Snap for 4710485 from f0cd22d4f4 to pi-release

Change-Id: I7b08096443321d177090fb21b1f05be41f7fb278
2018-04-10 07:25:48 +00:00
parent 49f5f264e7 f0cd22d4f4
commit d5b930eb86
11 changed files with 153 additions and 93 deletions
--- a/libwvdrmengine/cdm/core/include/crypto_session.h
+++ b/libwvdrmengine/cdm/core/include/crypto_session.h
@@ -199,7 +199,8 @@ class CryptoSession {
 private:
  friend class CryptoSessionForTest;

-  bool GetProvisioningMethod(CdmClientTokenType* token_type);
+  CdmResponseType GetProvisioningMethod(SecurityLevel requested_security_level,
+                                        CdmClientTokenType* token_type);
  void Init();
  void Terminate();
  bool GetTokenFromKeybox(std::string* token);
--- a/libwvdrmengine/cdm/core/include/wv_cdm_types.h
+++ b/libwvdrmengine/cdm/core/include/wv_cdm_types.h
@@ -324,6 +324,7 @@ enum CdmResponseType {
  REMOVE_USAGE_INFO_ERROR_1 = 282,
  REMOVE_USAGE_INFO_ERROR_2 = 283,
  REMOVE_USAGE_INFO_ERROR_3 = 284,
+  GET_PROVISIONING_METHOD_ERROR = 285,
 };

 enum CdmKeyStatus {
@@ -397,7 +398,8 @@ enum CdmSigningAlgorithm {
 enum CdmClientTokenType {
  kClientTokenKeybox,
  kClientTokenDrmCert,
-  kClientTokenOemCert
+  kClientTokenOemCert,
+  kClientTokenUninitialized,
 };

 // kNonSecureUsageSupport - TEE does not provide any support for usage
--- a/libwvdrmengine/cdm/core/src/cdm_engine.cpp
+++ b/libwvdrmengine/cdm/core/src/cdm_engine.cpp
@@ -757,6 +757,7 @@ CdmResponseType CdmEngine::QueryOemCryptoSessionId(
 CdmResponseType CdmEngine::GetProvisioningRequest(
    CdmCertificateType cert_type, const std::string& cert_authority,
    CdmProvisioningRequest* request, std::string* default_url) {
+  LOGI("CdmEngine::GetProvisioningRequest");
  if (!request) {
    LOGE("CdmEngine::GetProvisioningRequest: invalid output parameters");
    return INVALID_PROVISIONING_REQUEST_PARAM_1;
@@ -794,6 +795,7 @@ CdmResponseType CdmEngine::GetProvisioningRequest(
 CdmResponseType CdmEngine::HandleProvisioningResponse(
    const CdmProvisioningResponse& response, std::string* cert,
    std::string* wrapped_key) {
+  LOGI("CdmEngine::HandleProvisioningResponse");
  if (response.empty()) {
    LOGE("CdmEngine::HandleProvisioningResponse: Empty provisioning response.");
    cert_provisioning_.reset(NULL);
--- a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
+++ b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
@@ -21,29 +21,30 @@ const std::string kProvisioningServerUrl =
    "certificateprovisioning/v1/devicecertificates/create"
    "?key=AIzaSyB-5OLKTx2iU5mko18DfdwK5611JIjbUhE";

-// TODO(b/69133499): update to new default cert.
-// NOTE: Provider ID = license.widevine.com
+// NOTE: Provider ID = widevine.com
 const std::string kCpProductionServiceCertificate = wvcdm::a2bs_hex(
-    "0ac102080312101705b917cc1204868b06333a2f772a8c1882b4829205228e023082010a02"
-    "8201010099ed5b3b327dab5e24efc3b62a95b598520ad5bccb37503e0645b814d876b8df40"
-    "510441ad8ce3adb11bb88c4e725a5e4a9e0795291d58584023a7e1af0e38a9127939300861"
-    "0b6f158c878c7e21bffbfeea77e1019e1e5781e8a45f46263d14e60e8058a8607adce04fac"
-    "8457b137a8d67ccdeb33705d983a21fb4eecbd4a10ca47490ca47eaa5d438218ddbaf1cade"
-    "3392f13d6ffb6442fd31e1bf40b0c604d1c4ba4c9520a4bf97eebd60929afceef55bbaf564"
-    "e2d0e76cd7c55c73a082b996120b8359edce24707082680d6f67c6d82c4ac5f3134490a74e"
-    "ec37af4b2f010c59e82843e2582f0b6b9f5db0fc5e6edf64fbd308b4711bcf1250019c9f5a"
-    "0902030100013a146c6963656e73652e7769646576696e652e636f6d128003ae347314b5a8"
-    "35297f271388fb7bb8cb5277d249823cddd1da30b93339511eb3ccbdea04b944b927c12134"
-    "6efdbdeac9d413917e6ec176a10438460a503bc1952b9ba4e4ce0fc4bfc20a9808aaaf4bfc"
-    "d19c1dcfcdf574ccac28d1b410416cf9de8804301cbdb334cafcd0d40978423a642e54613d"
-    "f0afcf96ca4a9249d855e42b3a703ef1767f6a9bd36d6bf82be76bbf0cba4fde59d2abcc76"
-    "feb64247b85c431fbca52266b619fc36979543fca9cbbdbbfafa0e1a55e755a3c7bce655f9"
-    "646f582ab9cf70aa08b979f867f63a0b2b7fdb362c5bc4ecd555d85bcaa9c593c383c857d4"
-    "9daab77e40b7851ddfd24998808e35b258e75d78eac0ca16f7047304c20d93ede4e8ff1c6f"
-    "17e6243e3f3da8fc1709870ec45fba823a263f0cefa1f7093b1909928326333705043a29bd"
-    "a6f9b4342cc8df543cb1a1182f7c5fff33f10490faca5b25360b76015e9c5a06ab8ee02f00"
-    "d2e8d5986104aacc4dd475fd96ee9ce4e326f21b83c7058577b38732cddabc6a6bed13fb0d"
-    "49d38a45eb87a5f4");
+    "0ab9020803121051434fe2a44c763bcc2c826a2d6ef9a718f7d793d005228e02"
+    "3082010a02820101009e27088659dbd9126bc6ed594caf652b0eaab82abb9862"
+    "ada1ee6d2cb5247e94b28973fef5a3e11b57d0b0872c930f351b5694354a8c77"
+    "ed4ee69834d2630372b5331c5710f38bdbb1ec3024cfadb2a8ac94d977d391b7"
+    "d87c20c5c046e9801a9bffaf49a36a9ee6c5163eff5cdb63bfc750cf4a218618"
+    "984e485e23a10f08587ec5d990e9ab0de71460dfc334925f3fb9b55761c61e28"
+    "8398c387a0925b6e4dcaa1b36228d9feff7e789ba6e5ef6cf3d97e6ae05525db"
+    "38f826e829e9b8764c9e2c44530efe6943df4e048c3c5900ca2042c5235dc80d"
+    "443789e734bf8e59a55804030061ed48e7d139b521fbf35524b3000b3e2f6de0"
+    "001f5eeb99e9ec635f02030100013a0c7769646576696e652e636f6d12800332"
+    "2c2f3fedc47f8b7ba88a135a355466e378ed56a6fc29ce21f0cafc7fb253b073"
+    "c55bed253d8650735417aad02afaefbe8d5687902b56a164490d83d590947515"
+    "68860e7200994d322b5de07f82ef98204348a6c2c9619092340eb87df26f63bf"
+    "56c191dc069b80119eb3060d771afaaeb2d30b9da399ef8a41d16f45fd121e09"
+    "a0c5144da8f8eb46652c727225537ad65e2a6a55799909bbfb5f45b5775a1d1e"
+    "ac4e06116c57adfa9ce0672f19b70b876f88e8b9fbc4f96ccc500c676cfb173c"
+    "b6f52601573e2e45af1d9d2a17ef1487348c05cfc6d638ec2cae3fadb655e943"
+    "1330a75d2ceeaa54803e371425111e20248b334a3a50c8eca683c448b8ac402c"
+    "76e6f76e2751fbefb669f05703cec8c64cf7a62908d5fb870375eb0cc96c508e"
+    "26e0c050f3fd3ebe68cef9903ef6405b25fc6e31f93559fcff05657662b3653a"
+    "8598ed5751b38694419242a875d9e00d5a5832933024b934859ec8be78adccbb"
+    "1ec7127ae9afeef9c5cd2e15bd3048e8ce652f7d8c5d595a0323238c598a28");

 /*
 * Provisioning response is a base64-encoded protobuf, optionally within a
--- a/libwvdrmengine/cdm/core/src/crypto_session.cpp
+++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp
@@ -138,6 +138,7 @@ CryptoSession::CryptoSession(metrics::CryptoMetrics* metrics)
    : metrics_(metrics),
      system_id_(-1),
      open_(false),
+      pre_provision_token_type_(kClientTokenUninitialized),
      update_usage_table_after_close_session_(false),
      is_destination_buffer_type_valid_(false),
      requested_security_level_(kLevelDefault),
@@ -160,9 +161,11 @@ CryptoSession::~CryptoSession() {
  M_RECORD(metrics_, crypto_session_life_span_, life_span_.AsMs());
 }

-bool CryptoSession::GetProvisioningMethod(CdmClientTokenType* token_type) {
+CdmResponseType CryptoSession::GetProvisioningMethod(
+    SecurityLevel requested_security_level,
+    CdmClientTokenType* token_type) {
  OEMCrypto_ProvisioningMethod method =
-      OEMCrypto_GetProvisioningMethod(requested_security_level_);
+      OEMCrypto_GetProvisioningMethod(requested_security_level);
  metrics_->oemcrypto_provisioning_method_.Record(method);
  CdmClientTokenType type;
  switch (method) {
@@ -179,10 +182,10 @@ bool CryptoSession::GetProvisioningMethod(CdmClientTokenType* token_type) {
    default:
      LOGE("OEMCrypto_GetProvisioningMethod failed. %d", method);
      metrics_->oemcrypto_provisioning_method_.SetError(method);
-      return false;
+      return GET_PROVISIONING_METHOD_ERROR;
  }
  *token_type = type;
-  return true;
+  return NO_ERROR;
 }

 void CryptoSession::Init() {
@@ -198,9 +201,6 @@ void CryptoSession::Init() {
    }
    initialized_ = true;
  }
-  if (!GetProvisioningMethod(&pre_provision_token_type_)) {
-    initialized_ = false;
-  }
 }

 void CryptoSession::Terminate() {
@@ -594,11 +594,13 @@ bool CryptoSession::GetProvisioningId(std::string* provisioning_id) {
  uint8_t buf[KEYBOX_KEY_DATA_SIZE];
  size_t buf_size = sizeof(buf);

+  {
    LOGV("CryptoSession::GetProvisioningId: Lock");
    AutoLock auto_lock(crypto_lock_);
    if (!initialized_) {
      return false;
    }
+  }

  if (pre_provision_token_type_ == kClientTokenOemCert) {
    // OEM Cert devices have no provisioning-unique ID embedded in them, so we
@@ -614,6 +616,8 @@ bool CryptoSession::GetProvisioningId(std::string* provisioning_id) {
    return true;
  } else {
    OEMCryptoResult sts;
+    LOGV("CryptoSession::GetProvisioningId: Lock");
+    AutoLock auto_lock(crypto_lock_);
    M_TIME(
        sts = OEMCrypto_GetKeyData(buf, &buf_size, requested_security_level_),
        metrics_, oemcrypto_get_key_data_, sts, metrics::Pow2Bucket(buf_size));
@@ -633,6 +637,7 @@ uint8_t CryptoSession::GetSecurityPatchLevel() {
 }

 CdmResponseType CryptoSession::Open(SecurityLevel requested_security_level) {
+  {
    LOGD("CryptoSession::Open: Lock: requested_security_level: %s",
         requested_security_level == kLevel3
             ? QUERY_VALUE_SECURITY_LEVEL_L3.c_str()
@@ -640,7 +645,15 @@ CdmResponseType CryptoSession::Open(SecurityLevel requested_security_level) {
    AutoLock auto_lock(crypto_lock_);
    if (!initialized_) return UNKNOWN_ERROR;
    if (open_) return NO_ERROR;
+  }

+  CdmResponseType result =
+      GetProvisioningMethod(requested_security_level,
+                            &pre_provision_token_type_);
+  if (result != NO_ERROR) return result;
+
+  LOGV("CryptoSession::Open: Lock");
+  AutoLock auto_lock(crypto_lock_);
  OEMCrypto_SESSION sid;
  requested_security_level_ = requested_security_level;
  OEMCryptoResult sts = OEMCrypto_OpenSession(&sid, requested_security_level);
@@ -679,7 +692,7 @@ CdmResponseType CryptoSession::Open(SecurityLevel requested_security_level) {
  }

  CdmUsageSupportType usage_support_type;
-  CdmResponseType result = GetUsageSupportType(&usage_support_type);
+  result = GetUsageSupportType(&usage_support_type);
  if (result == NO_ERROR) {
    metrics_->oemcrypto_usage_table_support_.Record(usage_support_type);
    if (usage_support_type == kUsageEntrySupport) {
--- a/libwvdrmengine/cdm/core/test/config_test_env.cpp
+++ b/libwvdrmengine/cdm/core/test/config_test_env.cpp
@@ -24,59 +24,61 @@ const std::string kCpProductionProvisioningServerUrl =
    "https://www.googleapis.com/"
    "certificateprovisioning/v1/devicecertificates/create"
    "?key=AIzaSyB-5OLKTx2iU5mko18DfdwK5611JIjbUhE";
-// TODO(b/69133499): update to new default cert.
-// NOTE: Provider ID = license.widevine.com
+// NOTE: Provider ID = widevine.com
 const std::string kCpProductionProvisioningServiceCertificate =
-    "0ac102080312101705b917cc1204868b06333a2f772a8c1882b4829205228e023082010a02"
-    "8201010099ed5b3b327dab5e24efc3b62a95b598520ad5bccb37503e0645b814d876b8df40"
-    "510441ad8ce3adb11bb88c4e725a5e4a9e0795291d58584023a7e1af0e38a9127939300861"
-    "0b6f158c878c7e21bffbfeea77e1019e1e5781e8a45f46263d14e60e8058a8607adce04fac"
-    "8457b137a8d67ccdeb33705d983a21fb4eecbd4a10ca47490ca47eaa5d438218ddbaf1cade"
-    "3392f13d6ffb6442fd31e1bf40b0c604d1c4ba4c9520a4bf97eebd60929afceef55bbaf564"
-    "e2d0e76cd7c55c73a082b996120b8359edce24707082680d6f67c6d82c4ac5f3134490a74e"
-    "ec37af4b2f010c59e82843e2582f0b6b9f5db0fc5e6edf64fbd308b4711bcf1250019c9f5a"
-    "0902030100013a146c6963656e73652e7769646576696e652e636f6d128003ae347314b5a8"
-    "35297f271388fb7bb8cb5277d249823cddd1da30b93339511eb3ccbdea04b944b927c12134"
-    "6efdbdeac9d413917e6ec176a10438460a503bc1952b9ba4e4ce0fc4bfc20a9808aaaf4bfc"
-    "d19c1dcfcdf574ccac28d1b410416cf9de8804301cbdb334cafcd0d40978423a642e54613d"
-    "f0afcf96ca4a9249d855e42b3a703ef1767f6a9bd36d6bf82be76bbf0cba4fde59d2abcc76"
-    "feb64247b85c431fbca52266b619fc36979543fca9cbbdbbfafa0e1a55e755a3c7bce655f9"
-    "646f582ab9cf70aa08b979f867f63a0b2b7fdb362c5bc4ecd555d85bcaa9c593c383c857d4"
-    "9daab77e40b7851ddfd24998808e35b258e75d78eac0ca16f7047304c20d93ede4e8ff1c6f"
-    "17e6243e3f3da8fc1709870ec45fba823a263f0cefa1f7093b1909928326333705043a29bd"
-    "a6f9b4342cc8df543cb1a1182f7c5fff33f10490faca5b25360b76015e9c5a06ab8ee02f00"
-    "d2e8d5986104aacc4dd475fd96ee9ce4e326f21b83c7058577b38732cddabc6a6bed13fb0d"
-    "49d38a45eb87a5f4";
+    "0ab9020803121051434fe2a44c763bcc2c826a2d6ef9a718f7d793d005228e02"
+    "3082010a02820101009e27088659dbd9126bc6ed594caf652b0eaab82abb9862"
+    "ada1ee6d2cb5247e94b28973fef5a3e11b57d0b0872c930f351b5694354a8c77"
+    "ed4ee69834d2630372b5331c5710f38bdbb1ec3024cfadb2a8ac94d977d391b7"
+    "d87c20c5c046e9801a9bffaf49a36a9ee6c5163eff5cdb63bfc750cf4a218618"
+    "984e485e23a10f08587ec5d990e9ab0de71460dfc334925f3fb9b55761c61e28"
+    "8398c387a0925b6e4dcaa1b36228d9feff7e789ba6e5ef6cf3d97e6ae05525db"
+    "38f826e829e9b8764c9e2c44530efe6943df4e048c3c5900ca2042c5235dc80d"
+    "443789e734bf8e59a55804030061ed48e7d139b521fbf35524b3000b3e2f6de0"
+    "001f5eeb99e9ec635f02030100013a0c7769646576696e652e636f6d12800332"
+    "2c2f3fedc47f8b7ba88a135a355466e378ed56a6fc29ce21f0cafc7fb253b073"
+    "c55bed253d8650735417aad02afaefbe8d5687902b56a164490d83d590947515"
+    "68860e7200994d322b5de07f82ef98204348a6c2c9619092340eb87df26f63bf"
+    "56c191dc069b80119eb3060d771afaaeb2d30b9da399ef8a41d16f45fd121e09"
+    "a0c5144da8f8eb46652c727225537ad65e2a6a55799909bbfb5f45b5775a1d1e"
+    "ac4e06116c57adfa9ce0672f19b70b876f88e8b9fbc4f96ccc500c676cfb173c"
+    "b6f52601573e2e45af1d9d2a17ef1487348c05cfc6d638ec2cae3fadb655e943"
+    "1330a75d2ceeaa54803e371425111e20248b334a3a50c8eca683c448b8ac402c"
+    "76e6f76e2751fbefb669f05703cec8c64cf7a62908d5fb870375eb0cc96c508e"
+    "26e0c050f3fd3ebe68cef9903ef6405b25fc6e31f93559fcff05657662b3653a"
+    "8598ed5751b38694419242a875d9e00d5a5832933024b934859ec8be78adccbb"
+    "1ec7127ae9afeef9c5cd2e15bd3048e8ce652f7d8c5d595a0323238c598a28";

 // Staging Provisioning Server
 const std::string kCpStagingProvisioningServerUrl =
      "https://staging-www.sandbox.googleapis.com/"
      "certificateprovisioning/v1/devicecertificates/create"
      "?key=AIzaSyB-5OLKTx2iU5mko18DfdwK5611JIjbUhE";
-// TODO(b/69133499): update to new default cert.
-// NOTE: This is currently the same as the Production Service Cert.
-// NOTE: Provider ID = license.widevine.com
+// NOTE: This is currently the same as the Production Provisioning Service Cert.
+// NOTE: Provider ID = widevine.com
 const std::string kCpStagingProvisioningServiceCertificate =
-    "0ac102080312101705b917cc1204868b06333a2f772a8c1882b4829205228e023082010a02"
-    "8201010099ed5b3b327dab5e24efc3b62a95b598520ad5bccb37503e0645b814d876b8df40"
-    "510441ad8ce3adb11bb88c4e725a5e4a9e0795291d58584023a7e1af0e38a9127939300861"
-    "0b6f158c878c7e21bffbfeea77e1019e1e5781e8a45f46263d14e60e8058a8607adce04fac"
-    "8457b137a8d67ccdeb33705d983a21fb4eecbd4a10ca47490ca47eaa5d438218ddbaf1cade"
-    "3392f13d6ffb6442fd31e1bf40b0c604d1c4ba4c9520a4bf97eebd60929afceef55bbaf564"
-    "e2d0e76cd7c55c73a082b996120b8359edce24707082680d6f67c6d82c4ac5f3134490a74e"
-    "ec37af4b2f010c59e82843e2582f0b6b9f5db0fc5e6edf64fbd308b4711bcf1250019c9f5a"
-    "0902030100013a146c6963656e73652e7769646576696e652e636f6d128003ae347314b5a8"
-    "35297f271388fb7bb8cb5277d249823cddd1da30b93339511eb3ccbdea04b944b927c12134"
-    "6efdbdeac9d413917e6ec176a10438460a503bc1952b9ba4e4ce0fc4bfc20a9808aaaf4bfc"
-    "d19c1dcfcdf574ccac28d1b410416cf9de8804301cbdb334cafcd0d40978423a642e54613d"
-    "f0afcf96ca4a9249d855e42b3a703ef1767f6a9bd36d6bf82be76bbf0cba4fde59d2abcc76"
-    "feb64247b85c431fbca52266b619fc36979543fca9cbbdbbfafa0e1a55e755a3c7bce655f9"
-    "646f582ab9cf70aa08b979f867f63a0b2b7fdb362c5bc4ecd555d85bcaa9c593c383c857d4"
-    "9daab77e40b7851ddfd24998808e35b258e75d78eac0ca16f7047304c20d93ede4e8ff1c6f"
-    "17e6243e3f3da8fc1709870ec45fba823a263f0cefa1f7093b1909928326333705043a29bd"
-    "a6f9b4342cc8df543cb1a1182f7c5fff33f10490faca5b25360b76015e9c5a06ab8ee02f00"
-    "d2e8d5986104aacc4dd475fd96ee9ce4e326f21b83c7058577b38732cddabc6a6bed13fb0d"
-    "49d38a45eb87a5f4";
+    "0ab9020803121051434fe2a44c763bcc2c826a2d6ef9a718f7d793d005228e02"
+    "3082010a02820101009e27088659dbd9126bc6ed594caf652b0eaab82abb9862"
+    "ada1ee6d2cb5247e94b28973fef5a3e11b57d0b0872c930f351b5694354a8c77"
+    "ed4ee69834d2630372b5331c5710f38bdbb1ec3024cfadb2a8ac94d977d391b7"
+    "d87c20c5c046e9801a9bffaf49a36a9ee6c5163eff5cdb63bfc750cf4a218618"
+    "984e485e23a10f08587ec5d990e9ab0de71460dfc334925f3fb9b55761c61e28"
+    "8398c387a0925b6e4dcaa1b36228d9feff7e789ba6e5ef6cf3d97e6ae05525db"
+    "38f826e829e9b8764c9e2c44530efe6943df4e048c3c5900ca2042c5235dc80d"
+    "443789e734bf8e59a55804030061ed48e7d139b521fbf35524b3000b3e2f6de0"
+    "001f5eeb99e9ec635f02030100013a0c7769646576696e652e636f6d12800332"
+    "2c2f3fedc47f8b7ba88a135a355466e378ed56a6fc29ce21f0cafc7fb253b073"
+    "c55bed253d8650735417aad02afaefbe8d5687902b56a164490d83d590947515"
+    "68860e7200994d322b5de07f82ef98204348a6c2c9619092340eb87df26f63bf"
+    "56c191dc069b80119eb3060d771afaaeb2d30b9da399ef8a41d16f45fd121e09"
+    "a0c5144da8f8eb46652c727225537ad65e2a6a55799909bbfb5f45b5775a1d1e"
+    "ac4e06116c57adfa9ce0672f19b70b876f88e8b9fbc4f96ccc500c676cfb173c"
+    "b6f52601573e2e45af1d9d2a17ef1487348c05cfc6d638ec2cae3fadb655e943"
+    "1330a75d2ceeaa54803e371425111e20248b334a3a50c8eca683c448b8ac402c"
+    "76e6f76e2751fbefb669f05703cec8c64cf7a62908d5fb870375eb0cc96c508e"
+    "26e0c050f3fd3ebe68cef9903ef6405b25fc6e31f93559fcff05657662b3653a"
+    "8598ed5751b38694419242a875d9e00d5a5832933024b934859ec8be78adccbb"
+    "1ec7127ae9afeef9c5cd2e15bd3048e8ce652f7d8c5d595a0323238c598a28";

 // -----------------------------------------------------------------------------
 // Below are several choices for licenseing servers: production, UAT, staging
--- a/libwvdrmengine/cdm/core/test/test_printers.cpp
+++ b/libwvdrmengine/cdm/core/test/test_printers.cpp
@@ -581,6 +581,8 @@ void PrintTo(const enum CdmResponseType& value, ::std::ostream* os) {
      break;
    case REMOVE_USAGE_INFO_ERROR_3: *os << "REMOVE_USAGE_INFO_ERROR_3";
      break;
+    case GET_PROVISIONING_METHOD_ERROR: *os << "GET_PROVISIONING_METHOD_ERROR";
+      break;
    default:
      *os                                        << "Unknown CdmResponseType";
      break;
--- a/libwvdrmengine/cdm/test/request_license_test.cpp
+++ b/libwvdrmengine/cdm/test/request_license_test.cpp
@@ -1620,8 +1620,39 @@ class WvCdmRequestLicenseTest : public WvCdmTestBase {
 };

 TEST_F(WvCdmRequestLicenseTest, ProvisioningTest) {
-  decryptor_.OpenSession(g_key_system, NULL, kDefaultCdmIdentifier, NULL,
-                         &session_id_);
+  Unprovision();
+  EXPECT_EQ(NEED_PROVISIONING,
+              decryptor_.OpenSession(g_key_system, NULL,
+                                     kDefaultCdmIdentifier, NULL,
+                                     &session_id_));
+  std::string provisioning_server;
+  CdmCertificateType cert_type = kCertificateWidevine;
+  std::string cert_authority, cert, wrapped_key;
+
+  EXPECT_EQ(wvcdm::NO_ERROR, decryptor_.GetProvisioningRequest(
+                                 cert_type, cert_authority,
+                                 kDefaultCdmIdentifier, &key_msg_,
+                                 &provisioning_server));
+  EXPECT_EQ(provisioning_server, g_config->provisioning_server());
+
+  std::string response =
+      GetCertRequestResponse(g_config->provisioning_server());
+  EXPECT_NE(0, static_cast<int>(response.size()));
+  EXPECT_EQ(wvcdm::NO_ERROR, decryptor_.HandleProvisioningResponse(
+                                 kDefaultCdmIdentifier, response, &cert,
+                                 &wrapped_key));
+  EXPECT_EQ(0, static_cast<int>(cert.size()));
+  EXPECT_EQ(0, static_cast<int>(wrapped_key.size()));
+  decryptor_.CloseSession(session_id_);
+}
+
+TEST_F(WvCdmRequestLicenseTest, L3ProvisioningTest) {
+  TestWvCdmClientPropertySet property_set_L3;
+  property_set_L3.set_security_level(QUERY_VALUE_SECURITY_LEVEL_L3);
+  EXPECT_EQ(NEED_PROVISIONING,
+              decryptor_.OpenSession(g_key_system, &property_set_L3,
+                                     kDefaultCdmIdentifier, NULL,
+                                     &session_id_));
  std::string provisioning_server;
  CdmCertificateType cert_type = kCertificateWidevine;
  std::string cert_authority, cert, wrapped_key;
@@ -3764,7 +3795,8 @@ TEST_F(WvCdmRequestLicenseTest, QueryStatus) {
  EXPECT_EQ(wvcdm::NO_ERROR,
            decryptor_.QueryStatus(kLevelDefault,
                                   wvcdm::QUERY_KEY_PROVISIONING_ID, &value));
-  EXPECT_EQ(16u, value.size());
+  EXPECT_TRUE(16u == value.size() || 32u == value.size())
+      << "provisioning id size: " << value.size();

  EXPECT_EQ(wvcdm::NO_ERROR,
            decryptor_.QueryStatus(
@@ -3866,7 +3898,8 @@ TEST_F(WvCdmRequestLicenseTest, QueryStatusL3) {
  EXPECT_EQ(wvcdm::NO_ERROR,
            decryptor_.QueryStatus(kLevel3, wvcdm::QUERY_KEY_PROVISIONING_ID,
                                   &value));
-  EXPECT_EQ(16u, value.size());
+  EXPECT_TRUE(16u == value.size() || 32u == value.size())
+      << "provisioning id size: " << value.size();

  EXPECT_EQ(wvcdm::NO_ERROR,
            decryptor_.QueryStatus(kLevel3, wvcdm::QUERY_KEY_CURRENT_HDCP_LEVEL,
--- a/libwvdrmengine/include/WVErrors.h
+++ b/libwvdrmengine/include/WVErrors.h
@@ -263,10 +263,11 @@ enum {
  kRemoveUsageInfoError1 = ERROR_DRM_VENDOR_MIN + 274,
  kRemoveUsageInfoError2 = ERROR_DRM_VENDOR_MIN + 275,
  kRemoveUsageInfoError3 = ERROR_DRM_VENDOR_MIN + 276,
+  kGetProvisioningError = ERROR_DRM_VENDOR_MIN + 277,

  // This should always follow the last error code.
  // The offset value should be updated each time a new error code is added.
-  kErrorWVDrmMaxErrorUsed = ERROR_DRM_VENDOR_MIN + 276,
+  kErrorWVDrmMaxErrorUsed = ERROR_DRM_VENDOR_MIN + 277,

  // Used by crypto test mode
  kErrorTestMode = ERROR_DRM_VENDOR_MAX,
--- a/libwvdrmengine/include/mapErrors-inl.h
+++ b/libwvdrmengine/include/mapErrors-inl.h
@@ -507,6 +507,8 @@ static android::status_t mapCdmResponseType(wvcdm::CdmResponseType res) {
      return kRemoveUsageInfoError2;
    case wvcdm::REMOVE_USAGE_INFO_ERROR_3:
      return kRemoveUsageInfoError3;
+    case wvcdm::GET_PROVISIONING_METHOD_ERROR:
+      return kGetProvisioningError;
  }

  // Return here instead of as a default case so that the compiler will warn
--- a/libwvdrmengine/include_hidl/mapErrors-inl.h
+++ b/libwvdrmengine/include_hidl/mapErrors-inl.h
@@ -290,6 +290,7 @@ static Status mapCdmResponseType(wvcdm::CdmResponseType res) {
    case wvcdm::REMOVE_USAGE_INFO_ERROR_1:
    case wvcdm::REMOVE_USAGE_INFO_ERROR_2:
    case wvcdm::REMOVE_USAGE_INFO_ERROR_3:
+    case wvcdm::GET_PROVISIONING_METHOD_ERROR:
      ALOGW("Returns UNKNOWN error for legacy status: %d", res);
      return Status::ERROR_DRM_UNKNOWN;