Source release v3.1.0
This commit is contained in:
Gene Morgan
@@ -42,6 +42,7 @@ const char* kRenewalServerUrl =
|
||||
const KeyId kKeyId = "357adc89f1673433c36c621f1b5c41ee";
|
||||
const KeyId kAnotherKeyId = "another_key_id";
|
||||
const KeyId kSomeRandomKeyId = "some_random_key_id";
|
||||
const KeyId kUnknownKeyId = "some_random_unknown_key_id";
|
||||
const CdmSessionId kSessionId = "mock_session_id";
|
||||
|
||||
int64_t GetLicenseRenewalDelay(int64_t license_duration) {
|
||||
@@ -60,13 +61,6 @@ class MockCdmEventListener : public WvCdmEventListener {
|
||||
int64_t new_expiry_time_seconds));
|
||||
};
|
||||
|
||||
class MockMaxResEngine : public MaxResEngine {
|
||||
public:
|
||||
MockMaxResEngine() : MaxResEngine(NULL) {}
|
||||
|
||||
MOCK_METHOD1(CanDecrypt, bool(const KeyId& key_id));
|
||||
};
|
||||
|
||||
} // namespace
|
||||
|
||||
// protobuf generated classes.
|
||||
@@ -138,11 +132,6 @@ class PolicyEngineTest : public ::testing::Test {
|
||||
policy_engine_->set_clock(mock_clock_);
|
||||
}
|
||||
|
||||
void InjectMockMaxResEngine() {
|
||||
mock_max_res_engine_ = new MockMaxResEngine();
|
||||
policy_engine_->set_max_res_engine(mock_max_res_engine_);
|
||||
}
|
||||
|
||||
void ExpectSessionKeysChange(CdmKeyStatus expected_key_status,
|
||||
bool expected_has_new_usable_key) {
|
||||
EXPECT_CALL(mock_event_listener_,
|
||||
@@ -165,7 +154,6 @@ class PolicyEngineTest : public ::testing::Test {
|
||||
|
||||
StrictMock<MockCdmEventListener> mock_event_listener_;
|
||||
MockClock* mock_clock_;
|
||||
MockMaxResEngine* mock_max_res_engine_;
|
||||
scoped_ptr<PolicyEngine> policy_engine_;
|
||||
License license_;
|
||||
MockFunction<void(int i)> check_;
|
||||
@@ -1036,56 +1024,204 @@ TEST_F(PolicyEngineTest, MultipleKeysInLicense) {
|
||||
EXPECT_FALSE(policy_engine_->CanDecrypt(kSomeRandomKeyId));
|
||||
}
|
||||
|
||||
TEST_F(PolicyEngineTest, KeysOutputNotAllowedByMaxResEngine) {
|
||||
class PolicyEngineKeyAllowedUsageTest : public PolicyEngineTest {
|
||||
protected:
|
||||
enum KeyFlag {
|
||||
kKeyFlagNull,
|
||||
kKeyFlagFalse,
|
||||
kKeyFlagTrue
|
||||
};
|
||||
|
||||
static const KeyFlag kEncryptNull = kKeyFlagNull;
|
||||
static const KeyFlag kEncryptFalse = kKeyFlagFalse;
|
||||
static const KeyFlag kEncryptTrue = kKeyFlagTrue;
|
||||
static const KeyFlag kDecryptNull = kKeyFlagNull;
|
||||
static const KeyFlag kDecryptFalse = kKeyFlagFalse;
|
||||
static const KeyFlag kDecryptTrue = kKeyFlagTrue;
|
||||
static const KeyFlag kSignNull = kKeyFlagNull;
|
||||
static const KeyFlag kSignFalse = kKeyFlagFalse;
|
||||
static const KeyFlag kSignTrue = kKeyFlagTrue;
|
||||
static const KeyFlag kVerifyNull = kKeyFlagNull;
|
||||
static const KeyFlag kVerifyFalse = kKeyFlagFalse;
|
||||
static const KeyFlag kVerifyTrue = kKeyFlagTrue;
|
||||
|
||||
static const KeyFlag kContentSecureFalse = kKeyFlagFalse;
|
||||
static const KeyFlag kContentSecureTrue = kKeyFlagTrue;
|
||||
static const KeyFlag kContentClearFalse = kKeyFlagFalse;
|
||||
static const KeyFlag kContentClearTrue = kKeyFlagTrue;
|
||||
|
||||
|
||||
void ExpectAllowedContentKeySettings(const CdmKeyAllowedUsage& key_usage,
|
||||
KeyFlag secure, KeyFlag clear) {
|
||||
EXPECT_EQ(key_usage.decrypt_to_secure_buffer, secure == kKeyFlagTrue);
|
||||
EXPECT_EQ(key_usage.decrypt_to_clear_buffer, clear == kKeyFlagTrue);
|
||||
EXPECT_FALSE(key_usage.generic_encrypt);
|
||||
EXPECT_FALSE(key_usage.generic_decrypt);
|
||||
EXPECT_FALSE(key_usage.generic_sign);
|
||||
EXPECT_FALSE(key_usage.generic_verify);
|
||||
}
|
||||
|
||||
void ExpectAllowedOperatorKeySettings(const CdmKeyAllowedUsage& key_usage,
|
||||
KeyFlag encrypt, KeyFlag decrypt,
|
||||
KeyFlag sign, KeyFlag verify) {
|
||||
EXPECT_FALSE(key_usage.decrypt_to_secure_buffer);
|
||||
EXPECT_FALSE(key_usage.decrypt_to_clear_buffer);
|
||||
EXPECT_EQ(key_usage.generic_encrypt, encrypt == kKeyFlagTrue);
|
||||
EXPECT_EQ(key_usage.generic_decrypt, decrypt == kKeyFlagTrue);
|
||||
EXPECT_EQ(key_usage.generic_sign, sign == kKeyFlagTrue);
|
||||
EXPECT_EQ(key_usage.generic_verify, verify == kKeyFlagTrue);
|
||||
}
|
||||
|
||||
void ExpectSecureContentKey(const KeyId& key_id) {
|
||||
CdmKeyAllowedUsage key_usage;
|
||||
EXPECT_EQ(NO_ERROR,
|
||||
policy_engine_->QueryKeyAllowedUsage(key_id, &key_usage));
|
||||
|
||||
ExpectAllowedContentKeySettings(key_usage, kContentSecureTrue,
|
||||
kContentSecureFalse);
|
||||
}
|
||||
|
||||
void ExpectLessSecureContentKey(const KeyId& key_id) {
|
||||
CdmKeyAllowedUsage key_usage;
|
||||
EXPECT_EQ(NO_ERROR,
|
||||
policy_engine_->QueryKeyAllowedUsage(key_id, &key_usage));
|
||||
|
||||
ExpectAllowedContentKeySettings(key_usage, kContentSecureTrue,
|
||||
kContentSecureTrue);
|
||||
}
|
||||
|
||||
void ExpectOperatorSessionKey(const KeyId& key_id, KeyFlag encrypt,
|
||||
KeyFlag decrypt, KeyFlag sign, KeyFlag verify) {
|
||||
CdmKeyAllowedUsage key_usage;
|
||||
EXPECT_EQ(NO_ERROR,
|
||||
policy_engine_->QueryKeyAllowedUsage(key_id, &key_usage));
|
||||
|
||||
ExpectAllowedOperatorKeySettings(key_usage, encrypt, decrypt, sign, verify);
|
||||
}
|
||||
|
||||
void AddOperatorSessionKey(const KeyId& key_id, KeyFlag encrypt,
|
||||
KeyFlag decrypt, KeyFlag sign, KeyFlag verify) {
|
||||
License::KeyContainer* non_content_key = license_.add_key();
|
||||
non_content_key->set_type(License::KeyContainer::OPERATOR_SESSION);
|
||||
non_content_key->set_id(key_id);
|
||||
License::KeyContainer::OperatorSessionKeyPermissions* permissions =
|
||||
non_content_key->mutable_operator_session_key_permissions();
|
||||
if (encrypt != kKeyFlagNull) {
|
||||
permissions->set_allow_encrypt(encrypt == kKeyFlagTrue);
|
||||
}
|
||||
if (decrypt != kKeyFlagNull) {
|
||||
permissions->set_allow_decrypt(decrypt == kKeyFlagTrue);
|
||||
}
|
||||
if (sign != kKeyFlagNull) {
|
||||
permissions->set_allow_sign(sign == kKeyFlagTrue);
|
||||
}
|
||||
if (verify != kKeyFlagNull) {
|
||||
permissions->set_allow_signature_verify(verify == kKeyFlagTrue);
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
TEST_F(PolicyEngineKeyAllowedUsageTest, AllowedUsageBasic) {
|
||||
|
||||
const KeyId kGenericKeyId = "oper_session_key";
|
||||
|
||||
license_.clear_key();
|
||||
|
||||
// most secure
|
||||
License::KeyContainer* content_key = license_.add_key();
|
||||
content_key->set_type(License::KeyContainer::CONTENT);
|
||||
content_key->set_id(kKeyId);
|
||||
content_key->set_level(License::KeyContainer::HW_SECURE_ALL);
|
||||
|
||||
// generic operator session key (sign)
|
||||
AddOperatorSessionKey(kGenericKeyId, kEncryptNull, kDecryptNull, kSignTrue,
|
||||
kVerifyNull);
|
||||
|
||||
License::KeyContainer* content_key_without_id = license_.add_key();
|
||||
content_key_without_id->set_type(License::KeyContainer::CONTENT);
|
||||
|
||||
// default level - less secure
|
||||
License::KeyContainer* another_content_key = license_.add_key();
|
||||
another_content_key->set_type(License::KeyContainer::CONTENT);
|
||||
another_content_key->set_id(kAnotherKeyId);
|
||||
|
||||
EXPECT_CALL(*mock_clock_, GetCurrentTime())
|
||||
.WillOnce(Return(kLicenseStartTime + 1))
|
||||
.WillOnce(Return(kLicenseStartTime + 5))
|
||||
.WillOnce(Return(kLicenseStartTime + 8))
|
||||
.WillOnce(Return(kLicenseStartTime + 10));
|
||||
.WillOnce(Return(kLicenseStartTime + 1));
|
||||
|
||||
InjectMockMaxResEngine();
|
||||
EXPECT_CALL(*mock_max_res_engine_, CanDecrypt(kKeyId))
|
||||
.WillOnce(Return(false))
|
||||
.WillOnce(Return(true))
|
||||
.WillOnce(Return(false))
|
||||
.WillOnce(Return(true));
|
||||
EXPECT_CALL(*mock_max_res_engine_, CanDecrypt(kAnotherKeyId))
|
||||
.WillOnce(Return(false))
|
||||
.WillOnce(Return(false))
|
||||
.WillOnce(Return(true))
|
||||
.WillOnce(Return(true));
|
||||
|
||||
InSequence s;
|
||||
ExpectSessionKeysChange(kKeyStatusOutputNotAllowed,
|
||||
kKeyStatusOutputNotAllowed, false);
|
||||
EXPECT_CALL(mock_event_listener_, OnExpirationUpdate(_, _));
|
||||
ExpectSessionKeysChange(kKeyStatusUsable, kKeyStatusOutputNotAllowed, true);
|
||||
ExpectSessionKeysChange(kKeyStatusOutputNotAllowed, kKeyStatusUsable, true);
|
||||
ExpectSessionKeysChange(kKeyStatusUsable, kKeyStatusUsable, true);
|
||||
EXPECT_CALL(mock_event_listener_, OnExpirationUpdate(_, _));
|
||||
|
||||
policy_engine_->SetLicense(license_);
|
||||
EXPECT_FALSE(policy_engine_->CanDecrypt(kKeyId));
|
||||
EXPECT_FALSE(policy_engine_->CanDecrypt(kAnotherKeyId));
|
||||
|
||||
policy_engine_->OnTimerEvent();
|
||||
EXPECT_TRUE(policy_engine_->CanDecrypt(kKeyId));
|
||||
EXPECT_FALSE(policy_engine_->CanDecrypt(kAnotherKeyId));
|
||||
ExpectSecureContentKey(kKeyId);
|
||||
ExpectLessSecureContentKey(kAnotherKeyId);
|
||||
ExpectOperatorSessionKey(kGenericKeyId, kEncryptNull, kDecryptNull,
|
||||
kSignTrue, kVerifyNull);
|
||||
|
||||
policy_engine_->OnTimerEvent();
|
||||
EXPECT_FALSE(policy_engine_->CanDecrypt(kKeyId));
|
||||
EXPECT_TRUE(policy_engine_->CanDecrypt(kAnotherKeyId));
|
||||
CdmKeyAllowedUsage key_usage;
|
||||
EXPECT_EQ(KEY_NOT_FOUND_1,
|
||||
policy_engine_->QueryKeyAllowedUsage(kUnknownKeyId, &key_usage));
|
||||
}
|
||||
|
||||
policy_engine_->OnTimerEvent();
|
||||
EXPECT_TRUE(policy_engine_->CanDecrypt(kKeyId));
|
||||
EXPECT_TRUE(policy_engine_->CanDecrypt(kAnotherKeyId));
|
||||
TEST_F(PolicyEngineKeyAllowedUsageTest, AllowedUsageGeneric) {
|
||||
|
||||
const KeyId kGenericEncryptKeyId = "oper_session_key_1";
|
||||
const KeyId kGenericDecryptKeyId = "oper_session_key_2";
|
||||
const KeyId kGenericSignKeyId = "oper_session_key_3";
|
||||
const KeyId kGenericVerifyKeyId = "oper_session_key_4";
|
||||
const KeyId kGenericFullKeyId = "oper_session_key_5";
|
||||
const KeyId kGenericExplicitKeyId = "oper_session_key_6";
|
||||
|
||||
license_.clear_key();
|
||||
|
||||
// more secure
|
||||
License::KeyContainer* content_key = license_.add_key();
|
||||
content_key->set_type(License::KeyContainer::CONTENT);
|
||||
content_key->set_id(kKeyId);
|
||||
content_key->set_level(License::KeyContainer::HW_SECURE_DECODE);
|
||||
|
||||
// less secure
|
||||
License::KeyContainer* another_content_key = license_.add_key();
|
||||
another_content_key->set_type(License::KeyContainer::CONTENT);
|
||||
another_content_key->set_id(kAnotherKeyId);
|
||||
another_content_key->set_level(License::KeyContainer::HW_SECURE_CRYPTO);
|
||||
|
||||
// generic operator session keys
|
||||
AddOperatorSessionKey(kGenericSignKeyId, kEncryptNull, kDecryptNull,
|
||||
kSignTrue, kVerifyNull);
|
||||
AddOperatorSessionKey(kGenericEncryptKeyId, kEncryptTrue, kDecryptNull,
|
||||
kSignNull, kVerifyNull);
|
||||
AddOperatorSessionKey(kGenericDecryptKeyId, kEncryptNull, kDecryptTrue,
|
||||
kSignNull, kVerifyNull);
|
||||
AddOperatorSessionKey(kGenericVerifyKeyId, kEncryptNull, kDecryptNull,
|
||||
kSignNull, kVerifyTrue);
|
||||
AddOperatorSessionKey(kGenericFullKeyId, kEncryptTrue, kDecryptTrue,
|
||||
kSignTrue, kVerifyTrue);
|
||||
AddOperatorSessionKey(kGenericExplicitKeyId, kEncryptFalse, kDecryptTrue,
|
||||
kSignFalse, kVerifyTrue);
|
||||
|
||||
EXPECT_CALL(*mock_clock_, GetCurrentTime())
|
||||
.WillOnce(Return(kLicenseStartTime + 1));
|
||||
|
||||
ExpectSessionKeysChange(kKeyStatusUsable, kKeyStatusUsable, true);
|
||||
EXPECT_CALL(mock_event_listener_, OnExpirationUpdate(_, _));
|
||||
|
||||
policy_engine_->SetLicense(license_);
|
||||
|
||||
ExpectSecureContentKey(kKeyId);
|
||||
ExpectLessSecureContentKey(kAnotherKeyId);
|
||||
ExpectOperatorSessionKey(kGenericEncryptKeyId, kEncryptTrue, kDecryptFalse,
|
||||
kSignFalse, kVerifyFalse);
|
||||
ExpectOperatorSessionKey(kGenericDecryptKeyId, kEncryptFalse, kDecryptTrue,
|
||||
kSignFalse, kVerifyFalse);
|
||||
ExpectOperatorSessionKey(kGenericSignKeyId, kEncryptFalse, kDecryptFalse,
|
||||
kSignTrue, kVerifyFalse);
|
||||
ExpectOperatorSessionKey(kGenericVerifyKeyId, kEncryptFalse, kDecryptFalse,
|
||||
kSignFalse, kVerifyTrue);
|
||||
ExpectOperatorSessionKey(kGenericFullKeyId, kEncryptTrue, kDecryptTrue,
|
||||
kSignTrue, kVerifyTrue);
|
||||
ExpectOperatorSessionKey(kGenericExplicitKeyId, kEncryptFalse, kDecryptTrue,
|
||||
kSignFalse, kVerifyTrue);
|
||||
}
|
||||
|
||||
class PolicyEngineQueryTest : public PolicyEngineTest {
|
||||
|
||||
Reference in New Issue
Block a user