widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Disable expiration for legacy DRM certificates" into sc-dev am: a3657ab200

Browse Source 
Original change: https://googleplex-android-review.googlesource.com/c/platform/vendor/widevine/+/15144680

Change-Id: I5fd3e854098826b368f5a76b91750a3fef07fee0
This commit is contained in:
Rahul Frias
2021-07-01 21:08:53 +00:00
committed by Automerger Merge Worker
parent 38209bedb6 a3657ab200
commit 9fe7626938
2 changed files with 20 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
libwvdrmengine/cdm/core/src/device_files.cpp
View File

@@ -96,7 +96,8 @@ const char kUsageInfoFileNameExt[] = ".bin";
const char kUsageInfoFileNamePrefix[] = "usage"; const char kUsageInfoFileNamePrefix[] = "usage";
const char kUsageTableFileName[] = "usgtable.bin"; const char kUsageTableFileName[] = "usgtable.bin";
const char kWildcard[] = "*"; const char kWildcard[] = "*";
constexpr int64_t kFourMonthsInSeconds = (2 * 30 + 2 * 31) * 24 * 60 * 60; // TODO(b/192430982): Renable expiration of legacy DRM certificates
// constexpr int64_t kFourMonthsInSeconds = (2 * 30 + 2 * 31) * 24 * 60 * 60;
// Helper methods // Helper methods
bool SetDeviceCertificate(const std::string& certificate, bool SetDeviceCertificate(const std::string& certificate,
@@ -427,7 +428,9 @@ bool DeviceFiles::StoreCertificate(const std::string& certificate,
if (default_certificate) { if (default_certificate) {
Clock clock; Clock clock;
device_certificate->set_acquisition_time_seconds(clock.GetCurrentTime()); device_certificate->set_acquisition_time_seconds(clock.GetCurrentTime());
} else { }
/* TODO(b/192430982): Renable expiration of legacy DRM certificates
else {
// Since certificates of type kCertificateAtsc are not allowed to be // Since certificates of type kCertificateAtsc are not allowed to be
// stored, this is a certificate of type kCertificateLegacy. // stored, this is a certificate of type kCertificateLegacy.
// The only time when a legacy certificate is stored is when it does not // The only time when a legacy certificate is stored is when it does not
@@ -440,6 +443,7 @@ bool DeviceFiles::StoreCertificate(const std::string& certificate,
current_time + kFourMonthsInSeconds + current_time + kFourMonthsInSeconds +
rng.RandomInRange(kFourMonthsInSeconds)); rng.RandomInRange(kFourMonthsInSeconds));
} }
*/
std::string serialized_file; std::string serialized_file;
file.SerializeToString(&serialized_file); file.SerializeToString(&serialized_file);
@@ -595,6 +599,7 @@ DeviceFiles::CertificateState DeviceFiles::RetrieveCertificate(
} }
case kCertificateLegacy: { case kCertificateLegacy: {
/* TODO(b/192430982): Renable expiration of legacy DRM certificates
// Validation check for DRM certificate without an expiration // Validation check for DRM certificate without an expiration
// time set by the provisioning service. Add an expiry time // time set by the provisioning service. Add an expiry time
// within the next 6 months +/- 2 months, if one has not been set. // within the next 6 months +/- 2 months, if one has not been set.
@@ -611,6 +616,7 @@ DeviceFiles::CertificateState DeviceFiles::RetrieveCertificate(
} }
if (current_time > expiration_time_seconds) return kCertificateExpired; if (current_time > expiration_time_seconds) return kCertificateExpired;
*/
return kCertificateValid; return kCertificateValid;
} }

14
libwvdrmengine/cdm/core/test/device_files_unittest.cpp
View File

@@ -1568,8 +1568,10 @@ const CertificateErrorData kRetrieveLegacyCertificateErrorData[] = {
kTestLegacyCertificateFileDataInvalidClientExpiration}, kTestLegacyCertificateFileDataInvalidClientExpiration},
}; };
/* TODO(b/192430982): Renable expiration of legacy DRM certificates
constexpr size_t kNumberOfLegacyCertificates = constexpr size_t kNumberOfLegacyCertificates =
ArraySize(kRetrieveLegacyCertificateErrorData); ArraySize(kRetrieveLegacyCertificateErrorData);
*/
const CertificateErrorData kRetrieveDefaultCertificateErrorData[] = { const CertificateErrorData kRetrieveDefaultCertificateErrorData[] = {
// Certificate expired // Certificate expired
@@ -4020,6 +4022,7 @@ TEST_F(DeviceFilesTest, RetrieveAtscCertificateNotFound) {
&serial_number, &system_id)); &serial_number, &system_id));
} }
/* TODO(b/192430982): Renable expiration of legacy DRM certificates
TEST_F(DeviceFilesTest, RetrieveLegacyCertificateWithoutExpirationTime) { TEST_F(DeviceFilesTest, RetrieveLegacyCertificateWithoutExpirationTime) {
MockFileSystem file_system; MockFileSystem file_system;
std::string certificate_file_name; std::string certificate_file_name;
@@ -4221,6 +4224,7 @@ TEST_F(DeviceFilesTest, RetrieveDefaultCertificate) {
EXPECT_EQ(kTestWrappedKey, private_key); EXPECT_EQ(kTestWrappedKey, private_key);
EXPECT_EQ("7CB49F987A635E1E0A52184694582D6E", b2a_hex(serial_number)); EXPECT_EQ("7CB49F987A635E1E0A52184694582D6E", b2a_hex(serial_number));
} }
*/
TEST_F(DeviceFilesTest, RetrieveDefaultCertificateNeverExpires) { TEST_F(DeviceFilesTest, RetrieveDefaultCertificateNeverExpires) {
MockFileSystem file_system; MockFileSystem file_system;
@@ -4331,7 +4335,9 @@ TEST_F(DeviceFilesTest, RetrieveCertificateWithoutKeyType) {
// Call to Open will return a unique_ptr, freeing this object. // Call to Open will return a unique_ptr, freeing this object.
// The file will be re-written with a new client expiration time // The file will be re-written with a new client expiration time
MockFile* read_file = new MockFile(); MockFile* read_file = new MockFile();
/* TODO(b/192430982): Renable expiration of legacy DRM certificates
MockFile* write_file = new MockFile(); MockFile* write_file = new MockFile();
*/
EXPECT_CALL(file_system, Exists(StrEq(device_legacy_certificate_path))) EXPECT_CALL(file_system, Exists(StrEq(device_legacy_certificate_path)))
.Times(AtLeast(1)) .Times(AtLeast(1))
.WillRepeatedly(Return(true)); .WillRepeatedly(Return(true));
@@ -4341,17 +4347,21 @@ TEST_F(DeviceFilesTest, RetrieveCertificateWithoutKeyType) {
EXPECT_CALL(file_system, FileSize(StrEq(device_legacy_certificate_path))) EXPECT_CALL(file_system, FileSize(StrEq(device_legacy_certificate_path)))
.WillOnce(Return(data.size())); .WillOnce(Return(data.size()));
EXPECT_CALL(file_system, DoOpen(StrEq(device_legacy_certificate_path), _)) EXPECT_CALL(file_system, DoOpen(StrEq(device_legacy_certificate_path), _))
.WillOnce(Return(read_file)) .WillOnce(Return(read_file));
.WillOnce(Return(write_file)); /* TODO(b/192430982): Renable expiration of legacy DRM certificates
.WillOnce(Return(write_file));
*/
EXPECT_CALL(*read_file, Read(NotNull(), Eq(data.size()))) EXPECT_CALL(*read_file, Read(NotNull(), Eq(data.size())))
.WillOnce(DoAll(SetArrayArgument<0>(data.begin(), data.end()), .WillOnce(DoAll(SetArrayArgument<0>(data.begin(), data.end()),
Return(data.size()))); Return(data.size())));
EXPECT_CALL(*read_file, Write(_, _)).Times(0); EXPECT_CALL(*read_file, Write(_, _)).Times(0);
/* TODO(b/192430982): Renable expiration of legacy DRM certificates
EXPECT_CALL(*write_file, Read(_, _)).Times(0); EXPECT_CALL(*write_file, Read(_, _)).Times(0);
EXPECT_CALL(*write_file, Write(_, _)) EXPECT_CALL(*write_file, Write(_, _))
.With(AllArgs(StrAndLenContains(std::vector<std::string>{ .With(AllArgs(StrAndLenContains(std::vector<std::string>{
kTestCertificateWithoutExpiration, kTestWrappedKey.key()}))) kTestCertificateWithoutExpiration, kTestWrappedKey.key()})))
.WillOnce(ReturnArg<1>()); .WillOnce(ReturnArg<1>());
*/
DeviceFiles device_files(&file_system); DeviceFiles device_files(&file_system);
EXPECT_TRUE(device_files.Init(kSecurityLevelL1)); EXPECT_TRUE(device_files.Init(kSecurityLevelL1));