From 9a59086d0047a2a8d1feb6987a86d98c4688b097 Mon Sep 17 00:00:00 2001
From: Rahul Frias <rfrias@google.com>
Date: Thu, 10 Apr 2014 12:46:14 -0700
Subject: [PATCH] Handle key expiry error on decryption

OEMCrypto now returns OEMCrypto_ERROR_KEY_EXPIRED rather than
OEMCrypto_UNKNOWN_ERROR when the key has expired. This CL adds
a test to verify that CDM is handling this correctly.

[Merge of https://widevine-internal-review.googlesource.com/#/c/9730
from the Widevine cdm repo]

b/9205119

Change-Id: I6b13b43d71f7fa51531c309ffd3f93d3648f9b89
---
 .../cdm/test/request_license_test.cpp         | 54 ++++++++++++++++++-
 libwvdrmengine/run_all_unit_tests.sh          |  1 +
 2 files changed, 54 insertions(+), 1 deletion(-)

diff --git a/libwvdrmengine/cdm/test/request_license_test.cpp b/libwvdrmengine/cdm/test/request_license_test.cpp
index 6e901cc6..91e7687e 100644
--- a/libwvdrmengine/cdm/test/request_license_test.cpp
+++ b/libwvdrmengine/cdm/test/request_license_test.cpp
@@ -212,6 +212,33 @@ SubSampleInfo partial_offset_single_encrypted_sub_sample = {
         "73d6c9604517b1a622b66b8f4e8414e40b00351cc9859061bde810190c7b5df8"),
     wvcdm::a2b_hex("43ba341482212c70f79d81c0f4faef8a"), 5};
 
+SubSampleInfo single_encrypted_sub_sample_icp = {
+    // key 1, encrypted, 256b
+    true, 1, true, true, false,
+    wvcdm::a2bs_hex("9714593E1EEE57859D34ECFA821702BB"),
+    wvcdm::a2b_hex(
+        "3b2cbde084973539329bd5656da22d20396249bf4a18a51c38c4743360cc9fea"
+        "a1c78d53de1bd7e14dc5d256fd20a57178a98b83804258c239acd7aa38f2d7d2"
+        "eca614965b3d22049e19e236fc1800e60965d8b36415677bf2f843d50a6943c4"
+        "683c07c114a32f5e5fbc9939c483c3a1b2ecd3d82b554d649798866191724283"
+        "f0ab082eba2da79aaca5c4eaf186f9ee9a0c568f621f705a578f30e4e2ef7b96"
+        "5e14cc046ce6dbf272ee5558b098f332333e95fc879dea6c29bf34acdb649650"
+        "f08201b9e649960f2493fd7677cc3abf5ae70e5445845c947ba544456b431646"
+        "d95a133bff5f57614dda5e4446cd8837901d074149dadf4b775b5b07bb88ca20"),
+    wvcdm::a2b_hex(
+        "5a36c0b633b58faf22156d78fdfb608e54a8095788b2b0463ef78d030b4abf82"
+        "eff34b8d9b7b6352e7d72de991b599662aa475da355033620152e2356ebfadee"
+        "06172be9e1058fa177e223b9fdd191380cff53c3ea810c6fd852a1df4967b799"
+        "415179a2276ec388ef763bab89605b9c6952c28dc8d6bf86b03fabbb46b392a3"
+        "1dad15be602eeeeabb45070b3e25d6bb0217073b1fc44c9fe848594121fd6a91"
+        "304d605e21f69615e1b57db18312b6b948725724b74e91d8aea7371e99532469"
+        "1b358bdee873f1936b63efe83d190a53c2d21754d302d63ff285174023473755"
+        "58b938c2e3ca4c2ce48942da97f9e45797f2c074ac6004734e93784a48af6160"),
+    wvcdm::a2b_hex("4cca615fc013102892f91efee936639b"), 0};
+
+// License duration + fudge factor
+const uint32_t kSingleEncryptedSubSampleIcpLicenseDurationExpiration = 5 + 2;
+
 struct SessionSharingSubSampleInfo {
   SubSampleInfo* sub_sample;
   bool session_sharing_enabled;
@@ -487,7 +514,7 @@ TEST_F(WvCdmRequestLicenseTest, DISABLED_X509ProvisioningTest) {
   EXPECT_EQ(provisioning_server_url, g_config->provisioning_server_url());
 
   std::string response =
-      GetCertRequestResponse(g_config->provisioning_test_server_url(), 200);
+      GetCertRequestResponse(g_config->provisioning_test_server_url());
   EXPECT_NE(0, static_cast<int>(response.size()));
   EXPECT_EQ(wvcdm::NO_ERROR,
             decryptor_.HandleProvisioningResponse(response, &cert,
@@ -1189,6 +1216,31 @@ TEST_P(WvCdmSessionSharingTest, SessionSharingTest) {
   decryptor_.CloseSession(gp_session_id_2);
 }
 
+TEST_F(WvCdmRequestLicenseTest, DISABLED_DecryptionKeyExpiredTest) {
+  SubSampleInfo* data = &single_encrypted_sub_sample_icp;
+  decryptor_.OpenSession(g_key_system, NULL, &session_id_);
+  if (data->retrieve_key) {
+    GenerateKeyRequest(g_key_system, g_key_id, kLicenseTypeStreaming);
+    VerifyKeyRequestResponse(g_license_server, g_client_auth, g_key_id, false);
+  }
+
+    std::vector<uint8_t> decrypt_buffer(data->encrypt_data.size());
+    CdmDecryptionParameters decryption_parameters(
+        &data->key_id, &data->encrypt_data.front(),
+        data->encrypt_data.size(), &data->iv,
+        data->block_offset, &decrypt_buffer[0]);
+    decryption_parameters.is_encrypted = data->is_encrypted;
+    decryption_parameters.is_secure = data->is_secure;
+    EXPECT_EQ(NO_ERROR, decryptor_.Decrypt(session_id_,
+                                           data->validate_key_id,
+                                           decryption_parameters));
+    sleep(kSingleEncryptedSubSampleIcpLicenseDurationExpiration);
+    EXPECT_EQ(NEED_KEY, decryptor_.Decrypt(session_id_,
+                                           data->validate_key_id,
+                                           decryption_parameters));
+  decryptor_.CloseSession(session_id_);
+}
+
 INSTANTIATE_TEST_CASE_P(
     Cdm, WvCdmSessionSharingTest,
     ::testing::Range(&session_sharing_sub_samples[0],
diff --git a/libwvdrmengine/run_all_unit_tests.sh b/libwvdrmengine/run_all_unit_tests.sh
index c015883b..06cbd224 100755
--- a/libwvdrmengine/run_all_unit_tests.sh
+++ b/libwvdrmengine/run_all_unit_tests.sh
@@ -12,6 +12,7 @@ adb shell /system/bin/oemcrypto_test
 adb shell /system/bin/request_license_test
 adb shell /system/bin/request_license_test -icp --gtest_filter=WvCdmRequestLicenseTest.DISABLED_PrivacyModeTest --gtest_also_run_disabled_tests
 adb shell /system/bin/request_license_test -icp --gtest_filter=WvCdmRequestLicenseTest.DISABLED_PrivacyModeWithServiceCertificateTest --gtest_also_run_disabled_tests
+adb shell /system/bin/request_license_test -icp --gtest_filter=WvCdmRequestLicenseTest.DISABLED_DecryptionKeyExpiredTest --gtest_also_run_disabled_tests
 adb shell /system/bin/policy_engine_unittest
 adb shell /system/bin/libwvdrmmediacrypto_test
 adb shell /system/bin/libwvdrmdrmplugin_test