Merge "Include SPOID in provisioning 4 request" into tm-dev
This commit is contained in:
Cong Lin
@@ -82,12 +82,18 @@ class CertificateProvisioning {
|
||||
const std::string& origin, const std::string& spoid,
|
||||
CdmProvisioningRequest* request, std::string* default_url);
|
||||
CdmResponseType GetProvisioning40RequestInternal(
|
||||
wvutil::FileSystem* file_system, CdmProvisioningRequest* request,
|
||||
wvutil::FileSystem* file_system, const std::string& origin,
|
||||
const std::string& spoid, CdmProvisioningRequest* request,
|
||||
std::string* default_url);
|
||||
CdmResponseType FillEncryptedClientId(
|
||||
const std::string& client_token,
|
||||
video_widevine::ProvisioningRequest& provisioning_request,
|
||||
const ServiceCertificate& service_certificate);
|
||||
CdmResponseType FillEncryptedClientIdWithAdditionalParameter(
|
||||
const std::string& client_token,
|
||||
const CdmAppParameterMap& additional_parameter,
|
||||
video_widevine::ProvisioningRequest& provisioning_request,
|
||||
const ServiceCertificate& service_certificate);
|
||||
CdmResponseType HandleProvisioning40Response(
|
||||
wvutil::FileSystem* file_system, const std::string& response_message);
|
||||
|
||||
|
||||
@@ -57,6 +57,11 @@ const std::string kCpProductionServiceCertificate = wvutil::a2bs_hex(
|
||||
"8598ed5751b38694419242a875d9e00d5a5832933024b934859ec8be78adccbb"
|
||||
"1ec7127ae9afeef9c5cd2e15bd3048e8ce652f7d8c5d595a0323238c598a28");
|
||||
|
||||
// Used in provisioning 4 client identification name value pairs.
|
||||
const std::string kKeyAppParameterSpoid = "spoid";
|
||||
const std::string kKeyAppParameterProviderId = "provider_id";
|
||||
const std::string kKeyAppParameterStableId = "stable_id";
|
||||
|
||||
// Retrieves |stored_oem_cert| from |file_handle|, and load the OEM private key
|
||||
// to |crypto_session|. Returns true if all operations are successful.
|
||||
bool RetrieveOemCertificateAndLoadPrivateKey(CryptoSession& crypto_session,
|
||||
@@ -212,7 +217,8 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequestInternal(
|
||||
|
||||
if (crypto_session_->GetPreProvisionTokenType() ==
|
||||
kClientTokenBootCertChain) {
|
||||
return GetProvisioning40RequestInternal(file_system, request, default_url);
|
||||
return GetProvisioning40RequestInternal(file_system, origin, spoid, request,
|
||||
default_url);
|
||||
}
|
||||
|
||||
// Prepare device provisioning request.
|
||||
@@ -304,7 +310,8 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequestInternal(
|
||||
}
|
||||
|
||||
CdmResponseType CertificateProvisioning::GetProvisioning40RequestInternal(
|
||||
wvutil::FileSystem* file_system, CdmProvisioningRequest* request,
|
||||
wvutil::FileSystem* file_system, const std::string& origin,
|
||||
const std::string& spoid, CdmProvisioningRequest* request,
|
||||
std::string* default_url) {
|
||||
if (!crypto_session_->IsOpen()) {
|
||||
LOGE("Crypto session is not open");
|
||||
@@ -340,7 +347,27 @@ CdmResponseType CertificateProvisioning::GetProvisioning40RequestInternal(
|
||||
}
|
||||
}
|
||||
|
||||
CdmResponseType status = NO_ERROR;
|
||||
// Retrieve the Spoid, but put it to the client identification instead, so it
|
||||
// is encrypted.
|
||||
CdmAppParameterMap additional_parameter;
|
||||
CdmResponseType status =
|
||||
SetSpoidParameter(origin, spoid, &provisioning_request);
|
||||
if (status != NO_ERROR) return status;
|
||||
if (provisioning_request.has_spoid()) {
|
||||
additional_parameter[kKeyAppParameterSpoid] = provisioning_request.spoid();
|
||||
provisioning_request.clear_spoid();
|
||||
}
|
||||
if (provisioning_request.has_provider_id()) {
|
||||
additional_parameter[kKeyAppParameterProviderId] =
|
||||
provisioning_request.provider_id();
|
||||
provisioning_request.clear_provider_id();
|
||||
}
|
||||
if (provisioning_request.has_stable_id()) {
|
||||
additional_parameter[kKeyAppParameterStableId] =
|
||||
provisioning_request.stable_id();
|
||||
provisioning_request.clear_stable_id();
|
||||
}
|
||||
|
||||
if (stored_oem_cert.empty()) {
|
||||
// This is the first stage provisioning.
|
||||
default_url->assign(kProvisioningServerUrl +
|
||||
@@ -354,16 +381,18 @@ CdmResponseType CertificateProvisioning::GetProvisioning40RequestInternal(
|
||||
|
||||
// Since |stored_oem_cert| is empty, the client identification token will be
|
||||
// retrieved from OEMCrypto, which is the BCC in this case.
|
||||
status = FillEncryptedClientId(stored_oem_cert, provisioning_request,
|
||||
wv_service_cert);
|
||||
status = FillEncryptedClientIdWithAdditionalParameter(
|
||||
stored_oem_cert, additional_parameter, provisioning_request,
|
||||
wv_service_cert);
|
||||
if (status != NO_ERROR) return status;
|
||||
} else {
|
||||
// This is the second stage provisioning.
|
||||
default_url->assign(kProvisioningServerUrl);
|
||||
// Since |stored_oem_cert| is non-empty, it will be used as the client
|
||||
// identification token.
|
||||
status = FillEncryptedClientId(stored_oem_cert, provisioning_request,
|
||||
*service_certificate_);
|
||||
status = FillEncryptedClientIdWithAdditionalParameter(
|
||||
stored_oem_cert, additional_parameter, provisioning_request,
|
||||
*service_certificate_);
|
||||
if (status != NO_ERROR) return status;
|
||||
}
|
||||
|
||||
@@ -408,6 +437,17 @@ CdmResponseType CertificateProvisioning::GetProvisioning40RequestInternal(
|
||||
CdmResponseType CertificateProvisioning::FillEncryptedClientId(
|
||||
const std::string& client_token, ProvisioningRequest& provisioning_request,
|
||||
const ServiceCertificate& service_certificate) {
|
||||
CdmAppParameterMap app_parameter;
|
||||
return FillEncryptedClientIdWithAdditionalParameter(
|
||||
client_token, app_parameter, provisioning_request, service_certificate);
|
||||
}
|
||||
|
||||
CdmResponseType
|
||||
CertificateProvisioning::FillEncryptedClientIdWithAdditionalParameter(
|
||||
const std::string& client_token,
|
||||
const CdmAppParameterMap& additional_parameter,
|
||||
ProvisioningRequest& provisioning_request,
|
||||
const ServiceCertificate& service_certificate) {
|
||||
if (!crypto_session_->IsOpen()) {
|
||||
return UNKNOWN_ERROR;
|
||||
}
|
||||
@@ -418,8 +458,7 @@ CdmResponseType CertificateProvisioning::FillEncryptedClientId(
|
||||
if (status != NO_ERROR) return status;
|
||||
|
||||
video_widevine::ClientIdentification client_id;
|
||||
CdmAppParameterMap app_parameter;
|
||||
status = id.Prepare(app_parameter, kEmptyString, &client_id);
|
||||
status = id.Prepare(additional_parameter, kEmptyString, &client_id);
|
||||
if (status != NO_ERROR) return status;
|
||||
|
||||
if (!service_certificate.has_certificate()) {
|
||||
|
||||
Reference in New Issue
Block a user