Accept a security level to be specified during provisioning
[ Merge of http://go/wvgerrit/97267 ] In earlier releases, provisioning would occur based on a cached security level. If an open session call returned a NotProvisionedException the security level would be cached for use with any future provisioning call. An app would have to set the security level, then call openSession, have it fail and then request provisioning. This fits the normal flow of most apps. Still on occasion, an app might change requested security level after an openSession call failed. Using the cached security level would result in unexpected behavior. This change allows provisioning to occur at the last security level that was set. Bug: 129356527 Test: wv unit/integration tests, GTS tests (GtsMediaTestCases) Merged-In: I8d9234eec2b23a9c913e77a709943b431e25e43e Change-Id: I8d9234eec2b23a9c913e77a709943b431e25e43e
This commit is contained in:
Rahul Frias
@@ -73,7 +73,6 @@ CdmEngine::CdmEngine(FileSystem* file_system,
|
||||
std::shared_ptr<metrics::EngineMetrics> metrics)
|
||||
: metrics_(metrics),
|
||||
cert_provisioning_(),
|
||||
cert_provisioning_requested_security_level_(kLevelDefault),
|
||||
file_system_(file_system),
|
||||
spoid_(EMPTY_SPOID),
|
||||
usage_session_(),
|
||||
@@ -136,8 +135,6 @@ CdmResponseType CdmEngine::OpenSession(const CdmKeySystem& key_system,
|
||||
new_session->Init(property_set, forced_session_id, event_listener);
|
||||
if (sts != NO_ERROR) {
|
||||
if (sts == NEED_PROVISIONING) {
|
||||
cert_provisioning_requested_security_level_ =
|
||||
new_session->GetRequestedSecurityLevel();
|
||||
// Reserve a session ID so the CDM can return success.
|
||||
if (session_id) *session_id = new_session->GenerateSessionId();
|
||||
} else {
|
||||
@@ -294,10 +291,6 @@ CdmResponseType CdmEngine::GenerateKeyRequest(
|
||||
if (KEY_ADDED == sts) {
|
||||
return sts;
|
||||
} else if (KEY_MESSAGE != sts) {
|
||||
if (sts == NEED_PROVISIONING) {
|
||||
cert_provisioning_requested_security_level_ =
|
||||
session->GetRequestedSecurityLevel();
|
||||
}
|
||||
LOGE("Key request generation failed, status = %d", static_cast<int>(sts));
|
||||
return sts;
|
||||
}
|
||||
@@ -414,10 +407,6 @@ CdmResponseType CdmEngine::RestoreKey(const CdmSessionId& session_id,
|
||||
&error_detail);
|
||||
session->GetMetrics()->cdm_session_restore_offline_session_.Increment(
|
||||
sts, error_detail);
|
||||
if (sts == NEED_PROVISIONING) {
|
||||
cert_provisioning_requested_security_level_ =
|
||||
session->GetRequestedSecurityLevel();
|
||||
}
|
||||
if (sts != KEY_ADDED && sts != GET_RELEASED_LICENSE_ERROR) {
|
||||
LOGE("Restore offline session failed: status = %d", static_cast<int>(sts));
|
||||
}
|
||||
@@ -895,7 +884,8 @@ bool CdmEngine::IsSecurityLevelSupported(CdmSecurityLevel level) {
|
||||
*/
|
||||
CdmResponseType CdmEngine::GetProvisioningRequest(
|
||||
CdmCertificateType cert_type, const std::string& cert_authority,
|
||||
const std::string& service_certificate, CdmProvisioningRequest* request,
|
||||
const std::string& service_certificate,
|
||||
SecurityLevel requested_security_level, CdmProvisioningRequest* request,
|
||||
std::string* default_url) {
|
||||
LOGI("Getting provisioning request");
|
||||
if (!request) {
|
||||
@@ -915,7 +905,7 @@ CdmResponseType CdmEngine::GetProvisioningRequest(
|
||||
if (status != NO_ERROR) return status;
|
||||
}
|
||||
CdmResponseType ret = cert_provisioning_->GetProvisioningRequest(
|
||||
cert_provisioning_requested_security_level_, cert_type, cert_authority,
|
||||
requested_security_level, cert_type, cert_authority,
|
||||
file_system_->origin(), spoid_, request, default_url);
|
||||
if (ret != NO_ERROR) {
|
||||
cert_provisioning_.reset(); // Release resources.
|
||||
@@ -931,7 +921,8 @@ CdmResponseType CdmEngine::GetProvisioningRequest(
|
||||
* Returns NO_ERROR for success and CdmResponseType error code if fails.
|
||||
*/
|
||||
CdmResponseType CdmEngine::HandleProvisioningResponse(
|
||||
const CdmProvisioningResponse& response, std::string* cert,
|
||||
const CdmProvisioningResponse& response,
|
||||
SecurityLevel requested_security_level, std::string* cert,
|
||||
std::string* wrapped_key) {
|
||||
LOGI("Handling provision request");
|
||||
if (response.empty()) {
|
||||
@@ -955,10 +946,9 @@ CdmResponseType CdmEngine::HandleProvisioningResponse(
|
||||
std::unique_ptr<CryptoSession> crypto_session(
|
||||
CryptoSession::MakeCryptoSession(metrics_->GetCryptoMetrics()));
|
||||
CdmResponseType status;
|
||||
M_TIME(status = crypto_session->Open(
|
||||
cert_provisioning_requested_security_level_),
|
||||
M_TIME(status = crypto_session->Open(requested_security_level),
|
||||
metrics_->GetCryptoMetrics(), crypto_session_open_, status,
|
||||
cert_provisioning_requested_security_level_);
|
||||
requested_security_level);
|
||||
if (NO_ERROR != status) {
|
||||
LOGE("Provisioning object missing and crypto session open failed");
|
||||
return EMPTY_PROVISIONING_CERTIFICATE_2;
|
||||
|
||||
Reference in New Issue
Block a user