From e64dd05e25f0aa496d2674dc67d213c58654103f Mon Sep 17 00:00:00 2001 From: Rahul Frias Date: Mon, 14 Mar 2022 02:50:31 -0700 Subject: [PATCH] Use default url to inform app of prov40 stages [ Merge of http://go/wvgerrit/147457 ] For the first stage of provisioning 4, the default url is appended with "&preProvisioning=true" as an indicator to the app that the current stage is the first stage. Design doc:https://docs.google.com/document/d/1NZVKCsBtaMJdTjj2C9FzW8s-s4eEj2niu5SPlw7EvRM/edit Bug: 224375138 Test: GtsMediaTestCase on sunfish Change-Id: I49ba6f799b51b042461a32c51e4e20c6071227b8 --- .../core/include/certificate_provisioning.h | 3 ++- .../cdm/core/src/certificate_provisioning.cpp | 19 +++++++++++++++++-- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/libwvdrmengine/cdm/core/include/certificate_provisioning.h b/libwvdrmengine/cdm/core/include/certificate_provisioning.h index dde4d1e8..097a8006 100644 --- a/libwvdrmengine/cdm/core/include/certificate_provisioning.h +++ b/libwvdrmengine/cdm/core/include/certificate_provisioning.h @@ -82,7 +82,8 @@ class CertificateProvisioning { const std::string& origin, const std::string& spoid, CdmProvisioningRequest* request, std::string* default_url); CdmResponseType GetProvisioning40RequestInternal( - wvutil::FileSystem* file_system, CdmProvisioningRequest* request); + wvutil::FileSystem* file_system, CdmProvisioningRequest* request, + std::string* default_url); CdmResponseType FillEncryptedClientId( const std::string& client_token, video_widevine::ProvisioningRequest& provisioning_request); diff --git a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp index f7ce8efe..77e20747 100644 --- a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp +++ b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp @@ -26,6 +26,11 @@ const std::string kProvisioningServerUrl = "https://www.googleapis.com/" "certificateprovisioning/v1/devicecertificates/create" "?key=AIzaSyB-5OLKTx2iU5mko18DfdwK5611JIjbUhE"; +// In case of provisioning 4, the default url is used as a way to inform app of +// the current provisioning stage. In the first stage, this suffix is appended +// to kProvisioningServerUrl; in the second stage, there is no change to +// kProvisioningServerUrl. +const std::string kProv40FirstStageServerUrlSuffix = "&preProvisioning=true"; // NOTE: Provider ID = widevine.com const std::string kCpProductionServiceCertificate = wvutil::a2bs_hex( @@ -207,7 +212,7 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequestInternal( if (crypto_session_->GetPreProvisionTokenType() == kClientTokenBootCertChain) { - return GetProvisioning40RequestInternal(file_system, request); + return GetProvisioning40RequestInternal(file_system, request, default_url); } // Prepare device provisioning request. @@ -298,7 +303,8 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequestInternal( } CdmResponseType CertificateProvisioning::GetProvisioning40RequestInternal( - wvutil::FileSystem* file_system, CdmProvisioningRequest* request) { + wvutil::FileSystem* file_system, CdmProvisioningRequest* request, + std::string* default_url) { if (!crypto_session_->IsOpen()) { LOGE("Crypto session is not open"); return PROVISIONING_4_CRYPTO_SESSION_NOT_OPEN; @@ -333,6 +339,15 @@ CdmResponseType CertificateProvisioning::GetProvisioning40RequestInternal( } } + if (stored_oem_cert.empty()) { + // This is the first stage provisioning. + default_url->assign(kProvisioningServerUrl + + kProv40FirstStageServerUrlSuffix); + } else { + // This is the second stage provisioning. + default_url->assign(kProvisioningServerUrl); + } + // If this is the first stage, |stored_oem_cert| remains empty. In this case, // the client identification token will be retrieved from OEMCrypto, which is // the BCC in this case.