Source release 17.1.0

core/include/certificate_provisioning.h

@@ -1,6 +1,6 @@
 // Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
-// source code may only be used and distributed under the Widevine Master
-// License Agreement.
+// source code may only be used and distributed under the Widevine License
+// Agreement.
 
 #ifndef WVCDM_CORE_CERTIFICATE_PROVISIONING_H_
 #define WVCDM_CORE_CERTIFICATE_PROVISIONING_H_
@@ -16,11 +16,14 @@
 #include "service_certificate.h"
 #include "wv_cdm_types.h"
 
+namespace wvutil {
+class FileSystem;
+}
+
 namespace wvcdm {
 
 class CdmClientPropertySet;
 class CdmSession;
-class FileSystem;
 class ServiceCertificate;
 
 class CertificateProvisioning {
@@ -35,17 +38,16 @@ class CertificateProvisioning {
 
   // Construct a valid provisioning request.
   // The request will be sent to the provisioning server.
-  CdmResponseType GetProvisioningRequest(SecurityLevel requested_security_level,
-                                         CdmCertificateType cert_type,
-                                         const std::string& cert_authority,
-                                         const std::string& origin,
-                                         const std::string& spoid,
-                                         CdmProvisioningRequest* request,
-                                         std::string* default_url);
+  CdmResponseType GetProvisioningRequest(
+      wvutil::FileSystem* file_system,
+      RequestedSecurityLevel requested_security_level,
+      CdmCertificateType cert_type, const std::string& cert_authority,
+      const std::string& origin, const std::string& spoid,
+      CdmProvisioningRequest* request, std::string* default_url);
 
   // Process the provisioning response.
   CdmResponseType HandleProvisioningResponse(
-      FileSystem* file_system, const CdmProvisioningResponse& response,
+      wvutil::FileSystem* file_system, const CdmProvisioningResponse& response,
       std::string* cert, std::string* wrapped_key);
 
   bool supports_core_messages() const { return supports_core_messages_; }
@@ -54,26 +56,72 @@ class CertificateProvisioning {
 
   // Extract serial number and system ID from a DRM Device certificate.
   // Either |serial_number| or |system_id| may be null, but not both.
+  // Both |creation_time_seconds| and |expiration_time_seconds| may be null.
+  // |creation_time_seconds| and |expiration_time_seconds| will be set to -1
+  // if not present, 0 if unlimited and a valid time otherwise
   static bool ExtractDeviceInfo(const std::string& device_certificate,
-                                std::string* serial_number,
-                                uint32_t* system_id);
+                                std::string* serial_number, uint32_t* system_id,
+                                int64_t* creation_time_seconds,
+                                int64_t* expiration_time_seconds);
 
   // Removes json wrapping if applicable to extract the
   // SignedProvisioningMessage
-  static bool ExtractAndDecodeSignedMessageForTesting(
+  static bool ExtractAndDecodeSignedMessage(
       const std::string& provisioning_response, std::string* result);
 
+  // Retrieve the provisioning server URL used for certificate
+  // provisioning. This will be the same value as returned in
+  // |default_url| by GetProvisioningRequest().
+  static void GetProvisioningServerUrl(std::string* default_url);
+
  private:
+  CdmResponseType GetProvisioningRequestInternal(
+      wvutil::FileSystem* file_system,
+      RequestedSecurityLevel requested_security_level,
+      CdmCertificateType cert_type, const std::string& cert_authority,
+      const std::string& origin, const std::string& spoid,
+      CdmProvisioningRequest* request, std::string* default_url);
+  CdmResponseType GetProvisioning40RequestInternal(
+      wvutil::FileSystem* file_system, const std::string& origin,
+      const std::string& spoid, CdmProvisioningRequest* request,
+      std::string* default_url);
+  CdmResponseType FillEncryptedClientId(
+      const std::string& client_token,
+      video_widevine::ProvisioningRequest& provisioning_request,
+      const ServiceCertificate& service_certificate);
+  CdmResponseType FillEncryptedClientIdWithAdditionalParameter(
+      const std::string& client_token,
+      const CdmAppParameterMap& additional_parameter,
+      video_widevine::ProvisioningRequest& provisioning_request,
+      const ServiceCertificate& service_certificate);
+  CdmResponseType HandleProvisioning40Response(
+      wvutil::FileSystem* file_system, const std::string& response_message);
+
   CdmResponseType SetSpoidParameter(
       const std::string& origin, const std::string& spoid,
       video_widevine::ProvisioningRequest* request);
 
-  video_widevine::SignedProvisioningMessage::ProtocolVersion
-  GetProtocolVersion();
+  video_widevine::SignedProvisioningMessage::ProvisioningType
+  GetProvisioningType();
+
+  // Closes crypto session if one is open. Avoid calling this method when
+  // processing a response. Multiple provisioning responses might be
+  // simultaneously in flight. Only the response associated with the last
+  // provisioning request can be processed. All the other responses will
+  // fail. If the session is closed when these responses fail, even the one
+  // associated with the last provisioning request may fail.
+  CdmResponseType CloseSessionOnError(CdmResponseType status);
+  void CloseSession();
 
   std::unique_ptr<CryptoSession> crypto_session_;
   CdmCertificateType cert_type_;
   std::unique_ptr<ServiceCertificate> service_certificate_;
+  // The wrapped private key in provisioning 4 generated by calling
+  // GenerateCertificateKeyPair. It will be saved to file system if a valid
+  // response is received.
+  std::string provisioning_40_wrapped_private_key_;
+  // Key type of the generated key pair in provisioning 4.
+  CryptoWrappedKey::Type provisioning_40_key_type_;
 
   // Indicates whether OEMCrypto supports core messages, and whether the
   // CDM should expect a core message in the response.  This is primarily