widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
52bd1d206e815adba0b0eb8802bb83e3755be412
android/libwvdrmengine/cdm/core/include/certificate_provisioning.h
Rahul Frias 52bd1d206e Added an OTA keybox provisioner. 
[ Merge of http://go/wvgerrit/133729 ]

The OtaKeyboxProvisioner is a system-wide provisioner for sharing the
provisioning workflow between CDM engines.

Bug: 189232882
Test: GtsMediaTestCases
Change-Id: I873af3087cc05e1831bdd1d2c14fb002b73e6902

Added keybox provisioning proto fields.

[ Merge of http://go/wvgerrit/133730 and http://go/ag/15113032 ]

This CL copies over the required license_protocol.proto changes that
are required for OTA keybox provisioning.  These fields are defined in
the server-side certificate_provisioning.proto, defined in
http://cl/377533774.

Note, changes are slightly different from server proto due to the RVC
version of license_protocol.proto being out of date with SC and newer
changes.

Bug: 189232882
Test: run_x86_64_tests
Change-Id: I55fcf6a7ac2ba4b6026b9acc63e822ff33c431d9

Added OTA keybox provisioning device files.

[ Merge of http://go/wvgerrit/133743 and http://go/ag/15421141 ]

This change adds a new set of proto messages/fields the CDM's device
files for recording device and engine information around OTA keybox
provisioning (OKP).

To make cleanup and thread protection possible, there is a single file
which will contain all the information for the device as a whole and
each CDM engine tied to an app/origin.

Bug: 189232882
Test: Linux unit tests
Change-Id: Iaf80cd6342f32657e04416750d9b278d935821a5

Client ID for OKP requests.

[ Merge of http://go/wvgerrit/133744 and http://go/ag/15645331 ]

Extended the CDM ClientIdentification class to support a subset of
client info used for OKP requests.

Bug: 189232882
Test: Android unit tests
Merged-In: I6aafb4f2164efe69bc733ece0a912f0e91893b91
Change-Id: I6aafb4f2164efe69bc733ece0a912f0e91893b91
2021-10-20 17:50:00 -07:00

115 lines
4.6 KiB
C++
Raw Blame History

// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
// source code may only be used and distributed under the Widevine License
// Agreement.
#ifndef WVCDM_CORE_CERTIFICATE_PROVISIONING_H_
#define WVCDM_CORE_CERTIFICATE_PROVISIONING_H_
#include <memory>
#include <string>
#include "crypto_session.h"
#include "disallow_copy_and_assign.h"
#include "license_protocol.pb.h"
#include "metrics_collections.h"
#include "oemcrypto_adapter.h"
#include "service_certificate.h"
#include "wv_cdm_types.h"
namespace wvcdm {
class CdmClientPropertySet;
class CdmSession;
class FileSystem;
class ServiceCertificate;
class CertificateProvisioning {
public:
CertificateProvisioning(metrics::CryptoMetrics* metrics)
: crypto_session_(CryptoSession::MakeCryptoSession(metrics)),
cert_type_(kCertificateWidevine),
service_certificate_(new ServiceCertificate()) {}
~CertificateProvisioning() {}
CdmResponseType Init(const std::string& service_certificate);
// Construct a valid provisioning request.
// The request will be sent to the provisioning server.
CdmResponseType GetProvisioningRequest(SecurityLevel requested_security_level,
CdmCertificateType cert_type,
const std::string& cert_authority,
const std::string& origin,
const std::string& spoid,
CdmProvisioningRequest* request,
std::string* default_url);
// Process the provisioning response.
CdmResponseType HandleProvisioningResponse(
FileSystem* file_system, const CdmProvisioningResponse& response,
std::string* cert, std::string* wrapped_key);
bool supports_core_messages() const { return supports_core_messages_; }
// Helper methods
// Extract serial number and system ID from a DRM Device certificate.
// Either |serial_number| or |system_id| may be null, but not both.
// Both |creation_time_seconds| and |expiration_time_seconds| may be null.
// |creation_time_seconds| and |expiration_time_seconds| will be set to -1
// if not present, 0 if unlimited and a valid time otherwise
static bool ExtractDeviceInfo(const std::string& device_certificate,
std::string* serial_number, uint32_t* system_id,
int64_t* creation_time_seconds,
int64_t* expiration_time_seconds);
// Removes json wrapping if applicable to extract the
// SignedProvisioningMessage
static bool ExtractAndDecodeSignedMessageForTesting(
const std::string& provisioning_response, std::string* result);
// Retrieve the provisioning server URL used for certificate
// provisioning. This will be the same value as returned in
// |default_url| by GetProvisioningRequest().
static void GetProvisioningServerUrl(std::string* default_url);
private:
CdmResponseType GetProvisioningRequestInternal(
SecurityLevel requested_security_level, CdmCertificateType cert_type,
const std::string& cert_authority, const std::string& origin,
const std::string& spoid, CdmProvisioningRequest* request,
std::string* default_url);
CdmResponseType SetSpoidParameter(
const std::string& origin, const std::string& spoid,
video_widevine::ProvisioningRequest* request);
video_widevine::SignedProvisioningMessage::ProvisioningType
GetProvisioningType();
// Closes crypto session if one is open. Avoid calling this method when
// processing a response. Multiple provisioning responses might be
// simultaneously in flight. Only the response associated with the last
// provisioning request can be processed. All the other responses will
// fail. If the session is closed when these responses fail, even the one
// associated with the last provisioning request may fail.
CdmResponseType CloseSessionOnError(CdmResponseType status);
void CloseSession();
std::unique_ptr<CryptoSession> crypto_session_;
CdmCertificateType cert_type_;
std::unique_ptr<ServiceCertificate> service_certificate_;
// Indicates whether OEMCrypto supports core messages, and whether the
// CDM should expect a core message in the response. This is primarily
// used to distinguish between v16+ OEMCrypto or an earlier version.
// Assume core messages are supported, and check if OEMCrypto populates
// the core message field when calling PrepAndSignProvisioningRequest().
bool supports_core_messages_ = true;
CORE_DISALLOW_COPY_AND_ASSIGN(CertificateProvisioning);
};
} // namespace wvcdm
#endif // WVCDM_CORE_CERTIFICATE_PROVISIONING_H_
Reference in New Issue View Git Blame Copy Permalink