Use local provisioning server

Merge from Widevine repo of http://go/wvgerrit/133703 and http://ag/14707867 [ Cherry-pick of http://ag/15835345 ] In order to use a local provisioning server, we need to use a different test keybox system id that is in the dev device database instead of the production database. We also need to use a local license server that uses the dev license server. Bug: 187646550 Test: GtsMediaTestCases Change-Id: Ice89143dd26de22757375a770c6bac716fcbc057 Add Keybox OTA Provisioning functions to OEMCrypto header Merge from Widevine repo of http://go/wvgerrit/133704 and http://go/ag/14707868 Bug: 188228998 Change-Id: Iff54bc2870e87bf7239e179e1d02fbcc8df6198f Stub build changes to support OTA Keybox Merge from Widevine repo of http://go/wvgerrit/133725 and http://go/ag/14781459 This CL adds a new unit test file for testing OTA keybox reprovisioning functionality. This new test is built when running the dynamic adapter in the linux build, and in the Android build. Bug: 187646550 Change-Id: I625513840188f95e74831ef2ea399e827e837439 Add OTA Keybox functions to dynamic adapter Merge from Widevine repo of http://go/wvgerrit/125843 and http://go/ag/14781460 Bug: 187646550 Change-Id: Ief78ed10599c091690e0d7dc488ea71674c763b5 Refactor dynamic adapter keybox verification Merge from Widevine repo of http://go/wvgerrit/133727 http://go/ag/14812524 The keybox validation needs to be done separately from initializing the library so that we can support Keybox OTA Reprovisioning. If L1 loads, but the keybox is missing, the initialization should succeed. When the keybox is validated, the adapter should try to look for a keybox on the filesystem. if none is found, it should either return NEEDS PROVISIONING or an error. Bug: 187646550 Change-Id: I34a8c365a5a5ca35c379bea827c85c749964744c Update crypto session to use new OTA keybox functionality Merge from Widevine repo of http://go/wvgerrit/133728 and http://go/ag/14812525 This CL stubs out two new CryptoSession functions that call the new OEMCrypto functions for OTA Keybox Provisioning. It builds! Yay! It also adds a boolean needs_keybox_provisioning that is set to true when OEMCrypto reports that it needs a keybox. This should only happen if there is no keybox installed and oemcrypto supports provisioning. Bug: 187646550 Change-Id: Ide9533943125aa13b8899b652b118a0b410c882c
2021-05-25 01:33:04 +00:00
parent 3b179876b8
commit bac33dbc6e
17 changed files with 526 additions and 98 deletions
--- a/libwvdrmengine/cdm/core/test/test_base.cpp
+++ b/libwvdrmengine/cdm/core/test/test_base.cpp
@@ -112,6 +112,11 @@ void show_menu(const char* prog_name, const std::string& extra_help_text) {
      << "    in the url" << std::endl
      << std::endl;

+  std::cout << "  --qa_provisioning" << std::endl;
+  std::cout << "    use the QA provisioning cert and QA test keybox"
+            << std::endl
+            << std::endl;
+
  std::cout << "  --fake_sleep" << std::endl;
  std::cout << "    Use a fake clock to sleep for duration tests.  This cannot"
            << "    be used with a real OEMCrypto." << std::endl
@@ -162,6 +167,7 @@ bool ExtractSignedMessage(const std::string& response,
 }  // namespace

 ConfigTestEnv WvCdmTestBase::default_config_(kContentProtectionUatServer);
+bool WvCdmTestBase::use_qa_test_keybox_ = false;

 void WvCdmTestBase::StripeBuffer(std::vector<uint8_t>* buffer, size_t size,
                                 uint8_t init) {
@@ -211,6 +217,13 @@ TestCryptoSession::TestCryptoSession(metrics::CryptoMetrics* crypto_metrics)
  // The first CryptoSession should have initialized OEMCrypto.  This is right
  // after that, so should tell oemcrypto to use a test keybox.
  if (session_count() == 1) {
+    if (!initialized()) {
+      // If not initialized, try again and see if we are just missing a keybox.
+      // Since we plan to install a test keybox, we can ignore keybox errors.
+      const OEMCryptoResult status = ::OEMCrypto_Initialize();
+      if (status != OEMCrypto_SUCCESS) return;
+      OverrideInitializedForTesting(true);
+    }
    WvCdmTestBase::InstallTestRootOfTrust();
  }
 }
@@ -262,12 +275,14 @@ void WvCdmTestBase::SetUp() {
 }

 void WvCdmTestBase::InstallTestRootOfTrust() {
+  const wvoec::WidevineKeybox& test_keybox =
+      use_qa_test_keybox_ ? wvoec::kQATestKeybox : wvoec::kTestKeybox;
  switch (wvoec::global_features.derive_key_method) {
    case wvoec::DeviceFeatures::LOAD_TEST_KEYBOX:
      ASSERT_EQ(OEMCrypto_SUCCESS,
                OEMCrypto_LoadTestKeybox(
-                    reinterpret_cast<const uint8_t*>(&wvoec::kTestKeybox),
-                    sizeof(wvoec::kTestKeybox)));
+                    reinterpret_cast<const uint8_t*>(&test_keybox),
+                    sizeof(test_keybox)));
      break;
    case wvoec::DeviceFeatures::LOAD_TEST_RSA_KEY:
      // Rare case: used by devices with baked in DRM cert.
@@ -451,6 +466,10 @@ bool WvCdmTestBase::Initialize(int argc, const char* const argv[],
      is_cast_receiver = true;
    } else if (arg == "--fake_sleep") {
      wvcdm::TestSleep::set_real_sleep(false);
+    } else if (arg == "--qa_provisioning") {
+      use_qa_test_keybox_ = true;
+      default_config_.set_provisioning_service_certificate(
+          default_config_.QAProvisioningServiceCertificate());
    } else if (arg.find("--gtest") == 0) {
      // gtest arguments will be passed to gtest by the main program.
      continue;