a4d835af3a
This reverts commit 96a8ccd4a1.
Reason for revert:
Could break DeviceManifest/SingleManifestTest#ManifestAidlHalsServed
Bug: 200055138
Bug: 170964303
Bug: 217241995
Change-Id: I9c42df15defec428c9ef8c62439c63d4a603fee6
129 lines
5.2 KiB
C++
129 lines
5.2 KiB
C++
// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
|
|
// source code may only be used and distributed under the Widevine License
|
|
// Agreement.
|
|
|
|
#ifndef WVCDM_CORE_CERTIFICATE_PROVISIONING_H_
|
|
#define WVCDM_CORE_CERTIFICATE_PROVISIONING_H_
|
|
|
|
#include <memory>
|
|
#include <string>
|
|
|
|
#include "crypto_session.h"
|
|
#include "disallow_copy_and_assign.h"
|
|
#include "license_protocol.pb.h"
|
|
#include "metrics_collections.h"
|
|
#include "oemcrypto_adapter.h"
|
|
#include "service_certificate.h"
|
|
#include "wv_cdm_types.h"
|
|
|
|
namespace wvutil {
|
|
class FileSystem;
|
|
}
|
|
|
|
namespace wvcdm {
|
|
|
|
class CdmClientPropertySet;
|
|
class CdmSession;
|
|
class ServiceCertificate;
|
|
|
|
class CertificateProvisioning {
|
|
public:
|
|
CertificateProvisioning(metrics::CryptoMetrics* metrics)
|
|
: crypto_session_(CryptoSession::MakeCryptoSession(metrics)),
|
|
cert_type_(kCertificateWidevine),
|
|
service_certificate_(new ServiceCertificate()) {}
|
|
~CertificateProvisioning() {}
|
|
|
|
CdmResponseType Init(const std::string& service_certificate);
|
|
|
|
// Construct a valid provisioning request.
|
|
// The request will be sent to the provisioning server.
|
|
CdmResponseType GetProvisioningRequest(
|
|
wvutil::FileSystem* file_system, SecurityLevel requested_security_level,
|
|
CdmCertificateType cert_type, const std::string& cert_authority,
|
|
const std::string& origin, const std::string& spoid,
|
|
CdmProvisioningRequest* request, std::string* default_url);
|
|
|
|
// Process the provisioning response.
|
|
CdmResponseType HandleProvisioningResponse(
|
|
wvutil::FileSystem* file_system, const CdmProvisioningResponse& response,
|
|
std::string* cert, std::string* wrapped_key);
|
|
|
|
bool supports_core_messages() const { return supports_core_messages_; }
|
|
|
|
// Helper methods
|
|
|
|
// Extract serial number and system ID from a DRM Device certificate.
|
|
// Either |serial_number| or |system_id| may be null, but not both.
|
|
// Both |creation_time_seconds| and |expiration_time_seconds| may be null.
|
|
// |creation_time_seconds| and |expiration_time_seconds| will be set to -1
|
|
// if not present, 0 if unlimited and a valid time otherwise
|
|
static bool ExtractDeviceInfo(const std::string& device_certificate,
|
|
std::string* serial_number, uint32_t* system_id,
|
|
int64_t* creation_time_seconds,
|
|
int64_t* expiration_time_seconds);
|
|
|
|
// Removes json wrapping if applicable to extract the
|
|
// SignedProvisioningMessage
|
|
static bool ExtractAndDecodeSignedMessage(
|
|
const std::string& provisioning_response, std::string* result);
|
|
|
|
// Retrieve the provisioning server URL used for certificate
|
|
// provisioning. This will be the same value as returned in
|
|
// |default_url| by GetProvisioningRequest().
|
|
static void GetProvisioningServerUrl(std::string* default_url);
|
|
|
|
private:
|
|
CdmResponseType GetProvisioningRequestInternal(
|
|
wvutil::FileSystem* file_system, SecurityLevel requested_security_level,
|
|
CdmCertificateType cert_type, const std::string& cert_authority,
|
|
const std::string& origin, const std::string& spoid,
|
|
CdmProvisioningRequest* request, std::string* default_url);
|
|
CdmResponseType GetProvisioning40RequestInternal(
|
|
wvutil::FileSystem* file_system, CdmProvisioningRequest* request);
|
|
CdmResponseType FillEncryptedClientId(
|
|
const std::string& client_token,
|
|
video_widevine::ProvisioningRequest& provisioning_request);
|
|
CdmResponseType HandleProvisioning40Response(
|
|
wvutil::FileSystem* file_system, const std::string& response_message);
|
|
|
|
CdmResponseType SetSpoidParameter(
|
|
const std::string& origin, const std::string& spoid,
|
|
video_widevine::ProvisioningRequest* request);
|
|
|
|
video_widevine::SignedProvisioningMessage::ProvisioningType
|
|
GetProvisioningType();
|
|
|
|
// Closes crypto session if one is open. Avoid calling this method when
|
|
// processing a response. Multiple provisioning responses might be
|
|
// simultaneously in flight. Only the response associated with the last
|
|
// provisioning request can be processed. All the other responses will
|
|
// fail. If the session is closed when these responses fail, even the one
|
|
// associated with the last provisioning request may fail.
|
|
CdmResponseType CloseSessionOnError(CdmResponseType status);
|
|
void CloseSession();
|
|
|
|
std::unique_ptr<CryptoSession> crypto_session_;
|
|
CdmCertificateType cert_type_;
|
|
std::unique_ptr<ServiceCertificate> service_certificate_;
|
|
// The wrapped private key in provisioning 4 generated by calling
|
|
// GenerateCertificateKeyPair. It will be saved to file system if a valid
|
|
// response is received.
|
|
std::string provisioning_40_wrapped_private_key_;
|
|
// Key type of the generated key pair in provisioning 4.
|
|
CryptoWrappedKey::Type provisioning_40_key_type_;
|
|
|
|
// Indicates whether OEMCrypto supports core messages, and whether the
|
|
// CDM should expect a core message in the response. This is primarily
|
|
// used to distinguish between v16+ OEMCrypto or an earlier version.
|
|
// Assume core messages are supported, and check if OEMCrypto populates
|
|
// the core message field when calling PrepAndSignProvisioningRequest().
|
|
bool supports_core_messages_ = true;
|
|
|
|
CORE_DISALLOW_COPY_AND_ASSIGN(CertificateProvisioning);
|
|
};
|
|
|
|
} // namespace wvcdm
|
|
|
|
#endif // WVCDM_CORE_CERTIFICATE_PROVISIONING_H_
|