Verify DRM certificate validity

[ Merge of http://go/wvgerrit/120123 ]

DRM certificate creation and expiration times are now validated.

* New DRM (default) certificates will have an expiration time specified
by the provisioning service.

When stored, the client will include the time the certificate was
received. This allows for expiration calculation to occur when client
and provisioning service clocks are out of sync.

When read out, creation, expiration and acquisition times are
validated. The certificate is checked for expiry by making sure
that the time at the client since the license was acquired is not
greater than the expiration period. The time information stored at the
client may be tampered with. The license service will perform an
expiration check and reject the license request if tampered with.
The expiration time may be set to never expires/unlimited. This is not
a valid value for creation or acquisition time.

* Pre-existing (legacy) certificates from upgrading devices will not
have an expiration time set by the provisioning service. Instead
the client will calculate an expiration time 6 months with + or -
a random two month period in the future. This is stored along with the
certificate.

When read out, if no expiration time has been set by the client, one
will be calculated and written out. The certificate will be declared as
valid. If a client calculated expiration time is present, the
certificate will be validated. In case of tampering, the license service
can reject license requests and force reprovisioning when appropriate.

* ATSC certificates will continue to not have an expiration time.
No additional validation is required.

Other changes for non-ATSC licenses involve managing both default and
legacy certificate co-existance. When checking for DRM certificates,
the default certificate is attempted first. This is followed by a check
for the legacy certificate, if the default certificate is not present.

Bug: 169740403
Test: WV unit/integration tests
      DeviceFilesTest.StoreCertificateInvalidParams
      DeviceFilesTest.RetrieveAtscCertificate
      DeviceFilesTest.RetrieveAtscCertificateNotFound
      DeviceFilesTest.RetrieveCertificateInvalidParams
      DeviceFilesTest.RetrieveLegacyCertificateWithoutExpirationTime
      DeviceFilesTest.RetrieveLegacyCertificateWithClientExpirationTime
      DeviceFilesTest.RetrieveLegacyExpiredCertificateByClientExpirationTime
      DeviceFilesTest.RetrieveLegacyCertificateInvalidClientExpirationTime
      DeviceFilesTest.RetrieveCertificateWithoutKeyType
      DeviceFilesTest.RetrieveDefaultCertificate
      DeviceFilesTest.RetrieveDefaultCertificateNeverExpires
      DeviceFilesTest.HasCertificateAtsc
      DeviceFilesTest.HasCertificateDefault
      DeviceFilesTest.HasCertificateLegacy
      DeviceFilesTest.HasCertificateNone
      CertificateTest.StoreCertificateTest.DefaultAndLegacy/*
      CertificateTest.RetrieveLegacyCertificateTest.ErrorScenarios/*
      CertificateTest.RetrieveDefaultCertificateTest.ErrorScenarios/*

Change-Id: I7dbec7555fbd493c1ec61c6bb5d9428a2405b1fd

libwvdrmengine/cdm/core/include/device_files.h

@@ -23,6 +23,8 @@ namespace wvcdm {
 
 class FileSystem;
 
+using video_widevine_client::sdk::DeviceCertificate;
+
 class DeviceFiles {
  public:
   typedef enum {
@@ -31,6 +33,24 @@ class DeviceFiles {
     kLicenseStateUnknown,
   } LicenseState;
 
+  typedef enum {
+    kCertificateValid,
+    kCertificateExpired,
+    kCertificateNotFound,
+    kCertificateInvalid,
+    kCannotHandle,
+  } CertificateState;
+
+  // |kCertificateDefault| includes an expiration time set by the provisioning
+  // service. This will replace any legacy certificates, if a forced
+  // reprovisioning happens at the client or by the license service.
+  // ATSC certificates are unaffected and have an unlimited lifetime.
+  typedef enum {
+    kCertificateDefault,
+    kCertificateLegacy,
+    kCertificateAtsc,
+  } CertificateType;
+
   // All error response codes start with 5000 to avoid overlap with other error
   // spaces.
   enum ResponseType {
@@ -100,12 +120,19 @@ class DeviceFiles {
   // and used but not written or removed.
   virtual bool StoreCertificate(const std::string& certificate,
                                 const CryptoWrappedKey& private_key);
-  virtual bool RetrieveCertificate(bool atsc_mode_enabled,
-                                   std::string* certificate,
-                                   CryptoWrappedKey* private_key,
-                                   std::string* serial_number,
-                                   uint32_t* system_id);
+  virtual CertificateState RetrieveCertificate(bool atsc_mode_enabled,
+                                               std::string* certificate,
+                                               CryptoWrappedKey* private_key,
+                                               std::string* serial_number,
+                                               uint32_t* system_id);
   virtual bool HasCertificate(bool atsc_mode_enabled);
+  // Retrieves the legacy DRM certificate without performing expiry
+  // related validation. Use this only when restoring/releasing
+  // licenses/usage entries
+  virtual bool RetrieveLegacyCertificate(std::string* certificate,
+                                         CryptoWrappedKey* private_key,
+                                         std::string* serial_number,
+                                         uint32_t* system_id);
   virtual bool RemoveCertificate();
 
   virtual bool StoreLicense(const CdmLicenseData& license_data,
@@ -247,6 +274,21 @@ class DeviceFiles {
   virtual bool DeleteUsageTableInfo();
 
  private:
+  // This method will retrieve the certificate and perform expiry validation
+  // appropriate for a given certificate type
+  CertificateState RetrieveCertificate(CertificateType certificate_type,
+                                       std::string* certificate,
+                                       CryptoWrappedKey* private_key,
+                                       std::string* serial_number,
+                                       uint32_t* system_id);
+  bool HasCertificate(CertificateType certificate_type);
+  bool SetDeviceCertificate(const std::string& certificate,
+                            const CryptoWrappedKey& wrapped_private_key,
+                            DeviceCertificate* mutable_device_certificate);
+  bool ExtractFromDeviceCertificate(const DeviceCertificate& device_certificate,
+                                    std::string* certificate,
+                                    CryptoWrappedKey* wrapped_private_key);
+
   // Helpers that wrap the File interface and automatically handle hashing, as
   // well as adding the device files base path to to the file name.
   ResponseType StoreFileWithHash(const std::string& name,
@@ -260,7 +302,8 @@ class DeviceFiles {
   bool RemoveFile(const std::string& name);
   ssize_t GetFileSize(const std::string& name);
 
-  static std::string GetCertificateFileName(bool atsc_mode_enabled);
+  static bool GetCertificateFileName(CertificateType certificate_type,
+                                     std::string* certificate_file_name);
   static std::string GetHlsAttributesFileNameExtension();
   static std::string GetLicenseFileNameExtension();
   static std::string GetUsageTableFileName();
@@ -268,18 +311,28 @@ class DeviceFiles {
 
 #if defined(UNIT_TEST)
   FRIEND_TEST(DeviceFilesSecurityLevelTest, SecurityLevel);
-  FRIEND_TEST(DeviceCertificateTest, StoreCertificate);
   FRIEND_TEST(DeviceCertificateTest, ReadCertificate);
-  FRIEND_TEST(DeviceCertificateTest, ReadCertificateWithoutKeyType);
-  FRIEND_TEST(DeviceCertificateTest, HasCertificate);
   FRIEND_TEST(DeviceFilesStoreTest, StoreLicense);
   FRIEND_TEST(DeviceFilesHlsAttributesTest, Delete);
   FRIEND_TEST(DeviceFilesHlsAttributesTest, Read);
   FRIEND_TEST(DeviceFilesHlsAttributesTest, Store);
-  FRIEND_TEST(DeviceFilesTest, DeleteLicense);
-  FRIEND_TEST(DeviceFilesTest, ReserveLicenseIdsDoesNotUseFileSystem);
-  FRIEND_TEST(DeviceFilesTest, RetrieveLicenses);
   FRIEND_TEST(DeviceFilesTest, AppParametersBackwardCompatibility);
+  FRIEND_TEST(DeviceFilesTest, DeleteLicense);
+  FRIEND_TEST(DeviceFilesTest, HasCertificateAtsc);
+  FRIEND_TEST(DeviceFilesTest, HasCertificateDefault);
+  FRIEND_TEST(DeviceFilesTest, HasCertificateLegacy);
+  FRIEND_TEST(DeviceFilesTest, HasCertificateNone);
+  FRIEND_TEST(DeviceFilesTest, ReserveLicenseIdsDoesNotUseFileSystem);
+  FRIEND_TEST(DeviceFilesTest, RetrieveAtscCertificate);
+  FRIEND_TEST(DeviceFilesTest, RetrieveAtscCertificateNotFound);
+  FRIEND_TEST(DeviceFilesTest, RetrieveCertificateWithoutKeyType);
+  FRIEND_TEST(DeviceFilesTest, RetrieveDefaultCertificate);
+  FRIEND_TEST(DeviceFilesTest, RetrieveDefaultCertificateNeverExpires);
+  FRIEND_TEST(DeviceFilesTest,
+              RetrieveLegacyCertificateWithClientExpirationTime);
+  FRIEND_TEST(DeviceFilesTest, RetrieveLegacyCertificateWithoutExpirationTime);
+  FRIEND_TEST(DeviceFilesTest, RetrieveLicenses);
+  FRIEND_TEST(DeviceFilesTest, StoreCertificateInvalidParams);
   FRIEND_TEST(DeviceFilesTest, StoreLicenses);
   FRIEND_TEST(DeviceFilesTest, UpdateLicenseState);
   FRIEND_TEST(DeviceFilesUsageInfoTest, Delete);
@@ -289,6 +342,9 @@ class DeviceFiles {
   FRIEND_TEST(DeviceFilesUsageTableTest, Read);
   FRIEND_TEST(DeviceFilesUsageTableTest, Store);
   FRIEND_TEST(DeviceFilesUsageTableTest, ReadWithoutLruData);
+  FRIEND_TEST(RetrieveDefaultCertificateTest, ErrorScenarios);
+  FRIEND_TEST(RetrieveLegacyCertificateTest, ErrorScenarios);
+  FRIEND_TEST(StoreCertificateTest, DefaultAndLegacy);
   FRIEND_TEST(WvCdmRequestLicenseTest, UnprovisionTest);
   FRIEND_TEST(WvCdmRequestLicenseTest, ForceL3Test);
   FRIEND_TEST(WvCdmRequestLicenseTest, UsageInfoRetryTest);