Use default url to inform app of prov40 stages

[ Merge of http://go/wvgerrit/147457 ] For the first stage of provisioning 4, the default url is appended with "&preProvisioning=true" as an indicator to the app that the current stage is the first stage. Design doc:https://docs.google.com/document/d/1NZVKCsBtaMJdTjj2C9FzW8s-s4eEj2niu5SPlw7EvRM/edit Bug: 224375138 Test: GtsMediaTestCase on sunfish Change-Id: I49ba6f799b51b042461a32c51e4e20c6071227b8
2022-03-14 02:50:31 -07:00
parent 139310fd05
commit e64dd05e25
2 changed files with 19 additions and 3 deletions
--- a/libwvdrmengine/cdm/core/include/certificate_provisioning.h
+++ b/libwvdrmengine/cdm/core/include/certificate_provisioning.h
@@ -82,7 +82,8 @@ class CertificateProvisioning {
      const std::string& origin, const std::string& spoid,
      CdmProvisioningRequest* request, std::string* default_url);
  CdmResponseType GetProvisioning40RequestInternal(
-      wvutil::FileSystem* file_system, CdmProvisioningRequest* request);
+      wvutil::FileSystem* file_system, CdmProvisioningRequest* request,
+      std::string* default_url);
  CdmResponseType FillEncryptedClientId(
      const std::string& client_token,
      video_widevine::ProvisioningRequest& provisioning_request);
--- a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
+++ b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
@@ -26,6 +26,11 @@ const std::string kProvisioningServerUrl =
    "https://www.googleapis.com/"
    "certificateprovisioning/v1/devicecertificates/create"
    "?key=AIzaSyB-5OLKTx2iU5mko18DfdwK5611JIjbUhE";
+// In case of provisioning 4, the default url is used as a way to inform app of
+// the current provisioning stage. In the first stage, this suffix is appended
+// to kProvisioningServerUrl; in the second stage, there is no change to
+// kProvisioningServerUrl.
+const std::string kProv40FirstStageServerUrlSuffix = "&preProvisioning=true";

 // NOTE: Provider ID = widevine.com
 const std::string kCpProductionServiceCertificate = wvutil::a2bs_hex(
@@ -207,7 +212,7 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequestInternal(

  if (crypto_session_->GetPreProvisionTokenType() ==
      kClientTokenBootCertChain) {
-    return GetProvisioning40RequestInternal(file_system, request);
+    return GetProvisioning40RequestInternal(file_system, request, default_url);
  }

  // Prepare device provisioning request.
@@ -298,7 +303,8 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequestInternal(
 }

 CdmResponseType CertificateProvisioning::GetProvisioning40RequestInternal(
-    wvutil::FileSystem* file_system, CdmProvisioningRequest* request) {
+    wvutil::FileSystem* file_system, CdmProvisioningRequest* request,
+    std::string* default_url) {
  if (!crypto_session_->IsOpen()) {
    LOGE("Crypto session is not open");
    return PROVISIONING_4_CRYPTO_SESSION_NOT_OPEN;
@@ -333,6 +339,15 @@ CdmResponseType CertificateProvisioning::GetProvisioning40RequestInternal(
    }
  }

+  if (stored_oem_cert.empty()) {
+    // This is the first stage provisioning.
+    default_url->assign(kProvisioningServerUrl +
+                        kProv40FirstStageServerUrlSuffix);
+  } else {
+    // This is the second stage provisioning.
+    default_url->assign(kProvisioningServerUrl);
+  }
+
  // If this is the first stage, |stored_oem_cert| remains empty. In this case,
  // the client identification token will be retrieved from OEMCrypto, which is
  // the BCC in this case.