Source release 15.3.0

2020-02-11 14:22:17 -08:00
parent 2990f23065
commit 1ff9f8588a
29 changed files with 534 additions and 153 deletions
--- a/core/include/cdm_engine.h
+++ b/core/include/cdm_engine.h
@@ -137,6 +137,10 @@ class CdmEngine {
  virtual CdmResponseType RenewKey(const CdmSessionId& session_id,
                                   const CdmKeyResponse& key_data);

+  // Change the service certificate installed in a given session.
+  virtual CdmResponseType SetSessionServiceCertificate(
+      const CdmSessionId& session_id, const std::string& service_certificate);
+
  // Query system information
  virtual CdmResponseType QueryStatus(SecurityLevel security_level,
                                      const std::string& query_token,
--- a/core/include/cdm_session.h
+++ b/core/include/cdm_session.h
@@ -43,19 +43,23 @@ class CdmSession {
  bool IsClosed() { return closed_; }

  // Initializes this instance of CdmSession with the given property set.
-  // |cdm_client_property_set| MAY be null, is owned by the caller,
-  // and must remain in scope throughout the scope of this session.
+  //
+  // |cdm_client_property_set| is caller owned, may be null, but must be in
+  // scope as long as the session is in scope.  The service certificate field is
+  // cached at the time Init() is called.
  virtual CdmResponseType Init(CdmClientPropertySet* cdm_client_property_set);

  // Initializes this instance of CdmSession with the given parmeters.
  // All parameters are owned by the caller.
-  // |service_certificate| is caller owned, cannot be null, and must be in
-  //     scope as long as the session is in scope.
-  // |cdm_client_property_set| is caller owned, may be null, but must be
-  //     in scope as long as the session is in scope.
+  //
+  // |cdm_client_property_set| is caller owned, may be null, but must be in
+  // scope as long as the session is in scope.  The service certificate field is
+  // cached at the time Init() is called.
+  //
  // |forced_session_id| is caller owned and may be null.
-  // |event_listener| is caller owned, may be null, but must be in scope
-  //     as long as the session is in scope.
+  //
+  // |event_listener| is caller owned, may be null, but must be in scope as long
+  // as the session is in scope.
  virtual CdmResponseType Init(CdmClientPropertySet* cdm_client_property_set,
                               const CdmSessionId* forced_session_id,
                               WvCdmEventListener* event_listener);
@@ -84,6 +88,11 @@ class CdmSession {
  // AddKey() - Accept license response and extract key info.
  virtual CdmResponseType AddKey(const CdmKeyResponse& key_response);

+  // Override the currently-installed service certificate with a new service
+  // certificate.
+  virtual CdmResponseType SetServiceCertificate(
+      const std::string& service_certificate);
+
  // Query session status
  virtual CdmResponseType QueryStatus(CdmQueryMap* query_response);

--- a/core/include/license.h
+++ b/core/include/license.h
@@ -44,6 +44,11 @@ class CdmLicense {
                    const std::string& signed_service_certificate,
                    CryptoSession* session, PolicyEngine* policy_engine);

+  // Override the currently-installed service certificate with a new service
+  // certificate.
+  virtual CdmResponseType SetServiceCertificate(
+      const std::string& signed_service_certificate);
+
  virtual CdmResponseType PrepareKeyRequest(
      const InitializationData& init_data, CdmLicenseType license_type,
      const CdmAppParameterMap& app_parameters, CdmKeyMessage* signed_request,
--- a/core/include/wv_cdm_types.h
+++ b/core/include/wv_cdm_types.h
@@ -399,7 +399,11 @@ enum CdmResponseType {
  REWRAP_DEVICE_RSA_KEY_30_ERROR = 345,
  INVALID_SRM_LIST = 346,
  KEYSET_ID_NOT_FOUND_4 = 347,
-  // Don't forget to add new values to ../test/test_printers.cpp.
+  SESSION_NOT_FOUND_22 = 348,
+  // Don't forget to add new values to
+  //  * core/test/test_printers.cpp.
+  //  * android/include/mapErrors-inl.h
+  //  * android/include_hidl/mapErrors-inl.h
 };

 enum CdmKeyStatus {
--- a/core/src/cdm_engine.cpp
+++ b/core/src/cdm_engine.cpp
@@ -523,6 +523,19 @@ CdmResponseType CdmEngine::RenewKey(const CdmSessionId& session_id,
  return KEY_ADDED;
 }

+CdmResponseType CdmEngine::SetSessionServiceCertificate(
+    const CdmSessionId& session_id, const std::string& service_certificate) {
+  LOGI("Setting service certificate: session_id = %s", session_id.c_str());
+
+  std::shared_ptr<CdmSession> session;
+  if (!session_map_.FindSession(session_id, &session)) {
+    LOGE("Session ID not found: %s", session_id.c_str());
+    return SESSION_NOT_FOUND_22;
+  }
+
+  return session->SetServiceCertificate(service_certificate);
+}
+
 CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,
                                       const std::string& query_token,
                                       std::string* query_response) {
--- a/core/src/cdm_session.cpp
+++ b/core/src/cdm_session.cpp
@@ -599,6 +599,11 @@ CdmResponseType CdmSession::QueryStatus(CdmQueryMap* query_response) {
  return NO_ERROR;
 }

+CdmResponseType CdmSession::SetServiceCertificate(
+    const std::string& service_certificate) {
+  return license_parser_->SetServiceCertificate(service_certificate);
+}
+
 CdmResponseType CdmSession::QueryKeyStatus(CdmQueryMap* query_response) {
  return policy_engine_->Query(query_response);
 }
--- a/core/src/license.cpp
+++ b/core/src/license.cpp
@@ -226,16 +226,9 @@ bool CdmLicense::Init(const std::string& client_token,
    return false;
  }

-  if (use_privacy_mode) {
-    if (!signed_service_certificate.empty()) {
-      if (service_certificate_.Init(signed_service_certificate) != NO_ERROR)
-        return false;
-    }
-    if (!service_certificate_.has_certificate() &&
-        !Properties::allow_service_certificate_requests()) {
-      LOGE("CdmLicense::Init: Required service certificate not provided");
-      return false;
-    }
+  if (use_privacy_mode && !signed_service_certificate.empty() &&
+      service_certificate_.Init(signed_service_certificate) != NO_ERROR) {
+    return false;
  }

  client_token_ = client_token;
@@ -248,6 +241,11 @@ bool CdmLicense::Init(const std::string& client_token,
  return true;
 }

+CdmResponseType CdmLicense::SetServiceCertificate(
+    const std::string& signed_service_certificate) {
+  return service_certificate_.Init(signed_service_certificate);
+}
+
 CdmResponseType CdmLicense::PrepareKeyRequest(
    const InitializationData& init_data, CdmLicenseType license_type,
    const CdmAppParameterMap& app_parameters, CdmKeyMessage* signed_request,
--- a/core/test/cdm_engine_test.cpp
+++ b/core/test/cdm_engine_test.cpp
@@ -44,6 +44,8 @@ const std::string kWebmMimeType = "video/webm";
 const std::string kEmptyString;
 const std::string kComma = ",";

+const std::string kFakeSessionId = "TotallyARealSession123456789";
+
 }  // namespace

 class WvCdmEnginePreProvTest : public WvCdmTestBase {
@@ -317,6 +319,27 @@ TEST_F(WvCdmEnginePreProvTestUat, ProvisioningServiceCertificateInvalidTest) {
  ASSERT_NE(cdm_engine_.ValidateServiceCertificate(certificate), NO_ERROR);
 };

+TEST_F(WvCdmEngineTest, SetLicensingServiceValidCertificate) {
+  ASSERT_EQ(cdm_engine_.SetSessionServiceCertificate(
+                session_id_, config_.license_service_certificate()),
+            NO_ERROR);
+};
+
+TEST_F(WvCdmEngineTest, SetLicensingServiceCertificateUnknownSession) {
+  ASSERT_EQ(cdm_engine_.SetSessionServiceCertificate(
+                kFakeSessionId, config_.license_service_certificate()),
+            SESSION_NOT_FOUND_22);
+};
+
+TEST_F(WvCdmEngineTest, SetLicensingServiceInvalidCertificate) {
+  std::string certificate = config_.license_service_certificate();
+  // Add four nulls to the beginning of the cert to invalidate it
+  certificate.insert(0, 4, '\0');
+
+  ASSERT_NE(cdm_engine_.SetSessionServiceCertificate(session_id_, certificate),
+            NO_ERROR);
+};
+
 TEST_F(WvCdmEnginePreProvTestStaging, ProvisioningTest) { Provision(); }

 TEST_F(WvCdmEnginePreProvTestUatBinary, ProvisioningTest) {
--- a/core/test/license_unittest.cpp
+++ b/core/test/license_unittest.cpp
@@ -282,10 +282,9 @@ TEST_F(CdmLicenseTest, InitWithEmptyServiceCert) {
  EXPECT_CALL(*crypto_session_, IsOpen()).WillOnce(Return(true));

  CreateCdmLicense();
-  EXPECT_EQ(cdm_license_->Init(kToken, kClientTokenDrmCert, "", true,
-                               kEmptyServiceCertificate, crypto_session_,
-                               policy_engine_),
-            Properties::allow_service_certificate_requests());
+  EXPECT_TRUE(cdm_license_->Init(kToken, kClientTokenDrmCert, "", true,
+                                 kEmptyServiceCertificate, crypto_session_,
+                                 policy_engine_));
 }

 TEST_F(CdmLicenseTest, InitWithInvalidServiceCert) {
--- a/core/test/test_base.cpp
+++ b/core/test/test_base.cpp
@@ -30,7 +30,7 @@ using wvcdm::metrics::EngineMetrics;

 namespace wvcdm {
 namespace {
-void show_menu(char* prog_name) {
+void show_menu(const char* prog_name, const std::string& extra_help_text) {
  std::cout << std::endl;
  std::cout << "usage: " << prog_name << " [options]" << std::endl << std::endl;
  std::cout << "  enclose multiple arguments in '' when using adb shell"
@@ -90,6 +90,8 @@ void show_menu(char* prog_name) {
  std::cout << "    configure the provisioning server url, please include http[s]"
            << "    in the url" << std::endl
            << std::endl;
+
+  std::cout << extra_help_text << std::endl;
 }

 /*
@@ -343,7 +345,8 @@ void WvCdmTestBase::EnsureProvisioned() {
  ASSERT_EQ(NO_ERROR, cdm_engine.CloseSession(session_id));
 }

-bool WvCdmTestBase::Initialize(int argc, char **argv) {
+bool WvCdmTestBase::Initialize(int argc, const char* const argv[],
+                               const std::string& extra_help_text) {
  Properties::Init();
  bool is_cast_receiver = false;
  bool force_load_test_keybox = false;  // TODO(fredgc): obsolete. remove.
@@ -403,7 +406,7 @@ bool WvCdmTestBase::Initialize(int argc, char **argv) {
  }

  if (show_usage) {
-    show_menu(argv[0]);
+    show_menu(argv[0], extra_help_text);
    return false;
  }

--- a/core/test/test_base.h
+++ b/core/test/test_base.h
@@ -5,6 +5,9 @@
 #ifndef WVCDM_CORE_TEST_BASE_H_
 #define WVCDM_CORE_TEST_BASE_H_

+#include <string>
+#include <vector>
+
 #include <gtest/gtest.h>

 #include "cdm_engine.h"
@@ -26,8 +29,13 @@ class WvCdmTestBase : public ::testing::Test {

  // Returns true if the test program should continue, if false, the caller
  // should exit.  This should be called by main() to allow the user to pass in
-  // command line switches.
-  static bool Initialize(int argc, char **argv);
+  // command line switches.  The |extra_help_text| parameter can be used to
+  // append platform-specific information to the usage information printed when
+  // invalid flags are detected. For instance, a platform might add information
+  // about platform-specific flags that were already parsed before calling
+  // Initialize().
+  static bool Initialize(int argc, const char* const argv[],
+                         const std::string& extra_help_text = std::string());
  // Install a test keybox, if appropriate.
  static void InstallTestRootOfTrust();

--- a/core/test/test_printers.cpp
+++ b/core/test/test_printers.cpp
@@ -781,6 +781,9 @@ void PrintTo(const enum CdmResponseType& value, ::std::ostream* os) {
    case SESSION_NOT_FOUND_21:
      *os << "SESSION_NOT_FOUND_21";
      break;
+    case SESSION_NOT_FOUND_22:
+      *os << "SESSION_NOT_FOUND_22";
+      break;
    case INVALID_DECRYPT_HASH_FORMAT:
      *os << "INVALID_DECRYPT_HASH_FORMAT";
      break;