Source release 19.2.0
This commit is contained in:
Alex Dale
@@ -265,6 +265,8 @@ class CdmSession {
|
||||
|
||||
bool HasRootOfTrustBeenRenewed();
|
||||
|
||||
CdmResponseType ResetCryptoSession();
|
||||
|
||||
// These setters are for testing only. Takes ownership of the pointers.
|
||||
void set_license_parser(CdmLicense* license_parser);
|
||||
void set_crypto_session(CryptoSession* crypto_session);
|
||||
@@ -340,8 +342,9 @@ class CdmSession {
|
||||
bool has_license_been_loaded_ = false;
|
||||
bool has_license_been_restored_ = false;
|
||||
|
||||
bool mock_license_parser_in_use_;
|
||||
bool mock_policy_engine_in_use_;
|
||||
bool mock_crypto_session_in_use_ = false;
|
||||
bool mock_license_parser_in_use_ = false;
|
||||
bool mock_policy_engine_in_use_ = false;
|
||||
|
||||
CORE_DISALLOW_COPY_AND_ASSIGN(CdmSession);
|
||||
};
|
||||
|
||||
@@ -114,7 +114,8 @@ class CryptoSession {
|
||||
RequestedSecurityLevel requested_security_level, std::string* oem_cert);
|
||||
// Retrieves the embedded public certificate from OEMCrypto.
|
||||
// Only valid for L3 devices with embedded (baked-in) certificates.
|
||||
virtual CdmResponseType GetTokenFromEmbeddedCertificate(std::string* token);
|
||||
virtual CdmResponseType GetTokenFromEmbeddedCertificate(
|
||||
RequestedSecurityLevel requested_security_level, std::string* token);
|
||||
|
||||
// The overloaded methods with |requested_level| may be called
|
||||
// without a preceding call to Open. The other method must call Open first.
|
||||
@@ -153,6 +154,7 @@ class CryptoSession {
|
||||
|
||||
virtual CdmResponseType Open() { return Open(kLevelDefault); }
|
||||
virtual CdmResponseType Open(RequestedSecurityLevel requested_security_level);
|
||||
virtual CdmResponseType MarkOfflineSession();
|
||||
virtual void Close();
|
||||
|
||||
virtual bool IsOpen() { return open_; }
|
||||
|
||||
@@ -90,6 +90,15 @@ class CdmLicense {
|
||||
const CdmKeyResponse& license_response,
|
||||
std::string* provider_session_token);
|
||||
|
||||
// Testing only. Caller retains ownership of pointers.
|
||||
void set_crypto_session(CryptoSession* crypto_session) {
|
||||
crypto_session_ = crypto_session;
|
||||
}
|
||||
|
||||
void set_policy_engine(PolicyEngine* policy_engine) {
|
||||
policy_engine_ = policy_engine;
|
||||
}
|
||||
|
||||
private:
|
||||
CdmResponseType HandleKeyErrorResponse(
|
||||
const video_widevine::SignedMessage& signed_message);
|
||||
@@ -131,8 +140,8 @@ class CdmLicense {
|
||||
bool SetTypeAndId(CdmLicenseType license_type, const std::string& request_id,
|
||||
T* content_id);
|
||||
|
||||
CryptoSession* crypto_session_;
|
||||
PolicyEngine* policy_engine_;
|
||||
CryptoSession* crypto_session_ = nullptr;
|
||||
PolicyEngine* policy_engine_ = nullptr;
|
||||
std::string server_url_;
|
||||
std::string client_token_;
|
||||
const CdmSessionId session_id_;
|
||||
|
||||
@@ -106,6 +106,8 @@ class PolicyEngine {
|
||||
|
||||
virtual const LicenseIdentification& license_id() { return license_id_; }
|
||||
|
||||
WvCdmEventListener* event_listener() { return event_listener_; }
|
||||
|
||||
bool GetSecondsSinceStarted(int64_t* seconds_since_started);
|
||||
bool GetSecondsSinceLastPlayed(int64_t* seconds_since_started);
|
||||
|
||||
@@ -131,6 +133,11 @@ class PolicyEngine {
|
||||
return license_keys_->MeetsConstraints(key_id);
|
||||
}
|
||||
|
||||
// Testing only. Caller retains ownership.
|
||||
void set_crypto_session(CryptoSession* crypto_session) {
|
||||
crypto_session_ = crypto_session;
|
||||
}
|
||||
|
||||
private:
|
||||
friend class PolicyEngineTest;
|
||||
friend class PolicyEngineConstraintsTest;
|
||||
|
||||
@@ -37,7 +37,10 @@ class AesCbcKey {
|
||||
~AesCbcKey();
|
||||
|
||||
bool Init(const std::string& key);
|
||||
bool Encrypt(const std::string& in, const std::string& iv, std::string* out);
|
||||
bool Encrypt(const std::string& in, const std::string& iv, std::string* out,
|
||||
bool has_padding = true);
|
||||
bool Decrypt(const std::string& in, const std::string& iv, std::string* out,
|
||||
bool has_padding = true);
|
||||
|
||||
private:
|
||||
std::string key_;
|
||||
@@ -82,6 +85,7 @@ bool ExtractExtensionValueFromCertificate(const std::string& cert,
|
||||
size_t cert_index, uint32_t* value);
|
||||
|
||||
std::string Md5Hash(const std::string& data);
|
||||
std::string Sha1Hash(const std::string& data);
|
||||
std::string Sha256Hash(const std::string& data);
|
||||
std::string Sha512Hash(const std::string& data);
|
||||
|
||||
|
||||
@@ -12,6 +12,7 @@ namespace wvutil {
|
||||
class FileSystem;
|
||||
} // namespace wvutil
|
||||
namespace wvcdm {
|
||||
// Forward declarations.
|
||||
class CryptoSession;
|
||||
class DeviceFiles;
|
||||
|
||||
@@ -20,6 +21,22 @@ class DeviceFiles;
|
||||
// different place.
|
||||
class SystemIdExtractor {
|
||||
public:
|
||||
// The constructor should be provided all the parameters necessary
|
||||
// to find the system ID. Although certain provisioning methods
|
||||
// may not use all parameters, this class must behave in a way which
|
||||
// makes it as easy as possible to obtain the system ID, all
|
||||
// parameters are required.
|
||||
//
|
||||
// Parameters:
|
||||
// |security_level|
|
||||
// - Requested security level, uses the |crypto_session| handle
|
||||
// to convert to a concrete security level.
|
||||
// |crypto_sesssion|
|
||||
// - Handle into the OEMCrypto platform. If handle is open,
|
||||
// then the session's real security level should match
|
||||
// |security_level|.
|
||||
// |fs|
|
||||
// - File system handle to the global file system.
|
||||
SystemIdExtractor(RequestedSecurityLevel security_level,
|
||||
CryptoSession* crypto_session, wvutil::FileSystem* fs);
|
||||
virtual ~SystemIdExtractor() {}
|
||||
@@ -30,12 +47,17 @@ class SystemIdExtractor {
|
||||
SystemIdExtractor& operator=(const SystemIdExtractor&) = delete;
|
||||
SystemIdExtractor& operator=(SystemIdExtractor&&) = delete;
|
||||
|
||||
// Extracts the system ID from the appropriate source.
|
||||
virtual bool ExtractSystemId(uint32_t* system_id);
|
||||
|
||||
// Extracts the system ID from a keybox key data (aka CA token).
|
||||
static bool ExtractSystemIdFromKeyboxData(const std::string& key_data,
|
||||
uint32_t* system_id);
|
||||
// Extracts the system ID from a serialized OEM certificate.
|
||||
// System ID is expected to be in the manufacturer's intermediate
|
||||
// X.509 certificate from the Widevine-defined X.509 v3
|
||||
// Extension found in the TBSCertificate "extensions" attribute.
|
||||
// See RFC 5280 for X.509 certificate structure.
|
||||
static bool ExtractSystemIdFromOemCert(const std::string& oem_cert,
|
||||
uint32_t* system_id);
|
||||
|
||||
@@ -44,13 +66,15 @@ class SystemIdExtractor {
|
||||
}
|
||||
|
||||
private:
|
||||
// Note: All the internal ExtractSystemId*() methods assume
|
||||
// |system_id| is not null.
|
||||
|
||||
// Extracts the system ID from keybox-based OEMCrypto implementations.
|
||||
// System ID is expected to be found in the keybox data. Devices
|
||||
// which require OTA keybox provisioning will return a null system ID.
|
||||
bool ExtractSystemIdProv20(uint32_t* system_id);
|
||||
// Extracts the system ID from OEM certificate-based OEMCrypto
|
||||
// implementations. System ID is expected to be in the manufacturers
|
||||
// intermediate X.509 certificate.
|
||||
// implementations.
|
||||
bool ExtractSystemIdProv30(uint32_t* system_id);
|
||||
// Extracts the system ID from BCC-based OEMCrypto implementations.
|
||||
// System ID is expected to be found in the stored OEM certificate
|
||||
@@ -58,10 +82,25 @@ class SystemIdExtractor {
|
||||
// Clients which have not performed BCC provisioning will return
|
||||
// a null system ID.
|
||||
bool ExtractSystemIdProv40(uint32_t* system_id);
|
||||
// Extracts the system ID from DRM certificate-base Drm Reprovisioning
|
||||
// implementations. The system ID is expected to be in the DRM
|
||||
// certificate that is baked into the L3 CDM.
|
||||
bool ExtractSystemIdDrmReprovisioning(uint32_t* system_id);
|
||||
|
||||
// Add future extraction methods here.
|
||||
|
||||
// Verifies that if |crypto_session_| is opened, that the
|
||||
// security level is matches the instances |security_level_|.
|
||||
// If unopened, verifies that |security_level_| is a defined
|
||||
// value.
|
||||
// Returns true if security level is valid, false otherwise.
|
||||
bool VerifySecurityLevelExpectations();
|
||||
|
||||
RequestedSecurityLevel security_level_ = kLevelDefault;
|
||||
CryptoSession* crypto_session_ = nullptr;
|
||||
wvutil::FileSystem* fs_ = nullptr;
|
||||
// Test only handle to DeviceFiles. When not null, |fs_| will be
|
||||
// ignored.
|
||||
DeviceFiles* test_device_files_ = nullptr;
|
||||
};
|
||||
} // namespace wvcdm
|
||||
|
||||
@@ -948,6 +948,8 @@ const char* IdToString(const std::string& id);
|
||||
// provided as string pointers.
|
||||
const char* IdPtrToString(const std::string* id);
|
||||
|
||||
const char* BoolToString(bool value);
|
||||
|
||||
// Logging utilities for OEMCrypto types.
|
||||
const char* OemCryptoResultToString(OEMCryptoResult result);
|
||||
} // namespace wvcdm
|
||||
|
||||
Reference in New Issue
Block a user