widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
746bab171248962927198dfaf055b2b7c033cc2c
android/libwvdrmengine/cdm/core/test/provisioning_holder.cpp
Fred Gylys-Colwell e9b0196a23 Generate golden data tests for ODK 
Generate core message request and responses for
golden data tests.

This CL does not have any golden data. The golden data
will be added to a google3 CL.

To turn on dumping of golden data, set the environment
variable DUMP_GOLDEN_DATA to "yes".

Merged from https://widevine-internal-review.googlesource.com/171750

Change-Id: I7ae2d76ec7330d9131aae98dfd07b7909d10f726
2024-01-29 10:36:15 -08:00

197 lines
7.2 KiB
C++
Raw Blame History

// Copyright 2023 Google LLC. All Rights Reserved. This file and proprietary
// source code may only be used and distributed under the Widevine License
// Agreement.
#include "provisioning_holder.h"
#include <gtest/gtest.h>
#include "cdm_engine.h"
#include "config_test_env.h"
#include "log.h"
#include "message_dumper.h"
#include "oec_device_features.h"
#include "test_printers.h"
#include "test_sleep.h"
#include "url_request.h"
namespace wvcdm {
void ProvisioningHolder::Provision(CdmCertificateType cert_type,
bool binary_provisioning) {
CdmProvisioningRequest request;
std::string provisioning_server_url;
std::string cert_authority;
CdmSessionId session_id;
if (cert_type == kCertificateX509) {
cert_authority = "cast.google.com";
}
LOGV("Provision with type %s.", CdmCertificateTypeToString(cert_type));
CdmResponseType result(CERT_PROVISIONING_NONCE_GENERATION_ERROR);
// Get a provisioning request. We might need one retry if there is a nonce
// flood failure.
for (int i = 0; i < 2 && result == CERT_PROVISIONING_NONCE_GENERATION_ERROR;
i++) {
result = cdm_engine_->GetProvisioningRequest(
cert_type, cert_authority, provisioning_service_certificate_,
kLevelDefault, &request, &provisioning_server_url);
if (result == CERT_PROVISIONING_NONCE_GENERATION_ERROR) {
wvutil::TestSleep::Sleep(2);
}
}
ASSERT_EQ(NO_ERROR, result);
LOGV("cert_authority = %s", cert_authority.c_str());
if (binary_provisioning) {
request = wvutil::Base64SafeEncodeNoPad(request);
}
if (config_.dump_golden_data()) {
std::vector<uint8_t> binary_request = wvutil::Base64SafeDecode(request);
CdmProvisioningRequest binary_request_string(binary_request.begin(),
binary_request.end());
MessageDumper::DumpProvisioningRequest(binary_request_string);
}
LOGV("Provisioning request: req = %s", request.c_str());
// Ignore URL provided by CdmEngine. Use ours, as configured
// for test vs. production server.
provisioning_server_url.assign(provisioning_server_url_);
// Make request.
UrlRequest url_request(provisioning_server_url);
if (!url_request.is_connected()) {
LOGE("Failed to connect to provisioning server: url = %s",
provisioning_server_url.c_str());
}
url_request.PostCertRequestInQueryString(request);
// Receive and parse response.
ASSERT_NO_FATAL_FAILURE(url_request.AssertOkResponse(&response_))
<< "Failed to fetch provisioning response. "
<< DumpProvAttempt(request, response_, cert_type);
if (binary_provisioning) {
// extract provisioning response from received message
// Extracts signed response from JSON string, result is serialized
// protobuf.
std::string protobuf_response;
const bool extract_ok = ExtractSignedMessage(response_, &protobuf_response);
ASSERT_TRUE(extract_ok) << "Failed to extract signed serialized "
"response from JSON response";
LOGV("Extracted response message: \n%s\n", protobuf_response.c_str());
ASSERT_FALSE(protobuf_response.empty())
<< "Protobuf response is unexpectedly empty";
// base64 decode response to yield binary protobuf
const std::vector<uint8_t> response_vec(
wvutil::Base64SafeDecode(protobuf_response));
ASSERT_FALSE(response_vec.empty())
<< "Failed to decode base64 of response: response = "
<< protobuf_response;
response_.assign(response_vec.begin(), response_vec.end());
}
ASSERT_EQ(NO_ERROR,
cdm_engine_->HandleProvisioningResponse(
response_, kLevelDefault, &certificate_, &wrapped_key_))
<< (binary_provisioning ? "Binary provisioning failed. "
: "Non-binary provisioning failed. ")
<< DumpProvAttempt(request, response_, cert_type);
if (config_.dump_golden_data()) {
MessageDumper::DumpProvisioning(response_);
}
}
bool ProvisioningHolder::ExtractSignedMessage(const std::string& response,
std::string* result) {
static const std::string kMessageStart = "\"signedResponse\": \"";
static const std::string kMessageEnd = "\"";
std::string response_string;
size_t start = response.find(kMessageStart);
if (start == response.npos) {
// Assume serialized protobuf message.
result->assign(response);
} else {
// Assume JSON-wrapped protobuf.
size_t end = response.find(kMessageEnd, start + kMessageStart.length());
if (end == response.npos) {
LOGE("ExtractSignedMessage cannot locate end substring");
result->clear();
return false;
}
size_t result_string_size = end - start - kMessageStart.length();
result->assign(response, start + kMessageStart.length(),
result_string_size);
}
if (result->empty()) {
LOGE("ExtractSignedMessage: Response message is empty");
return false;
}
return true;
}
std::string ProvisioningHolder::DumpProvAttempt(const std::string& request,
const std::string& response,
CdmCertificateType cert_type) {
std::stringstream info;
info << "Cert Type: ";
PrintTo(cert_type, &info);
info << "\n";
info << "Provisioning url: " << provisioning_server_url_ << "\n";
info << "Provisioning Request: " << request << "\n\n";
info << "Provisioning Response: " << response << "\n\n";
std::string system_id;
cdm_engine_->QueryStatus(kLevelDefault, QUERY_KEY_SYSTEM_ID, &system_id);
info << "system id: " << system_id << "\n";
if (wvoec::global_features.derive_key_method ==
wvoec::DeviceFeatures::TEST_PROVISION_30) {
std::vector<uint8_t> cert;
size_t cert_length = 0;
OEMCryptoResult result = OEMCrypto_GetOEMPublicCertificate(
cert.data(), &cert_length, kLevelDefault);
if (result == OEMCrypto_ERROR_SHORT_BUFFER) {
cert.resize(cert_length);
result = OEMCrypto_GetOEMPublicCertificate(cert.data(), &cert_length,
kLevelDefault);
}
if (result != OEMCrypto_SUCCESS) {
info << "--- ERROR GETTING CERT. result=" << result;
} else {
info << "OEM Cert = (len=" << cert_length << ") "
<< wvutil::unlimited_b2a_hex(cert);
}
}
if (wvoec::global_features.derive_key_method ==
wvoec::DeviceFeatures::TEST_PROVISION_40) {
std::vector<uint8_t> bcc;
size_t bcc_length = 0;
std::vector<uint8_t> signature;
size_t signature_length = 0;
OEMCryptoResult result = OEMCrypto_GetBootCertificateChain(
bcc.data(), &bcc_length, signature.data(), &signature_length);
if (result == OEMCrypto_ERROR_SHORT_BUFFER) {
bcc.resize(bcc_length);
signature.resize(signature_length);
result = OEMCrypto_GetBootCertificateChain(
bcc.data(), &bcc_length, signature.data(), &signature_length);
}
if (result != OEMCrypto_SUCCESS) {
info << "--- ERROR GETTING BCC. result=" << result;
} else {
info << "BCC = (len=" << bcc_length << ") "
<< wvutil::unlimited_b2a_hex(bcc) << "\n"
<< "Additional Sig = (len=" << signature_length << ") "
<< wvutil::unlimited_b2a_hex(signature) << "\n";
}
}
return info.str();
}
} // namespace wvcdm
Reference in New Issue View Git Blame Copy Permalink