Source release 19.6.0

GitOrigin-RevId: 13a33e34413c19da1bfe76abcc66be519c9ac9d1
2025-05-30 14:47:25 -07:00
parent f7ec4fdeff
commit 6d36a0c93d
59 changed files with 3327 additions and 1491 deletions
--- a/core/include/cdm_engine.h
+++ b/core/include/cdm_engine.h
@@ -214,6 +214,15 @@ class CdmEngine {
  // system. This will force the device to reprovision itself.
  virtual CdmResponseType Unprovision(CdmSecurityLevel security_level);

+  // Remove the system's REE-side OEM certificate for the specified
+  // |security_level|.
+  // Only effects two-stage provisioning devices which have an OEM cert
+  // in the REE side file system.
+  // Removing the OEM certificate will cause all DRM certificates tied to
+  // the OEM certificate to be invalidated and unloadable to future
+  // sessions.
+  virtual CdmResponseType UnprovisionOemCert(CdmSecurityLevel security_level);
+
  // Return the list of key_set_ids stored on the current (origin-specific)
  // file system.
  virtual CdmResponseType ListStoredLicenses(
--- a/core/include/cdm_session.h
+++ b/core/include/cdm_session.h
@@ -265,7 +265,7 @@ class CdmSession {
  // true otherwise.
  bool VerifyOfflineUsageEntry();

-  bool HasRootOfTrustBeenRenewed();
+  bool HasRootOfTrustBeenRenewed(bool is_load);

  CdmResponseType ResetCryptoSession();

@@ -327,6 +327,7 @@ class CdmSession {
  UsageEntryIndex usage_entry_index_ = 0;
  UsageEntry usage_entry_;
  std::string usage_provider_session_token_;
+  std::string exported_license_data_;

  // information useful for offline and usage scenarios
  CdmKeyMessage key_request_;
--- a/core/include/certificate_provisioning.h
+++ b/core/include/certificate_provisioning.h
@@ -73,6 +73,28 @@ class CertificateProvisioning {
  // |default_url| by GetProvisioningRequest().
  static void GetProvisioningServerUrl(std::string* default_url);

+  enum State {
+    // Freshly created, not yet initialized.
+    kUninitialized,
+    // A successful call to Init() has been made.
+    kInitialized,
+    // Has generated a DRM request; apps are allowed generate
+    // another one even if a response has not been received.
+    kDrmRequestSent,
+    // Has received (and successfully loaded) a DRM response.
+    kDrmResponseReceived,
+    // Has generated an OEM (Prov 4.0) request; apps are allowed
+    // generate another one even if a response has not been
+    // received.
+    kOemRequestSent,
+    // Has received (and successfully loaded) an OEM response.
+    kOemResponseReceived,
+  };
+  static const char* StateToString(State state);
+
+  // State setter for testing only.
+  void SetStateForTesting(State state) { state_ = state; }
+
 private:
 #if defined(UNIT_TEST)
  friend class CertificateProvisioningTest;
@@ -123,18 +145,29 @@ class CertificateProvisioning {
  CdmResponseType CloseSessionOnError(CdmResponseType status);
  void CloseSession();

+  // Tracks the state of CertificateProvisioning.
+  State state_ = kUninitialized;
+
  std::unique_ptr<CryptoSession> crypto_session_;
  CdmCertificateType cert_type_;
  std::unique_ptr<ServiceCertificate> service_certificate_;
  std::string request_;
+
+  // == Provisioning 4.0 Variables ==
  // The wrapped private key in provisioning 4 generated by calling
  // GenerateCertificateKeyPair. It will be saved to file system if a valid
  // response is received.
-  std::string provisioning_40_wrapped_private_key_;
-  // Key type of the generated key pair in provisioning 4.
-  CryptoWrappedKey::Type provisioning_40_key_type_;
-  // Store the last provisioning request message
-  std::string provisioning_request_message_;
+  CryptoWrappedKey prov40_wrapped_private_key_;
+  // Cache of the most recently sent OEM/DRM public key sent.  Used
+  // to match the response with the request.
+  // This MUST be matched with the current |prov40_wrapped_private_key_|.
+  std::string prov40_public_key_;
+
+  // Store the last provisioning request message.
+  // This is the serialized ProvisioningRequest.
+  // Used for X.509 responses which require the original
+  // request to verify the signature of the response.
+  std::string prov40_request_;
 };  // class CertificateProvisioning
 }  // namespace wvcdm
 #endif  // WVCDM_CORE_CERTIFICATE_PROVISIONING_H_
--- a/core/include/crypto_session.h
+++ b/core/include/crypto_session.h
@@ -359,6 +359,9 @@ class CryptoSession {
      RequestedSecurityLevel requested_security_level,
      CdmClientTokenType* token_type);

+  virtual CdmResponseType LoadLicenseData(const std::string& data);
+  virtual CdmResponseType SaveLicenseData(std::string* data);
+
  // OTA Provisioning

  static bool needs_keybox_provisioning() { return needs_keybox_provisioning_; }
--- a/core/include/crypto_wrapped_key.h
+++ b/core/include/crypto_wrapped_key.h
@@ -5,6 +5,7 @@
 #define WVCDM_CORE_CRYPTO_WRAPPED_KEY_H_

 #include <string>
+#include <utility>

 #include "wv_class_utils.h"

@@ -20,6 +21,8 @@ class CryptoWrappedKey {
  WVCDM_DEFAULT_COPY_AND_MOVE(CryptoWrappedKey);
  CryptoWrappedKey(Type type, const std::string& key)
      : type_(type), key_(key) {}
+  CryptoWrappedKey(Type type, std::string&& key)
+      : type_(type), key_(std::move(key)) {}

  Type type() const { return type_; }
  void set_type(Type type) { type_ = type; }
@@ -28,6 +31,7 @@ class CryptoWrappedKey {
  // Mutable reference getter for passing to OMECrypto.
  std::string& key() { return key_; }
  void set_key(const std::string& key) { key_ = key; }
+  void set_key(std::string&& key) { key_ = std::move(key); }

  void Clear() {
    type_ = kUninitialized;
--- a/core/include/device_files.h
+++ b/core/include/device_files.h
@@ -110,6 +110,8 @@ class DeviceFiles {
    UsageEntryIndex usage_entry_index;
    std::string drm_certificate;
    CryptoWrappedKey wrapped_private_key;
+    // Exported license data
+    std::string exported_license_data;
  };

  struct CdmUsageData {
--- a/core/include/properties.h
+++ b/core/include/properties.h
@@ -75,6 +75,8 @@ class Properties {
  static bool GetProductName(std::string* product_name);
  static bool GetBuildInfo(std::string* build_info);
  static bool GetWVCdmVersion(std::string* version);
+  static bool GetPlatform(std::string* platform);
+  static bool GetFormFactor(std::string* form_factor);
  // Gets the base path for the device non-secure storage. Note that, depending
  // on the value of device_files_is_a_real_filesystem, this may or may not be
  // a real filesystem path.
--- a/core/include/wv_cdm_types.h
+++ b/core/include/wv_cdm_types.h
@@ -465,6 +465,9 @@ enum CdmResponseEnum : int32_t {
  GET_DEVICE_SIGNED_CSR_PAYLOAD_ERROR = 399,
  GET_TOKEN_FROM_EMBEDDED_CERT_ERROR = 400,
  GET_BCC_SIGNATURE_TYPE_ERROR = 401,
+  PROVISIONING_UNEXPECTED_RESPONSE_ERROR = 402,
+  PROVISIONING_4_STALE_RESPONSE = 403,
+  PROVISIONING_4_FAILED_TO_VERIFY_CERT_KEY = 404,
  // Don't forget to add new values to
  //  * core/src/wv_cdm_types.cpp
  //  * android/include/mapErrors-inl.h