From f6b4d140f42df04bebcab3d218145f43b766fe8d Mon Sep 17 00:00:00 2001
From: Rahul Frias <rfrias@google.com>
Date: Sun, 21 Mar 2021 14:09:23 -0700
Subject: [PATCH] Add comments to clarify client and service clock times

[ Merge of http://go/wvgerrit/120510 ]

* Added some comments to clarify which clock times are computed at the
  client and at the provisioning service. More detail is present in the
  device_files.proto
* Moved helper methods |SetDeviceCertificate| and
  |ExtractFromDeviceCertificate| from class methods to anonymous
  namespace
* Removed some commented out code

Bug: 169740403
Test: WV unit/integration
Change-Id: Ic263f3dfe296fff6d9b5380b2e7c663d87022cb2
---
 .../cdm/core/include/device_files.h           |   8 --
 .../cdm/core/src/certificate_provisioning.cpp |  14 ---
 libwvdrmengine/cdm/core/src/device_files.cpp  | 116 +++++++++---------
 3 files changed, 61 insertions(+), 77 deletions(-)

diff --git a/libwvdrmengine/cdm/core/include/device_files.h b/libwvdrmengine/cdm/core/include/device_files.h
index 9dcf8143..69fa256c 100644
--- a/libwvdrmengine/cdm/core/include/device_files.h
+++ b/libwvdrmengine/cdm/core/include/device_files.h
@@ -23,8 +23,6 @@ namespace wvcdm {
 
 class FileSystem;
 
-using video_widevine_client::sdk::DeviceCertificate;
-
 class DeviceFiles {
  public:
   typedef enum {
@@ -282,12 +280,6 @@ class DeviceFiles {
                                        std::string* serial_number,
                                        uint32_t* system_id);
   bool HasCertificate(CertificateType certificate_type);
-  bool SetDeviceCertificate(const std::string& certificate,
-                            const CryptoWrappedKey& wrapped_private_key,
-                            DeviceCertificate* mutable_device_certificate);
-  bool ExtractFromDeviceCertificate(const DeviceCertificate& device_certificate,
-                                    std::string* certificate,
-                                    CryptoWrappedKey* wrapped_private_key);
 
   // Helpers that wrap the File interface and automatically handle hashing, as
   // well as adding the device files base path to to the file name.
diff --git a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
index 86be4100..27e01b9f 100644
--- a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
+++ b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
@@ -15,8 +15,6 @@
 #include "string_conversions.h"
 #include "wv_cdm_constants.h"
 
-#include "clock.h"
-
 namespace {
 
 const std::string kEmptyString;
@@ -540,18 +538,6 @@ bool CertificateProvisioning::ExtractDeviceInfo(
                                    ? drm_certificate.expiration_time_seconds()
                                    : INVALID_TIME;
   }
-  /*
-  Clock clock;
-  //drm_certificate.set_expiration_time_seconds(clock.GetCurrentTime() + 10*365.25*24*60*60);
-  drm_certificate.set_creation_time_seconds(-5);
-  std::string serialized_drm_certificate;
-  drm_certificate.SerializeToString(&serialized_drm_certificate);
-  signed_drm_certificate.set_drm_certificate(serialized_drm_certificate);
-  std::string serialized_signed_drm_certificate;
-  signed_drm_certificate.SerializeToString(&serialized_signed_drm_certificate);
-  LOGE("serialized_signed_drm_certificate: (%zu) %s", serialized_signed_drm_certificate.size(), b2a_hex(serialized_signed_drm_certificate).c_str());
-  */
-
   return true;
 }
 
diff --git a/libwvdrmengine/cdm/core/src/device_files.cpp b/libwvdrmengine/cdm/core/src/device_files.cpp
index 06ec4d9f..3eec5550 100644
--- a/libwvdrmengine/cdm/core/src/device_files.cpp
+++ b/libwvdrmengine/cdm/core/src/device_files.cpp
@@ -95,6 +95,62 @@ const char kUsageTableFileName[] = "usgtable.bin";
 const char kWildcard[] = "*";
 constexpr int64_t kFourMonthsInSeconds = (2 * 30 + 2 * 31) * 24 * 60 * 60;
 
+// Helper methods
+bool SetDeviceCertificate(const std::string& certificate,
+                          const wvcdm::CryptoWrappedKey& private_key,
+                          DeviceCertificate* mutable_device_certificate) {
+  RETURN_FALSE_IF_NULL(mutable_device_certificate);
+
+  mutable_device_certificate->set_certificate(certificate);
+  mutable_device_certificate->set_wrapped_private_key(private_key.key());
+  switch (private_key.type()) {
+    case wvcdm::CryptoWrappedKey::kRsa:
+      mutable_device_certificate->set_key_type(DeviceCertificate::RSA);
+      return true;
+    case wvcdm::CryptoWrappedKey::kEcc:
+      mutable_device_certificate->set_key_type(DeviceCertificate::ECC);
+      return true;
+    case wvcdm::CryptoWrappedKey::kUninitialized:  // Suppress compiler
+                                                   // warnings.
+    default:
+      LOGE("Unexpected key type: %d", private_key.type());
+      return false;
+  }
+}
+
+bool ExtractFromDeviceCertificate(const DeviceCertificate& device_certificate,
+                                  std::string* certificate,
+                                  wvcdm::CryptoWrappedKey* private_key) {
+  RETURN_FALSE_IF_NULL(certificate);
+  RETURN_FALSE_IF_NULL(private_key);
+
+  *certificate = device_certificate.certificate();
+  private_key->Clear();
+  private_key->set_key(device_certificate.wrapped_private_key());
+  if (device_certificate.has_key_type()) {
+    const DeviceCertificate::PrivateKeyType key_type =
+        device_certificate.key_type();
+    switch (key_type) {
+      case DeviceCertificate::RSA:
+        private_key->set_type(wvcdm::CryptoWrappedKey::kRsa);
+        break;
+      case DeviceCertificate::ECC:
+        private_key->set_type(wvcdm::CryptoWrappedKey::kEcc);
+        break;
+      default:
+        LOGW("Unknown DRM key type, defaulting to RSA: type = %d", key_type);
+        private_key->set_type(wvcdm::CryptoWrappedKey::kRsa);
+        break;
+    }
+  } else {
+    // Possible that device certificate is from V15, in this case, the
+    // only supported key of at that time was RSA.
+    LOGD("No key type info, assuming RSA");
+    private_key->set_type(wvcdm::CryptoWrappedKey::kRsa);
+  }
+  return true;
+}
+
 }  // namespace
 
 namespace wvcdm {
@@ -280,7 +336,8 @@ DeviceFiles::CertificateState DeviceFiles::RetrieveCertificate(
       // Validation check for DRM certificate that includes an expiration
       // time set by the provisioning service. Since provisioning and
       // client clocks may not be in sync, verify by comparing time
-      // elapsed since license was acquired with expiration period.
+      // elapsed since the certificate was acquired with the expiration
+      // period specified by the service.
       // First verify that all the fields are set to valid values.
       // The service will validate certificate expiration so tampering of
       // time values at the client is not a concern.
@@ -323,6 +380,9 @@ DeviceFiles::CertificateState DeviceFiles::RetrieveCertificate(
         return kCertificateInvalid;
       }
 
+      // |current_time| and |acquisition_time_seconds| are client clock
+      // times while |expiration_time_seconds| and |creation_time_seconds|
+      // are times specified by the provisioning service
       if (current_time - acquisition_time_seconds >
           expiration_time_seconds - creation_time_seconds) {
         return kCertificateExpired;
@@ -1265,60 +1325,6 @@ bool DeviceFiles::HasCertificate(CertificateType certificate_type) {
   return FileExists(certificate_file_name);
 }
 
-bool DeviceFiles::SetDeviceCertificate(
-    const std::string& certificate, const CryptoWrappedKey& private_key,
-    DeviceCertificate* mutable_device_certificate) {
-  RETURN_FALSE_IF_NULL(mutable_device_certificate);
-
-  mutable_device_certificate->set_certificate(certificate);
-  mutable_device_certificate->set_wrapped_private_key(private_key.key());
-  switch (private_key.type()) {
-    case CryptoWrappedKey::kRsa:
-      mutable_device_certificate->set_key_type(DeviceCertificate::RSA);
-      return true;
-    case CryptoWrappedKey::kEcc:
-      mutable_device_certificate->set_key_type(DeviceCertificate::ECC);
-      return true;
-    case CryptoWrappedKey::kUninitialized:  // Suppress compiler warnings.
-    default:
-      LOGE("Unexpected key type: %d", private_key.type());
-      return false;
-  }
-}
-
-bool DeviceFiles::ExtractFromDeviceCertificate(
-    const DeviceCertificate& device_certificate, std::string* certificate,
-    CryptoWrappedKey* private_key) {
-  RETURN_FALSE_IF_NULL(certificate);
-  RETURN_FALSE_IF_NULL(private_key);
-
-  *certificate = device_certificate.certificate();
-  private_key->Clear();
-  private_key->set_key(device_certificate.wrapped_private_key());
-  if (device_certificate.has_key_type()) {
-    const DeviceCertificate::PrivateKeyType key_type =
-        device_certificate.key_type();
-    switch (key_type) {
-      case DeviceCertificate::RSA:
-        private_key->set_type(CryptoWrappedKey::kRsa);
-        break;
-      case DeviceCertificate::ECC:
-        private_key->set_type(CryptoWrappedKey::kEcc);
-        break;
-      default:
-        LOGW("Unknown DRM key type, defaulting to RSA: type = %d", key_type);
-        private_key->set_type(CryptoWrappedKey::kRsa);
-        break;
-    }
-  } else {
-    // Possible that device certificate is from V15, in this case, the
-    // only supported key of at that time was RSA.
-    LOGD("No key type info, assuming RSA");
-    private_key->set_type(CryptoWrappedKey::kRsa);
-  }
-  return true;
-}
-
 DeviceFiles::ResponseType DeviceFiles::StoreFileWithHash(
     const std::string& name, const std::string& serialized_file) {
   std::string hash = Sha256Hash(serialized_file);