Enable certificate based licensing
Includes fixes for provisioning and license renewal signature generation. bug: 8620943 Merge of: https://widevine-internal-review.googlesource.com/#/c/5231/ https://widevine-internal-review.googlesource.com/#/c/5200/ from the Widevine CDM repository. Change-Id: I2928c9d59ad5337ca34b4ef7ed58272d34755d2d
This commit is contained in:
Jeff Tinker
@@ -20,6 +20,11 @@
|
||||
#define CDM_POLICY_TIMER_DURATION_SECONDS 1
|
||||
#endif
|
||||
|
||||
namespace {
|
||||
const std::string kDefaultProvisioningServerUrl =
|
||||
"http://www-googleapis-test.sandbox.google.com/certificateprovisioning/v1/devicecertificates/create";
|
||||
}
|
||||
|
||||
namespace wvcdm {
|
||||
|
||||
// Protobuf generated classes.
|
||||
@@ -384,6 +389,8 @@ CdmResponseType CdmEngine::GetProvisioningRequest(
|
||||
return UNKNOWN_ERROR;
|
||||
}
|
||||
|
||||
default_url->assign(kDefaultProvisioningServerUrl);
|
||||
|
||||
if (provisioning_session_) {
|
||||
LOGE("GetProvisioningRequest: duplicate provisioning request?");
|
||||
return UNKNOWN_ERROR;
|
||||
@@ -457,7 +464,8 @@ CdmResponseType CdmEngine::GetProvisioningRequest(
|
||||
|
||||
// Derives signing and encryption keys and constructs signature.
|
||||
std::string request_signature;
|
||||
if (!crypto_session->PrepareRequest(serialized_request, &request_signature)) {
|
||||
if (!crypto_session->PrepareRequest(serialized_request,
|
||||
&request_signature, true)) {
|
||||
request->clear();
|
||||
CleanupProvisioningSession(cdm_session_id);
|
||||
return UNKNOWN_ERROR;
|
||||
@@ -471,11 +479,6 @@ CdmResponseType CdmEngine::GetProvisioningRequest(
|
||||
|
||||
// converts request into JSON string
|
||||
ComposeJsonRequest(serialized_request, request_signature, request);
|
||||
|
||||
static const std::string kDefaultProvisioningServerUrl =
|
||||
"http://www-googleapis-test.sandbox.google.com/certificateprovisioning/v1/devicecertificates/create";
|
||||
default_url->assign(kDefaultProvisioningServerUrl);
|
||||
|
||||
return NO_ERROR;
|
||||
}
|
||||
|
||||
@@ -591,27 +594,21 @@ CdmResponseType CdmEngine::HandleProvisioningResponse(
|
||||
const std::string& rsa_key_iv = provisioning_response.device_rsa_key_iv();
|
||||
const std::string& nonce = provisioning_response.nonce();
|
||||
|
||||
const int kRsaKeySize = 256;
|
||||
size_t wrapped_rsa_key_length = kRsaKeySize + enc_rsa_key.length();
|
||||
std::vector<uint8_t> wrapped_rsa_key;
|
||||
wrapped_rsa_key.resize(wrapped_rsa_key_length);
|
||||
|
||||
std::string wrapped_rsa_key;
|
||||
if (!crypto_session->RewrapDeviceRSAKey(signed_message,
|
||||
signature,
|
||||
nonce.data(),
|
||||
enc_rsa_key,
|
||||
enc_rsa_key.size(),
|
||||
rsa_key_iv,
|
||||
&wrapped_rsa_key[0],
|
||||
&wrapped_rsa_key_length)) {
|
||||
&wrapped_rsa_key)) {
|
||||
LOGE("HandleProvisioningResponse: RewrapDeviceRSAKey fails");
|
||||
CleanupProvisioningSession(cdm_session_id);
|
||||
return UNKNOWN_ERROR;
|
||||
}
|
||||
|
||||
const std::string& device_certificate = provisioning_response.device_certificate();
|
||||
std::string the_wrapped_rsa_key(wrapped_rsa_key.begin(), wrapped_rsa_key.end());
|
||||
DeviceFiles::StoreCertificate(device_certificate, the_wrapped_rsa_key);
|
||||
DeviceFiles::StoreCertificate(device_certificate, wrapped_rsa_key);
|
||||
|
||||
//
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
Reference in New Issue
Block a user