widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Provisioning 3.0: Changes to Provisioning and Service Certs.

Browse Source 
[ Merge of http://go/wvgerrit/23360 ]

Service Certificates are used in two places, provisioning and
licensing. The service certificate code depended on a session_id
to get and set the service certificate properties, but the session_id
was not available in the provisioning path.

This patch pulls out the property lookup by session_id dependency,
and passes the CdmImpl's property_set into the provisioning code, so
the service certificate can be read and written there.

Bug: 62972441

Test: WV unit/integration tests. This introduces three test failures
  * WvCdmRequestLicenseTest.PrivacyModeWithServiceCertificateTest
  * Cdm/WvCdmStreamingLicenseRenewalTest.WithClientId/4
  * Cdm/WvCdmOfflineLicenseReleaseTest.WithClientId/3

Change-Id: I6e9d4e23a9e7e81a63a994db8ec0b443893449a6
This commit is contained in:
Rahul Frias
2018-01-04 08:56:29 -08:00
parent 22fdf6ae06
commit a483c18c59
28 changed files with 350 additions and 413 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
libwvdrmengine/cdm/core/test/cdm_engine_test.cpp
View File

@@ -11,6 +11,7 @@
#include "cdm_engine.h"
#include "config_test_env.h"
#include "default_service_certificate.h"
#include "initialization_data.h"
#include "license_request.h"
#include "log.h"
@@ -80,6 +81,8 @@ class WvCdmEngineTest : public testing::Test {
CdmCertificateType cert_type = kCertificateWidevine;
std::string cert_authority;
std::string cert, wrapped_key;
ASSERT_EQ(NO_ERROR, cdm_engine_.SetServiceCertificate(
kDefaultServiceCertificate));
CdmResponseType result = NO_ERROR;
for (int i = 0; i < 2; i++) { // Retry once if there is a nonce problem.
result = cdm_engine_.GetProvisioningRequest(

15
libwvdrmengine/cdm/core/test/cdm_session_unittest.cpp
View File

@@ -6,6 +6,7 @@
#include "crypto_key.h"
#include "properties.h"
#include "scoped_ptr.h"
#include "service_certificate.h"
#include "string_conversions.h"
#include "test_printers.h"
#include "wv_cdm_constants.h"
@@ -122,8 +123,8 @@ class MockCdmLicense : public CdmLicense {
MockCdmLicense(const CdmSessionId& session_id)
: CdmLicense(session_id) {}
MOCK_METHOD4(Init, bool(const std::string&, CdmClientTokenType,
CryptoSession*, PolicyEngine*));
MOCK_METHOD5(Init, bool(ServiceCertificate*, const std::string&,
CdmClientTokenType, CryptoSession*, PolicyEngine*));
};
} // namespace
@@ -140,6 +141,7 @@ using ::testing::StrEq;
class CdmSessionTest : public ::testing::Test {
protected:
virtual void SetUp() {
service_cert_ = new ServiceCertificate;
cdm_session_.reset(new CdmSession(NULL, &metrics_));
// Inject testing mocks.
license_parser_ = new MockCdmLicense(cdm_session_->session_id());
@@ -165,6 +167,7 @@ class CdmSessionTest : public ::testing::Test {
MockCryptoSession* crypto_session_;
MockPolicyEngine* policy_engine_;
MockDeviceFiles* file_handle_;
ServiceCertificate* service_cert_;
};
TEST_F(CdmSessionTest, InitWithBuiltInCertificate) {
@@ -186,7 +189,7 @@ TEST_F(CdmSessionTest, InitWithBuiltInCertificate) {
.WillOnce(Return(true));
EXPECT_CALL(*file_handle_, Init(Eq(level))).WillOnce(Return(true));
EXPECT_CALL(*license_parser_,
Init(Eq(kToken), Eq(kClientTokenDrmCert),
Init(NULL, Eq(kToken), Eq(kClientTokenDrmCert),
Eq(crypto_session_), Eq(policy_engine_)))
.WillOnce(Return(true));
@@ -214,7 +217,7 @@ TEST_F(CdmSessionTest, InitWithCertificate) {
.InSequence(crypto_session_seq)
.WillOnce(Return(true));
EXPECT_CALL(*license_parser_,
Init(Eq(kToken), Eq(kClientTokenDrmCert),
Init(NULL, Eq(kToken), Eq(kClientTokenDrmCert),
Eq(crypto_session_), Eq(policy_engine_)))
.WillOnce(Return(true));
@@ -239,7 +242,7 @@ TEST_F(CdmSessionTest, InitWithKeybox) {
.WillOnce(Return(kClientTokenKeybox));
EXPECT_CALL(*file_handle_, Init(Eq(level))).WillOnce(Return(true));
EXPECT_CALL(*license_parser_,
Init(Eq(kToken), Eq(kClientTokenKeybox),
Init(NULL, Eq(kToken), Eq(kClientTokenKeybox),
Eq(crypto_session_), Eq(policy_engine_)))
.WillOnce(Return(true));
@@ -267,7 +270,7 @@ TEST_F(CdmSessionTest, ReInitFail) {
.InSequence(crypto_session_seq)
.WillOnce(Return(true));
EXPECT_CALL(*license_parser_,
Init(Eq(kToken), Eq(kClientTokenDrmCert),
Init(NULL, Eq(kToken), Eq(kClientTokenDrmCert),
Eq(crypto_session_), Eq(policy_engine_)))
.WillOnce(Return(true));

2
libwvdrmengine/cdm/core/test/generic_crypto_unittest.cpp
View File

@@ -11,6 +11,7 @@
#include "cdm_engine.h"
#include "default_service_certificate.h"
#include "license_request.h"
#include "log.h"
#include "oec_session_util.h"
@@ -163,6 +164,7 @@ class WvGenericOperationsTest : public testing::Test {
CdmCertificateType cert_type = kCertificateWidevine;
std::string cert_authority;
std::string cert, wrapped_key;
cdm_engine_->SetServiceCertificate(kDefaultServiceCertificate);
ASSERT_EQ(NO_ERROR,
cdm_engine_->GetProvisioningRequest(
cert_type, cert_authority, &prov_request,

28
libwvdrmengine/cdm/core/test/license_unittest.cpp
View File

@@ -5,10 +5,12 @@
#include "clock.h"
#include "crypto_session.h"
#include "default_service_certificate.h"
#include "initialization_data.h"
#include "license.h"
#include "policy_engine.h"
#include "properties.h"
#include "service_certificate.h"
#include "string_conversions.h"
#include "wv_cdm_constants.h"
@@ -155,25 +157,26 @@ class CdmLicenseTest : public ::testing::Test {
MockCryptoSession* crypto_session_;
MockInitializationData* init_data_;
MockPolicyEngine* policy_engine_;
ServiceCertificate service_cert_;
};
TEST_F(CdmLicenseTest, InitSuccess) {
EXPECT_CALL(*crypto_session_, IsOpen()).WillOnce(Return(true));
CreateCdmLicense();
EXPECT_TRUE(cdm_license_->Init(kToken, kClientTokenDrmCert,
EXPECT_TRUE(cdm_license_->Init(&service_cert_, kToken, kClientTokenDrmCert,
crypto_session_, policy_engine_));
}
TEST_F(CdmLicenseTest, InitFail_EmptyToken) {
CreateCdmLicense();
EXPECT_FALSE(cdm_license_->Init("", kClientTokenDrmCert,
EXPECT_FALSE(cdm_license_->Init(&service_cert_, "", kClientTokenDrmCert,
crypto_session_, policy_engine_));
}
TEST_F(CdmLicenseTest, InitFail_CryptoSessionNull) {
CreateCdmLicense();
EXPECT_FALSE(cdm_license_->Init(kToken, kClientTokenDrmCert,
EXPECT_FALSE(cdm_license_->Init(&service_cert_, kToken, kClientTokenDrmCert,
NULL, policy_engine_));
}
@@ -181,10 +184,18 @@ TEST_F(CdmLicenseTest, InitFail_PolicyEngineNull) {
EXPECT_CALL(*crypto_session_, IsOpen()).WillOnce(Return(true));
CreateCdmLicense();
EXPECT_FALSE(cdm_license_->Init(kToken, kClientTokenDrmCert,
EXPECT_FALSE(cdm_license_->Init(&service_cert_, kToken, kClientTokenDrmCert,
crypto_session_, NULL));
}
TEST_F(CdmLicenseTest, InitWithNullServiceCert) {
EXPECT_CALL(*crypto_session_, IsOpen()).WillOnce(Return(true));
CreateCdmLicense();
EXPECT_TRUE(cdm_license_->Init(NULL, kToken, kClientTokenDrmCert,
crypto_session_, policy_engine_));
}
TEST_F(CdmLicenseTest, PrepareKeyRequestValidation) {
bool usage_information_support = true;
CryptoSession::HdcpCapability current_hdcp_version = HDCP_NO_DIGITAL_OUTPUT;
@@ -219,16 +230,17 @@ TEST_F(CdmLicenseTest, PrepareKeyRequestValidation) {
DoAll(SetArgPointee<2>(kLicenseRequestSignature), Return(true)));
CreateCdmLicense();
EXPECT_TRUE(cdm_license_->Init(kToken, kClientTokenDrmCert,
service_cert_.Init(kDefaultServiceCertificate);
EXPECT_TRUE(cdm_license_->Init(&service_cert_, kToken, kClientTokenDrmCert,
crypto_session_, policy_engine_));
CdmAppParameterMap app_parameters;
CdmKeyMessage signed_request;
Properties::set_use_certificates_as_identification(true);
std::string server_url;
EXPECT_TRUE(cdm_license_->PrepareKeyRequest(
EXPECT_EQ(cdm_license_->PrepareKeyRequest(
*init_data_, kLicenseTypeStreaming, app_parameters,
&signed_request, &server_url));
&signed_request, &server_url), KEY_MESSAGE);
EXPECT_TRUE(!signed_request.empty());
@@ -287,7 +299,7 @@ TEST_F(CdmLicenseTest, PrepareKeyRequestValidation) {
// Verify Content Identification
const LicenseRequest_ContentIdentification& content_id =
license_request.content_id();
EXPECT_TRUE(content_id.has_cenc_id_deprecated());
ASSERT_TRUE(content_id.has_cenc_id_deprecated());
EXPECT_FALSE(content_id.has_webm_id_deprecated());
EXPECT_FALSE(content_id.has_existing_license());

39
libwvdrmengine/cdm/core/test/service_certificate_unittest.cpp
View File

@@ -89,14 +89,6 @@ class StubCdmClientPropertySet : public CdmClientPropertySet {
service_certificate_ = cert;
}
virtual const std::string& device_provisioning_service_certificate() const {
return device_provisioning_service_certificate_;
}
virtual void set_device_provisioning_service_certificate(
const std::string& cert) {
device_provisioning_service_certificate_ = cert;
}
virtual bool is_session_sharing_enabled() const {
return is_session_sharing_enabled_;
}
@@ -112,7 +104,6 @@ class StubCdmClientPropertySet : public CdmClientPropertySet {
private:
std::string security_level_;
std::string service_certificate_;
std::string device_provisioning_service_certificate_;
bool use_privacy_mode_;
bool is_session_sharing_enabled_;
uint32_t session_sharing_id_;
@@ -123,9 +114,8 @@ TEST_F(ServiceCertificateTest, InitSuccess) {
MockCryptoSession crypto_session(&crypto_metrics_);
CreateServiceCertificate();
service_certificate_->Init(kTestSessionId1, &crypto_session);
EXPECT_FALSE(service_certificate_->IsRequired());
EXPECT_FALSE(service_certificate_->IsAvailable());
service_certificate_->Init(kTestSessionId1);
EXPECT_FALSE(service_certificate_->HasCertificate());
}
TEST_F(ServiceCertificateTest, InitPrivacyModeRequired) {
@@ -138,9 +128,8 @@ TEST_F(ServiceCertificateTest, InitPrivacyModeRequired) {
Properties::AddSessionPropertySet(kTestSessionId1, &property_set);
CreateServiceCertificate();
service_certificate_->Init(kTestSessionId1, &crypto_session);
EXPECT_TRUE(service_certificate_->IsRequired());
EXPECT_FALSE(service_certificate_->IsAvailable());
service_certificate_->Init(kTestSessionId1);
EXPECT_FALSE(service_certificate_->HasCertificate());
}
TEST_F(ServiceCertificateTest, InitServiceCertificatePresent) {
@@ -154,9 +143,12 @@ TEST_F(ServiceCertificateTest, InitServiceCertificatePresent) {
Properties::AddSessionPropertySet(kTestSessionId1, &property_set);
CreateServiceCertificate();
service_certificate_->Init(kTestSessionId1, &crypto_session);
EXPECT_TRUE(service_certificate_->IsRequired());
EXPECT_TRUE(service_certificate_->IsAvailable());
std::string raw_service_certificate;
EXPECT_TRUE(Properties::GetServiceCertificate(kTestSessionId1,
&raw_service_certificate));
EXPECT_EQ(NO_ERROR,
service_certificate_->Init(raw_service_certificate));
EXPECT_TRUE(service_certificate_->HasCertificate());
}
TEST_F(ServiceCertificateTest, SetServiceCertificate) {
@@ -169,13 +161,8 @@ TEST_F(ServiceCertificateTest, SetServiceCertificate) {
Properties::AddSessionPropertySet(kTestSessionId1, &property_set);
CreateServiceCertificate();
service_certificate_->Init(kTestSessionId1, &crypto_session);
EXPECT_TRUE(service_certificate_->IsRequired());
EXPECT_FALSE(service_certificate_->IsAvailable());
EXPECT_EQ(NO_ERROR, service_certificate_->Init(kTestSignedCertificate));
EXPECT_TRUE(service_certificate_->HasCertificate());
}
EXPECT_EQ(NO_ERROR,
service_certificate_->VerifyAndSet(kTestSignedCertificate));
EXPECT_TRUE(service_certificate_->IsRequired());
EXPECT_TRUE(service_certificate_->IsAvailable());
}
}

2
libwvdrmengine/cdm/core/test/test_printers.cpp
View File

@@ -95,8 +95,6 @@ void PrintTo(const enum CdmResponseType& value, ::std::ostream* os) {
break;
case DEVICE_CERTIFICATE_ERROR_4: *os << "DEVICE_CERTIFICATE_ERROR_4";
break;
case DEVICE_CERTIFICATE_ERROR_5: *os << "DEVICE_CERTIFICATE_ERROR_5";
break;
case EMPTY_KEY_DATA_1: *os << "EMPTY_KEY_DATA_1";
break;
case EMPTY_KEY_DATA_2: *os << "EMPTY_KEY_DATA_2";