Provisioning 3.0: Changes to Provisioning and Service Certs.

[ Merge of http://go/wvgerrit/23360 ] Service Certificates are used in two places, provisioning and licensing. The service certificate code depended on a session_id to get and set the service certificate properties, but the session_id was not available in the provisioning path. This patch pulls out the property lookup by session_id dependency, and passes the CdmImpl's property_set into the provisioning code, so the service certificate can be read and written there. Bug: 62972441 Test: WV unit/integration tests. This introduces three test failures * WvCdmRequestLicenseTest.PrivacyModeWithServiceCertificateTest * Cdm/WvCdmStreamingLicenseRenewalTest.WithClientId/4 * Cdm/WvCdmOfflineLicenseReleaseTest.WithClientId/3 Change-Id: I6e9d4e23a9e7e81a63a994db8ec0b443893449a6
2018-01-04 08:56:29 -08:00
parent 22fdf6ae06
commit a483c18c59
28 changed files with 350 additions and 413 deletions
--- a/libwvdrmengine/cdm/core/src/cdm_engine.cpp
+++ b/libwvdrmengine/cdm/core/src/cdm_engine.cpp
@@ -42,11 +42,6 @@ class UsagePropertySet : public CdmClientPropertySet {
  virtual bool use_privacy_mode() const { return false; }
  virtual const std::string& service_certificate() const { return empty_; }
  virtual void set_service_certificate(const std::string&) {}
-  virtual const std::string& device_provisioning_service_certificate() const {
-    return empty_;
-  }
-  virtual void set_device_provisioning_service_certificate(const std::string&) {
-  }
  virtual bool is_session_sharing_enabled() const { return false; }
  virtual uint32_t session_sharing_id() const { return 0; }
  virtual void set_session_sharing_id(uint32_t /* id */) {}
@@ -102,27 +97,28 @@ CdmEngine::~CdmEngine() {
  M_RECORD(&metrics_, cdm_engine_life_span_, life_span_.AsMs());
 }

-CdmResponseType CdmEngine::OpenSession(const CdmKeySystem& key_system,
-                                       CdmClientPropertySet* property_set,
-                                       const CdmSessionId& forced_session_id,
-                                       WvCdmEventListener* event_listener) {
+CdmResponseType CdmEngine::SetServiceCertificate(
+    const std::string& certificate) {
+  return service_certificate_.Init(certificate);
+}
+
+CdmResponseType CdmEngine::OpenSession(
+    const CdmKeySystem& key_system, CdmClientPropertySet* property_set,
+    const CdmSessionId& forced_session_id, WvCdmEventListener* event_listener) {
  return OpenSession(key_system, property_set, event_listener,
                     &forced_session_id, NULL);
 }

-CdmResponseType CdmEngine::OpenSession(const CdmKeySystem& key_system,
-                                       CdmClientPropertySet* property_set,
-                                       WvCdmEventListener* event_listener,
-                                       CdmSessionId* session_id) {
-  return OpenSession(key_system, property_set, event_listener, NULL,
-                     session_id);
+CdmResponseType CdmEngine::OpenSession(
+    const CdmKeySystem& key_system, CdmClientPropertySet* property_set,
+    WvCdmEventListener* event_listener, CdmSessionId* session_id) {
+  return OpenSession(key_system, property_set, event_listener, NULL, session_id);
 }

-CdmResponseType CdmEngine::OpenSession(const CdmKeySystem& key_system,
-                                       CdmClientPropertySet* property_set,
-                                       WvCdmEventListener* event_listener,
-                                       const CdmSessionId* forced_session_id,
-                                       CdmSessionId* session_id) {
+CdmResponseType CdmEngine::OpenSession(
+    const CdmKeySystem& key_system, CdmClientPropertySet* property_set,
+    WvCdmEventListener* event_listener, const CdmSessionId* forced_session_id,
+    CdmSessionId* session_id) {
  LOGI("CdmEngine::OpenSession");

  if (!ValidateKeySystem(key_system)) {
@@ -145,8 +141,8 @@ CdmResponseType CdmEngine::OpenSession(const CdmKeySystem& key_system,

  scoped_ptr<CdmSession> new_session(new CdmSession(file_system_,
                                                    metrics_.AddSession()));
-  CdmResponseType sts = new_session->Init(property_set, forced_session_id,
-                                          event_listener);
+  CdmResponseType sts = new_session->Init(&service_certificate_, property_set,
+                                          forced_session_id, event_listener);
  if (sts != NO_ERROR) {
    if (sts == NEED_PROVISIONING) {
      cert_provisioning_requested_security_level_ =
@@ -547,6 +543,8 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,
        return UNKNOWN_ERROR;
    }
  } else if (query_token == QUERY_KEY_DEVICE_ID) {
+    // TODO(gmorgan): this should not be performed before device is provisioned
+    // (except if keybox provisioned).
    std::string deviceId;
    bool got_id = crypto_session.GetExternalDeviceUniqueId(&deviceId);
    metrics_.GetCryptoMetrics()->crypto_session_get_device_unique_id_
@@ -558,6 +556,8 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,

    *query_response = deviceId;
  } else if (query_token == QUERY_KEY_SYSTEM_ID) {
+    // TODO(gmorgan): this should not be performed before device is provisioned
+    // (except if keybox provisioned).
    uint32_t system_id;
    bool got_id = crypto_session.GetSystemId(&system_id);
    if (!got_id) {
@@ -569,6 +569,8 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,
    system_id_stream << system_id;
    *query_response = system_id_stream.str();
  } else if (query_token == QUERY_KEY_PROVISIONING_ID) {
+    // TODO(gmorgan): this should not be performed before device is provisioned
+    // (except if keybox provisioned).
    std::string provisioning_id;
    if (!crypto_session.GetProvisioningId(&provisioning_id)) {
      LOGW("CdmEngine::QueryStatus: GetProvisioningId failed");
@@ -798,7 +800,8 @@ CdmResponseType CdmEngine::GetProvisioningRequest(

  if (NULL == cert_provisioning_.get()) {
    cert_provisioning_.reset(
-        new CertificateProvisioning(metrics_.GetCryptoMetrics()));
+        new CertificateProvisioning(metrics_.GetCryptoMetrics(),
+                                    &service_certificate_));
  }
  CdmResponseType ret = cert_provisioning_->GetProvisioningRequest(
      cert_provisioning_requested_security_level_, cert_type, cert_authority,
@@ -824,14 +827,14 @@ CdmResponseType CdmEngine::HandleProvisioningResponse(
    cert_provisioning_.reset(NULL);
    return EMPTY_PROVISIONING_RESPONSE;
  }
-  if (NULL == cert) {
+  if (cert == NULL) {
    LOGE(
        "CdmEngine::HandleProvisioningResponse: invalid certificate "
        "destination");
    cert_provisioning_.reset(NULL);
    return INVALID_PROVISIONING_PARAMETERS_1;
  }
-  if (NULL == wrapped_key) {
+  if (wrapped_key == NULL) {
    LOGE("CdmEngine::HandleProvisioningResponse: invalid wrapped key "
         "destination");
    cert_provisioning_.reset(NULL);