widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add initial support for key rotation through ce cdm interface.

Browse Source 
Merge from Widevine repo of http://go/wvgerrit/42941

Bug: 72168544
Test: tested as part of http://go/ag/4674759
Change-Id: I1a2d0f49371e5b3edf1d9dff85b85593f981d1f5
This commit is contained in:
Fred Gylys-Colwell
2018-07-01 17:56:23 -07:00
parent d17199fb83
commit fc4186e4fd
12 changed files with 480 additions and 332 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
libwvdrmengine/cdm/core/include/license.h
View File

@@ -27,6 +27,10 @@ class PolicyEngine;
class CdmSession; class CdmSession;
class CryptoKey; class CryptoKey;
using ::google::protobuf::RepeatedPtrField;
using video_widevine::License_KeyContainer;
using video_widevine::WidevinePsshData_EntitledKey;
class CdmLicense { class CdmLicense {
public: public:
CdmLicense(const CdmSessionId& session_id); CdmLicense(const CdmSessionId& session_id);
@@ -50,7 +54,8 @@ class CdmLicense {
const CdmKeyResponse& license_response); const CdmKeyResponse& license_response);
virtual CdmResponseType HandleKeyUpdateResponse( virtual CdmResponseType HandleKeyUpdateResponse(
bool is_renewal, const CdmKeyResponse& license_response); bool is_renewal, const CdmKeyResponse& license_response);
virtual CdmResponseType HandleSubLicense(const InitializationData& init_data); virtual CdmResponseType HandleEmbeddedKeyData(
const InitializationData& init_data);
virtual bool RestoreOfflineLicense( virtual bool RestoreOfflineLicense(
const CdmKeyMessage& license_request, const CdmKeyMessage& license_request,
@@ -101,6 +106,10 @@ class CdmLicense {
const std::vector<CryptoKey>& key_array, const std::vector<CryptoKey>& key_array,
const video_widevine::License& license); const video_widevine::License& license);
CdmResponseType HandleNewEntitledKeys(
const std::vector<WidevinePsshData_EntitledKey>& wrapped_keys);
CdmResponseType HandleSubLicense(const InitializationData& init_data);
template <typename T> template <typename T>
bool SetTypeAndId(CdmLicenseType license_type, const std::string& request_id, bool SetTypeAndId(CdmLicenseType license_type, const std::string& request_id,
T* content_id); T* content_id);
@@ -132,16 +141,19 @@ class CdmLicense {
// CdmLicense takes ownership of the clock. // CdmLicense takes ownership of the clock.
CdmLicense(const CdmSessionId& session_id, Clock* clock); CdmLicense(const CdmSessionId& session_id, Clock* clock);
// For sublicense key embedding. This key array will be initilized with any
// sub session keys we may have received in a license response. These keys
// may be used to support key rotation.
std::vector<CryptoKey> sub_session_key_array_;
// For entitlement key licensing. This holds the keys from the init_data. // For entitlement key licensing. This holds the keys from the init_data.
// These keys are extracted from the pssh when we generate a license request. // These keys are extracted from the pssh when we generate a license request.
// It is used to load content keys after we have received a license and // It is used to load content keys after we have received a license and
// entitelement keys. It is also used in updating the key status info. // entitelement keys. It is also used in updating the key status info.
std::vector<video_widevine::WrappedKey> wrapped_keys_; std::vector<WidevinePsshData_EntitledKey> wrapped_keys_;
// For sublicense key embedding. This key array will be initialized with any
// sub session keys we may have received in a license response. These keys
// may be used to support key rotation.
std::vector<CryptoKey> entitlement_key_array_;
CdmLicenseKeyType license_key_type_;
RepeatedPtrField<License_KeyContainer> entitlement_keys_;
#if defined(UNIT_TEST) #if defined(UNIT_TEST)
friend class CdmLicenseTest; friend class CdmLicenseTest;
#endif #endif

23
libwvdrmengine/cdm/core/include/license_key_status.h
View File

@@ -16,6 +16,8 @@ namespace wvcdm {
class LicenseKeyStatus; class LicenseKeyStatus;
using video_widevine::WidevinePsshData_EntitledKey;
// Holds all content and operator session keys for a session. // Holds all content and operator session keys for a session.
class LicenseKeys { class LicenseKeys {
public: public:
@@ -59,8 +61,11 @@ class LicenseKeys {
// Extracts the keys from a license and makes them available for // Extracts the keys from a license and makes them available for
// querying usage and constraint settings. // querying usage and constraint settings.
virtual void SetFromLicense( virtual void SetFromLicense(const video_widevine::License& license);
const video_widevine::License& license);
// Sets the keys from the input entitled key data.
virtual void SetEntitledKeys(
const std::vector<WidevinePsshData_EntitledKey>& keys);
private: private:
typedef ::video_widevine::License::KeyContainer KeyContainer; typedef ::video_widevine::License::KeyContainer KeyContainer;
@@ -70,7 +75,12 @@ class LicenseKeys {
void Clear(); void Clear();
bool is_initialized_; bool is_initialized_;
// |keys_| can hold either content key statuses, or entitlement key statuses.
std::map<KeyId, LicenseKeyStatus*> keys_; std::map<KeyId, LicenseKeyStatus*> keys_;
// |content_keyid_to_entitlement_key_id_| maps a content key id to an
// entitlement_key_id. The resulting key id can be used to obtain the current
// key status from |keys_| when using entitlement key licensing.
std::map<KeyId, KeyId> content_keyid_to_entitlement_key_id_;
CORE_DISALLOW_COPY_AND_ASSIGN(LicenseKeys); CORE_DISALLOW_COPY_AND_ASSIGN(LicenseKeys);
}; };
@@ -104,8 +114,8 @@ class LicenseKeyStatus {
virtual bool MeetsConstraints() const { return meets_constraints_; } virtual bool MeetsConstraints() const { return meets_constraints_; }
// Applies the given changes in resolution or HDCP settings. // Applies the given changes in resolution or HDCP settings.
virtual void ApplyConstraints( virtual void ApplyConstraints(uint32_t new_resolution,
uint32_t new_resolution, CryptoSession::HdcpCapability new_hdcp_level); CryptoSession::HdcpCapability new_hdcp_level);
protected: protected:
typedef ::video_widevine::License::KeyContainer KeyContainer; typedef ::video_widevine::License::KeyContainer KeyContainer;
@@ -121,13 +131,10 @@ class LicenseKeyStatus {
virtual ~LicenseKeyStatus() {} virtual ~LicenseKeyStatus() {}
private: private:
void ParseContentKey(const KeyContainer& key); void ParseContentKey(const KeyContainer& key);
void ParseOperatorSessionKey(const KeyContainer& key); void ParseOperatorSessionKey(const KeyContainer& key);
bool HasConstraints() { bool HasConstraints() { return is_content_key_ && constraints_.size() != 0; }
return is_content_key_ && constraints_.size() != 0;
}
void SetConstraints(const ConstraintList& constraints); void SetConstraints(const ConstraintList& constraints);

19
libwvdrmengine/cdm/core/include/policy_engine.h
View File

@@ -17,6 +17,7 @@
namespace wvcdm { namespace wvcdm {
using video_widevine::LicenseIdentification; using video_widevine::LicenseIdentification;
using video_widevine::WidevinePsshData_EntitledKey;
class Clock; class Clock;
class CryptoSession; class CryptoSession;
@@ -57,12 +58,18 @@ class PolicyEngine {
// permits playback. // permits playback.
virtual void SetLicense(const video_widevine::License& license); virtual void SetLicense(const video_widevine::License& license);
// TODO(jfore): Sublicense uses this to update the keys when they are
// changed during key rotation. Drop this method and use SetLicenseKeys
// instead.
virtual void UpdateLicenseKeys(const video_widevine::License& license); virtual void UpdateLicenseKeys(const video_widevine::License& license);
// Used to update the currently loaded entitled content keys.
virtual void SetEntitledLicenseKeys(
const std::vector<WidevinePsshData_EntitledKey>& entitled_keys);
// SetLicenseForRelease is used when releasing a license. The keys in this // SetLicenseForRelease is used when releasing a license. The keys in this
// license will be ignored, and any old keys will be expired. // license will be ignored, and any old keys will be expired.
virtual void SetLicenseForRelease( virtual void SetLicenseForRelease(const video_widevine::License& license);
const video_widevine::License& license);
// Call this on first decrypt to set the start of playback. // Call this on first decrypt to set the start of playback.
virtual void BeginDecryption(void); virtual void BeginDecryption(void);
@@ -73,8 +80,7 @@ class PolicyEngine {
// case an exact copy is not what we want to happen. We also will receive an // case an exact copy is not what we want to happen. We also will receive an
// updated license_start_time from the server. The license will transition to // updated license_start_time from the server. The license will transition to
// kLicenseStateCanPlay if the license permits playback. // kLicenseStateCanPlay if the license permits playback.
virtual void UpdateLicense( virtual void UpdateLicense(const video_widevine::License& license);
const video_widevine::License& license);
// Used for notifying the Policy Engine of resolution changes // Used for notifying the Policy Engine of resolution changes
virtual void NotifyResolution(uint32_t width, uint32_t height); virtual void NotifyResolution(uint32_t width, uint32_t height);
@@ -101,8 +107,7 @@ class PolicyEngine {
bool IsLicenseForFuture() { return license_state_ == kLicenseStatePending; } bool IsLicenseForFuture() { return license_state_ == kLicenseStatePending; }
bool HasPlaybackStarted(int64_t current_time) { bool HasPlaybackStarted(int64_t current_time) {
if (playback_start_time_ == 0) if (playback_start_time_ == 0) return false;
return false;
const int64_t playback_time = current_time - playback_start_time_; const int64_t playback_time = current_time - playback_start_time_;
return playback_time >= policy_.play_start_grace_period_seconds(); return playback_time >= policy_.play_start_grace_period_seconds();
@@ -218,6 +223,6 @@ class PolicyEngine {
CORE_DISALLOW_COPY_AND_ASSIGN(PolicyEngine); CORE_DISALLOW_COPY_AND_ASSIGN(PolicyEngine);
}; };
} // wvcdm } // namespace wvcdm
#endif // WVCDM_CORE_POLICY_ENGINE_H_ #endif // WVCDM_CORE_POLICY_ENGINE_H_

35
libwvdrmengine/cdm/core/include/wv_cdm_types.h
View File

@@ -355,18 +355,19 @@ enum CdmLicenseType {
// Like Streaming, but stricter. Does not permit storage of any kind. // Like Streaming, but stricter. Does not permit storage of any kind.
// Named after the 'temporary' session type in EME, which has this behavior. // Named after the 'temporary' session type in EME, which has this behavior.
kLicenseTypeTemporary, kLicenseTypeTemporary,
kLicenseTypeSubSession // TODO(jfore): The kLicenseTypeEmbeddedKeyData currently is to differentiate
// between call types made to GenerateKeyRequest. This type is used to
// differentiate between calls to generate a license renewal and a new pssh
// with embedded keys. Please refer to CdmSession::GenerateKeyRequest. Based
// on code review comments from go/wvgerrit/41860 this license type should not
// be added. This type can be removed once it is no longer needed by
// GenerateKeyRequest.
kLicenseTypeEmbeddedKeyData
}; };
enum CdmLicenseKeyType { enum CdmLicenseKeyType { kLicenseKeyTypeContent, kLicenseKeyTypeEntitlement };
kLicenseKeyTypeContent,
kLicenseKeyTypeEntitlement
};
enum SecurityLevel { enum SecurityLevel { kLevelDefault, kLevel3 };
kLevelDefault,
kLevel3
};
enum CdmSecurityLevel { enum CdmSecurityLevel {
kSecurityLevelUninitialized, kSecurityLevelUninitialized,
@@ -435,10 +436,10 @@ struct CdmUsageEntryInfo {
CdmKeySetId key_set_id; CdmKeySetId key_set_id;
std::string usage_info_file_name; std::string usage_info_file_name;
bool operator==(const CdmUsageEntryInfo& other) const { bool operator==(const CdmUsageEntryInfo& other) const {
return storage_type == other.storage_type && return storage_type == other.storage_type &&
key_set_id == other.key_set_id && key_set_id == other.key_set_id &&
(storage_type != kStorageUsageInfo || (storage_type != kStorageUsageInfo ||
usage_info_file_name == other.usage_info_file_name); usage_info_file_name == other.usage_info_file_name);
} }
}; };
@@ -454,9 +455,7 @@ enum CdmKeySecurityLevel {
class CdmKeyAllowedUsage { class CdmKeyAllowedUsage {
public: public:
CdmKeyAllowedUsage() { CdmKeyAllowedUsage() { Clear(); }
Clear();
}
bool Valid() const { return valid_; } bool Valid() const { return valid_; }
void SetValid() { valid_ = true; } void SetValid() { valid_ = true; }
@@ -506,9 +505,7 @@ class CdmKeyAllowedUsage {
struct CdmCencPatternEncryptionDescriptor { struct CdmCencPatternEncryptionDescriptor {
size_t encrypt_blocks; // number of 16 byte blocks to decrypt size_t encrypt_blocks; // number of 16 byte blocks to decrypt
size_t skip_blocks; // number of 16 byte blocks to leave in clear size_t skip_blocks; // number of 16 byte blocks to leave in clear
CdmCencPatternEncryptionDescriptor() CdmCencPatternEncryptionDescriptor() : encrypt_blocks(0), skip_blocks(0) {}
: encrypt_blocks(0),
skip_blocks(0) {}
}; };
struct CdmDecryptionParameters { struct CdmDecryptionParameters {

4
libwvdrmengine/cdm/core/src/cdm_engine.cpp
View File

@@ -289,7 +289,9 @@ CdmResponseType CdmEngine::GenerateKeyRequest(
sts = session->GenerateKeyRequest(init_data, license_type, app_parameters, sts = session->GenerateKeyRequest(init_data, license_type, app_parameters,
key_request); key_request);
if (KEY_MESSAGE != sts) { if (KEY_ADDED == sts) {
return sts;
} else if (KEY_MESSAGE != sts) {
if (sts == NEED_PROVISIONING) { if (sts == NEED_PROVISIONING) {
cert_provisioning_requested_security_level_ = cert_provisioning_requested_security_level_ =
session->GetRequestedSecurityLevel(); session->GetRequestedSecurityLevel();

292
libwvdrmengine/cdm/core/src/cdm_session.cpp
View File

@@ -16,9 +16,9 @@
#include "log.h" #include "log.h"
#include "properties.h" #include "properties.h"
#include "string_conversions.h" #include "string_conversions.h"
#include "usage_table_header.h"
#include "wv_cdm_constants.h" #include "wv_cdm_constants.h"
#include "wv_cdm_event_listener.h" #include "wv_cdm_event_listener.h"
#include "usage_table_header.h"
namespace { namespace {
const size_t kKeySetIdLength = 14; const size_t kKeySetIdLength = 14;
@@ -27,26 +27,26 @@ const size_t kKeySetIdLength = 14;
namespace wvcdm { namespace wvcdm {
CdmSession::CdmSession(FileSystem* file_system, CdmSession::CdmSession(FileSystem* file_system,
metrics::SessionMetrics* metrics) : metrics::SessionMetrics* metrics)
metrics_(metrics), : metrics_(metrics),
initialized_(false), initialized_(false),
closed_(true), closed_(true),
file_handle_(new DeviceFiles(file_system)), file_handle_(new DeviceFiles(file_system)),
license_received_(false), license_received_(false),
is_offline_(false), is_offline_(false),
is_release_(false), is_release_(false),
is_temporary_(false), is_temporary_(false),
security_level_(kSecurityLevelUninitialized), security_level_(kSecurityLevelUninitialized),
requested_security_level_(kLevelDefault), requested_security_level_(kLevelDefault),
is_initial_decryption_(true), is_initial_decryption_(true),
has_decrypted_since_last_report_(false), has_decrypted_since_last_report_(false),
is_initial_usage_update_(true), is_initial_usage_update_(true),
is_usage_update_needed_(false), is_usage_update_needed_(false),
usage_support_type_(kNonSecureUsageSupport), usage_support_type_(kNonSecureUsageSupport),
usage_table_header_(NULL), usage_table_header_(NULL),
usage_entry_number_(0), usage_entry_number_(0),
mock_license_parser_in_use_(false), mock_license_parser_in_use_(false),
mock_policy_engine_in_use_(false) { mock_policy_engine_in_use_(false) {
assert(metrics_); // metrics_ must not be null. assert(metrics_); // metrics_ must not be null.
crypto_metrics_ = metrics_->GetCryptoMetrics(); crypto_metrics_ = metrics_->GetCryptoMetrics();
crypto_session_.reset(new CryptoSession(crypto_metrics_)); crypto_session_.reset(new CryptoSession(crypto_metrics_));
@@ -77,27 +77,22 @@ CdmResponseType CdmSession::Init(
return Init(cdm_client_property_set, NULL, NULL); return Init(cdm_client_property_set, NULL, NULL);
} }
CdmResponseType CdmSession::Init( CdmResponseType CdmSession::Init(CdmClientPropertySet* cdm_client_property_set,
CdmClientPropertySet* cdm_client_property_set, const CdmSessionId* forced_session_id,
const CdmSessionId* forced_session_id, WvCdmEventListener* event_listener) { WvCdmEventListener* event_listener) {
if (initialized_) { if (initialized_) {
LOGE("CdmSession::Init: Failed due to previous initialization"); LOGE("CdmSession::Init: Failed due to previous initialization");
return REINIT_ERROR; return REINIT_ERROR;
} }
if (cdm_client_property_set && if (cdm_client_property_set && cdm_client_property_set->security_level() ==
cdm_client_property_set->security_level() == QUERY_VALUE_SECURITY_LEVEL_L3) {
QUERY_VALUE_SECURITY_LEVEL_L3) {
requested_security_level_ = kLevel3; requested_security_level_ = kLevel3;
security_level_ = kSecurityLevelL3; security_level_ = kSecurityLevelL3;
} }
CdmResponseType sts; CdmResponseType sts;
M_TIME( M_TIME(sts = crypto_session_->Open(requested_security_level_),
sts = crypto_session_->Open(requested_security_level_), crypto_metrics_, crypto_session_open_, sts, requested_security_level_);
crypto_metrics_,
crypto_session_open_,
sts,
requested_security_level_);
if (NO_ERROR != sts) return sts; if (NO_ERROR != sts) return sts;
security_level_ = crypto_session_->GetSecurityLevel(); security_level_ = crypto_session_->GetSecurityLevel();
@@ -137,12 +132,10 @@ CdmResponseType CdmSession::Init(
} }
bool load_cert_sts; bool load_cert_sts;
M_TIME( M_TIME(
load_cert_sts = crypto_session_->LoadCertificatePrivateKey( load_cert_sts = crypto_session_->LoadCertificatePrivateKey(wrapped_key),
wrapped_key), crypto_metrics_, crypto_session_load_certificate_private_key_,
crypto_metrics_,
crypto_session_load_certificate_private_key_,
load_cert_sts); load_cert_sts);
if(!load_cert_sts) { if (!load_cert_sts) {
return NEED_PROVISIONING; return NEED_PROVISIONING;
} }
client_token_type = kClientTokenDrmCert; client_token_type = kClientTokenDrmCert;
@@ -172,17 +165,17 @@ CdmResponseType CdmSession::Init(
if (!mock_license_parser_in_use_) if (!mock_license_parser_in_use_)
license_parser_.reset(new CdmLicense(session_id_)); license_parser_.reset(new CdmLicense(session_id_));
if (!mock_policy_engine_in_use_) if (!mock_policy_engine_in_use_)
policy_engine_.reset(new PolicyEngine( policy_engine_.reset(
session_id_, event_listener, crypto_session_.get())); new PolicyEngine(session_id_, event_listener, crypto_session_.get()));
std::string service_certificate; std::string service_certificate;
if (!Properties::GetServiceCertificate(session_id_, &service_certificate)) if (!Properties::GetServiceCertificate(session_id_, &service_certificate))
service_certificate.clear(); service_certificate.clear();
if (!license_parser_->Init( if (!license_parser_->Init(client_token, client_token_type, serial_number,
client_token, client_token_type, serial_number, Properties::UsePrivacyMode(session_id_),
Properties::UsePrivacyMode(session_id_), service_certificate, service_certificate, crypto_session_.get(),
crypto_session_.get(), policy_engine_.get())) policy_engine_.get()))
return LICENSE_PARSER_INIT_ERROR; return LICENSE_PARSER_INIT_ERROR;
license_received_ = false; license_received_ = false;
@@ -214,32 +207,37 @@ CdmResponseType CdmSession::RestoreOfflineSession(
&offline_key_renewal_response_, &offline_release_server_url_, &offline_key_renewal_response_, &offline_release_server_url_,
&playback_start_time, &last_playback_time, &grace_period_end_time, &playback_start_time, &last_playback_time, &grace_period_end_time,
&app_parameters_, &usage_entry_, &usage_entry_number_)) { &app_parameters_, &usage_entry_, &usage_entry_number_)) {
LOGE("CdmSession::RestoreOfflineSession: failed to retrieve license. " LOGE(
"key set id = %s", key_set_id.c_str()); "CdmSession::RestoreOfflineSession: failed to retrieve license. "
"key set id = %s",
key_set_id.c_str());
return GET_LICENSE_ERROR; return GET_LICENSE_ERROR;
} }
// Do not restore a released offline license, unless a release retry // Do not restore a released offline license, unless a release retry
if (!(license_type == kLicenseTypeRelease || if (!(license_type == kLicenseTypeRelease ||
license_state == DeviceFiles::kLicenseStateActive)) { license_state == DeviceFiles::kLicenseStateActive)) {
LOGE("CdmSession::RestoreOfflineSession: invalid offline license state = " LOGE(
"%d, type = %d", license_state, license_type); "CdmSession::RestoreOfflineSession: invalid offline license state = "
"%d, type = %d",
license_state, license_type);
return GET_RELEASED_LICENSE_ERROR; return GET_RELEASED_LICENSE_ERROR;
} }
std::string provider_session_token; std::string provider_session_token;
if (usage_support_type_ == kUsageEntrySupport) { if (usage_support_type_ == kUsageEntrySupport) {
if (!license_parser_->ExtractProviderSessionToken( if (!license_parser_->ExtractProviderSessionToken(
key_response_, &provider_session_token) || key_response_, &provider_session_token) ||
usage_table_header_ == NULL) { usage_table_header_ == NULL) {
provider_session_token.clear(); provider_session_token.clear();
} else { } else {
CdmResponseType sts = CdmResponseType sts = usage_table_header_->LoadEntry(
usage_table_header_->LoadEntry(crypto_session_.get(), usage_entry_, crypto_session_.get(), usage_entry_, usage_entry_number_);
usage_entry_number_);
if (sts != NO_ERROR) { if (sts != NO_ERROR) {
LOGE("CdmSession::RestoreOfflineSession: failed to load usage entry = " LOGE(
"%d", sts); "CdmSession::RestoreOfflineSession: failed to load usage entry = "
"%d",
sts);
return sts; return sts;
} }
} }
@@ -264,12 +262,15 @@ CdmResponseType CdmSession::RestoreOfflineSession(
CdmResponseType sts = CdmResponseType sts =
usage_table_header_->UpdateEntry(crypto_session_.get(), &usage_entry_); usage_table_header_->UpdateEntry(crypto_session_.get(), &usage_entry_);
if (sts != NO_ERROR) { if (sts != NO_ERROR) {
LOGE("CdmSession::RestoreOfflineSession failed to update usage entry = " LOGE(
"%d", sts); "CdmSession::RestoreOfflineSession failed to update usage entry = "
"%d",
sts);
return sts; return sts;
} }
if (!StoreLicense(license_state)) { if (!StoreLicense(license_state)) {
LOGW("CdmSession::RestoreUsageSession: unable to save updated usage " LOGW(
"CdmSession::RestoreUsageSession: unable to save updated usage "
"info"); "info");
} }
} }
@@ -302,7 +303,7 @@ CdmResponseType CdmSession::RestoreUsageSession(
crypto_session_.get(), usage_entry_, usage_entry_number_); crypto_session_.get(), usage_entry_, usage_entry_number_);
if (sts != NO_ERROR) { if (sts != NO_ERROR) {
LOGE("CdmSession::RestoreUsageSession: failed to load usage entry = %d", LOGE("CdmSession::RestoreUsageSession: failed to load usage entry = %d",
sts); sts);
return sts; return sts;
} }
} }
@@ -317,11 +318,12 @@ CdmResponseType CdmSession::RestoreUsageSession(
usage_table_header_->UpdateEntry(crypto_session_.get(), &usage_entry_); usage_table_header_->UpdateEntry(crypto_session_.get(), &usage_entry_);
if (sts != NO_ERROR) { if (sts != NO_ERROR) {
LOGE("CdmSession::RestoreUsageSession: failed to update usage entry: %d", LOGE("CdmSession::RestoreUsageSession: failed to update usage entry: %d",
sts); sts);
return sts; return sts;
} }
if (!UpdateUsageInfo()) { if (!UpdateUsageInfo()) {
LOGW("CdmSession::RestoreUsageSession: unable to save updated usage " LOGW(
"CdmSession::RestoreUsageSession: unable to save updated usage "
"info"); "info");
} }
} }
@@ -376,8 +378,12 @@ CdmResponseType CdmSession::GenerateKeyRequestInternal(
case kLicenseTypeRelease: case kLicenseTypeRelease:
is_release_ = true; is_release_ = true;
break; break;
case kLicenseTypeSubSession: // TODO(jfore): CdmSession assumes a call to this method once a license has
return license_parser_->HandleSubLicense(init_data); // been received is a call to generate a license renewal message. Use of
// this enum differentiates the two calls. See "else if (license_received_)"
// below.
case kLicenseTypeEmbeddedKeyData:
return license_parser_->HandleEmbeddedKeyData(init_data);
default: default:
LOGE("CdmSession::GenerateKeyRequest: unrecognized license type: %ld", LOGE("CdmSession::GenerateKeyRequest: unrecognized license type: %ld",
license_type); license_type);
@@ -419,11 +425,9 @@ CdmResponseType CdmSession::GenerateKeyRequestInternal(
app_parameters_ = app_parameters; app_parameters_ = app_parameters;
CdmResponseType status = license_parser_->PrepareKeyRequest( CdmResponseType status = license_parser_->PrepareKeyRequest(
init_data, license_type, init_data, license_type, app_parameters, &key_request->message,
app_parameters, &key_request->message, &key_request->url);
&key_request->url); if (status != KEY_MESSAGE) return status;
if (status != KEY_MESSAGE)
return status;
key_request_ = key_request->message; key_request_ = key_request->message;
if (is_offline_) { if (is_offline_) {
@@ -476,13 +480,10 @@ CdmResponseType CdmSession::AddKeyInternal(const CdmKeyResponse& key_response) {
// Update or delete entry if usage table header+entries are supported // Update or delete entry if usage table header+entries are supported
if (usage_support_type_ == kUsageEntrySupport && if (usage_support_type_ == kUsageEntrySupport &&
!provider_session_token.empty() && !provider_session_token.empty() && usage_table_header_ != NULL) {
usage_table_header_ != NULL) {
if (sts != KEY_ADDED) { if (sts != KEY_ADDED) {
CdmResponseType delete_sts = CdmResponseType delete_sts = usage_table_header_->DeleteEntry(
usage_table_header_->DeleteEntry(usage_entry_number_, usage_entry_number_, file_handle_.get(), crypto_metrics_);
file_handle_.get(),
crypto_metrics_);
if (delete_sts != NO_ERROR) { if (delete_sts != NO_ERROR) {
LOGW("CdmSession::AddKey: Delete usage entry failed = %d", LOGW("CdmSession::AddKey: Delete usage entry failed = %d",
delete_sts); delete_sts);
@@ -578,17 +579,16 @@ CdmResponseType CdmSession::Decrypt(const CdmDecryptionParameters& params) {
// Playback may not begin until either the start time passes or the license // Playback may not begin until either the start time passes or the license
// is updated, so we treat this Decrypt call as invalid. // is updated, so we treat this Decrypt call as invalid.
if (params.is_encrypted) { if (params.is_encrypted &&
if (!policy_engine_->CanDecryptContent(*params.key_id)) { !policy_engine_->CanDecryptContent(*params.key_id)) {
if (policy_engine_->IsLicenseForFuture()) if (policy_engine_->IsLicenseForFuture()) return DECRYPT_NOT_READY;
return DECRYPT_NOT_READY; if (!policy_engine_->IsSufficientOutputProtection(*params.key_id))
if (!policy_engine_->IsSufficientOutputProtection(*params.key_id)) return INSUFFICIENT_OUTPUT_PROTECTION;
return INSUFFICIENT_OUTPUT_PROTECTION; return NEED_KEY;
return NEED_KEY; }
}
if (!policy_engine_->CanUseKey(*params.key_id, security_level_)) if (!policy_engine_->CanUseKey(*params.key_id, security_level_)) {
return KEY_PROHIBITED_FOR_SECURITY_LEVEL; return KEY_PROHIBITED_FOR_SECURITY_LEVEL;
} }
CdmResponseType status = crypto_session_->Decrypt(params); CdmResponseType status = crypto_session_->Decrypt(params);
@@ -616,8 +616,7 @@ CdmResponseType CdmSession::Decrypt(const CdmDecryptionParameters& params) {
// License renewal // License renewal
// GenerateRenewalRequest() - Construct valid renewal request for the current // GenerateRenewalRequest() - Construct valid renewal request for the current
// session keys. // session keys.
CdmResponseType CdmSession::GenerateRenewalRequest( CdmResponseType CdmSession::GenerateRenewalRequest(CdmKeyRequest* key_request) {
CdmKeyRequest* key_request) {
if (!initialized_) { if (!initialized_) {
LOGE("CdmSession::GenerateRenewalRequest: not initialized"); LOGE("CdmSession::GenerateRenewalRequest: not initialized");
return NOT_INITIALIZED_ERROR; return NOT_INITIALIZED_ERROR;
@@ -659,8 +658,7 @@ CdmResponseType CdmSession::RenewKey(const CdmKeyResponse& key_response) {
return KEY_ADDED; return KEY_ADDED;
} }
CdmResponseType CdmSession::GenerateReleaseRequest( CdmResponseType CdmSession::GenerateReleaseRequest(CdmKeyRequest* key_request) {
CdmKeyRequest* key_request) {
if (!initialized_) { if (!initialized_) {
LOGE("CdmSession::GenerateReleaseRequest: not initialized"); LOGE("CdmSession::GenerateReleaseRequest: not initialized");
return NOT_INITIALIZED_ERROR; return NOT_INITIALIZED_ERROR;
@@ -677,11 +675,13 @@ CdmResponseType CdmSession::GenerateReleaseRequest(
if (has_provider_session_token() && if (has_provider_session_token() &&
usage_support_type_ == kUsageEntrySupport) { usage_support_type_ == kUsageEntrySupport) {
status = usage_table_header_->UpdateEntry(crypto_session_.get(), status =
&usage_entry_); usage_table_header_->UpdateEntry(crypto_session_.get(), &usage_entry_);
if (status != NO_ERROR) { if (status != NO_ERROR) {
LOGE("CdmSession::GenerateReleaseRequest: Update usage entry failed = " LOGE(
"%d", status); "CdmSession::GenerateReleaseRequest: Update usage entry failed = "
"%d",
status);
return status; return status;
} }
} }
@@ -691,8 +691,7 @@ CdmResponseType CdmSession::GenerateReleaseRequest(
return RELEASE_KEY_REQUEST_ERROR; return RELEASE_KEY_REQUEST_ERROR;
} else if (!usage_provider_session_token_.empty()) { } else if (!usage_provider_session_token_.empty()) {
if (usage_support_type_ == kUsageEntrySupport) { if (usage_support_type_ == kUsageEntrySupport) {
if (!UpdateUsageInfo()) if (!UpdateUsageInfo()) return RELEASE_USAGE_INFO_FAILED;
return RELEASE_USAGE_INFO_FAILED;
} }
} }
@@ -725,7 +724,7 @@ CdmResponseType CdmSession::DeleteUsageEntry(uint32_t usage_entry_number) {
} }
if (usage_support_type_ != kUsageEntrySupport) { if (usage_support_type_ != kUsageEntrySupport) {
LOGE("CdmSession::DeleteUsageEntry: Unexpected usage type supported: %d", LOGE("CdmSession::DeleteUsageEntry: Unexpected usage type supported: %d",
usage_support_type_); usage_support_type_);
return INCORRECT_USAGE_SUPPORT_TYPE_1; return INCORRECT_USAGE_SUPPORT_TYPE_1;
} }
@@ -734,12 +733,8 @@ CdmResponseType CdmSession::DeleteUsageEntry(uint32_t usage_entry_number) {
CdmResponseType sts; CdmResponseType sts;
crypto_session_->Close(); crypto_session_->Close();
crypto_session_.reset(new CryptoSession(crypto_metrics_)); crypto_session_.reset(new CryptoSession(crypto_metrics_));
M_TIME( M_TIME(sts = crypto_session_->Open(requested_security_level_),
sts = crypto_session_->Open(requested_security_level_), crypto_metrics_, crypto_session_open_, sts, requested_security_level_);
crypto_metrics_,
crypto_session_open_,
sts,
requested_security_level_);
if (sts != NO_ERROR) return sts; if (sts != NO_ERROR) return sts;
usage_table_header_ = NULL; usage_table_header_ = NULL;
@@ -756,8 +751,7 @@ CdmResponseType CdmSession::DeleteUsageEntry(uint32_t usage_entry_number) {
} }
return usage_table_header_->DeleteEntry(usage_entry_number, return usage_table_header_->DeleteEntry(usage_entry_number,
file_handle_.get(), file_handle_.get(), crypto_metrics_);
crypto_metrics_);
} }
bool CdmSession::IsKeyLoaded(const KeyId& key_id) { bool CdmSession::IsKeyLoaded(const KeyId& key_id) {
@@ -833,11 +827,10 @@ CdmResponseType CdmSession::StoreLicense() {
std::string app_id; std::string app_id;
GetApplicationId(&app_id); GetApplicationId(&app_id);
if (!file_handle_->StoreUsageInfo(provider_session_token, key_request_, if (!file_handle_->StoreUsageInfo(
key_response_, provider_session_token, key_request_, key_response_,
DeviceFiles::GetUsageInfoFileName(app_id), DeviceFiles::GetUsageInfoFileName(app_id), key_set_id_, usage_entry_,
key_set_id_, usage_entry_, usage_entry_number_)) {
usage_entry_number_)) {
LOGE("CdmSession::StoreLicense: Unable to store usage info"); LOGE("CdmSession::StoreLicense: Unable to store usage info");
// Usage info file is corrupt. Delete current usage entry and file. // Usage info file is corrupt. Delete current usage entry and file.
switch (usage_support_type_) { switch (usage_support_type_) {
@@ -969,11 +962,8 @@ CdmResponseType CdmSession::UpdateUsageTableInformation() {
crypto_session_->GetUsageSupportType(&usage_support_type); crypto_session_->GetUsageSupportType(&usage_support_type);
if (sts == NO_ERROR && usage_support_type == kUsageTableSupport) { if (sts == NO_ERROR && usage_support_type == kUsageTableSupport) {
M_TIME( M_TIME(sts = crypto_session_->UpdateUsageInformation(), crypto_metrics_,
sts = crypto_session_->UpdateUsageInformation(), crypto_session_update_usage_information_, sts);
crypto_metrics_,
crypto_session_update_usage_information_,
sts);
return sts; return sts;
} }
@@ -982,12 +972,12 @@ CdmResponseType CdmSession::UpdateUsageTableInformation() {
CdmResponseType CdmSession::UpdateUsageEntryInformation() { CdmResponseType CdmSession::UpdateUsageEntryInformation() {
if (usage_support_type_ != kUsageEntrySupport || if (usage_support_type_ != kUsageEntrySupport ||
!has_provider_session_token() || !has_provider_session_token() || usage_table_header_ == NULL) {
usage_table_header_ == NULL) { LOGE(
LOGE("CdmSession::UpdateUsageEntryInformation: Unexpected state, " "CdmSession::UpdateUsageEntryInformation: Unexpected state, "
"usage support type: %d, PST present: %s, usage table header available" "usage support type: %d, PST present: %s, usage table header available"
": %s", usage_support_type_, ": %s",
has_provider_session_token() ? "yes" : "no", usage_support_type_, has_provider_session_token() ? "yes" : "no",
usage_table_header_ == NULL ? "no" : "yes"); usage_table_header_ == NULL ? "no" : "yes");
return INCORRECT_USAGE_SUPPORT_TYPE_2; return INCORRECT_USAGE_SUPPORT_TYPE_2;
} }
@@ -1003,9 +993,8 @@ CdmResponseType CdmSession::UpdateUsageEntryInformation() {
if (sts != NO_ERROR) return sts; if (sts != NO_ERROR) return sts;
if (is_offline_) if (is_offline_)
StoreLicense(is_release_ StoreLicense(is_release_ ? DeviceFiles::kLicenseStateReleasing
? DeviceFiles::kLicenseStateReleasing : DeviceFiles::kLicenseStateActive);
: DeviceFiles::kLicenseStateActive);
else if (!usage_provider_session_token_.empty()) else if (!usage_provider_session_token_.empty())
UpdateUsageInfo(); UpdateUsageInfo();
@@ -1022,18 +1011,10 @@ CdmResponseType CdmSession::GenericEncrypt(const std::string& in_buffer,
return PARAMETER_NULL; return PARAMETER_NULL;
} }
CdmResponseType sts; CdmResponseType sts;
M_TIME( M_TIME(sts = crypto_session_->GenericEncrypt(in_buffer, key_id, iv, algorithm,
sts = crypto_session_->GenericEncrypt( out_buffer),
in_buffer, crypto_metrics_, crypto_session_generic_encrypt_, sts,
key_id, metrics::Pow2Bucket(in_buffer.size()), algorithm);
iv,
algorithm,
out_buffer),
crypto_metrics_,
crypto_session_generic_encrypt_,
sts,
metrics::Pow2Bucket(in_buffer.size()),
algorithm);
return sts; return sts;
} }
@@ -1047,18 +1028,10 @@ CdmResponseType CdmSession::GenericDecrypt(const std::string& in_buffer,
return PARAMETER_NULL; return PARAMETER_NULL;
} }
CdmResponseType sts; CdmResponseType sts;
M_TIME( M_TIME(sts = crypto_session_->GenericDecrypt(in_buffer, key_id, iv, algorithm,
sts = crypto_session_->GenericDecrypt( out_buffer),
in_buffer, crypto_metrics_, crypto_session_generic_decrypt_, sts,
key_id, metrics::Pow2Bucket(in_buffer.size()), algorithm);
iv,
algorithm,
out_buffer),
crypto_metrics_,
crypto_session_generic_decrypt_,
sts,
metrics::Pow2Bucket(in_buffer.size()),
algorithm);
return sts; return sts;
} }
@@ -1072,16 +1045,9 @@ CdmResponseType CdmSession::GenericSign(const std::string& message,
} }
CdmResponseType sts; CdmResponseType sts;
M_TIME( M_TIME(
sts = crypto_session_->GenericSign( sts = crypto_session_->GenericSign(message, key_id, algorithm, signature),
message, crypto_metrics_, crypto_session_generic_sign_, sts,
key_id, metrics::Pow2Bucket(message.size()), algorithm);
algorithm,
signature),
crypto_metrics_,
crypto_session_generic_sign_,
sts,
metrics::Pow2Bucket(message.size()),
algorithm);
return sts; return sts;
} }
@@ -1090,17 +1056,10 @@ CdmResponseType CdmSession::GenericVerify(const std::string& message,
CdmSigningAlgorithm algorithm, CdmSigningAlgorithm algorithm,
const std::string& signature) { const std::string& signature) {
CdmResponseType sts; CdmResponseType sts;
M_TIME( M_TIME(sts = crypto_session_->GenericVerify(message, key_id, algorithm,
sts = crypto_session_->GenericVerify( signature),
message, crypto_metrics_, crypto_session_generic_verify_, sts,
key_id, metrics::Pow2Bucket(message.size()), algorithm);
algorithm,
signature),
crypto_metrics_,
crypto_session_generic_verify_,
sts,
metrics::Pow2Bucket(message.size()),
algorithm);
return sts; return sts;
} }
@@ -1117,8 +1076,7 @@ bool CdmSession::UpdateUsageInfo() {
usage_data.usage_entry_number = usage_entry_number_; usage_data.usage_entry_number = usage_entry_number_;
return file_handle_->UpdateUsageInfo( return file_handle_->UpdateUsageInfo(
DeviceFiles::GetUsageInfoFileName(app_id), DeviceFiles::GetUsageInfoFileName(app_id), usage_provider_session_token_,
usage_provider_session_token_,
usage_data); usage_data);
} }

187
libwvdrmengine/cdm/core/src/license.cpp
View File

@@ -212,7 +212,8 @@ CdmLicense::CdmLicense(const CdmSessionId& session_id)
renew_with_client_id_(false), renew_with_client_id_(false),
is_offline_(false), is_offline_(false),
use_privacy_mode_(false), use_privacy_mode_(false),
clock_(new Clock()) {} clock_(new Clock()),
license_key_type_(kLicenseKeyTypeContent) {}
CdmLicense::CdmLicense(const CdmSessionId& session_id, Clock* clock) CdmLicense::CdmLicense(const CdmSessionId& session_id, Clock* clock)
: crypto_session_(NULL), : crypto_session_(NULL),
@@ -221,7 +222,8 @@ CdmLicense::CdmLicense(const CdmSessionId& session_id, Clock* clock)
initialized_(false), initialized_(false),
renew_with_client_id_(false), renew_with_client_id_(false),
is_offline_(false), is_offline_(false),
use_privacy_mode_(false) { use_privacy_mode_(false),
license_key_type_(kLicenseKeyTypeContent) {
clock_.reset(clock); clock_.reset(clock);
} }
@@ -638,6 +640,7 @@ CdmResponseType CdmLicense::HandleKeyResponse(
LOGE("CdmLicense::HandleKeyResponse : No content keys."); LOGE("CdmLicense::HandleKeyResponse : No content keys.");
return NO_CONTENT_KEY; return NO_CONTENT_KEY;
} }
license_key_type_ = key_type;
if (license.has_srm_update()) crypto_session_->LoadSrm(license.srm_update()); if (license.has_srm_update()) crypto_session_->LoadSrm(license.srm_update());
@@ -661,6 +664,7 @@ CdmResponseType CdmLicense::HandleKeyResponse(
CdmResponseType resp = NO_CONTENT_KEY; CdmResponseType resp = NO_CONTENT_KEY;
if (kLicenseKeyTypeEntitlement == key_type) { if (kLicenseKeyTypeEntitlement == key_type) {
entitlement_key_array_ = key_array;
resp = HandleEntitlementKeyResponse(signed_response.msg(), resp = HandleEntitlementKeyResponse(signed_response.msg(),
signed_response.signature(), mac_key_iv, signed_response.signature(), mac_key_iv,
mac_key, key_array, license); mac_key, key_array, license);
@@ -752,55 +756,11 @@ CdmResponseType CdmLicense::HandleKeyUpdateResponse(
} }
} }
CdmResponseType CdmLicense::HandleSubLicense( CdmResponseType CdmLicense::HandleEmbeddedKeyData(
const InitializationData& init_data) { const InitializationData& init_data) {
std::vector<video_widevine::SubLicense> subkeys = return (license_key_type_ == kLicenseKeyTypeEntitlement
init_data.ExtractSublicenseKeys(); ? HandleNewEntitledKeys(init_data.ExtractWrappedKeys())
std::set<KeyId> loaded_keys; : HandleSubLicense(init_data));
// Build a license with the rotated keys.
License license;
for (size_t i = 0; i < subkeys.size(); ++i) {
SignedMessage sm;
if (!sm.ParseFromString(subkeys[i].key_msg())) {
return LICENSE_REQUEST_INVALID_SUBLICENSE;
}
License_KeyContainer keyc;
if (!keyc.ParseFromString(sm.msg())) {
return LICENSE_REQUEST_INVALID_SUBLICENSE;
}
size_t length;
std::vector<CryptoKey> keys;
keys.resize(1);
keys[0].set_key_id(keyc.id());
// Strip PKCS#5 padding from sublicense content keys.
// TODO(jfore): Refactor this to use ExtractContentKeys.
if (keyc.key().size() > KEY_SIZE) {
length = keyc.key().size() - KEY_SIZE;
} else {
length = 0;
}
keys[0].set_key_data(keyc.key().substr(0, length));
keys[0].set_key_data_iv(keyc.iv());
keys[0].set_key_control(keyc.key_control().key_control_block());
keys[0].set_key_control_iv(keyc.key_control().iv());
keys[0].set_track_label(keyc.track_label());
//TODO: passing empty cipher_mode and srm_req params - OK?
CdmResponseType result = crypto_session_->LoadKeys(
sm.msg(), sm.signature(), std::string(), std::string(), keys,
std::string(), std::string(), kLicenseKeyTypeContent);
if (result != KEY_ADDED) {
LOGE("CdmLicense::HandleSubLicense: LoadKeys() call failed, result=%d",
result);
return result;
}
loaded_keys.insert(keyc.id());
*license.add_key() = keyc;
}
loaded_keys_.swap(loaded_keys);
policy_engine_->UpdateLicenseKeys(license);
return KEY_MESSAGE;
} }
bool CdmLicense::RestoreOfflineLicense( bool CdmLicense::RestoreOfflineLicense(
@@ -1143,61 +1103,112 @@ CdmResponseType CdmLicense::HandleEntitlementKeyResponse(
return resp; return resp;
} }
std::vector<CryptoKey> entitled_key_array; // Save the entitlement keys for future use to handle key changes.
entitled_key_array.reserve(key_array.size()); entitlement_keys_.CopyFrom(license.key());
policy_engine_->SetLicense(license);
for (std::vector<video_widevine::WrappedKey>::iterator wk = return HandleNewEntitledKeys(wrapped_keys_);
wrapped_keys_.begin(); }
wk != wrapped_keys_.end(); wk++) {
for (std::vector<CryptoKey>::const_iterator key = key_array.begin(); CdmResponseType CdmLicense::HandleNewEntitledKeys(
key != key_array.end(); key++) { const std::vector<WidevinePsshData_EntitledKey>& wrapped_keys) {
if (wk->wrapping_key_id() == key->key_id()) { std::vector<CryptoKey> entitled_key_array;
entitled_key_array.reserve(entitlement_keys_.size());
for (RepeatedPtrField<License_KeyContainer>::const_iterator kc =
entitlement_keys_.begin();
kc != entitlement_keys_.end(); kc++) {
if (kc->type() != video_widevine::License::KeyContainer::ENTITLEMENT) {
continue;
}
for (std::vector<WidevinePsshData_EntitledKey>::const_iterator wk =
wrapped_keys.begin();
wk != wrapped_keys.end(); wk++) {
if (wk->entitlement_key_id() == kc->id()) {
// Add a new entry to the key array to load oemcrypto.
entitled_key_array.resize(entitled_key_array.size() + 1); entitled_key_array.resize(entitled_key_array.size() + 1);
// Strip PKCS#5 padding from entitled content keys.
std::string content_key = wk->key();
if (content_key.size() > KEY_SIZE) {
content_key.resize(KEY_SIZE);
}
CryptoKey& this_entry = entitled_key_array.back(); CryptoKey& this_entry = entitled_key_array.back();
this_entry.set_key_id(wk->key_id()); this_entry.set_key_id(wk->key_id());
this_entry.set_key_data(wk->wrapped_key()); this_entry.set_key_data_iv(wk->iv());
this_entry.set_key_data_iv(wk->wrapping_iv()); this_entry.set_entitlement_key_id(wk->entitlement_key_id());
this_entry.set_entitlement_key_id(wk->wrapping_key_id()); this_entry.set_key_data(content_key);
} }
} }
} }
resp = crypto_session_->LoadEntitledContentKeys(entitled_key_array); CdmResponseType resp =
crypto_session_->LoadEntitledContentKeys(entitled_key_array);
if (KEY_ADDED == resp) { if (KEY_ADDED == resp) {
loaded_keys_.clear(); loaded_keys_.clear();
for (std::vector<video_widevine::WrappedKey>::const_iterator it = for (std::vector<WidevinePsshData_EntitledKey>::const_iterator it =
wrapped_keys_.begin(); wrapped_keys.begin();
it != wrapped_keys_.end(); ++it) { it != wrapped_keys.end(); ++it) {
loaded_keys_.insert(it->key_id()); loaded_keys_.insert(it->key_id());
} }
// TODO(jfore): Move the information to build this "license" to the policy_engine_->SetEntitledLicenseKeys(wrapped_keys);
// entitlement key session. It is used to update the policy engine and
// key status when using entitlement licenses. It may become unnecessary
// if policy manager ius changed to allow setting keys from the wrapped
// keys from init_data.
video_widevine::License entitled_license;
entitled_license.mutable_policy()->CopyFrom(license.policy());
entitled_license.mutable_id()->CopyFrom(license.id());
entitled_license.mutable_key()->CopyFrom(license.key());
entitled_license.set_license_start_time(license.license_start_time());
for (size_t i = 0; i < wrapped_keys_.size(); ++i) {
for (int x = 0; x < entitled_license.key().size(); ++x) {
if (entitled_license.key(x).id() ==
wrapped_keys_[i].wrapping_key_id()) {
video_widevine::License::KeyContainer* kc =
entitled_license.mutable_key(x);
kc->set_type(video_widevine::License::KeyContainer::CONTENT);
kc->set_key(wrapped_keys_[i].wrapped_key());
kc->set_id(wrapped_keys_[i].key_id());
}
}
}
policy_engine_->SetLicense(entitled_license);
} }
return resp; return resp;
} }
CdmResponseType CdmLicense::HandleSubLicense(
const InitializationData& init_data) {
std::vector<video_widevine::SubLicense> subkeys =
init_data.ExtractSublicenseKeys();
std::set<KeyId> loaded_keys;
// Build a license with the rotated keys.
License license;
for (size_t i = 0; i < subkeys.size(); ++i) {
SignedMessage sm;
if (!sm.ParseFromString(subkeys[i].key_msg())) {
return LICENSE_REQUEST_INVALID_SUBLICENSE;
}
License_KeyContainer keyc;
if (!keyc.ParseFromString(sm.msg())) {
return LICENSE_REQUEST_INVALID_SUBLICENSE;
}
size_t length;
std::vector<CryptoKey> keys;
keys.resize(1);
keys[0].set_key_id(keyc.id());
// Strip PKCS#5 padding from sublicense content keys.
// TODO(jfore): Refactor this to use ExtractContentKeys.
if (keyc.key().size() > KEY_SIZE) {
length = keyc.key().size() - KEY_SIZE;
} else {
length = 0;
}
keys[0].set_key_data(keyc.key().substr(0, length));
keys[0].set_key_data_iv(keyc.iv());
keys[0].set_key_control(keyc.key_control().key_control_block());
keys[0].set_key_control_iv(keyc.key_control().iv());
keys[0].set_track_label(keyc.track_label());
// TODO: passing empty cipher_mode and srm_req params - OK?
CdmResponseType result = crypto_session_->LoadKeys(
sm.msg(), sm.signature(), std::string(), std::string(), keys,
std::string(), std::string(), kLicenseKeyTypeContent);
if (result != KEY_ADDED) {
LOGE("CdmLicense::HandleSubLicense: LoadKeys() call failed, result=%d",
result);
return result;
}
loaded_keys.insert(keyc.id());
*license.add_key() = keyc;
}
loaded_keys_.swap(loaded_keys);
policy_engine_->UpdateLicenseKeys(license);
return KEY_MESSAGE;
}
template <typename T> template <typename T>
bool CdmLicense::SetTypeAndId(CdmLicenseType license_type, bool CdmLicense::SetTypeAndId(CdmLicenseType license_type,
const std::string& request_id, T* content_id) { const std::string& request_id, T* content_id) {

65
libwvdrmengine/cdm/core/src/license_key_status.cpp
View File

@@ -35,9 +35,10 @@ wvcdm::CryptoSession::HdcpCapability ProtobufHdcpToOemCryptoHdcp(
case OutputProtection::HDCP_NO_DIGITAL_OUTPUT: case OutputProtection::HDCP_NO_DIGITAL_OUTPUT:
return HDCP_NO_DIGITAL_OUTPUT; return HDCP_NO_DIGITAL_OUTPUT;
default: default:
LOGE("ContentKeyStatus::ProtobufHdcpToOemCryptoHdcp: " LOGE(
"Unknown HDCP Level: input=%d, returning HDCP_NO_DIGITAL_OUTPUT", "ContentKeyStatus::ProtobufHdcpToOemCryptoHdcp: "
input); "Unknown HDCP Level: input=%d, returning HDCP_NO_DIGITAL_OUTPUT",
input);
return HDCP_NO_DIGITAL_OUTPUT; return HDCP_NO_DIGITAL_OUTPUT;
} }
} }
@@ -67,6 +68,8 @@ namespace wvcdm {
bool LicenseKeys::IsContentKey(const std::string& key_id) { bool LicenseKeys::IsContentKey(const std::string& key_id) {
if (keys_.count(key_id) > 0) { if (keys_.count(key_id) > 0) {
return keys_[key_id]->IsContentKey(); return keys_[key_id]->IsContentKey();
} else if (content_keyid_to_entitlement_key_id_.count(key_id) > 0) {
return true;
} else { } else {
return false; return false;
} }
@@ -75,6 +78,12 @@ bool LicenseKeys::IsContentKey(const std::string& key_id) {
bool LicenseKeys::CanDecryptContent(const std::string& key_id) { bool LicenseKeys::CanDecryptContent(const std::string& key_id) {
if (keys_.count(key_id) > 0) { if (keys_.count(key_id) > 0) {
return keys_[key_id]->CanDecryptContent(); return keys_[key_id]->CanDecryptContent();
} else if (content_keyid_to_entitlement_key_id_.count(key_id) > 0) {
if (keys_.count(content_keyid_to_entitlement_key_id_[key_id]) > 0) {
return keys_[content_keyid_to_entitlement_key_id_[key_id]]
->CanDecryptContent();
}
return false;
} else { } else {
return false; return false;
} }
@@ -84,6 +93,12 @@ bool LicenseKeys::GetAllowedUsage(const KeyId& key_id,
CdmKeyAllowedUsage* allowed_usage) { CdmKeyAllowedUsage* allowed_usage) {
if (keys_.count(key_id) > 0) { if (keys_.count(key_id) > 0) {
return keys_[key_id]->GetAllowedUsage(allowed_usage); return keys_[key_id]->GetAllowedUsage(allowed_usage);
} else if (content_keyid_to_entitlement_key_id_.count(key_id) > 0) {
if (keys_.count(content_keyid_to_entitlement_key_id_[key_id]) > 0) {
return keys_[content_keyid_to_entitlement_key_id_[key_id]]
->CanDecryptContent();
}
return false;
} else { } else {
return false; return false;
} }
@@ -140,29 +155,46 @@ void LicenseKeys::ApplyConstraints(
} }
} }
void LicenseKeys::SetFromLicense( void LicenseKeys::SetFromLicense(const video_widevine::License& license) {
const video_widevine::License& license) {
this->Clear(); this->Clear();
for (int32_t key_index = 0; key_index < license.key_size(); ++key_index) { for (int32_t key_index = 0; key_index < license.key_size(); ++key_index) {
const KeyContainer& key = license.key(key_index); const KeyContainer& key = license.key(key_index);
if (key.has_id() && (key.type() == KeyContainer::CONTENT || if (key.has_id() && (key.type() == KeyContainer::CONTENT ||
key.type() == KeyContainer::OPERATOR_SESSION)) { key.type() == KeyContainer::OPERATOR_SESSION ||
key.type() == KeyContainer::ENTITLEMENT)) {
const KeyId& key_id = key.id(); const KeyId& key_id = key.id();
keys_[key_id] = new LicenseKeyStatus(key); keys_[key_id] = new LicenseKeyStatus(key);
} }
} }
} }
LicenseKeyStatus::LicenseKeyStatus(const KeyContainer& key) : void LicenseKeys::SetEntitledKeys(
is_content_key_(false), const std::vector<WidevinePsshData_EntitledKey>& keys) {
key_status_(kKeyStatusInternalError), for (std::vector<WidevinePsshData_EntitledKey>::const_iterator key =
meets_constraints_(true), keys.begin();
default_hdcp_level_(HDCP_NONE) { key != keys.end(); key++) {
// Check to see if we have an entitlement key for this content key.
std::map<KeyId, LicenseKeyStatus*>::iterator entitlement =
keys_.find(key->entitlement_key_id());
if (entitlement == keys_.end()) {
continue;
}
// And set the new content key id.
content_keyid_to_entitlement_key_id_[key->key_id()] =
key->entitlement_key_id();
}
}
LicenseKeyStatus::LicenseKeyStatus(const KeyContainer& key)
: is_content_key_(false),
key_status_(kKeyStatusInternalError),
meets_constraints_(true),
default_hdcp_level_(HDCP_NONE) {
allowed_usage_.Clear(); allowed_usage_.Clear();
constraints_.Clear(); constraints_.Clear();
if (key.type() == KeyContainer::CONTENT) { if (key.type() == KeyContainer::CONTENT ||
key.type() == KeyContainer::ENTITLEMENT) {
ParseContentKey(key); ParseContentKey(key);
} else if (key.type() == KeyContainer::OPERATOR_SESSION) { } else if (key.type() == KeyContainer::OPERATOR_SESSION) {
ParseOperatorSessionKey(key); ParseOperatorSessionKey(key);
@@ -171,9 +203,8 @@ LicenseKeyStatus::LicenseKeyStatus(const KeyContainer& key) :
void LicenseKeyStatus::ParseContentKey(const KeyContainer& key) { void LicenseKeyStatus::ParseContentKey(const KeyContainer& key) {
is_content_key_ = true; is_content_key_ = true;
if (key.has_level() && if (key.has_level() && ((key.level() == KeyContainer::HW_SECURE_DECODE) ||
((key.level() == KeyContainer::HW_SECURE_DECODE) || (key.level() == KeyContainer::HW_SECURE_ALL))) {
(key.level() == KeyContainer::HW_SECURE_ALL))) {
allowed_usage_.decrypt_to_clear_buffer = false; allowed_usage_.decrypt_to_clear_buffer = false;
allowed_usage_.decrypt_to_secure_buffer = true; allowed_usage_.decrypt_to_secure_buffer = true;
} else { } else {
@@ -251,8 +282,7 @@ bool LicenseKeyStatus::CanDecryptContent() {
} }
bool LicenseKeyStatus::GetAllowedUsage(CdmKeyAllowedUsage* allowed_usage) { bool LicenseKeyStatus::GetAllowedUsage(CdmKeyAllowedUsage* allowed_usage) {
if (NULL == allowed_usage) if (NULL == allowed_usage) return false;
return false;
*allowed_usage = allowed_usage_; *allowed_usage = allowed_usage_;
return true; return true;
} }
@@ -288,7 +318,6 @@ bool LicenseKeyStatus::ApplyStatusChange(CdmKeyStatus new_status,
// device's current HDCP level. // device's current HDCP level.
void LicenseKeyStatus::ApplyConstraints( void LicenseKeyStatus::ApplyConstraints(
uint32_t video_pixels, CryptoSession::HdcpCapability new_hdcp_level) { uint32_t video_pixels, CryptoSession::HdcpCapability new_hdcp_level) {
VideoResolutionConstraint* current_constraint = NULL; VideoResolutionConstraint* current_constraint = NULL;
if (HasConstraints() && video_pixels != HDCP_UNSPECIFIED_VIDEO_RESOLUTION) { if (HasConstraints() && video_pixels != HDCP_UNSPECIFIED_VIDEO_RESOLUTION) {
current_constraint = GetConstraintForRes(video_pixels, constraints_); current_constraint = GetConstraintForRes(video_pixels, constraints_);

7
libwvdrmengine/cdm/core/src/license_protocol.proto
View File

@@ -103,8 +103,11 @@ message License {
CONTENT = 2; CONTENT = 2;
KEY_CONTROL = 3; KEY_CONTROL = 3;
OPERATOR_SESSION = 4; OPERATOR_SESSION = 4;
SUB_SESSION = 5; // TODO(jfore): Drop subsession type once subsession support is removed
ENTITLEMENT = 6; // from the cdm. For now, SUB_SESSION is defined as type 6 so that it
// is defined to satisfy the build.
SUB_SESSION = 6;
ENTITLEMENT = 5;
} }
// The SecurityLevel enumeration allows the server to communicate the level // The SecurityLevel enumeration allows the server to communicate the level

30
libwvdrmengine/cdm/core/src/policy_engine.cpp
View File

@@ -178,6 +178,11 @@ void PolicyEngine::UpdateLicenseKeys(const video_widevine::License& license) {
NotifyKeysChange(kKeyStatusUsable); NotifyKeysChange(kKeyStatusUsable);
} }
void PolicyEngine::SetEntitledLicenseKeys(
const std::vector<WidevinePsshData_EntitledKey>& entitled_keys) {
license_keys_->SetEntitledKeys(entitled_keys);
}
void PolicyEngine::SetLicenseForRelease(const License& license) { void PolicyEngine::SetLicenseForRelease(const License& license) {
license_id_.Clear(); license_id_.Clear();
license_id_.CopyFrom(license.id()); license_id_.CopyFrom(license.id());
@@ -257,9 +262,7 @@ void PolicyEngine::BeginDecryption() {
} }
} }
void PolicyEngine::DecryptionEvent() { void PolicyEngine::DecryptionEvent() { last_playback_time_ = GetCurrentTime(); }
last_playback_time_ = GetCurrentTime();
}
void PolicyEngine::NotifyResolution(uint32_t width, uint32_t height) { void PolicyEngine::NotifyResolution(uint32_t width, uint32_t height) {
SetDeviceResolution(width, height); SetDeviceResolution(width, height);
@@ -280,9 +283,8 @@ CdmResponseType PolicyEngine::Query(CdmQueryMap* query_response) {
} }
(*query_response)[QUERY_KEY_LICENSE_TYPE] = (*query_response)[QUERY_KEY_LICENSE_TYPE] =
license_id_.type() == video_widevine::STREAMING license_id_.type() == video_widevine::STREAMING ? QUERY_VALUE_STREAMING
? QUERY_VALUE_STREAMING : QUERY_VALUE_OFFLINE;
: QUERY_VALUE_OFFLINE;
(*query_response)[QUERY_KEY_PLAY_ALLOWED] = (*query_response)[QUERY_KEY_PLAY_ALLOWED] =
policy_.can_play() ? QUERY_VALUE_TRUE : QUERY_VALUE_FALSE; policy_.can_play() ? QUERY_VALUE_TRUE : QUERY_VALUE_FALSE;
(*query_response)[QUERY_KEY_PERSIST_ALLOWED] = (*query_response)[QUERY_KEY_PERSIST_ALLOWED] =
@@ -294,7 +296,8 @@ CdmResponseType PolicyEngine::Query(CdmQueryMap* query_response) {
ss.str(""); ss.str("");
ss << GetPlaybackDurationRemaining(current_time); ss << GetPlaybackDurationRemaining(current_time);
(*query_response)[QUERY_KEY_PLAYBACK_DURATION_REMAINING] = ss.str(); (*query_response)[QUERY_KEY_PLAYBACK_DURATION_REMAINING] = ss.str();
(*query_response)[QUERY_KEY_RENEWAL_SERVER_URL] = policy_.renewal_server_url(); (*query_response)[QUERY_KEY_RENEWAL_SERVER_URL] =
policy_.renewal_server_url();
return NO_ERROR; return NO_ERROR;
} }
@@ -419,10 +422,8 @@ int64_t PolicyEngine::GetRentalExpiryTime() {
} }
int64_t PolicyEngine::GetExpiryTime( int64_t PolicyEngine::GetExpiryTime(
int64_t current_time, int64_t current_time, bool ignore_soft_enforce_playback_duration) {
bool ignore_soft_enforce_playback_duration) { if (!HasPlaybackStarted(current_time)) return GetRentalExpiryTime();
if (!HasPlaybackStarted(current_time))
return GetRentalExpiryTime();
const int64_t hard_limit = GetHardLicenseExpiryTime(); const int64_t hard_limit = GetHardLicenseExpiryTime();
if (policy_.playback_duration_seconds() == 0) return hard_limit; if (policy_.playback_duration_seconds() == 0) return hard_limit;
@@ -433,8 +434,7 @@ int64_t PolicyEngine::GetExpiryTime(
const int64_t expiry_time = const int64_t expiry_time =
playback_start_time_ + policy_.playback_duration_seconds(); playback_start_time_ + policy_.playback_duration_seconds();
if (hard_limit == NEVER_EXPIRES) if (hard_limit == NEVER_EXPIRES) return expiry_time;
return expiry_time;
return std::min(hard_limit, expiry_time); return std::min(hard_limit, expiry_time);
} }
@@ -495,8 +495,8 @@ void PolicyEngine::NotifyKeysChange(CdmKeyStatus new_status) {
if (new_status == kKeyStatusUsable) { if (new_status == kKeyStatusUsable) {
CheckDeviceHdcpStatus(); CheckDeviceHdcpStatus();
} }
keys_changed = license_keys_->ApplyStatusChange(new_status, keys_changed =
&has_new_usable_key); license_keys_->ApplyStatusChange(new_status, &has_new_usable_key);
if (event_listener_ && keys_changed) { if (event_listener_ && keys_changed) {
CdmKeyStatusMap content_keys; CdmKeyStatusMap content_keys;
license_keys_->ExtractKeyStatuses(&content_keys); license_keys_->ExtractKeyStatuses(&content_keys);

46
libwvdrmengine/cdm/core/test/license_keys_unittest.cpp
View File

@@ -127,6 +127,20 @@ class LicenseKeysTest : public ::testing::Test {
key->set_id(key_id); key->set_id(key_id);
} }
virtual void AddEntitlementKey(
const KeyId& key_id, bool set_level = false,
KeyContainer::SecurityLevel level = KeyContainer::SW_SECURE_CRYPTO,
bool set_hdcp = false,
KeyContainer::OutputProtection::HDCP hdcp_value =
KeyContainer::OutputProtection::HDCP_NONE,
bool set_constraints = false,
std::vector<VideoResolutionConstraint>* constraints = NULL) {
AddContentKey(key_id, set_level, level, set_hdcp, hdcp_value,
set_constraints, constraints);
license_.mutable_key(license_.key_size() - 1)
->set_type(KeyContainer::ENTITLEMENT);
}
virtual void AddOperatorSessionKey( virtual void AddOperatorSessionKey(
const KeyId& key_id, bool set_perms = false, const KeyId& key_id, bool set_perms = false,
KeyFlag encrypt = kKeyFlagNull, KeyFlag decrypt = kKeyFlagNull, KeyFlag encrypt = kKeyFlagNull, KeyFlag decrypt = kKeyFlagNull,
@@ -375,6 +389,26 @@ TEST_F(LicenseKeysTest, ContentKey) {
EXPECT_TRUE(license_keys_.IsContentKey(c_key)); EXPECT_TRUE(license_keys_.IsContentKey(c_key));
} }
TEST_F(LicenseKeysTest, EntitlementKey) {
const KeyId e_key = "entitlement_key";
const KeyId c_key = "content_key";
AddEntitlementKey(e_key);
EXPECT_FALSE(license_keys_.IsContentKey(e_key));
license_keys_.SetFromLicense(license_);
// TODO(juce, rfrias): For simplicity entitlement keys are indicated as
// content keys. It doesn't break anything, but CanDecryptContent returns true
// for and entitlement key id.
EXPECT_TRUE(license_keys_.IsContentKey(e_key));
std::vector<WidevinePsshData_EntitledKey> entitled_keys(1);
entitled_keys[0].set_entitlement_key_id(e_key);
entitled_keys[0].set_key_id(c_key);
EXPECT_FALSE(license_keys_.IsContentKey(c_key));
license_keys_.SetEntitledKeys(entitled_keys);
EXPECT_TRUE(license_keys_.IsContentKey(c_key));
}
TEST_F(LicenseKeysTest, OperatorSessionKey) { TEST_F(LicenseKeysTest, OperatorSessionKey) {
const KeyId os_key = "op_sess_key"; const KeyId os_key = "op_sess_key";
EXPECT_FALSE(license_keys_.IsContentKey(os_key)); EXPECT_FALSE(license_keys_.IsContentKey(os_key));
@@ -387,13 +421,17 @@ TEST_F(LicenseKeysTest, OperatorSessionKey) {
TEST_F(LicenseKeysTest, CanDecrypt) { TEST_F(LicenseKeysTest, CanDecrypt) {
const KeyId os_key = "op_sess_key"; const KeyId os_key = "op_sess_key";
const KeyId c_key = "content_key"; const KeyId c_key = "content_key";
const KeyId e_key = "entitlement_key";
EXPECT_FALSE(license_keys_.CanDecryptContent(c_key)); EXPECT_FALSE(license_keys_.CanDecryptContent(c_key));
EXPECT_FALSE(license_keys_.CanDecryptContent(os_key)); EXPECT_FALSE(license_keys_.CanDecryptContent(os_key));
EXPECT_FALSE(license_keys_.CanDecryptContent(e_key));
AddOperatorSessionKey(os_key); AddOperatorSessionKey(os_key);
AddContentKey(c_key); AddContentKey(c_key);
AddEntitlementKey(e_key);
license_keys_.SetFromLicense(license_); license_keys_.SetFromLicense(license_);
EXPECT_FALSE(license_keys_.CanDecryptContent(c_key)); EXPECT_FALSE(license_keys_.CanDecryptContent(c_key));
EXPECT_FALSE(license_keys_.CanDecryptContent(os_key)); EXPECT_FALSE(license_keys_.CanDecryptContent(os_key));
EXPECT_FALSE(license_keys_.CanDecryptContent(e_key));
bool new_usable_keys = false; bool new_usable_keys = false;
bool any_change = false; bool any_change = false;
any_change = license_keys_.ApplyStatusChange(kKeyStatusUsable, any_change = license_keys_.ApplyStatusChange(kKeyStatusUsable,
@@ -409,15 +447,18 @@ TEST_F(LicenseKeysTest, CanDecrypt) {
EXPECT_FALSE(new_usable_keys); EXPECT_FALSE(new_usable_keys);
EXPECT_FALSE(license_keys_.CanDecryptContent(c_key)); EXPECT_FALSE(license_keys_.CanDecryptContent(c_key));
EXPECT_FALSE(license_keys_.CanDecryptContent(os_key)); EXPECT_FALSE(license_keys_.CanDecryptContent(os_key));
EXPECT_FALSE(license_keys_.CanDecryptContent(e_key));
} }
TEST_F(LicenseKeysTest, AllowedUsageNull) { TEST_F(LicenseKeysTest, AllowedUsageNull) {
const KeyId os_key = "op_sess_key"; const KeyId os_key = "op_sess_key";
const KeyId c_key = "content_key"; const KeyId c_key = "content_key";
const KeyId sign_key = "signing_key"; const KeyId sign_key = "signing_key";
const KeyId e_key = "entitlement_key";
AddOperatorSessionKey(os_key); AddOperatorSessionKey(os_key);
AddContentKey(c_key); AddContentKey(c_key);
AddSigningKey(sign_key); AddSigningKey(sign_key);
AddEntitlementKey(e_key);
license_keys_.SetFromLicense(license_); license_keys_.SetFromLicense(license_);
CdmKeyAllowedUsage usage_1; CdmKeyAllowedUsage usage_1;
EXPECT_FALSE(license_keys_.GetAllowedUsage(sign_key, &usage_1)); EXPECT_FALSE(license_keys_.GetAllowedUsage(sign_key, &usage_1));
@@ -431,6 +472,11 @@ TEST_F(LicenseKeysTest, AllowedUsageNull) {
EXPECT_TRUE(license_keys_.GetAllowedUsage(os_key, &usage_3)); EXPECT_TRUE(license_keys_.GetAllowedUsage(os_key, &usage_3));
ExpectAllowedUsageContent(usage_3, kContentClearFalse, kContentSecureFalse, ExpectAllowedUsageContent(usage_3, kContentClearFalse, kContentSecureFalse,
kKeySecurityLevelUnset); kKeySecurityLevelUnset);
CdmKeyAllowedUsage usage_4;
EXPECT_TRUE(license_keys_.GetAllowedUsage(os_key, &usage_4));
ExpectAllowedUsageContent(usage_4, kContentClearFalse, kContentSecureFalse,
kKeySecurityLevelUnset);
} }
TEST_F(LicenseKeysTest, AllowedUsageContent) { TEST_F(LicenseKeysTest, AllowedUsageContent) {

78
libwvdrmengine/cdm/core/test/policy_engine_unittest.cpp
View File

@@ -38,6 +38,7 @@ const int64_t kHighDuration =
const char* kRenewalServerUrl = const char* kRenewalServerUrl =
"https://test.google.com/license/GetCencLicense"; "https://test.google.com/license/GetCencLicense";
const KeyId kKeyId = "357adc89f1673433c36c621f1b5c41ee"; const KeyId kKeyId = "357adc89f1673433c36c621f1b5c41ee";
const KeyId kEntitlementKeyId = "entitlementkeyid";
const KeyId kAnotherKeyId = "another_key_id"; const KeyId kAnotherKeyId = "another_key_id";
const KeyId kSomeRandomKeyId = "some_random_key_id"; const KeyId kSomeRandomKeyId = "some_random_key_id";
const KeyId kUnknownKeyId = "some_random_unknown_key_id"; const KeyId kUnknownKeyId = "some_random_unknown_key_id";
@@ -157,6 +158,16 @@ class PolicyEngineTest : public ::testing::Test {
expected_has_new_usable_key)); expected_has_new_usable_key));
} }
void ExpectSessionKeysChange(CdmKeyStatus expected_key_status,
bool expected_has_new_usable_key,
KeyId expected_keyid) {
EXPECT_CALL(mock_event_listener_,
OnSessionKeysChange(
kSessionId, UnorderedElementsAre(
Pair(expected_keyid, expected_key_status)),
expected_has_new_usable_key));
}
void ExpectSessionKeysChange(CdmKeyStatus expected_key1_status, void ExpectSessionKeysChange(CdmKeyStatus expected_key1_status,
CdmKeyStatus expected_key2_status, CdmKeyStatus expected_key2_status,
bool expected_has_new_usable_key) { bool expected_has_new_usable_key) {
@@ -206,6 +217,73 @@ TEST_F(PolicyEngineTest, PlaybackSuccess_OfflineLicense) {
EXPECT_FALSE(policy_engine_->CanDecryptContent(kSomeRandomKeyId)); EXPECT_FALSE(policy_engine_->CanDecryptContent(kSomeRandomKeyId));
} }
TEST_F(PolicyEngineTest, PlaybackSuccess_EntitlementLicense) {
EXPECT_CALL(*mock_clock_, GetCurrentTime())
.WillOnce(Return(kLicenseStartTime + 1))
.WillOnce(Return(kPlaybackStartTime))
.WillOnce(Return(kLicenseStartTime + 10));
ExpectSessionKeysChange(kKeyStatusUsable, true, kEntitlementKeyId);
EXPECT_CALL(mock_event_listener_,
OnExpirationUpdate(_, kLicenseStartTime + kRentalDuration));
EXPECT_CALL(mock_event_listener_,
OnExpirationUpdate(_, kPlaybackStartTime + kPlaybackDuration));
EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _))
.WillRepeatedly(
DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT),
Return(true)));
License::KeyContainer* key = license_.mutable_key(0);
key->set_type(License::KeyContainer::ENTITLEMENT);
key->set_id(kEntitlementKeyId);
policy_engine_->SetLicense(license_);
policy_engine_->BeginDecryption();
policy_engine_->OnTimerEvent();
EXPECT_FALSE(policy_engine_->CanDecryptContent(kKeyId));
std::vector<WidevinePsshData_EntitledKey> entitled_keys(1);
entitled_keys[0].set_entitlement_key_id(kEntitlementKeyId);
entitled_keys[0].set_key_id(kKeyId);
policy_engine_->SetEntitledLicenseKeys(entitled_keys);
EXPECT_TRUE(policy_engine_->CanDecryptContent(kKeyId));
EXPECT_FALSE(policy_engine_->CanDecryptContent(kSomeRandomKeyId));
}
TEST_F(PolicyEngineTest, PlaybackSuccess_EntitlementLicenseExpiration) {
EXPECT_CALL(*mock_clock_, GetCurrentTime())
.WillOnce(Return(kLicenseStartTime + 1))
.WillOnce(Return(kPlaybackStartTime))
.WillOnce(Return(kPlaybackStartTime + kPlaybackDuration + 10))
.WillOnce(Return(kPlaybackStartTime + kPlaybackDuration + 11));
ExpectSessionKeysChange(kKeyStatusUsable, true, kEntitlementKeyId);
ExpectSessionKeysChange(kKeyStatusExpired, false, kEntitlementKeyId);
EXPECT_CALL(mock_event_listener_,
OnExpirationUpdate(_, kLicenseStartTime + kRentalDuration));
EXPECT_CALL(mock_event_listener_,
OnExpirationUpdate(_, kPlaybackStartTime + kPlaybackDuration));
License::KeyContainer* key = license_.mutable_key(0);
key->set_type(License::KeyContainer::ENTITLEMENT);
key->set_id(kEntitlementKeyId);
policy_engine_->SetLicense(license_);
policy_engine_->BeginDecryption();
policy_engine_->OnTimerEvent();
EXPECT_FALSE(policy_engine_->CanDecryptContent(kKeyId));
std::vector<WidevinePsshData_EntitledKey> entitled_keys(1);
entitled_keys[0].set_entitlement_key_id(kEntitlementKeyId);
entitled_keys[0].set_key_id(kKeyId);
policy_engine_->SetEntitledLicenseKeys(entitled_keys);
EXPECT_FALSE(policy_engine_->CanDecryptContent(kKeyId));
policy_engine_->OnTimerEvent();
EXPECT_FALSE(policy_engine_->CanDecryptContent(kKeyId));
}
TEST_F(PolicyEngineTest, PlaybackSuccess_StreamingLicense) { TEST_F(PolicyEngineTest, PlaybackSuccess_StreamingLicense) {
License_Policy* policy = license_.mutable_policy(); License_Policy* policy = license_.mutable_policy();
policy->set_license_duration_seconds(kLowDuration); policy->set_license_duration_seconds(kLowDuration);