Return(true));
@@ -4341,17 +4347,21 @@ TEST_F(DeviceFilesTest, RetrieveCertificateWithoutKeyType) {
   EXPECT_CALL(file_system, FileSize(StrEq(device_legacy_certificate_path)))
       .WillOnce(Return(data.size()));
   EXPECT_CALL(file_system, DoOpen(StrEq(device_legacy_certificate_path), _))
-      .WillOnce(Return(read_file))
-      .WillOnce(Return(write_file));
+      .WillOnce(Return(read_file));
+  /* TODO(b/192430982): Renable expiration of legacy DRM certificates
+        .WillOnce(Return(write_file));
+  */
   EXPECT_CALL(*read_file, Read(NotNull(), Eq(data.size())))
       .WillOnce(DoAll(SetArrayArgument<0>(data.begin(), data.end()),
                       Return(data.size())));
   EXPECT_CALL(*read_file, Write(_, _)).Times(0);
+  /* TODO(b/192430982): Renable expiration of legacy DRM certificates
   EXPECT_CALL(*write_file, Read(_, _)).Times(0);
   EXPECT_CALL(*write_file, Write(_, _))
       .With(AllArgs(StrAndLenContains(std::vector<std::string>{
           kTestCertificateWithoutExpiration, kTestWrappedKey.key()})))
       .WillOnce(ReturnArg<1>());
+  */
 
   DeviceFiles device_files(&file_system);
   EXPECT_TRUE(device_files.Init(kSecurityLevelL1));