From e27bc4ba6a9ee91cbb5ce7883639f1a491e9205a Mon Sep 17 00:00:00 2001 From: Rahul Frias Date: Tue, 14 Apr 2020 14:00:10 -0700 Subject: [PATCH] Accept a security level to be specified during provisioning [ Merge of http://go/wvgerrit/97267 ] In earlier releases, provisioning would occur based on a cached security level. If an open session call returned a NotProvisionedException the security level would be cached for use with any future provisioning call. An app would have to set the security level, then call openSession, have it fail and then request provisioning. This fits the normal flow of most apps. Still on occasion, an app might change requested security level after an openSession call failed. Using the cached security level would result in unexpected behavior. This change allows provisioning to occur at the last security level that was set. Bug: 129356527 Test: wv unit/integration tests, GTS tests (GtsMediaTestCases) Merged-In: I8d9234eec2b23a9c913e77a709943b431e25e43e Change-Id: I8d9234eec2b23a9c913e77a709943b431e25e43e --- libwvdrmengine/cdm/core/include/cdm_engine.h | 7 +- .../include/cdm_engine_metrics_decorator.h | 13 +- libwvdrmengine/cdm/core/src/cdm_engine.cpp | 24 +-- .../cdm_engine_metrics_decorator_unittest.cpp | 29 ++-- libwvdrmengine/cdm/core/test/test_base.cpp | 19 +-- .../include/wv_content_decryption_module.h | 6 +- .../cdm/src/wv_content_decryption_module.cpp | 12 +- .../cdm/test/cdm_extended_duration_test.cpp | 6 +- libwvdrmengine/cdm/test/cdm_feature_test.cpp | 18 ++- .../cdm/test/request_license_test.cpp | 139 +++++++++--------- .../cdm/test/wv_cdm_metrics_test.cpp | 3 +- .../mediadrm/include_hidl/WVDrmPlugin.h | 2 + libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp | 22 ++- .../mediadrm/src_hidl/WVDrmPlugin.cpp | 20 ++- .../mediadrm/test/WVDrmPlugin_test.cpp | 114 +++++++++++--- .../test/legacy_src/WVDrmPlugin_test.cpp | 27 ++-- 16 files changed, 284 insertions(+), 177 deletions(-) diff --git a/libwvdrmengine/cdm/core/include/cdm_engine.h b/libwvdrmengine/cdm/core/include/cdm_engine.h index 963fa74a..16a4e1f1 100644 --- a/libwvdrmengine/cdm/core/include/cdm_engine.h +++ b/libwvdrmengine/cdm/core/include/cdm_engine.h @@ -179,12 +179,14 @@ class CdmEngine { // Generate and return a valid provisioning request. virtual CdmResponseType GetProvisioningRequest( CdmCertificateType cert_type, const std::string& cert_authority, - const std::string& service_certificate, CdmProvisioningRequest* request, + const std::string& service_certificate, + SecurityLevel requested_security_level, CdmProvisioningRequest* request, std::string* default_url); // Verify and process a provisioning response. virtual CdmResponseType HandleProvisioningResponse( - const CdmProvisioningResponse& response, std::string* cert, + const CdmProvisioningResponse& response, + SecurityLevel requested_security_level, std::string* cert, std::string* wrapped_key); // Return true if there is a device certificate on the current @@ -388,7 +390,6 @@ class CdmEngine { CdmSessionMap session_map_; CdmReleaseKeySetMap release_key_sets_; std::unique_ptr cert_provisioning_; - SecurityLevel cert_provisioning_requested_security_level_; FileSystem* file_system_; Clock clock_; std::string spoid_; diff --git a/libwvdrmengine/cdm/core/include/cdm_engine_metrics_decorator.h b/libwvdrmengine/cdm/core/include/cdm_engine_metrics_decorator.h index befbd9f6..5eb7d9a0 100644 --- a/libwvdrmengine/cdm/core/include/cdm_engine_metrics_decorator.h +++ b/libwvdrmengine/cdm/core/include/cdm_engine_metrics_decorator.h @@ -156,21 +156,24 @@ class CdmEngineMetricsImpl : public T { CdmResponseType GetProvisioningRequest(CdmCertificateType cert_type, const std::string& cert_authority, const std::string& service_certificate, + SecurityLevel requested_security_level, CdmProvisioningRequest* request, std::string* default_url) override { CdmResponseType sts; - M_TIME(sts = T::GetProvisioningRequest(cert_type, cert_authority, - service_certificate, request, - default_url), + M_TIME(sts = T::GetProvisioningRequest( + cert_type, cert_authority, service_certificate, + requested_security_level, request, default_url), metrics_, cdm_engine_get_provisioning_request_, sts); return sts; } CdmResponseType HandleProvisioningResponse( - const CdmProvisioningResponse& response, std::string* cert, + const CdmProvisioningResponse& response, + SecurityLevel requested_security_level, std::string* cert, std::string* wrapped_key) override { CdmResponseType sts; - M_TIME(sts = T::HandleProvisioningResponse(response, cert, wrapped_key), + M_TIME(sts = T::HandleProvisioningResponse( + response, requested_security_level, cert, wrapped_key), metrics_, cdm_engine_handle_provisioning_response_, sts); return sts; } diff --git a/libwvdrmengine/cdm/core/src/cdm_engine.cpp b/libwvdrmengine/cdm/core/src/cdm_engine.cpp index 0317f6d5..ffaacbfd 100644 --- a/libwvdrmengine/cdm/core/src/cdm_engine.cpp +++ b/libwvdrmengine/cdm/core/src/cdm_engine.cpp @@ -73,7 +73,6 @@ CdmEngine::CdmEngine(FileSystem* file_system, std::shared_ptr metrics) : metrics_(metrics), cert_provisioning_(), - cert_provisioning_requested_security_level_(kLevelDefault), file_system_(file_system), spoid_(EMPTY_SPOID), usage_session_(), @@ -136,8 +135,6 @@ CdmResponseType CdmEngine::OpenSession(const CdmKeySystem& key_system, new_session->Init(property_set, forced_session_id, event_listener); if (sts != NO_ERROR) { if (sts == NEED_PROVISIONING) { - cert_provisioning_requested_security_level_ = - new_session->GetRequestedSecurityLevel(); // Reserve a session ID so the CDM can return success. if (session_id) *session_id = new_session->GenerateSessionId(); } else { @@ -294,10 +291,6 @@ CdmResponseType CdmEngine::GenerateKeyRequest( if (KEY_ADDED == sts) { return sts; } else if (KEY_MESSAGE != sts) { - if (sts == NEED_PROVISIONING) { - cert_provisioning_requested_security_level_ = - session->GetRequestedSecurityLevel(); - } LOGE("Key request generation failed, status = %d", static_cast(sts)); return sts; } @@ -414,10 +407,6 @@ CdmResponseType CdmEngine::RestoreKey(const CdmSessionId& session_id, &error_detail); session->GetMetrics()->cdm_session_restore_offline_session_.Increment( sts, error_detail); - if (sts == NEED_PROVISIONING) { - cert_provisioning_requested_security_level_ = - session->GetRequestedSecurityLevel(); - } if (sts != KEY_ADDED && sts != GET_RELEASED_LICENSE_ERROR) { LOGE("Restore offline session failed: status = %d", static_cast(sts)); } @@ -895,7 +884,8 @@ bool CdmEngine::IsSecurityLevelSupported(CdmSecurityLevel level) { */ CdmResponseType CdmEngine::GetProvisioningRequest( CdmCertificateType cert_type, const std::string& cert_authority, - const std::string& service_certificate, CdmProvisioningRequest* request, + const std::string& service_certificate, + SecurityLevel requested_security_level, CdmProvisioningRequest* request, std::string* default_url) { LOGI("Getting provisioning request"); if (!request) { @@ -915,7 +905,7 @@ CdmResponseType CdmEngine::GetProvisioningRequest( if (status != NO_ERROR) return status; } CdmResponseType ret = cert_provisioning_->GetProvisioningRequest( - cert_provisioning_requested_security_level_, cert_type, cert_authority, + requested_security_level, cert_type, cert_authority, file_system_->origin(), spoid_, request, default_url); if (ret != NO_ERROR) { cert_provisioning_.reset(); // Release resources. @@ -931,7 +921,8 @@ CdmResponseType CdmEngine::GetProvisioningRequest( * Returns NO_ERROR for success and CdmResponseType error code if fails. */ CdmResponseType CdmEngine::HandleProvisioningResponse( - const CdmProvisioningResponse& response, std::string* cert, + const CdmProvisioningResponse& response, + SecurityLevel requested_security_level, std::string* cert, std::string* wrapped_key) { LOGI("Handling provision request"); if (response.empty()) { @@ -955,10 +946,9 @@ CdmResponseType CdmEngine::HandleProvisioningResponse( std::unique_ptr crypto_session( CryptoSession::MakeCryptoSession(metrics_->GetCryptoMetrics())); CdmResponseType status; - M_TIME(status = crypto_session->Open( - cert_provisioning_requested_security_level_), + M_TIME(status = crypto_session->Open(requested_security_level), metrics_->GetCryptoMetrics(), crypto_session_open_, status, - cert_provisioning_requested_security_level_); + requested_security_level); if (NO_ERROR != status) { LOGE("Provisioning object missing and crypto session open failed"); return EMPTY_PROVISIONING_CERTIFICATE_2; diff --git a/libwvdrmengine/cdm/core/test/cdm_engine_metrics_decorator_unittest.cpp b/libwvdrmengine/cdm/core/test/cdm_engine_metrics_decorator_unittest.cpp index 2ca27d89..6d09be08 100644 --- a/libwvdrmengine/cdm/core/test/cdm_engine_metrics_decorator_unittest.cpp +++ b/libwvdrmengine/cdm/core/test/cdm_engine_metrics_decorator_unittest.cpp @@ -76,13 +76,13 @@ class MockCdmEngineImpl : public CdmEngine { MOCK_METHOD1(RemoveKeys, CdmResponseType(const CdmSessionId&)); MOCK_METHOD2(QueryKeyStatus, CdmResponseType(const CdmSessionId&, CdmQueryMap*)); - MOCK_METHOD5(GetProvisioningRequest, + MOCK_METHOD6(GetProvisioningRequest, CdmResponseType(CdmCertificateType, const std::string&, - const std::string&, CdmProvisioningRequest*, - std::string*)); - MOCK_METHOD3(HandleProvisioningResponse, - CdmResponseType(const CdmProvisioningResponse&, std::string*, - std::string*)); + const std::string&, SecurityLevel, + CdmProvisioningRequest*, std::string*)); + MOCK_METHOD4(HandleProvisioningResponse, + CdmResponseType(const CdmProvisioningResponse&, SecurityLevel, + std::string*, std::string*)); MOCK_METHOD1(Unprovision, CdmResponseType(CdmSecurityLevel)); MOCK_METHOD4(ListUsageIds, CdmResponseType(const std::string&, CdmSecurityLevel, @@ -311,16 +311,17 @@ TEST_F(WvCdmEngineMetricsImplTest, GetProvisioningRequest) { std::string default_url; EXPECT_CALL(*test_cdm_metrics_engine_, - GetProvisioningRequest(Eq(kCertificateX509), - Eq("fake certificate authority"), - Eq("fake service certificate"), - Eq(&request), Eq(&default_url))) + GetProvisioningRequest( + Eq(kCertificateX509), Eq("fake certificate authority"), + Eq("fake service certificate"), Eq(wvcdm::kLevelDefault), + Eq(&request), Eq(&default_url))) .WillOnce(Return(wvcdm::UNKNOWN_ERROR)); ASSERT_EQ(wvcdm::UNKNOWN_ERROR, test_cdm_metrics_engine_->GetProvisioningRequest( kCertificateX509, "fake certificate authority", - "fake service certificate", &request, &default_url)); + "fake service certificate", wvcdm::kLevelDefault, &request, + &default_url)); drm_metrics::WvCdmMetrics metrics_proto; test_cdm_metrics_engine_->GetMetricsSnapshot(&metrics_proto); @@ -340,12 +341,14 @@ TEST_F(WvCdmEngineMetricsImplTest, HandleProvisioningResponse) { EXPECT_CALL(*test_cdm_metrics_engine_, HandleProvisioningResponse(Eq("fake provisioning response"), - Eq(&cert), Eq(&wrapped_key))) + Eq(wvcdm::kLevelDefault), Eq(&cert), + Eq(&wrapped_key))) .WillOnce(Return(wvcdm::UNKNOWN_ERROR)); ASSERT_EQ(wvcdm::UNKNOWN_ERROR, test_cdm_metrics_engine_->HandleProvisioningResponse( - "fake provisioning response", &cert, &wrapped_key)); + "fake provisioning response", wvcdm::kLevelDefault, &cert, + &wrapped_key)); drm_metrics::WvCdmMetrics metrics_proto; test_cdm_metrics_engine_->GetMetricsSnapshot(&metrics_proto); diff --git a/libwvdrmengine/cdm/core/test/test_base.cpp b/libwvdrmengine/cdm/core/test/test_base.cpp index 572cef79..f3b90bc1 100644 --- a/libwvdrmengine/cdm/core/test/test_base.cpp +++ b/libwvdrmengine/cdm/core/test/test_base.cpp @@ -294,8 +294,8 @@ void WvCdmTestBase::Provision() { std::shared_ptr(new EngineMetrics)); FakeProvisioningServer server; CdmResponseType result = cdm_engine.GetProvisioningRequest( - cert_type, cert_authority, server.service_certificate(), &prov_request, - &provisioning_server_url); + cert_type, cert_authority, server.service_certificate(), kLevelDefault, + &prov_request, &provisioning_server_url); ASSERT_EQ(NO_ERROR, result); if (!binary_provisioning_) { std::vector prov_request_v = Base64SafeDecode(prov_request); @@ -304,8 +304,8 @@ void WvCdmTestBase::Provision() { std::string response; ASSERT_TRUE(server.MakeResponse(prov_request, &response)) << "Fake provisioning server could not provision"; - result = - cdm_engine.HandleProvisioningResponse(response, &cert, &wrapped_key); + result = cdm_engine.HandleProvisioningResponse(response, kLevelDefault, + &cert, &wrapped_key); EXPECT_EQ(NO_ERROR, result); } else { // TODO(fredgc): provision for different SPOIDs. @@ -314,7 +314,7 @@ void WvCdmTestBase::Provision() { CdmResponseType result = cdm_engine.GetProvisioningRequest( cert_type, cert_authority, config_.provisioning_service_certificate(), - &prov_request, &provisioning_server_url); + kLevelDefault, &prov_request, &provisioning_server_url); ASSERT_EQ(NO_ERROR, result); if (binary_provisioning_) { @@ -385,14 +385,15 @@ void WvCdmTestBase::Provision() { std::string binary_protobuf_response(response_vec.begin(), response_vec.end()); - if (cdm_engine.HandleProvisioningResponse( - binary_protobuf_response, &cert, &wrapped_key) != NO_ERROR) { + if (cdm_engine.HandleProvisioningResponse(binary_protobuf_response, + kLevelDefault, &cert, + &wrapped_key) != NO_ERROR) { LOGE("Failed to handle provisioning response"); continue; } } else { - if (cdm_engine.HandleProvisioningResponse(http_message, &cert, - &wrapped_key) != NO_ERROR) { + if (cdm_engine.HandleProvisioningResponse( + http_message, kLevelDefault, &cert, &wrapped_key) != NO_ERROR) { LOGE("Failed to handle binary provisioning response"); continue; } diff --git a/libwvdrmengine/cdm/include/wv_content_decryption_module.h b/libwvdrmengine/cdm/include/wv_content_decryption_module.h index d74751bd..dbf92e4f 100644 --- a/libwvdrmengine/cdm/include/wv_content_decryption_module.h +++ b/libwvdrmengine/cdm/include/wv_content_decryption_module.h @@ -88,11 +88,13 @@ class WvContentDecryptionModule : public android::RefBase, public TimerHandler { virtual CdmResponseType GetProvisioningRequest( CdmCertificateType cert_type, const std::string& cert_authority, const CdmIdentifier& identifier, const std::string& service_certificate, - CdmProvisioningRequest* request, std::string* default_url); + SecurityLevel requested_security_level, CdmProvisioningRequest* request, + std::string* default_url); virtual CdmResponseType HandleProvisioningResponse( const CdmIdentifier& identifier, CdmProvisioningResponse& response, - std::string* cert, std::string* wrapped_key); + SecurityLevel requested_security_level, std::string* cert, + std::string* wrapped_key); virtual CdmResponseType Unprovision(CdmSecurityLevel level, const CdmIdentifier& identifier); diff --git a/libwvdrmengine/cdm/src/wv_content_decryption_module.cpp b/libwvdrmengine/cdm/src/wv_content_decryption_module.cpp index d1f2003e..a49ff111 100644 --- a/libwvdrmengine/cdm/src/wv_content_decryption_module.cpp +++ b/libwvdrmengine/cdm/src/wv_content_decryption_module.cpp @@ -211,17 +211,21 @@ bool WvContentDecryptionModule::IsSecurityLevelSupported( CdmResponseType WvContentDecryptionModule::GetProvisioningRequest( CdmCertificateType cert_type, const std::string& cert_authority, const CdmIdentifier& identifier, const std::string& service_certificate, - CdmProvisioningRequest* request, std::string* default_url) { + SecurityLevel requested_security_level, CdmProvisioningRequest* request, + std::string* default_url) { CdmEngine* cdm_engine = EnsureCdmForIdentifier(identifier); return cdm_engine->GetProvisioningRequest( - cert_type, cert_authority, service_certificate, request, default_url); + cert_type, cert_authority, service_certificate, requested_security_level, + request, default_url); } CdmResponseType WvContentDecryptionModule::HandleProvisioningResponse( const CdmIdentifier& identifier, CdmProvisioningResponse& response, - std::string* cert, std::string* wrapped_key) { + SecurityLevel requested_security_level, std::string* cert, + std::string* wrapped_key) { CdmEngine* cdm_engine = EnsureCdmForIdentifier(identifier); - return cdm_engine->HandleProvisioningResponse(response, cert, wrapped_key); + return cdm_engine->HandleProvisioningResponse( + response, requested_security_level, cert, wrapped_key); } CdmResponseType WvContentDecryptionModule::Unprovision( diff --git a/libwvdrmengine/cdm/test/cdm_extended_duration_test.cpp b/libwvdrmengine/cdm/test/cdm_extended_duration_test.cpp index 7ae4a0ed..3b00e13f 100644 --- a/libwvdrmengine/cdm/test/cdm_extended_duration_test.cpp +++ b/libwvdrmengine/cdm/test/cdm_extended_duration_test.cpp @@ -451,7 +451,8 @@ class WvCdmExtendedDurationTest : public WvCdmTestBase { status = decryptor_->GetProvisioningRequest( cert_type, cert_authority, kDefaultCdmIdentifier, - kEmptyServiceCertificate, &key_msg_, &provisioning_server_url); + kEmptyServiceCertificate, kLevelDefault, &key_msg_, + &provisioning_server_url); EXPECT_EQ(NO_ERROR, status); if (NO_ERROR != status) return; EXPECT_EQ(provisioning_server_url, kDefaultProvisioningServerUrl); @@ -461,7 +462,8 @@ class WvCdmExtendedDurationTest : public WvCdmTestBase { EXPECT_NE(0, static_cast(response.size())); EXPECT_EQ(NO_ERROR, decryptor_->HandleProvisioningResponse(kDefaultCdmIdentifier, response, - &cert, &wrapped_key)); + kLevelDefault, &cert, + &wrapped_key)); EXPECT_EQ(0, static_cast(cert.size())); EXPECT_EQ(0, static_cast(wrapped_key.size())); decryptor_->CloseSession(session_id_); diff --git a/libwvdrmengine/cdm/test/cdm_feature_test.cpp b/libwvdrmengine/cdm/test/cdm_feature_test.cpp index f00011c8..5d1f4bf1 100644 --- a/libwvdrmengine/cdm/test/cdm_feature_test.cpp +++ b/libwvdrmengine/cdm/test/cdm_feature_test.cpp @@ -410,7 +410,8 @@ TEST_F(WvCdmFeatureTest, OEMCertificateProvisioning) { EXPECT_EQ(wvcdm::NO_ERROR, decryptor_.GetProvisioningRequest( cert_type, cert_authority, kDefaultCdmIdentifier, - kEmptyServiceCertificate, &key_msg_, &provisioning_server_url)); + kEmptyServiceCertificate, kLevelDefault, &key_msg_, + &provisioning_server_url)); EXPECT_EQ(provisioning_server_url, kDefaultProvisioningServerUrl); ClientIdentification_TokenType token_type; @@ -425,9 +426,9 @@ TEST_F(WvCdmFeatureTest, OEMCertificateProvisioning) { std::string response = GetCertRequestResponse(provisioning_server_url); // GetCertRequestResponse(config_.provisioning_server_url()); EXPECT_NE(0, static_cast(response.size())); - EXPECT_EQ(wvcdm::NO_ERROR, - decryptor_.HandleProvisioningResponse( - kDefaultCdmIdentifier, response, &cert, &wrapped_key)); + EXPECT_EQ(wvcdm::NO_ERROR, decryptor_.HandleProvisioningResponse( + kDefaultCdmIdentifier, response, kLevelDefault, + &cert, &wrapped_key)); EXPECT_EQ(0, static_cast(cert.size())); EXPECT_EQ(0, static_cast(wrapped_key.size())); decryptor_.CloseSession(session_id_); @@ -445,7 +446,8 @@ TEST_F(WvCdmFeatureTest, KeyboxProvisioning) { EXPECT_EQ(wvcdm::NO_ERROR, decryptor_.GetProvisioningRequest( cert_type, cert_authority, kDefaultCdmIdentifier, - kEmptyServiceCertificate, &key_msg_, &provisioning_server_url)); + kEmptyServiceCertificate, kLevelDefault, &key_msg_, + &provisioning_server_url)); EXPECT_EQ(provisioning_server_url, kDefaultProvisioningServerUrl); ClientIdentification_TokenType token_type; @@ -460,9 +462,9 @@ TEST_F(WvCdmFeatureTest, KeyboxProvisioning) { std::string response = GetCertRequestResponse(provisioning_server_url); EXPECT_NE(0, static_cast(response.size())); - EXPECT_EQ(wvcdm::NO_ERROR, - decryptor_.HandleProvisioningResponse( - kDefaultCdmIdentifier, response, &cert, &wrapped_key)); + EXPECT_EQ(wvcdm::NO_ERROR, decryptor_.HandleProvisioningResponse( + kDefaultCdmIdentifier, response, kLevelDefault, + &cert, &wrapped_key)); EXPECT_EQ(0, static_cast(cert.size())); EXPECT_EQ(0, static_cast(wrapped_key.size())); decryptor_.CloseSession(session_id_); diff --git a/libwvdrmengine/cdm/test/request_license_test.cpp b/libwvdrmengine/cdm/test/request_license_test.cpp index 66c38afa..8a5d64f1 100644 --- a/libwvdrmengine/cdm/test/request_license_test.cpp +++ b/libwvdrmengine/cdm/test/request_license_test.cpp @@ -2004,12 +2004,13 @@ class WvCdmRequestLicenseTest : public WvCdmTestBase { void Provision() { Provision(kDefaultCdmIdentifier, kLevelDefault); } - void Provision(const CdmIdentifier& identifier, SecurityLevel level, + void Provision(const CdmIdentifier& identifier, + SecurityLevel requested_security_level, CdmProvisioningResponse* provisioning_response = nullptr) { TestWvCdmClientPropertySet property_set_L3; TestWvCdmClientPropertySet* property_set = nullptr; - if (kLevel3 == level) { + if (kLevel3 == requested_security_level) { property_set_L3.set_security_level(QUERY_VALUE_SECURITY_LEVEL_L3); property_set = &property_set_L3; } @@ -2033,7 +2034,7 @@ class WvCdmRequestLicenseTest : public WvCdmTestBase { status = decryptor_->GetProvisioningRequest( cert_type, cert_authority, identifier, kEmptyServiceCertificate, - &key_msg_, &provisioning_server); + requested_security_level, &key_msg_, &provisioning_server); EXPECT_EQ(wvcdm::NO_ERROR, status); if (NO_ERROR != status) return; EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl); @@ -2042,8 +2043,10 @@ class WvCdmRequestLicenseTest : public WvCdmTestBase { GetCertRequestResponse(config_.provisioning_server()); if (provisioning_response != nullptr) *provisioning_response = response; EXPECT_NE(0, static_cast(response.size())); - EXPECT_EQ(wvcdm::NO_ERROR, decryptor_->HandleProvisioningResponse( - identifier, response, &cert, &wrapped_key)); + EXPECT_EQ(wvcdm::NO_ERROR, + decryptor_->HandleProvisioningResponse(identifier, response, + requested_security_level, + &cert, &wrapped_key)); EXPECT_EQ(0, static_cast(cert.size())); EXPECT_EQ(0, static_cast(wrapped_key.size())); decryptor_->CloseSession(session_id_); @@ -2151,14 +2154,15 @@ TEST_F(WvCdmRequestLicenseTest, ProvisioningTest) { EXPECT_EQ(wvcdm::NO_ERROR, decryptor_->GetProvisioningRequest( cert_type, cert_authority, kDefaultCdmIdentifier, - kEmptyServiceCertificate, &key_msg_, &provisioning_server)); + kEmptyServiceCertificate, kLevelDefault, &key_msg_, + &provisioning_server)); EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl); std::string response = GetCertRequestResponse(config_.provisioning_server()); EXPECT_NE(0, static_cast(response.size())); - EXPECT_EQ(wvcdm::NO_ERROR, - decryptor_->HandleProvisioningResponse( - kDefaultCdmIdentifier, response, &cert, &wrapped_key)); + EXPECT_EQ(wvcdm::NO_ERROR, decryptor_->HandleProvisioningResponse( + kDefaultCdmIdentifier, response, kLevelDefault, + &cert, &wrapped_key)); EXPECT_EQ(0, static_cast(cert.size())); EXPECT_EQ(0, static_cast(wrapped_key.size())); decryptor_->CloseSession(session_id_); @@ -2177,15 +2181,15 @@ TEST_F(WvCdmRequestLicenseTest, ProvisioningTestWithServiceCertificate) { EXPECT_EQ(wvcdm::NO_ERROR, decryptor_->GetProvisioningRequest( cert_type, cert_authority, kDefaultCdmIdentifier, - config_.provisioning_service_certificate(), &key_msg_, - &provisioning_server)); + config_.provisioning_service_certificate(), kLevelDefault, + &key_msg_, &provisioning_server)); EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl); std::string response = GetCertRequestResponse(config_.provisioning_server()); EXPECT_NE(0, static_cast(response.size())); - EXPECT_EQ(wvcdm::NO_ERROR, - decryptor_->HandleProvisioningResponse( - kDefaultCdmIdentifier, response, &cert, &wrapped_key)); + EXPECT_EQ(wvcdm::NO_ERROR, decryptor_->HandleProvisioningResponse( + kDefaultCdmIdentifier, response, kLevelDefault, + &cert, &wrapped_key)); EXPECT_EQ(0, static_cast(cert.size())); EXPECT_EQ(0, static_cast(wrapped_key.size())); decryptor_->CloseSession(session_id_); @@ -2194,26 +2198,22 @@ TEST_F(WvCdmRequestLicenseTest, ProvisioningTestWithServiceCertificate) { TEST_F(WvCdmRequestLicenseTest, L3ProvisioningTest) { TestWvCdmClientPropertySet property_set_L3; property_set_L3.set_security_level(QUERY_VALUE_SECURITY_LEVEL_L3); - CdmResponseType status = - decryptor_->OpenSession(config_.key_system(), &property_set_L3, - kDefaultCdmIdentifier, nullptr, &session_id_); - EXPECT_TRUE(status == NEED_PROVISIONING || status == NO_ERROR) - << "Failure to open session. error: " << status; std::string provisioning_server; CdmCertificateType cert_type = kCertificateWidevine; std::string cert_authority, cert, wrapped_key; - EXPECT_EQ(wvcdm::NO_ERROR, - decryptor_->GetProvisioningRequest( - cert_type, cert_authority, kDefaultCdmIdentifier, - kEmptyServiceCertificate, &key_msg_, &provisioning_server)); + EXPECT_EQ( + wvcdm::NO_ERROR, + decryptor_->GetProvisioningRequest( + cert_type, cert_authority, kDefaultCdmIdentifier, + kEmptyServiceCertificate, kLevel3, &key_msg_, &provisioning_server)); EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl); std::string response = GetCertRequestResponse(config_.provisioning_server()); EXPECT_NE(0, static_cast(response.size())); EXPECT_EQ(wvcdm::NO_ERROR, decryptor_->HandleProvisioningResponse( - kDefaultCdmIdentifier, response, &cert, &wrapped_key)); + kDefaultCdmIdentifier, response, kLevel3, &cert, &wrapped_key)); EXPECT_EQ(0, static_cast(cert.size())); EXPECT_EQ(0, static_cast(wrapped_key.size())); decryptor_->CloseSession(session_id_); @@ -2295,22 +2295,24 @@ TEST_F(WvCdmRequestLicenseTest, ProvisioningInterposedRetryTest) { EXPECT_EQ(wvcdm::NO_ERROR, decryptor_->GetProvisioningRequest( cert_type, cert_authority, kDefaultCdmIdentifier, - kEmptyServiceCertificate, &key_msg1, &provisioning_server)); + kEmptyServiceCertificate, kLevelDefault, &key_msg1, + &provisioning_server)); EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl); EXPECT_EQ(wvcdm::NO_ERROR, decryptor_->GetProvisioningRequest( cert_type, cert_authority, kDefaultCdmIdentifier, - kEmptyServiceCertificate, &key_msg2, &provisioning_server)); + kEmptyServiceCertificate, kLevelDefault, &key_msg2, + &provisioning_server)); EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl); // Second message should succeed. key_msg_ = key_msg2; std::string response = GetCertRequestResponse(config_.provisioning_server()); EXPECT_NE(0, static_cast(response.size())); - EXPECT_EQ(wvcdm::NO_ERROR, - decryptor_->HandleProvisioningResponse( - kDefaultCdmIdentifier, response, &cert, &wrapped_key)); + EXPECT_EQ(wvcdm::NO_ERROR, decryptor_->HandleProvisioningResponse( + kDefaultCdmIdentifier, response, kLevelDefault, + &cert, &wrapped_key)); EXPECT_EQ(0, static_cast(cert.size())); EXPECT_EQ(0, static_cast(wrapped_key.size())); @@ -2318,9 +2320,9 @@ TEST_F(WvCdmRequestLicenseTest, ProvisioningInterposedRetryTest) { key_msg_ = key_msg1; response = GetCertRequestResponse(config_.provisioning_server()); EXPECT_NE(0, static_cast(response.size())); - EXPECT_EQ(wvcdm::NO_ERROR, - decryptor_->HandleProvisioningResponse( - kDefaultCdmIdentifier, response, &cert, &wrapped_key)); + EXPECT_EQ(wvcdm::NO_ERROR, decryptor_->HandleProvisioningResponse( + kDefaultCdmIdentifier, response, kLevelDefault, + &cert, &wrapped_key)); EXPECT_EQ(0, static_cast(cert.size())); EXPECT_EQ(0, static_cast(wrapped_key.size())); decryptor_->CloseSession(session_id_); @@ -2338,22 +2340,24 @@ TEST_F(WvCdmRequestLicenseTest, ProvisioningInterspersedRetryTest) { EXPECT_EQ(wvcdm::NO_ERROR, decryptor_->GetProvisioningRequest( cert_type, cert_authority, kDefaultCdmIdentifier, - kEmptyServiceCertificate, &key_msg1, &provisioning_server)); + kEmptyServiceCertificate, kLevelDefault, &key_msg1, + &provisioning_server)); EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl); EXPECT_EQ(wvcdm::NO_ERROR, decryptor_->GetProvisioningRequest( cert_type, cert_authority, kDefaultCdmIdentifier, - kEmptyServiceCertificate, &key_msg2, &provisioning_server)); + kEmptyServiceCertificate, kLevelDefault, &key_msg2, + &provisioning_server)); EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl); // First request expected to fail, because only one message may be active. key_msg_ = key_msg1; std::string response = GetCertRequestResponse(config_.provisioning_server()); EXPECT_NE(0, static_cast(response.size())); - EXPECT_EQ(LOAD_PROVISIONING_ERROR, - decryptor_->HandleProvisioningResponse( - kDefaultCdmIdentifier, response, &cert, &wrapped_key)); + EXPECT_EQ(LOAD_PROVISIONING_ERROR, decryptor_->HandleProvisioningResponse( + kDefaultCdmIdentifier, response, + kLevelDefault, &cert, &wrapped_key)); EXPECT_EQ(0, static_cast(cert.size())); EXPECT_EQ(0, static_cast(wrapped_key.size())); @@ -2361,9 +2365,9 @@ TEST_F(WvCdmRequestLicenseTest, ProvisioningInterspersedRetryTest) { key_msg_ = key_msg2; response = GetCertRequestResponse(config_.provisioning_server()); EXPECT_NE(0, static_cast(response.size())); - EXPECT_EQ(wvcdm::NO_ERROR, - decryptor_->HandleProvisioningResponse( - kDefaultCdmIdentifier, response, &cert, &wrapped_key)); + EXPECT_EQ(wvcdm::NO_ERROR, decryptor_->HandleProvisioningResponse( + kDefaultCdmIdentifier, response, kLevelDefault, + &cert, &wrapped_key)); EXPECT_EQ(0, static_cast(cert.size())); EXPECT_EQ(0, static_cast(wrapped_key.size())); @@ -2382,14 +2386,15 @@ TEST_F(WvCdmRequestLicenseTest, DISABLED_X509ProvisioningTest) { EXPECT_EQ(wvcdm::NO_ERROR, decryptor_->GetProvisioningRequest( cert_type, cert_authority, kDefaultCdmIdentifier, - kEmptyServiceCertificate, &key_msg_, &provisioning_server)); + kEmptyServiceCertificate, kLevelDefault, &key_msg_, + &provisioning_server)); EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl); std::string response = GetCertRequestResponse(config_.provisioning_server()); EXPECT_NE(0, static_cast(response.size())); - EXPECT_EQ(wvcdm::NO_ERROR, - decryptor_->HandleProvisioningResponse( - kDefaultCdmIdentifier, response, &cert, &wrapped_key)); + EXPECT_EQ(wvcdm::NO_ERROR, decryptor_->HandleProvisioningResponse( + kDefaultCdmIdentifier, response, kLevelDefault, + &cert, &wrapped_key)); EXPECT_NE(0, static_cast(cert.size())); EXPECT_NE(0, static_cast(wrapped_key.size())); decryptor_->CloseSession(session_id_); @@ -2472,17 +2477,17 @@ TEST_F(WvCdmRequestLicenseTest, PropertySetTest) { std::string provisioning_server; CdmCertificateType cert_type = kCertificateWidevine; std::string cert_authority, cert, wrapped_key; - EXPECT_EQ(NO_ERROR, - decryptor_->GetProvisioningRequest( - cert_type, cert_authority, kDefaultCdmIdentifier, - kEmptyServiceCertificate, &key_msg_, &provisioning_server)); + EXPECT_EQ(NO_ERROR, decryptor_->GetProvisioningRequest( + cert_type, cert_authority, kDefaultCdmIdentifier, + kEmptyServiceCertificate, kLevel3, &key_msg_, + &provisioning_server)); EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl); std::string response = GetCertRequestResponse(config_.provisioning_server()); EXPECT_NE(0, static_cast(response.size())); - EXPECT_EQ(NO_ERROR, - decryptor_->HandleProvisioningResponse( - kDefaultCdmIdentifier, response, &cert, &wrapped_key)); + EXPECT_EQ(NO_ERROR, decryptor_->HandleProvisioningResponse( + kDefaultCdmIdentifier, response, kLevel3, &cert, + &wrapped_key)); EXPECT_EQ(NO_ERROR, decryptor_->OpenSession( config_.key_system(), &property_set_L3, kDefaultCdmIdentifier, nullptr, &session_id_L3)); @@ -2549,16 +2554,16 @@ TEST_F(WvCdmRequestLicenseTest, ForceL3Test) { std::string provisioning_server; CdmCertificateType cert_type = kCertificateWidevine; std::string cert_authority, cert, wrapped_key; - EXPECT_EQ(NO_ERROR, - decryptor_->GetProvisioningRequest( - cert_type, cert_authority, kDefaultCdmIdentifier, - kEmptyServiceCertificate, &key_msg_, &provisioning_server)); + EXPECT_EQ(NO_ERROR, decryptor_->GetProvisioningRequest( + cert_type, cert_authority, kDefaultCdmIdentifier, + kEmptyServiceCertificate, kLevel3, &key_msg_, + &provisioning_server)); EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl); std::string response = GetCertRequestResponse(config_.provisioning_server()); EXPECT_NE(0, static_cast(response.size())); EXPECT_EQ(NO_ERROR, decryptor_->HandleProvisioningResponse( - kDefaultCdmIdentifier, response, &cert, &wrapped_key)); + kDefaultCdmIdentifier, response, kLevel3, &cert, &wrapped_key)); EXPECT_EQ(NO_ERROR, decryptor_->OpenSession( config_.key_system(), &property_set, @@ -2812,17 +2817,17 @@ TEST_F(WvCdmRequestLicenseTest, ReleaseRetryL3OfflineKeyTest) { std::string provisioning_server; CdmCertificateType cert_type = kCertificateWidevine; std::string cert_authority, cert, wrapped_key; - EXPECT_EQ(NO_ERROR, - decryptor_->GetProvisioningRequest( - cert_type, cert_authority, kDefaultCdmIdentifier, - kEmptyServiceCertificate, &key_msg_, &provisioning_server)); + EXPECT_EQ(NO_ERROR, decryptor_->GetProvisioningRequest( + cert_type, cert_authority, kDefaultCdmIdentifier, + kEmptyServiceCertificate, kLevel3, &key_msg_, + &provisioning_server)); EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl); std::string response = GetCertRequestResponse(config_.provisioning_server()); EXPECT_NE(0, static_cast(response.size())); - EXPECT_EQ(NO_ERROR, - decryptor_->HandleProvisioningResponse( - kDefaultCdmIdentifier, response, &cert, &wrapped_key)); + EXPECT_EQ(NO_ERROR, decryptor_->HandleProvisioningResponse( + kDefaultCdmIdentifier, response, kLevel3, &cert, + &wrapped_key)); EXPECT_EQ(NO_ERROR, decryptor_->OpenSession( config_.key_system(), &property_set, kDefaultCdmIdentifier, nullptr, &session_id_)); @@ -2890,15 +2895,15 @@ TEST_F(WvCdmRequestLicenseTest, std::string cert_authority, cert, wrapped_key; EXPECT_EQ(NO_ERROR, decryptor_->GetProvisioningRequest( cert_type, cert_authority, kDefaultCdmIdentifier, - kEmptyServiceCertificate, &key_msg_, + kEmptyServiceCertificate, kLevel3, &key_msg_, &provisioning_server_url)); EXPECT_EQ(provisioning_server_url, kDefaultProvisioningServerUrl); std::string response = GetCertRequestResponse(config_.provisioning_server()); EXPECT_NE(0, static_cast(response.size())); - EXPECT_EQ(NO_ERROR, - decryptor_->HandleProvisioningResponse( - kDefaultCdmIdentifier, response, &cert, &wrapped_key)); + EXPECT_EQ(NO_ERROR, decryptor_->HandleProvisioningResponse( + kDefaultCdmIdentifier, response, kLevel3, &cert, + &wrapped_key)); EXPECT_EQ(NO_ERROR, decryptor_->OpenSession( config_.key_system(), &property_set, kDefaultCdmIdentifier, nullptr, &session_id_)); diff --git a/libwvdrmengine/cdm/test/wv_cdm_metrics_test.cpp b/libwvdrmengine/cdm/test/wv_cdm_metrics_test.cpp index b16680b3..cece6da5 100644 --- a/libwvdrmengine/cdm/test/wv_cdm_metrics_test.cpp +++ b/libwvdrmengine/cdm/test/wv_cdm_metrics_test.cpp @@ -58,7 +58,8 @@ TEST_F(WvContentDecryptionModuleMetricsTest, EngineOnlyMetrics) { EXPECT_EQ(wvcdm::NO_ERROR, decryptor_.GetProvisioningRequest( cert_type, cert_authority, kDefaultCdmIdentifier, - kEmptyServiceCertificate, &request, &provisioning_server_url)); + kEmptyServiceCertificate, kLevelDefault, &request, + &provisioning_server_url)); drm_metrics::WvCdmMetrics metrics; ASSERT_EQ(wvcdm::NO_ERROR, diff --git a/libwvdrmengine/mediadrm/include_hidl/WVDrmPlugin.h b/libwvdrmengine/mediadrm/include_hidl/WVDrmPlugin.h index 12b0388a..8f0608a8 100644 --- a/libwvdrmengine/mediadrm/include_hidl/WVDrmPlugin.h +++ b/libwvdrmengine/mediadrm/include_hidl/WVDrmPlugin.h @@ -453,6 +453,8 @@ struct WVDrmPlugin : public IDrmPlugin, IDrmPluginListener, SecurityLevel mapSecurityLevel(const std::string& level); + wvcdm::SecurityLevel getRequestedSecurityLevel() const; + Status openSessionCommon(std::vector& sessionId); bool initDataResemblesPSSH(const std::vector& initData); diff --git a/libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp b/libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp index 31d8ac0f..ccb01a65 100644 --- a/libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp +++ b/libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp @@ -371,10 +371,15 @@ status_t WVDrmPlugin::getProvisionRequest(const String8& cert_type, string cdmCertAuthority = cert_authority.string(); + wvcdm::SecurityLevel requested_security_level = + mPropertySet.security_level().compare(QUERY_VALUE_SECURITY_LEVEL_L3) == 0 + ? kLevel3 + : kLevelDefault; + CdmResponseType res = mCDM->GetProvisioningRequest( cdmCertType, cdmCertAuthority, mCdmIdentifier, - mProvisioningServiceCertificate, &cdmProvisionRequest, - &cdmDefaultUrl); + mProvisioningServiceCertificate, requested_security_level, + &cdmProvisionRequest, &cdmDefaultUrl); if (isCdmResponseTypeSuccess(res)) { request = ToVector(cdmProvisionRequest); @@ -401,10 +406,15 @@ status_t WVDrmPlugin::provideProvisionResponse( } else { string cdmCertificate; string cdmWrappedKey; - CdmResponseType res = mCDM->HandleProvisioningResponse(mCdmIdentifier, - cdmResponse, - &cdmCertificate, - &cdmWrappedKey); + wvcdm::SecurityLevel requested_security_level = + mPropertySet.security_level() + .compare(QUERY_VALUE_SECURITY_LEVEL_L3) == 0 + ? kLevel3 + : kLevelDefault; + CdmResponseType res = + mCDM->HandleProvisioningResponse(mCdmIdentifier, cdmResponse, + requested_security_level, + &cdmCertificate, &cdmWrappedKey); if (isCdmResponseTypeSuccess(res)) { certificate = ToVector(cdmCertificate); wrapped_key = ToVector(cdmWrappedKey); diff --git a/libwvdrmengine/mediadrm/src_hidl/WVDrmPlugin.cpp b/libwvdrmengine/mediadrm/src_hidl/WVDrmPlugin.cpp index 08981113..205f842e 100644 --- a/libwvdrmengine/mediadrm/src_hidl/WVDrmPlugin.cpp +++ b/libwvdrmengine/mediadrm/src_hidl/WVDrmPlugin.cpp @@ -719,7 +719,8 @@ Return WVDrmPlugin::getProvisionRequest_1_2( CdmResponseType res = mCDM->GetProvisioningRequest( cdmCertType, cdmCertAuthority, identifier, - mProvisioningServiceCertificate, &cdmProvisionRequest, &cdmDefaultUrl); + mProvisioningServiceCertificate, getRequestedSecurityLevel(), + &cdmProvisionRequest, &cdmDefaultUrl); if (isCdmResponseTypeSuccess(res)) { request = StrToVector(cdmProvisionRequest); defaultUrl.clear(); @@ -765,7 +766,8 @@ Return WVDrmPlugin::provideProvisionResponse( std::string cdmCertificate; std::string cdmWrappedKey; CdmResponseType res = mCDM->HandleProvisioningResponse( - identifier, cdmResponse, &cdmCertificate, &cdmWrappedKey); + identifier, cdmResponse, getRequestedSecurityLevel(), &cdmCertificate, + &cdmWrappedKey); if (isCdmResponseTypeSuccess(res)) { certificate = StrToVector(cdmCertificate); wrappedKey = StrToVector(cdmWrappedKey); @@ -1951,12 +1953,7 @@ void WVDrmPlugin::OnSessionLostState(const CdmSessionId& cdmSessionId) { Status WVDrmPlugin::queryProperty(const std::string& property, std::string& stringValue) const { - wvcdm::SecurityLevel securityLevel = - mPropertySet.security_level().compare( - wvcdm::QUERY_VALUE_SECURITY_LEVEL_L3) == 0 - ? wvcdm::kLevel3 - : wvcdm::kLevelDefault; - return queryProperty(securityLevel, property, stringValue); + return queryProperty(getRequestedSecurityLevel(), property, stringValue); } Status WVDrmPlugin::queryProperty(wvcdm::SecurityLevel securityLevel, @@ -2047,6 +2044,13 @@ Status WVDrmPlugin::mapOEMCryptoResult(OEMCryptoResult res) { } } +wvcdm::SecurityLevel WVDrmPlugin::getRequestedSecurityLevel() const { + return mPropertySet.security_level().compare( + wvcdm::QUERY_VALUE_SECURITY_LEVEL_L3) == 0 + ? wvcdm::kLevel3 + : wvcdm::kLevelDefault; +} + bool WVDrmPlugin::initDataResemblesPSSH(const std::vector& initData) { const uint8_t* const initDataArray = initData.data(); diff --git a/libwvdrmengine/mediadrm/test/WVDrmPlugin_test.cpp b/libwvdrmengine/mediadrm/test/WVDrmPlugin_test.cpp index bc84e471..2dbb8669 100644 --- a/libwvdrmengine/mediadrm/test/WVDrmPlugin_test.cpp +++ b/libwvdrmengine/mediadrm/test/WVDrmPlugin_test.cpp @@ -7,25 +7,26 @@ #define LOG_TAG "WVDrmPluginTest" #include -#include -#include -#include #include +#include +#include +#include #include -#include "cdm_client_property_set.h" #include "gmock/gmock.h" #include "gtest/gtest.h" -#include "media/stagefright/foundation/ABase.h" -#include "media/stagefright/MediaErrors.h" -#include "string_conversions.h" -#include "wv_cdm_constants.h" -#include "wv_cdm_types.h" -#include "wv_content_decryption_module.h" + #include "HidlTypes.h" #include "TypeConvert.h" #include "WVDrmPlugin.h" #include "WVErrors.h" +#include "cdm_client_property_set.h" +#include "media/stagefright/MediaErrors.h" +#include "media/stagefright/foundation/ABase.h" +#include "string_conversions.h" +#include "wv_cdm_constants.h" +#include "wv_cdm_types.h" +#include "wv_content_decryption_module.h" namespace wvdrm { namespace hardware { @@ -174,16 +175,17 @@ class MockCDM : public WvContentDecryptionModule { MOCK_METHOD2(QueryOemCryptoSessionId, CdmResponseType(const CdmSessionId&, CdmQueryMap*)); - MOCK_METHOD6(GetProvisioningRequest, CdmResponseType(CdmCertificateType, + MOCK_METHOD7(GetProvisioningRequest, CdmResponseType(CdmCertificateType, const std::string&, const CdmIdentifier&, const std::string&, + wvcdm::SecurityLevel, CdmProvisioningRequest*, std::string*)); - MOCK_METHOD4(HandleProvisioningResponse, + MOCK_METHOD5(HandleProvisioningResponse, CdmResponseType(const CdmIdentifier&, CdmProvisioningResponse&, - std::string*, std::string*)); + wvcdm::SecurityLevel, std::string*, std::string*)); MOCK_METHOD2(Unprovision, CdmResponseType(CdmSecurityLevel, const CdmIdentifier&)); @@ -838,13 +840,27 @@ TEST_F(WVDrmPluginTest, GetsProvisioningRequests) { static const char* kDefaultUrl = "http://google.com/"; - EXPECT_CALL(*cdm, GetProvisioningRequest(kCertificateWidevine, IsEmpty(), - HasOrigin(EMPTY_ORIGIN), IsEmpty(), - _, _)) - .WillOnce(DoAll(SetArgPointee<4>(cdmRequest), - SetArgPointee<5>(kDefaultUrl), + EXPECT_CALL(*cdm, QueryStatus(_, QUERY_KEY_SECURITY_LEVEL, _)) + .WillOnce(DoAll(SetArgPointee<2>(QUERY_VALUE_SECURITY_LEVEL_L1), testing::Return(wvcdm::NO_ERROR))); + // The first and the third invocation should be at default security level, + // while the second one should be L3 + EXPECT_CALL(*cdm, GetProvisioningRequest(kCertificateWidevine, IsEmpty(), + HasOrigin(EMPTY_ORIGIN), IsEmpty(), + wvcdm::kLevelDefault, _, _)) + .Times(2) + .WillRepeatedly(DoAll(SetArgPointee<5>(cdmRequest), + SetArgPointee<6>(kDefaultUrl), + testing::Return(wvcdm::NO_ERROR))); + EXPECT_CALL(*cdm, GetProvisioningRequest(kCertificateWidevine, IsEmpty(), + HasOrigin(EMPTY_ORIGIN), IsEmpty(), + wvcdm::kLevel3, _, _)) + .WillOnce(DoAll(SetArgPointee<5>(cdmRequest), + SetArgPointee<6>(kDefaultUrl), + testing::Return(wvcdm::NO_ERROR))); + + // Make 3 provisioning requests at security level default then L3 then L1 WVDrmPlugin plugin(cdm.get(), appPackageName, &crypto, false); plugin.getProvisionRequest( hidl_string(""), hidl_string(""), @@ -855,6 +871,34 @@ TEST_F(WVDrmPluginTest, GetsProvisioningRequests) { EXPECT_THAT(request, ElementsAreArray(requestRaw, kRequestSize)); EXPECT_STREQ(kDefaultUrl, defaultUrl.c_str()); }); + + // Set L3 security level + Status status = plugin.setPropertyString(hidl_string("securityLevel"), + hidl_string("L3")); + ASSERT_EQ(Status::OK, status); + plugin.getProvisionRequest( + hidl_string(""), hidl_string(""), + [&](Status status, hidl_vec hRequest, hidl_string defaultUrl) { + ASSERT_EQ(Status::OK, status); + + std::vector request(hRequest); + EXPECT_THAT(request, ElementsAreArray(requestRaw, kRequestSize)); + EXPECT_STREQ(kDefaultUrl, defaultUrl.c_str()); + }); + + // Reset security level to L1 + status = plugin.setPropertyString(hidl_string("securityLevel"), + hidl_string("L1")); + ASSERT_EQ(Status::OK, status); + plugin.getProvisionRequest( + hidl_string(""), hidl_string(""), + [&](Status status, hidl_vec hRequest, hidl_string defaultUrl) { + ASSERT_EQ(Status::OK, status); + + std::vector request(hRequest); + EXPECT_THAT(request, ElementsAreArray(requestRaw, kRequestSize)); + EXPECT_STREQ(kDefaultUrl, defaultUrl.c_str()); + }); } TEST_F(WVDrmPluginTest, HandlesProvisioningResponses) { @@ -871,15 +915,27 @@ TEST_F(WVDrmPluginTest, HandlesProvisioningResponses) { std::vector response; response.assign(responseRaw, responseRaw + kResponseSize); + EXPECT_CALL(*cdm, QueryStatus(_, QUERY_KEY_SECURITY_LEVEL, _)) + .WillOnce(DoAll(SetArgPointee<2>(QUERY_VALUE_SECURITY_LEVEL_L1), + testing::Return(wvcdm::NO_ERROR))); + + // The first and the third invocation should be at default security level, + // while the second one should be L3 EXPECT_CALL(*cdm, HandleProvisioningResponse(HasOrigin(EMPTY_ORIGIN), ElementsAreArray(responseRaw, kResponseSize), - _, _)) + wvcdm::kLevelDefault, _, _)) + .Times(2); + EXPECT_CALL(*cdm, HandleProvisioningResponse(HasOrigin(EMPTY_ORIGIN), + ElementsAreArray(responseRaw, + kResponseSize), + wvcdm::kLevel3, _, _)) .Times(1); std::vector cert; std::vector key; + // Process 3 provisioning responses at security level default then L3 then L1 WVDrmPlugin plugin(cdm.get(), appPackageName, &crypto, false); plugin.provideProvisionResponse( toHidlVec(response), @@ -887,6 +943,26 @@ TEST_F(WVDrmPluginTest, HandlesProvisioningResponses) { hidl_vec /* key */) { ASSERT_EQ(Status::OK, status); }); + + // Set L3 security level + Status status = plugin.setPropertyString(hidl_string("securityLevel"), + hidl_string("L3")); + plugin.provideProvisionResponse( + toHidlVec(response), + [&](Status status, hidl_vec /* cert */, + hidl_vec /* key */) { + ASSERT_EQ(Status::OK, status); + }); + + // Reset security level to L1 + status = plugin.setPropertyString(hidl_string("securityLevel"), + hidl_string("L1")); + plugin.provideProvisionResponse( + toHidlVec(response), + [&](Status status, hidl_vec /* cert */, + hidl_vec /* key */) { + ASSERT_EQ(Status::OK, status); + }); } TEST_F(WVDrmPluginTest, UnprovisionsDevice) { diff --git a/libwvdrmengine/mediadrm/test/legacy_src/WVDrmPlugin_test.cpp b/libwvdrmengine/mediadrm/test/legacy_src/WVDrmPlugin_test.cpp index 33553147..252cac73 100644 --- a/libwvdrmengine/mediadrm/test/legacy_src/WVDrmPlugin_test.cpp +++ b/libwvdrmengine/mediadrm/test/legacy_src/WVDrmPlugin_test.cpp @@ -4,23 +4,23 @@ // License Agreement. // +#include #include #include -#include #include +#include "WVDrmPlugin.h" +#include "WVErrors.h" #include "cdm_client_property_set.h" -#include "gmock/gmock.h" -#include "gtest/gtest.h" +#include "media/stagefright/MediaErrors.h" #include "media/stagefright/foundation/ABase.h" #include "media/stagefright/foundation/AString.h" -#include "media/stagefright/MediaErrors.h" #include "string_conversions.h" #include "wv_cdm_constants.h" #include "wv_cdm_types.h" #include "wv_content_decryption_module.h" -#include "WVDrmPlugin.h" -#include "WVErrors.h" +#include "gmock/gmock.h" +#include "gtest/gtest.h" using namespace android; using namespace std; @@ -85,16 +85,17 @@ class MockCDM : public WvContentDecryptionModule { MOCK_METHOD2(QueryOemCryptoSessionId, CdmResponseType(const CdmSessionId&, CdmQueryMap*)); - MOCK_METHOD6(GetProvisioningRequest, CdmResponseType(CdmCertificateType, + MOCK_METHOD7(GetProvisioningRequest, CdmResponseType(CdmCertificateType, const std::string&, const CdmIdentifier&, const std::string&, + SecurityLevel, CdmProvisioningRequest*, std::string*)); - MOCK_METHOD4(HandleProvisioningResponse, + MOCK_METHOD5(HandleProvisioningResponse, CdmResponseType(const CdmIdentifier&, CdmProvisioningResponse&, - std::string*, std::string*)); + SecurityLevel, std::string*, std::string*)); MOCK_METHOD2(Unprovision, CdmResponseType(CdmSecurityLevel, const CdmIdentifier&)); @@ -607,9 +608,9 @@ TEST_F(WVDrmPluginTest, GetsProvisioningRequests) { EXPECT_CALL(*cdm, GetProvisioningRequest(kCertificateWidevine, IsEmpty(), HasOrigin(EMPTY_ORIGIN), IsEmpty(), - _, _)) - .WillOnce(DoAll(SetArgPointee<4>(cdmRequest), - SetArgPointee<5>(kDefaultUrl), + wvcdm::kLevelDefault, _, _)) + .WillOnce(DoAll(SetArgPointee<5>(cdmRequest), + SetArgPointee<6>(kDefaultUrl), Return(wvcdm::NO_ERROR))); Vector request; @@ -640,7 +641,7 @@ TEST_F(WVDrmPluginTest, HandlesProvisioningResponses) { EXPECT_CALL(*cdm, HandleProvisioningResponse(HasOrigin(EMPTY_ORIGIN), ElementsAreArray(responseRaw, kResponseSize), - _, _)) + wvcdm::kLevelDefault, _, _)) .Times(1); Vector cert;