Source release 17.1.0

core/include/cdm_engine.h

@@ -1,6 +1,6 @@
 // Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
-// source code may only be used and distributed under the Widevine Master
-// License Agreement.
+// source code may only be used and distributed under the Widevine License
+// Agreement.
 
 #ifndef WVCDM_CORE_CDM_ENGINE_H_
 #define WVCDM_CORE_CDM_ENGINE_H_
@@ -24,11 +24,11 @@
 #include "wv_cdm_types.h"
 
 namespace wvcdm {
-
 class CdmClientPropertySet;
 class CdmEngineFactory;
 class CdmSession;
 class CryptoEngine;
+class OtaKeyboxProvisioner;
 class UsagePropertySet;
 class WvCdmEventListener;
 
@@ -75,6 +75,10 @@ class CdmEngine {
   // app_parameters: Additional, application-specific parameters that factor
   //                 into the request generation. This is ignored for release
   //                 and renewal requests.
+  //                 Certain app parameter keys are reserved for CDM
+  //                 device identification on the license server.  These
+  //                 parameters will be overwritten by the CDM request
+  //                 generator.
   // key_request: This must be non-null and point to a CdmKeyRequest. The
   //              message field will be filled with the key request, the
   //              type field will be filled with the key request type,
@@ -92,14 +96,14 @@ class CdmEngine {
   // (c) accept a release response and release an offline license or secure
   //     stop.
   // (d) accept a service certificate and cache that information for the
-  //     the lifetime of the session.
+  //     lifetime of the session.
   //
   // |session_id| identifies the session that generated the request and can
   //              process the response. Should be empty if a release response.
   // |key_data| is the license, renewal, release response or service
   //            certificate response.
   // |license_type| must not be null. If the result is KEY_ADDED, this out
-  //                parameter indicates the type of license containd in
+  //                parameter indicates the type of license contained in
   //                key_data. For any other return code, no value is provided.
   // |key_set_id| should be non-null and specified if license release.
   //              If offline license or streaming license associated with
@@ -142,7 +146,7 @@ class CdmEngine {
       const CdmSessionId& session_id, const std::string& service_certificate);
 
   // Query system information
-  virtual CdmResponseType QueryStatus(SecurityLevel security_level,
+  virtual CdmResponseType QueryStatus(RequestedSecurityLevel security_level,
                                       const std::string& query_token,
                                       std::string* query_response);
 
@@ -180,19 +184,25 @@ class CdmEngine {
   virtual CdmResponseType GetProvisioningRequest(
       CdmCertificateType cert_type, const std::string& cert_authority,
       const std::string& service_certificate,
-      SecurityLevel requested_security_level, CdmProvisioningRequest* request,
-      std::string* default_url);
+      RequestedSecurityLevel requested_security_level,
+      CdmProvisioningRequest* request, std::string* default_url);
 
   // Verify and process a provisioning response.
   virtual CdmResponseType HandleProvisioningResponse(
       const CdmProvisioningResponse& response,
-      SecurityLevel requested_security_level, std::string* cert,
+      RequestedSecurityLevel requested_security_level, std::string* cert,
       std::string* wrapped_key);
 
   // Return true if there is a device certificate on the current
   // (origin-specific) file system.
   virtual bool IsProvisioned(CdmSecurityLevel security_level);
 
+  // Retrieves the current provisioning status based on whether a DRM
+  // certificate or an OEM certificate (in provisioning 4) exists the current
+  // (origin-specific) file system.
+  virtual CdmProvisioningStatus GetProvisioningStatus(
+      CdmSecurityLevel security_level);
+
   // Remove device DRM certificate from the current (origin-specific) file
   // system. This will force the device to reprovision itself.
   virtual CdmResponseType Unprovision(CdmSecurityLevel security_level);
@@ -233,15 +243,24 @@ class CdmEngine {
                                        int* error_detail,
                                        CdmUsageInfo* usage_info);
 
-  // Retrieve the usage info for the specified pst.
-  // Returns UNKNOWN_ERROR if no usage info was found.
-  // id. If |error_detail| is not null, an additional error code may be provided
+  // Retrieve usage info whose PST is specified by |ssid|
+  // If |error_detail| is not null, an additional error code may be provided
   // in the event of an error.
   virtual CdmResponseType GetUsageInfo(const std::string& app_id,
                                        const CdmSecureStopId& ssid,
                                        int* error_detail,
                                        CdmUsageInfo* usage_info);
 
+  // Retrieve usage info for a given security level and whose
+  // PST is specified by |ssid|.
+  // If |error_detail| is not null, an additional error code may be provided
+  // in the event of an error.
+  virtual CdmResponseType GetUsageInfo(const std::string& app_id,
+                                       const CdmSecureStopId& ssid,
+                                       RequestedSecurityLevel security_level,
+                                       int* error_detail,
+                                       CdmUsageInfo* usage_info);
+
   // Remove all usage records for the current origin.
   virtual CdmResponseType RemoveAllUsageInfo(const std::string& app_id,
                                              CdmSecurityLevel security_level);
@@ -299,6 +318,18 @@ class CdmEngine {
 
   virtual size_t SessionSize() const { return session_map_.Size(); }
 
+  // This tells the OEMCrypto adapter to ignore the next |count| keyboxes and
+  // report that it needs provisioning instead.
+  static CdmResponseType SetDebugIgnoreKeyboxCount(uint32_t count) {
+    return CryptoSession::SetDebugIgnoreKeyboxCount(count);
+  }
+
+  // This tells the OEMCrypto adapter to allow the device to continue with a
+  // test keybox. Otherwise, the keybox is reported as invalid.
+  static CdmResponseType SetAllowTestKeybox(bool allow) {
+    return CryptoSession::SetAllowTestKeybox(allow);
+  }
+
   static CdmResponseType ParseDecryptHashString(const std::string& hash_string,
                                                 CdmSessionId* id,
                                                 uint32_t* frame_number,
@@ -344,11 +375,26 @@ class CdmEngine {
   }
   virtual const std::string& GetAppPackageName() { return app_package_name_; }
   virtual void SetSpoid(const std::string& spoid) { spoid_ = spoid; }
+  virtual CdmResponseType SetPlaybackId(const CdmSessionId& session_id,
+                                        const std::string& playback_id);
+
+  virtual void SetUserId(uint32_t user_id) { user_id_ = user_id; }
+  virtual uint32_t GetUserId() const { return user_id_; }
+
+  // Changes the rules used for calculating the fallback duration
+  // when OTA keybox provisioning fails.
+  // Default rules use fallback duration measured in days, with exponential
+  // backoff.
+  // Fast rules use fallback durations of a few seconds, without exponential
+  // backoff.
+  // This method has no effect if OTA keybox is not required.
+  virtual void SetDefaultOtaKeyboxFallbackDurationRules();
+  virtual void SetFastOtaKeyboxFallbackDurationRules();
 
  protected:
   friend class CdmEngineFactory;
 
-  CdmEngine(FileSystem* file_system,
+  CdmEngine(wvutil::FileSystem* file_system,
             std::shared_ptr<metrics::EngineMetrics> metrics);
 
  private:
@@ -361,7 +407,7 @@ class CdmEngine {
 
   bool ValidateKeySystem(const CdmKeySystem& key_system);
   CdmResponseType GetUsageInfo(const std::string& app_id,
-                               SecurityLevel requested_security_level,
+                               RequestedSecurityLevel requested_security_level,
                                int* error_detail, CdmUsageInfo* usage_info);
 
   void OnKeyReleaseEvent(const CdmKeySetId& key_set_id);
@@ -370,6 +416,13 @@ class CdmEngine {
 
   void CloseExpiredReleaseSessions();
 
+  // Returns "true" if |okp_provisioner_| should be checked.
+  bool OkpCheck();
+  // Returns "true" if CdmEngine should always fallback to L3.
+  bool OkpIsInFallbackMode();
+  void OkpTriggerFallback();
+  void OkpCleanUp();
+
   // instance variables
 
   /*
@@ -385,9 +438,10 @@ class CdmEngine {
   CdmSessionMap session_map_;
   CdmReleaseKeySetMap release_key_sets_;
   std::unique_ptr<CertificateProvisioning> cert_provisioning_;
-  FileSystem* file_system_;
-  Clock clock_;
+  wvutil::FileSystem* file_system_;
+  wvutil::Clock clock_;
   std::string spoid_;
+  uint32_t user_id_;
 
   // Usage related variables
   // Used to isolate a single active usage information license.  Loading,
@@ -413,6 +467,23 @@ class CdmEngine {
   // occur that may subsequently call back into CdmEngine.
   std::recursive_mutex session_map_lock_;
 
+  // OTA Keybox Provisioning (OKP)
+  // Engine should check for the OKP status of the device before opening
+  // sessions or generating DRM cert provisioning requests.
+  bool okp_initialized_ = false;
+  // If OKP is required, then the engine should create an instance
+  // of |okp_provisioner_|.  If the instance exists, it should be used
+  // for GetProvisionRequest, ProvideProvisionRequest, and
+  // OpenSession when requested with default security level.
+  std::unique_ptr<OtaKeyboxProvisioner> okp_provisioner_;
+  // Should the engine need to fallback, this flag should be set to
+  // true and |okp_provisioner_| should be cleared.  All follow-up
+  // requests from the app with security level default should use L3.
+  bool okp_fallback_ = false;
+  // To prevent race conditions around the engine's OKP state, this mutex
+  // should be locked before the use of any of the |okp_*| variables.
+  std::mutex okp_mutex_;
+
   CORE_DISALLOW_COPY_AND_ASSIGN(CdmEngine);
 };