Load Certificate to Confirm Provisioning

(This is a merge of http://go/wvgerrit/46203)

Previously, IsProvisioned() only confirmed the existence of a
certificate file, not whether the contents of that file were actually
valid. This patch changes its behavior so that it actually validates the
loadability of the file before returning.

This is sufficient to resolve Netflix's use case in b/65835227, but it
is only part of the solution for Android's use case in b/72353451. A
second patch will be required to cover cases where the certificate can
be loaded but cannot be used with the current OEMCrypto or with the
server.

Bug: 65835227
Bug: 72353451
Test: Android and CE CDM unit tests
Change-Id: Id3987a6f3c4097d7d356dfa631b023287354439a

libwvdrmengine/cdm/core/src/cdm_engine.cpp

@@ -854,12 +854,20 @@ CdmResponseType CdmEngine::HandleProvisioningResponse(
 }
 
 bool CdmEngine::IsProvisioned(CdmSecurityLevel security_level) {
-  DeviceFiles handle(file_system_);
-  if (!handle.Init(security_level)) {
-    LOGE("CdmEngine::IsProvisioned: unable to initialize device files");
-    return false;
+  // To validate whether the given security level is provisioned, we attempt to
+  // initialize a CdmSession. This verifies the existence of a certificate and
+  // attempts to load it. If this fails, initialization will return an error.
+  UsagePropertySet property_set;
+  property_set.set_security_level(
+    security_level == kSecurityLevelL3 ? kLevel3 : kLevelDefault);
+
+  CdmSession session(file_system_, metrics_.AddSession());
+
+  CdmResponseType status = session.Init(&property_set);
+  if (NO_ERROR != status) {
+    LOGE("CdmEngine::IsProvisioned: CdmSession::Init returned %lu", status);
   }
-  return handle.HasCertificate();
+  return status == NO_ERROR;
 }
 
 CdmResponseType CdmEngine::Unprovision(CdmSecurityLevel security_level) {