From db0911df546aa55d393f50af8ff644f63984f0cd Mon Sep 17 00:00:00 2001 From: "John W. Bruce" Date: Wed, 28 Mar 2018 03:31:34 -0700 Subject: [PATCH] Load Certificate to Confirm Provisioning (This is a merge of http://go/wvgerrit/46203) Previously, IsProvisioned() only confirmed the existence of a certificate file, not whether the contents of that file were actually valid. This patch changes its behavior so that it actually validates the loadability of the file before returning. This is sufficient to resolve Netflix's use case in b/65835227, but it is only part of the solution for Android's use case in b/72353451. A second patch will be required to cover cases where the certificate can be loaded but cannot be used with the current OEMCrypto or with the server. Bug: 65835227 Bug: 72353451 Test: Android and CE CDM unit tests Change-Id: Id3987a6f3c4097d7d356dfa631b023287354439a --- libwvdrmengine/cdm/core/src/cdm_engine.cpp | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/libwvdrmengine/cdm/core/src/cdm_engine.cpp b/libwvdrmengine/cdm/core/src/cdm_engine.cpp index 8027f0bb..49ba61b0 100644 --- a/libwvdrmengine/cdm/core/src/cdm_engine.cpp +++ b/libwvdrmengine/cdm/core/src/cdm_engine.cpp @@ -854,12 +854,20 @@ CdmResponseType CdmEngine::HandleProvisioningResponse( } bool CdmEngine::IsProvisioned(CdmSecurityLevel security_level) { - DeviceFiles handle(file_system_); - if (!handle.Init(security_level)) { - LOGE("CdmEngine::IsProvisioned: unable to initialize device files"); - return false; + // To validate whether the given security level is provisioned, we attempt to + // initialize a CdmSession. This verifies the existence of a certificate and + // attempts to load it. If this fails, initialization will return an error. + UsagePropertySet property_set; + property_set.set_security_level( + security_level == kSecurityLevelL3 ? kLevel3 : kLevelDefault); + + CdmSession session(file_system_, metrics_.AddSession()); + + CdmResponseType status = session.Init(&property_set); + if (NO_ERROR != status) { + LOGE("CdmEngine::IsProvisioned: CdmSession::Init returned %lu", status); } - return handle.HasCertificate(); + return status == NO_ERROR; } CdmResponseType CdmEngine::Unprovision(CdmSecurityLevel security_level) {