widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accept a security level to be specified during provisioning

Browse Source 
[ Merge of http://go/wvgerrit/97267 ]

In earlier releases, provisioning would occur based on a cached
security level. If an open session call returned a NotProvisionedException
the security level would be cached for use with any future provisioning
call.

An app would have to set the security level, then call openSession,
have it fail and then request provisioning. This fits the normal flow of
most apps. Still on occasion, an app might change requested security level
after an openSession call failed. Using the cached security level
would result in unexpected behavior.

This change allows provisioning to occur at the last security level that
was set.

Bug: 129356527
Test: wv unit/integration tests, GTS tests (GtsMediaTestCases)
Merged-In: I8d9234eec2b23a9c913e77a709943b431e25e43e
Change-Id: I8d9234eec2b23a9c913e77a709943b431e25e43e
This commit is contained in:
Rahul Frias
2020-04-14 14:00:10 -07:00
parent 6bd68c9660
commit e27bc4ba6a
16 changed files with 284 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libwvdrmengine/cdm/test/cdm_extended_duration_test.cpp
View File

@@ -451,7 +451,8 @@ class WvCdmExtendedDurationTest : public WvCdmTestBase {
status = decryptor_->GetProvisioningRequest(
cert_type, cert_authority, kDefaultCdmIdentifier,
kEmptyServiceCertificate, &key_msg_, &provisioning_server_url);
kEmptyServiceCertificate, kLevelDefault, &key_msg_,
&provisioning_server_url);
EXPECT_EQ(NO_ERROR, status);
if (NO_ERROR != status) return;
EXPECT_EQ(provisioning_server_url, kDefaultProvisioningServerUrl);
@@ -461,7 +462,8 @@ class WvCdmExtendedDurationTest : public WvCdmTestBase {
EXPECT_NE(0, static_cast<int>(response.size()));
EXPECT_EQ(NO_ERROR,
decryptor_->HandleProvisioningResponse(kDefaultCdmIdentifier, response,
&cert, &wrapped_key));
kLevelDefault, &cert,
&wrapped_key));
EXPECT_EQ(0, static_cast<int>(cert.size()));
EXPECT_EQ(0, static_cast<int>(wrapped_key.size()));
decryptor_->CloseSession(session_id_);

18
libwvdrmengine/cdm/test/cdm_feature_test.cpp
View File

@@ -410,7 +410,8 @@ TEST_F(WvCdmFeatureTest, OEMCertificateProvisioning) {
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_.GetProvisioningRequest(
cert_type, cert_authority, kDefaultCdmIdentifier,
kEmptyServiceCertificate, &key_msg_, &provisioning_server_url));
kEmptyServiceCertificate, kLevelDefault, &key_msg_,
&provisioning_server_url));
EXPECT_EQ(provisioning_server_url, kDefaultProvisioningServerUrl);
ClientIdentification_TokenType token_type;
@@ -425,9 +426,9 @@ TEST_F(WvCdmFeatureTest, OEMCertificateProvisioning) {
std::string response = GetCertRequestResponse(provisioning_server_url);
// GetCertRequestResponse(config_.provisioning_server_url());
EXPECT_NE(0, static_cast<int>(response.size()));
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_.HandleProvisioningResponse(
kDefaultCdmIdentifier, response, &cert, &wrapped_key));
EXPECT_EQ(wvcdm::NO_ERROR, decryptor_.HandleProvisioningResponse(
kDefaultCdmIdentifier, response, kLevelDefault,
&cert, &wrapped_key));
EXPECT_EQ(0, static_cast<int>(cert.size()));
EXPECT_EQ(0, static_cast<int>(wrapped_key.size()));
decryptor_.CloseSession(session_id_);
@@ -445,7 +446,8 @@ TEST_F(WvCdmFeatureTest, KeyboxProvisioning) {
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_.GetProvisioningRequest(
cert_type, cert_authority, kDefaultCdmIdentifier,
kEmptyServiceCertificate, &key_msg_, &provisioning_server_url));
kEmptyServiceCertificate, kLevelDefault, &key_msg_,
&provisioning_server_url));
EXPECT_EQ(provisioning_server_url, kDefaultProvisioningServerUrl);
ClientIdentification_TokenType token_type;
@@ -460,9 +462,9 @@ TEST_F(WvCdmFeatureTest, KeyboxProvisioning) {
std::string response = GetCertRequestResponse(provisioning_server_url);
EXPECT_NE(0, static_cast<int>(response.size()));
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_.HandleProvisioningResponse(
kDefaultCdmIdentifier, response, &cert, &wrapped_key));
EXPECT_EQ(wvcdm::NO_ERROR, decryptor_.HandleProvisioningResponse(
kDefaultCdmIdentifier, response, kLevelDefault,
&cert, &wrapped_key));
EXPECT_EQ(0, static_cast<int>(cert.size()));
EXPECT_EQ(0, static_cast<int>(wrapped_key.size()));
decryptor_.CloseSession(session_id_);

139
libwvdrmengine/cdm/test/request_license_test.cpp
View File

@@ -2004,12 +2004,13 @@ class WvCdmRequestLicenseTest : public WvCdmTestBase {
void Provision() { Provision(kDefaultCdmIdentifier, kLevelDefault); }
void Provision(const CdmIdentifier& identifier, SecurityLevel level,
void Provision(const CdmIdentifier& identifier,
SecurityLevel requested_security_level,
CdmProvisioningResponse* provisioning_response = nullptr) {
TestWvCdmClientPropertySet property_set_L3;
TestWvCdmClientPropertySet* property_set = nullptr;
if (kLevel3 == level) {
if (kLevel3 == requested_security_level) {
property_set_L3.set_security_level(QUERY_VALUE_SECURITY_LEVEL_L3);
property_set = &property_set_L3;
}
@@ -2033,7 +2034,7 @@ class WvCdmRequestLicenseTest : public WvCdmTestBase {
status = decryptor_->GetProvisioningRequest(
cert_type, cert_authority, identifier, kEmptyServiceCertificate,
&key_msg_, &provisioning_server);
requested_security_level, &key_msg_, &provisioning_server);
EXPECT_EQ(wvcdm::NO_ERROR, status);
if (NO_ERROR != status) return;
EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl);
@@ -2042,8 +2043,10 @@ class WvCdmRequestLicenseTest : public WvCdmTestBase {
GetCertRequestResponse(config_.provisioning_server());
if (provisioning_response != nullptr) *provisioning_response = response;
EXPECT_NE(0, static_cast<int>(response.size()));
EXPECT_EQ(wvcdm::NO_ERROR, decryptor_->HandleProvisioningResponse(
identifier, response, &cert, &wrapped_key));
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_->HandleProvisioningResponse(identifier, response,
requested_security_level,
&cert, &wrapped_key));
EXPECT_EQ(0, static_cast<int>(cert.size()));
EXPECT_EQ(0, static_cast<int>(wrapped_key.size()));
decryptor_->CloseSession(session_id_);
@@ -2151,14 +2154,15 @@ TEST_F(WvCdmRequestLicenseTest, ProvisioningTest) {
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_->GetProvisioningRequest(
cert_type, cert_authority, kDefaultCdmIdentifier,
kEmptyServiceCertificate, &key_msg_, &provisioning_server));
kEmptyServiceCertificate, kLevelDefault, &key_msg_,
&provisioning_server));
EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl);
std::string response = GetCertRequestResponse(config_.provisioning_server());
EXPECT_NE(0, static_cast<int>(response.size()));
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_->HandleProvisioningResponse(
kDefaultCdmIdentifier, response, &cert, &wrapped_key));
EXPECT_EQ(wvcdm::NO_ERROR, decryptor_->HandleProvisioningResponse(
kDefaultCdmIdentifier, response, kLevelDefault,
&cert, &wrapped_key));
EXPECT_EQ(0, static_cast<int>(cert.size()));
EXPECT_EQ(0, static_cast<int>(wrapped_key.size()));
decryptor_->CloseSession(session_id_);
@@ -2177,15 +2181,15 @@ TEST_F(WvCdmRequestLicenseTest, ProvisioningTestWithServiceCertificate) {
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_->GetProvisioningRequest(
cert_type, cert_authority, kDefaultCdmIdentifier,
config_.provisioning_service_certificate(), &key_msg_,
&provisioning_server));
config_.provisioning_service_certificate(), kLevelDefault,
&key_msg_, &provisioning_server));
EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl);
std::string response = GetCertRequestResponse(config_.provisioning_server());
EXPECT_NE(0, static_cast<int>(response.size()));
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_->HandleProvisioningResponse(
kDefaultCdmIdentifier, response, &cert, &wrapped_key));
EXPECT_EQ(wvcdm::NO_ERROR, decryptor_->HandleProvisioningResponse(
kDefaultCdmIdentifier, response, kLevelDefault,
&cert, &wrapped_key));
EXPECT_EQ(0, static_cast<int>(cert.size()));
EXPECT_EQ(0, static_cast<int>(wrapped_key.size()));
decryptor_->CloseSession(session_id_);
@@ -2194,26 +2198,22 @@ TEST_F(WvCdmRequestLicenseTest, ProvisioningTestWithServiceCertificate) {
TEST_F(WvCdmRequestLicenseTest, L3ProvisioningTest) {
TestWvCdmClientPropertySet property_set_L3;
property_set_L3.set_security_level(QUERY_VALUE_SECURITY_LEVEL_L3);
CdmResponseType status =
decryptor_->OpenSession(config_.key_system(), &property_set_L3,
kDefaultCdmIdentifier, nullptr, &session_id_);
EXPECT_TRUE(status == NEED_PROVISIONING || status == NO_ERROR)
<< "Failure to open session. error: " << status;
std::string provisioning_server;
CdmCertificateType cert_type = kCertificateWidevine;
std::string cert_authority, cert, wrapped_key;
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_->GetProvisioningRequest(
cert_type, cert_authority, kDefaultCdmIdentifier,
kEmptyServiceCertificate, &key_msg_, &provisioning_server));
EXPECT_EQ(
wvcdm::NO_ERROR,
decryptor_->GetProvisioningRequest(
cert_type, cert_authority, kDefaultCdmIdentifier,
kEmptyServiceCertificate, kLevel3, &key_msg_, &provisioning_server));
EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl);
std::string response = GetCertRequestResponse(config_.provisioning_server());
EXPECT_NE(0, static_cast<int>(response.size()));
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_->HandleProvisioningResponse(
kDefaultCdmIdentifier, response, &cert, &wrapped_key));
kDefaultCdmIdentifier, response, kLevel3, &cert, &wrapped_key));
EXPECT_EQ(0, static_cast<int>(cert.size()));
EXPECT_EQ(0, static_cast<int>(wrapped_key.size()));
decryptor_->CloseSession(session_id_);
@@ -2295,22 +2295,24 @@ TEST_F(WvCdmRequestLicenseTest, ProvisioningInterposedRetryTest) {
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_->GetProvisioningRequest(
cert_type, cert_authority, kDefaultCdmIdentifier,
kEmptyServiceCertificate, &key_msg1, &provisioning_server));
kEmptyServiceCertificate, kLevelDefault, &key_msg1,
&provisioning_server));
EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl);
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_->GetProvisioningRequest(
cert_type, cert_authority, kDefaultCdmIdentifier,
kEmptyServiceCertificate, &key_msg2, &provisioning_server));
kEmptyServiceCertificate, kLevelDefault, &key_msg2,
&provisioning_server));
EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl);
// Second message should succeed.
key_msg_ = key_msg2;
std::string response = GetCertRequestResponse(config_.provisioning_server());
EXPECT_NE(0, static_cast<int>(response.size()));
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_->HandleProvisioningResponse(
kDefaultCdmIdentifier, response, &cert, &wrapped_key));
EXPECT_EQ(wvcdm::NO_ERROR, decryptor_->HandleProvisioningResponse(
kDefaultCdmIdentifier, response, kLevelDefault,
&cert, &wrapped_key));
EXPECT_EQ(0, static_cast<int>(cert.size()));
EXPECT_EQ(0, static_cast<int>(wrapped_key.size()));
@@ -2318,9 +2320,9 @@ TEST_F(WvCdmRequestLicenseTest, ProvisioningInterposedRetryTest) {
key_msg_ = key_msg1;
response = GetCertRequestResponse(config_.provisioning_server());
EXPECT_NE(0, static_cast<int>(response.size()));
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_->HandleProvisioningResponse(
kDefaultCdmIdentifier, response, &cert, &wrapped_key));
EXPECT_EQ(wvcdm::NO_ERROR, decryptor_->HandleProvisioningResponse(
kDefaultCdmIdentifier, response, kLevelDefault,
&cert, &wrapped_key));
EXPECT_EQ(0, static_cast<int>(cert.size()));
EXPECT_EQ(0, static_cast<int>(wrapped_key.size()));
decryptor_->CloseSession(session_id_);
@@ -2338,22 +2340,24 @@ TEST_F(WvCdmRequestLicenseTest, ProvisioningInterspersedRetryTest) {
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_->GetProvisioningRequest(
cert_type, cert_authority, kDefaultCdmIdentifier,
kEmptyServiceCertificate, &key_msg1, &provisioning_server));
kEmptyServiceCertificate, kLevelDefault, &key_msg1,
&provisioning_server));
EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl);
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_->GetProvisioningRequest(
cert_type, cert_authority, kDefaultCdmIdentifier,
kEmptyServiceCertificate, &key_msg2, &provisioning_server));
kEmptyServiceCertificate, kLevelDefault, &key_msg2,
&provisioning_server));
EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl);
// First request expected to fail, because only one message may be active.
key_msg_ = key_msg1;
std::string response = GetCertRequestResponse(config_.provisioning_server());
EXPECT_NE(0, static_cast<int>(response.size()));
EXPECT_EQ(LOAD_PROVISIONING_ERROR,
decryptor_->HandleProvisioningResponse(
kDefaultCdmIdentifier, response, &cert, &wrapped_key));
EXPECT_EQ(LOAD_PROVISIONING_ERROR, decryptor_->HandleProvisioningResponse(
kDefaultCdmIdentifier, response,
kLevelDefault, &cert, &wrapped_key));
EXPECT_EQ(0, static_cast<int>(cert.size()));
EXPECT_EQ(0, static_cast<int>(wrapped_key.size()));
@@ -2361,9 +2365,9 @@ TEST_F(WvCdmRequestLicenseTest, ProvisioningInterspersedRetryTest) {
key_msg_ = key_msg2;
response = GetCertRequestResponse(config_.provisioning_server());
EXPECT_NE(0, static_cast<int>(response.size()));
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_->HandleProvisioningResponse(
kDefaultCdmIdentifier, response, &cert, &wrapped_key));
EXPECT_EQ(wvcdm::NO_ERROR, decryptor_->HandleProvisioningResponse(
kDefaultCdmIdentifier, response, kLevelDefault,
&cert, &wrapped_key));
EXPECT_EQ(0, static_cast<int>(cert.size()));
EXPECT_EQ(0, static_cast<int>(wrapped_key.size()));
@@ -2382,14 +2386,15 @@ TEST_F(WvCdmRequestLicenseTest, DISABLED_X509ProvisioningTest) {
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_->GetProvisioningRequest(
cert_type, cert_authority, kDefaultCdmIdentifier,
kEmptyServiceCertificate, &key_msg_, &provisioning_server));
kEmptyServiceCertificate, kLevelDefault, &key_msg_,
&provisioning_server));
EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl);
std::string response = GetCertRequestResponse(config_.provisioning_server());
EXPECT_NE(0, static_cast<int>(response.size()));
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_->HandleProvisioningResponse(
kDefaultCdmIdentifier, response, &cert, &wrapped_key));
EXPECT_EQ(wvcdm::NO_ERROR, decryptor_->HandleProvisioningResponse(
kDefaultCdmIdentifier, response, kLevelDefault,
&cert, &wrapped_key));
EXPECT_NE(0, static_cast<int>(cert.size()));
EXPECT_NE(0, static_cast<int>(wrapped_key.size()));
decryptor_->CloseSession(session_id_);
@@ -2472,17 +2477,17 @@ TEST_F(WvCdmRequestLicenseTest, PropertySetTest) {
std::string provisioning_server;
CdmCertificateType cert_type = kCertificateWidevine;
std::string cert_authority, cert, wrapped_key;
EXPECT_EQ(NO_ERROR,
decryptor_->GetProvisioningRequest(
cert_type, cert_authority, kDefaultCdmIdentifier,
kEmptyServiceCertificate, &key_msg_, &provisioning_server));
EXPECT_EQ(NO_ERROR, decryptor_->GetProvisioningRequest(
cert_type, cert_authority, kDefaultCdmIdentifier,
kEmptyServiceCertificate, kLevel3, &key_msg_,
&provisioning_server));
EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl);
std::string response =
GetCertRequestResponse(config_.provisioning_server());
EXPECT_NE(0, static_cast<int>(response.size()));
EXPECT_EQ(NO_ERROR,
decryptor_->HandleProvisioningResponse(
kDefaultCdmIdentifier, response, &cert, &wrapped_key));
EXPECT_EQ(NO_ERROR, decryptor_->HandleProvisioningResponse(
kDefaultCdmIdentifier, response, kLevel3, &cert,
&wrapped_key));
EXPECT_EQ(NO_ERROR, decryptor_->OpenSession(
config_.key_system(), &property_set_L3,
kDefaultCdmIdentifier, nullptr, &session_id_L3));
@@ -2549,16 +2554,16 @@ TEST_F(WvCdmRequestLicenseTest, ForceL3Test) {
std::string provisioning_server;
CdmCertificateType cert_type = kCertificateWidevine;
std::string cert_authority, cert, wrapped_key;
EXPECT_EQ(NO_ERROR,
decryptor_->GetProvisioningRequest(
cert_type, cert_authority, kDefaultCdmIdentifier,
kEmptyServiceCertificate, &key_msg_, &provisioning_server));
EXPECT_EQ(NO_ERROR, decryptor_->GetProvisioningRequest(
cert_type, cert_authority, kDefaultCdmIdentifier,
kEmptyServiceCertificate, kLevel3, &key_msg_,
&provisioning_server));
EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl);
std::string response = GetCertRequestResponse(config_.provisioning_server());
EXPECT_NE(0, static_cast<int>(response.size()));
EXPECT_EQ(NO_ERROR,
decryptor_->HandleProvisioningResponse(
kDefaultCdmIdentifier, response, &cert, &wrapped_key));
kDefaultCdmIdentifier, response, kLevel3, &cert, &wrapped_key));
EXPECT_EQ(NO_ERROR, decryptor_->OpenSession(
config_.key_system(), &property_set,
@@ -2812,17 +2817,17 @@ TEST_F(WvCdmRequestLicenseTest, ReleaseRetryL3OfflineKeyTest) {
std::string provisioning_server;
CdmCertificateType cert_type = kCertificateWidevine;
std::string cert_authority, cert, wrapped_key;
EXPECT_EQ(NO_ERROR,
decryptor_->GetProvisioningRequest(
cert_type, cert_authority, kDefaultCdmIdentifier,
kEmptyServiceCertificate, &key_msg_, &provisioning_server));
EXPECT_EQ(NO_ERROR, decryptor_->GetProvisioningRequest(
cert_type, cert_authority, kDefaultCdmIdentifier,
kEmptyServiceCertificate, kLevel3, &key_msg_,
&provisioning_server));
EXPECT_EQ(provisioning_server, kDefaultProvisioningServerUrl);
std::string response =
GetCertRequestResponse(config_.provisioning_server());
EXPECT_NE(0, static_cast<int>(response.size()));
EXPECT_EQ(NO_ERROR,
decryptor_->HandleProvisioningResponse(
kDefaultCdmIdentifier, response, &cert, &wrapped_key));
EXPECT_EQ(NO_ERROR, decryptor_->HandleProvisioningResponse(
kDefaultCdmIdentifier, response, kLevel3, &cert,
&wrapped_key));
EXPECT_EQ(NO_ERROR, decryptor_->OpenSession(
config_.key_system(), &property_set,
kDefaultCdmIdentifier, nullptr, &session_id_));
@@ -2890,15 +2895,15 @@ TEST_F(WvCdmRequestLicenseTest,
std::string cert_authority, cert, wrapped_key;
EXPECT_EQ(NO_ERROR, decryptor_->GetProvisioningRequest(
cert_type, cert_authority, kDefaultCdmIdentifier,
kEmptyServiceCertificate, &key_msg_,
kEmptyServiceCertificate, kLevel3, &key_msg_,
&provisioning_server_url));
EXPECT_EQ(provisioning_server_url, kDefaultProvisioningServerUrl);
std::string response =
GetCertRequestResponse(config_.provisioning_server());
EXPECT_NE(0, static_cast<int>(response.size()));
EXPECT_EQ(NO_ERROR,
decryptor_->HandleProvisioningResponse(
kDefaultCdmIdentifier, response, &cert, &wrapped_key));
EXPECT_EQ(NO_ERROR, decryptor_->HandleProvisioningResponse(
kDefaultCdmIdentifier, response, kLevel3, &cert,
&wrapped_key));
EXPECT_EQ(NO_ERROR, decryptor_->OpenSession(
config_.key_system(), &property_set,
kDefaultCdmIdentifier, nullptr, &session_id_));

3
libwvdrmengine/cdm/test/wv_cdm_metrics_test.cpp
View File

@@ -58,7 +58,8 @@ TEST_F(WvContentDecryptionModuleMetricsTest, EngineOnlyMetrics) {
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_.GetProvisioningRequest(
cert_type, cert_authority, kDefaultCdmIdentifier,
kEmptyServiceCertificate, &request, &provisioning_server_url));
kEmptyServiceCertificate, kLevelDefault, &request,
&provisioning_server_url));
drm_metrics::WvCdmMetrics metrics;
ASSERT_EQ(wvcdm::NO_ERROR,