First-stage Provisioning 4.0 client ID encryption

(This is a merge of http://go/wvgerrit/150131 to the Android repo.)

This patch changes the code path in the CDM so that the first-stage
provisioning request for Provisioning 4.0 is always encrypted with the
Widevine service certificate instead of the client-set service
certificate, reflecting that the first-stage provisioning is always
handled by Widevine.

This patch also makes several methods on the ServiceCertificate class
const. This has no impact on their behavior.

Bug: 221443151
Test: prov40 tests
Change-Id: Ide4c3927afadcd45ae7fb629b99e2f55cc29d56e

libwvdrmengine/cdm/core/src/service_certificate.cpp

@@ -206,7 +206,7 @@ CdmResponseType ServiceCertificate::Init(const std::string& certificate) {
 }
 
 CdmResponseType ServiceCertificate::VerifySignedMessage(
-    const std::string& message, const std::string& signature) {
+    const std::string& message, const std::string& signature) const {
   if (!public_key_) {
     LOGE("Service certificate not set");
     return DEVICE_CERTIFICATE_ERROR_4;
@@ -218,8 +218,8 @@ CdmResponseType ServiceCertificate::VerifySignedMessage(
   return NO_ERROR;
 }
 
-CdmResponseType ServiceCertificate::EncryptRsaOaep(const std::string& plaintext,
-                                                   std::string* ciphertext) {
+CdmResponseType ServiceCertificate::EncryptRsaOaep(
+    const std::string& plaintext, std::string* ciphertext) const {
   if (!public_key_) {
     LOGE("Service certificate not set");
     return DEVICE_CERTIFICATE_ERROR_4;
@@ -233,7 +233,7 @@ CdmResponseType ServiceCertificate::EncryptRsaOaep(const std::string& plaintext,
 
 CdmResponseType ServiceCertificate::EncryptClientId(
     CryptoSession* crypto_session, const ClientIdentification* clear_client_id,
-    EncryptedClientIdentification* encrypted_client_id) {
+    EncryptedClientIdentification* encrypted_client_id) const {
   encrypted_client_id->set_provider_id(provider_id_);
   encrypted_client_id->set_service_certificate_serial_number(serial_number_);