widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
83a85430e32f23ff5af7941ecfc7bb7bca5c20ae
android/libwvdrmengine/cdm/core/include/certificate_provisioning.h
Rahul Frias 83a85430e3 Release crypto resources when provisioning fails 
[ Merge of http://go/wvgerrit/119564 ]

This closes a crypto session when the provisioning request fails. We
cannot be as eager when handling the response as the app may have
multiple simultaneous provisioning attempts in flight. In this case
all provisioning responses except the one associated with the last
request will fail. If we close the session on error, even the one
associated with the last request may fail.

Bug: 180986725
Test: WV unit/integration tests
Change-Id: Ic3d33a374e442b5bf040e345bed829d91c4ef1dc
2021-03-10 18:12:09 -08:00

106 lines
4.1 KiB
C++
Raw Blame History

// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
// source code may only be used and distributed under the Widevine License
// Agreement.
#ifndef WVCDM_CORE_CERTIFICATE_PROVISIONING_H_
#define WVCDM_CORE_CERTIFICATE_PROVISIONING_H_
#include <memory>
#include <string>
#include "crypto_session.h"
#include "disallow_copy_and_assign.h"
#include "license_protocol.pb.h"
#include "metrics_collections.h"
#include "oemcrypto_adapter.h"
#include "service_certificate.h"
#include "wv_cdm_types.h"
namespace wvcdm {
class CdmClientPropertySet;
class CdmSession;
class FileSystem;
class ServiceCertificate;
class CertificateProvisioning {
public:
CertificateProvisioning(metrics::CryptoMetrics* metrics)
: crypto_session_(CryptoSession::MakeCryptoSession(metrics)),
cert_type_(kCertificateWidevine),
service_certificate_(new ServiceCertificate()) {}
~CertificateProvisioning() {}
CdmResponseType Init(const std::string& service_certificate);
// Construct a valid provisioning request.
// The request will be sent to the provisioning server.
CdmResponseType GetProvisioningRequest(SecurityLevel requested_security_level,
CdmCertificateType cert_type,
const std::string& cert_authority,
const std::string& origin,
const std::string& spoid,
CdmProvisioningRequest* request,
std::string* default_url);
// Process the provisioning response.
CdmResponseType HandleProvisioningResponse(
FileSystem* file_system, const CdmProvisioningResponse& response,
std::string* cert, std::string* wrapped_key);
bool supports_core_messages() const { return supports_core_messages_; }
// Helper methods
// Extract serial number and system ID from a DRM Device certificate.
// Either |serial_number| or |system_id| may be null, but not both.
static bool ExtractDeviceInfo(const std::string& device_certificate,
std::string* serial_number,
uint32_t* system_id);
// Removes json wrapping if applicable to extract the
// SignedProvisioningMessage
static bool ExtractAndDecodeSignedMessageForTesting(
const std::string& provisioning_response, std::string* result);
private:
CdmResponseType GetProvisioningRequestInternal(
SecurityLevel requested_security_level, CdmCertificateType cert_type,
const std::string& cert_authority, const std::string& origin,
const std::string& spoid, CdmProvisioningRequest* request,
std::string* default_url);
CdmResponseType SetSpoidParameter(
const std::string& origin, const std::string& spoid,
video_widevine::ProvisioningRequest* request);
video_widevine::SignedProvisioningMessage::ProvisioningType
GetProvisioningType();
// Closes crypto session if one is open. Avoid calling this method when
// processing a response. Multiple provisioning responses might be
// simultaneously in flight. Only the response associated with the last
// provisioning request can be processed. All the other responses will
// fail. If the session is closed when these responses fail, even the one
// associated with the last provisioning request may fail.
CdmResponseType CloseSessionOnError(CdmResponseType status);
void CloseSession();
std::unique_ptr<CryptoSession> crypto_session_;
CdmCertificateType cert_type_;
std::unique_ptr<ServiceCertificate> service_certificate_;
// Indicates whether OEMCrypto supports core messages, and whether the
// CDM should expect a core message in the response. This is primarily
// used to distinguish between v16+ OEMCrypto or an earlier version.
// Assume core messages are supported, and check if OEMCrypto populates
// the core message field when calling PrepAndSignProvisioningRequest().
bool supports_core_messages_ = true;
CORE_DISALLOW_COPY_AND_ASSIGN(CertificateProvisioning);
};
} // namespace wvcdm
#endif // WVCDM_CORE_CERTIFICATE_PROVISIONING_H_
Reference in New Issue View Git Blame Copy Permalink