// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary // source code may only be used and distributed under the Widevine Master // License Agreement. // // This source file provides a basic set of unit tests for the Content // Decryption Module (CDM). #include #include #include "cdm.h" #include "cdm_test_printers.h" #include "config_test_env.h" #include "decryption_test_data.h" #include "license_request.h" #include "log.h" #include "oec_device_features.h" #include "OEMCryptoCENC.h" #include "override.h" #include "properties_ce.h" #include "scoped_ptr.h" #include "service_certificate.h" #include "string_conversions.h" #include "test_base.h" #include "test_host.h" #include "test_printers.h" #include "url_request.h" using namespace testing; using namespace wvcdm; namespace widevine { namespace { const int kHttpOk = 200; const int kRenewalTestDelayMs = 3 * 60 * 1000; const int kExpirationTestDelayMs = 5 * 60 * 1000; const int kOfflineLicenseDurationMs = 604800 * 1000; const Cdm::SessionType kBogusSessionType = static_cast(-1); const Cdm::InitDataType kBogusInitDataType = static_cast(-1); const std::string kBogusSessionId = "asdf"; const std::string kCencInitData = a2bs_hex( "00000042" // blob size "70737368" // "pssh" "00000000" // flags "edef8ba979d64acea3c827dcd51d21ed" // Widevine system id "00000022" // pssh data size // pssh data: "08011a0d7769646576696e655f746573" "74220f73747265616d696e675f636c69" "7031"); const std::string kCencPersistentInitData = a2bs_hex( "00000040" // blob size "70737368" // "pssh" "00000000" // flags "edef8ba979d64acea3c827dcd51d21ed" // Widevine system id "00000020" // pssh data size // pssh data: "08011a0d7769646576696e655f746573" "74220d6f66666c696e655f636c697032"); const std::string kInvalidCencInitData = a2bs_hex( "0000000c" // blob size "61736466" // "asdf" (wrong box type) "01020304"); // nonsense const std::string kNonWidevineCencInitData = a2bs_hex( "00000020" // blob size "70737368" // "pssh" "00000000" // flags "000102030405060708090a0b0c0d0e0f" // unknown system id "00000000"); // pssh data size const std::string kWebMInitData = a2bs_hex("deadbeefdeadbeefdeadbeefdeadbeef"); const std::string kKeyIdsInitData = "{\"kids\":[\"67ef0gd8pvfd0\",\"77ef0gd8pvfd0\"]}"; const std::string kHlsInitData = "#EXT-X-KEY:METHOD=SAMPLE-AES,KEYFORMAT=\"com.widevine\",KEYFORMATVERSIONS=" "\"1\",URI=\"data:text/plain;base64,ew0KICAgInByb3ZpZGVyIjogIndpZGV2aW5lX3R" "lc3QiLA0KICAgImNvbnRlbnRfaWQiOiAiWW1sblluVmphMkoxYm01NSIsDQogICAia2V5X2lkc" "yI6IFsNCiAgICAgICI5Yjc1OTA0MDMyMWE0MDhhNWM3NzY4YjQ1MTEyODdhNiINCiAgIF0NCn0" "=\",IV=0x75537a79fa41abc7b598ea72aba0c26f"; const std::string kCencEntitlementInitData1 = a2bs_hex( "000001fb" // blob size "70737368" // "pssh" "00000000" // flags "edef8ba979d64acea3c827dcd51d21ed" // Widevine system id "000001db" // pssh data size // pssh data: "220b47726f7570563254657374381448" "e3dc959b065002580272580a10668093" "381a8c5be48a0168ce372726ac1210c8" "326486bb5d5c4a958f00b1111afc811a" "20082cd9d3aed3ebe6239d30fbcf0b22" "1d28cbb0360ea1295c2363973346ec00" "512210914781334e864c8eb7f768cf26" "49073872580a10f872d11d5b1052f2bd" "a94e60a0e383021210450897c987a85c" "2e9579f968554a12991a2097e603ceea" "f35ed8cef1029eae7a0a54701e3d6db6" "80e7da1de3b22a8db347fb2210b41c34" "29b7bb96972bbaf6587bc0ddf172580a" "10bac58b9fce9e5929a42a180e529f19" "4712103f11f22988d25659b145ce4854" "3e6b141a20416e22768e5a57b08d155e" "5210d00658056947ff06d626668bceb3" "5eb01c6b57221081fb2ff3fef79d332f" "f98be46233596972580a101261c8036d" "ae5c8caa968858aa0ca9cc12106d583c" "b37c1456519843a81cf49912221a20c2" "1116bb54a226e8d879a4cd41d8879920" "2ae85b80d83b1b4447e5d7fcad6f6a22" "100b27a4c3f44771d2b0c7c34c66af35" "b572580a10ab1c8c259c6b5967991389" "65bff5ac0c1210b5b4473658565d3786" "efaf4b85d8e6e21a203ce6a9085285c2" "ece0b650dc83dd7aa8ac849611a8e3f8" "3c8f389223c0f3621522101946f0c2a3" "d543101cc842bbec2d0b30"); const std::string kCencEntitlementInitData2 = a2bs_hex( "000001fb" // blob size "70737368" // "pssh" "00000000" // flags "edef8ba979d64acea3c827dcd51d21ed" // Widevine system id "000001db" // pssh data size // pssh data: "220b47726f7570563254657374381548" "e3dc959b065002580272580a10668093" "381a8c5be48a0168ce372726ac1210f8" "488775a99855ff94b93ec5bd4993561a" "20d15ba631c20e95da0d4857f6a1d25a" "a3bccbd3fde18b3fdc1dd8c4f0ede76f" "402210d6dd3675f0d1150052e81b9107" "6d7fc172580a10f872d11d5b1052f2bd" "a94e60a0e383021210ad1f93ad921e53" "b097c415b2bf1ef1c61a20b2087b60a2" "d253ac2158a1bfa789b150b79701b29e" "c852a2662560f8b8977a4c2210051ed3" "2628671fbda58f506ba5ea713972580a" "10bac58b9fce9e5929a42a180e529f19" "47121027cdda7bfe5e5fd4bff2ebc9c7" "c020701a20f2cb1184d648a2404517e6" "7a39d698332aae6bb890a69bf7ddb536" "75b8ac41c62210a80ed7f9b728fdd566" "0b01b173ace26372580a101261c8036d" "ae5c8caa968858aa0ca9cc1210769a70" "0442a25bf5ae17174c70f4cb8e1a206c" "7b2012723fc47c83b003ea214204915f" "9a63dc373bf219f36ccf5697589aa422" "10bcc3c16e836cca264d5493a0c334d3" "4872580a10ab1c8c259c6b5967991389" "65bff5ac0c1210894b04aef78557c6a7" "e6e8855febbcc91a2025cc545ee3cd0c" "c323586610ff6a8f8f22a78f5fade2f2" "1083f152c52208f16d2210257aacacec" "512a2e769396b10e6d9dfa"); // This Key ID must match the key retrieved from the license server by // kCencInitData. const std::vector kKeyIdCtr = a2b_hex( "371ea35e1a985d75d198a7f41020dc23"); // This Key ID must match the key retrieved from the license server by // kHlsInitData. const std::vector kKeyIdCbc = a2b_hex( "9b759040321a408a5c7768b4511287a6"); // This Key ID must match a key embedded in kCencEntitlementInitData1. const std::vector kKeyIdEntitlement1 = a2b_hex( "c8326486bb5d5c4a958f00b1111afc81"); // This Key ID must match a key embedded in kCencEntitlementInitData2. const std::vector kKeyIdEntitlement2 = a2b_hex( "f8488775a99855ff94b93ec5bd499356"); // A default pattern object disables patterns during decryption. const Cdm::Pattern kPatternNone; // The recommended pattern from CENC 3.0, which is also the pattern used by // HLS. Encrypts 1 in every 10 crypto blocks. const Cdm::Pattern kPatternRecommended(1, 9); // The recommended pattern for HLS Audio, which should be decrypted in CENC 3.0 // cbcs mode despite not using patterns. This pattern disables patterned // decryption by having one encrypted block and no clear blocks. const Cdm::Pattern kPatternHlsAudio(1, 0); const std::string kValue = "A Value"; const std::string kNewValue = "A New Value"; const std::string kParamName = "PARAM"; const std::string kParamName2 = "PARAM2"; class CdmTest : public WvCdmTestBase, public Cdm::IEventListener { public: CdmTest() {} virtual ~CdmTest() {} // IEventListener mocks: MOCK_METHOD3(onMessage, void(const std::string& session_id, Cdm::MessageType message_type, const std::string& message)); MOCK_METHOD2(onKeyStatusesChange, void(const std::string& session_id, bool has_new_usable_key)); MOCK_METHOD1(onRemoveComplete, void(const std::string& session_id)); MOCK_METHOD2(onDeferredComplete, void(const std::string& session_id, Cdm::Status error_code)); MOCK_METHOD2(onDirectIndividualizationRequest, void(const std::string& session_id, const std::string& message)); protected: virtual void SetUp() OVERRIDE { WvCdmTestBase::SetUp(); // Clear anything stored, load default device cert. g_host->Reset(); // Reinit the library. Cdm::Status status = Cdm::initialize( Cdm::kNoSecureOutput, PropertiesCE::GetClientInfo(), g_host, g_host, g_host, static_cast(g_cutoff)); ASSERT_EQ(Cdm::kSuccess, status); // Make a fresh CDM. RecreateCdm(true /* privacy_mode */); } virtual void TearDown() OVERRIDE { } void RecreateCdm(bool privacy_mode) { CreateAdditionalCdm(privacy_mode, &cdm_); cdm_->setServiceCertificate(config_.license_service_certificate()); } void CreateAdditionalCdm(bool privacy_mode, scoped_ptr* cdm) { cdm->reset(Cdm::create(this, g_host, privacy_mode)); ASSERT_NE((Cdm*)0, cdm->get()); } bool Fetch(const std::string& url, const std::string& message, std::string* response, int* status_code) { UrlRequest url_request(url); EXPECT_TRUE(url_request.is_connected()); if (!url_request.is_connected()) { return false; } url_request.PostRequest(message); std::string http_response; url_request.GetResponse(&http_response); // Some license servers return 400 for invalid message, some // return 500; treat anything other than 200 as an invalid message. int http_status_code = url_request.GetStatusCode(http_response); if (status_code) { *status_code = http_status_code; } if (response) { if (http_status_code == kHttpOk) { // Parse out HTTP and server headers and return the body only. std::string reply_body; LicenseRequest lic_request; lic_request.GetDrmMessage(http_response, reply_body); *response = reply_body; } else { *response = http_response; } LOGV("Reply body(hex): \n%s\n", b2a_hex(*response).c_str()); LOGV("Reply body(b64): \n%s\n", Base64SafeEncode( std::vector(response->begin(), response->end())).c_str()); } return true; } void FetchCertificate(const std::string& url, std::string* response) { int status_code; bool ok = Fetch(url, "", response, &status_code); ASSERT_TRUE(ok); if (ok) ASSERT_EQ(kHttpOk, status_code) << "Error response: " << *response << "\n" << "url: " << url; } bool FetchServiceCertificate(const std::string& url, std::string* response) { std::string request; int status; if (!ServiceCertificate::GetRequest(&request)) { LOGE("FAILED to generate service certificate request."); return false; } if (!Fetch (url, request, response, &status)) { LOGE("FAILED to get service certificate response: sts=%d", status); return false; } LOGV("Reply body(hex): \n%s\n", b2a_hex(*response).c_str()); LOGV("Reply body(b64): \n%s\n", Base64SafeEncode(std::vector(response->begin(), response->end())).c_str()); return true; } void FetchLicense(const std::string& license_server, const std::string& message, std::string* response) { int status_code; bool ok = Fetch(license_server, message, response, &status_code); ASSERT_TRUE(ok); if (ok) ASSERT_EQ(kHttpOk, status_code) << "Error response: " << *response << "\n" << "license_server: " << license_server; } void FetchLicenseFailure(const std::string& message, int expected_status_code) { int status_code; bool ok = Fetch(config_.license_server(), message, NULL, &status_code); ASSERT_TRUE(ok); if (ok) ASSERT_EQ(expected_status_code, status_code); } void CreateSessionAndGenerateRequest(Cdm::SessionType session_type, Cdm::InitDataType init_data_type, std::string* session_id, std::string* message) { Cdm::Status status; status = cdm_->setServiceCertificate(config_.license_service_certificate()); ASSERT_EQ(Cdm::kSuccess, status); status = cdm_->createSession(session_type, session_id); ASSERT_EQ(Cdm::kSuccess, status); std::string init_data; if (session_type == Cdm::kTemporary) { if (init_data_type == Cdm::kCenc) { init_data = kCencInitData; } else if (init_data_type == Cdm::kHls) { init_data = kHlsInitData; } } else if (session_type == Cdm::kPersistentLicense || session_type == Cdm::kPersistentUsageRecord) { if (init_data_type == Cdm::kCenc) { init_data = kCencPersistentInitData; } } ASSERT_FALSE(init_data.empty()); EXPECT_CALL(*this, onMessage(*session_id, Cdm::kLicenseRequest, _)) .WillOnce(SaveArg<2>(message)); status = generateRequestWithRetry(*session_id, init_data_type, init_data); ASSERT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); } void CreateSessionAndFetchLicense(Cdm::SessionType session_type, Cdm::InitDataType init_data_type, std::string* session_id, std::string* response) { std::string message; ASSERT_NO_FATAL_FAILURE(CreateSessionAndGenerateRequest( session_type, init_data_type, session_id, &message)); std::string license_server; if (init_data_type == Cdm::kCenc) { license_server = config_.license_server(); } else if (init_data_type == Cdm::kHls) { license_server = config_.license_server(); } ASSERT_FALSE(license_server.empty()); FetchLicense(license_server, message, response); } void CreateSessionAndUpdate(Cdm::SessionType session_type, Cdm::InitDataType init_data_type, std::string* session_id) { std::string response; ASSERT_NO_FATAL_FAILURE(CreateSessionAndFetchLicense( session_type, init_data_type, session_id, &response)); EXPECT_CALL(*this, onKeyStatusesChange(*session_id, true)); Cdm::Status status = updateWithRetry(*session_id, response); ASSERT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); } void FetchLicenseAndUpdate(const std::string& session_id, const std::string& message) { // Acquire a license. std::string response; ASSERT_NO_FATAL_FAILURE(FetchLicense( config_.license_server(), message, &response)); // This license should be accepted, but the keys are not expected to change. EXPECT_CALL(*this, onKeyStatusesChange(session_id, _)).Times(0); Cdm::Status status = updateWithRetry(session_id, response); ASSERT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); } std::string GetProvisioningResponse(const std::string& message) { std::string reply; std::string uri = config_.provisioning_server(); LOGV("GetProvisioningResponse: URI: %s", uri.c_str()); LOGV("GetProvisioningResponse: message:\n%s\n", b2a_hex(message).c_str()); uri += "&signedRequest=" + message; FetchCertificate(uri, &reply); if (HasFatalFailure()) { LOGE("GetProvisioningResponse: Failed."); return ""; } LOGV("GetProvisioningResponse: response:\n%s\n", reply.c_str()); return reply; } // This calls cdm->update, and retries several times if there is a // failure due to nonce flood errors. Cdm::Status updateWithRetry(const std::string& session_id, const std::string& response) { const int num_retries = 5; for (int i = 0; i < num_retries; i++) { Cdm::Status status = cdm_->update(session_id, response); if (status == Cdm::kQuotaExceeded) { sleep(1); continue; } return status; } return Cdm::kQuotaExceeded; } // This calls cdm->generateRequest, and retries several times if there is a // failure due to nonce flood errors. Cdm::Status generateRequestWithRetry(const std::string& session_id, Cdm::InitDataType init_data_type, const std::string& init_data) { const int num_retries = 5; for (int i = 0; i < num_retries; i++) { LOGD("attempt %d", i); Cdm::Status status = cdm_->generateRequest(session_id, init_data_type, init_data); if (status == Cdm::kQuotaExceeded) { sleep(1); continue; } return status; } return Cdm::kQuotaExceeded; } scoped_ptr cdm_; }; struct DecryptParam { public: DecryptParam( const std::string& short_name_param, Cdm::InitDataType init_data_type_param, const std::vector& key_id_param, const std::vector& iv_param, Cdm::EncryptionScheme scheme_param, const Cdm::Pattern& pattern_param, const std::vector& input_param, const std::vector& output_param) : short_name(short_name_param), init_data_type(init_data_type_param), key_id(&key_id_param), iv(&iv_param), scheme(scheme_param), pattern(&pattern_param), input(&input_param), output(&output_param) {} const std::string short_name; const Cdm::InitDataType init_data_type; const std::vector* const key_id; const std::vector* const iv; const Cdm::EncryptionScheme scheme; const Cdm::Pattern* const pattern; const std::vector* const input; const std::vector* const output; }; void PrintTo(const DecryptParam& value, ::std::ostream* os) { *os << value.short_name << " DecryptParam"; } class CdmTestWithDecryptParam : public CdmTest, public WithParamInterface {}; class CdmTestWithRemoveParam : public CdmTest, public WithParamInterface {}; class MockTimerClient : public Cdm::ITimer::IClient { public: MockTimerClient() {} virtual ~MockTimerClient() {} MOCK_METHOD1(onTimerExpired, void(void*)); }; } // namespace TEST_F(CdmTest, TestHostTimer) { // Validate that the TestHost timers are processed in the correct order. const int64_t kTimerDelayMs = 1000; void* kCtx1 = reinterpret_cast(0x1); void* kCtx2 = reinterpret_cast(0x2); MockTimerClient client; g_host->setTimeout(kTimerDelayMs * 1, &client, kCtx1); g_host->setTimeout(kTimerDelayMs * 2, &client, kCtx2); EXPECT_CALL(client, onTimerExpired(kCtx1)); g_host->ElapseTime(kTimerDelayMs); Mock::VerifyAndClear(&client); EXPECT_CALL(client, onTimerExpired(kCtx2)); g_host->ElapseTime(kTimerDelayMs); Mock::VerifyAndClear(&client); EXPECT_CALL(client, onTimerExpired(_)).Times(0); g_host->ElapseTime(kTimerDelayMs); Mock::VerifyAndClear(&client); } TEST_F(CdmTest, Initialize) { Cdm::Status status; // Try with an invalid output type. status = Cdm::initialize( static_cast(-1), PropertiesCE::GetClientInfo(), g_host, g_host, g_host, static_cast(g_cutoff)); EXPECT_EQ(Cdm::kTypeError, status); // Try with various client info properties missing. Cdm::ClientInfo working_client_info = PropertiesCE::GetClientInfo(); Cdm::ClientInfo broken_client_info; broken_client_info = working_client_info; broken_client_info.product_name.clear(); status = Cdm::initialize( Cdm::kNoSecureOutput, broken_client_info, g_host, g_host, g_host, static_cast(g_cutoff)); EXPECT_EQ(Cdm::kTypeError, status); broken_client_info = working_client_info; broken_client_info.company_name.clear(); status = Cdm::initialize( Cdm::kNoSecureOutput, broken_client_info, g_host, g_host, g_host, static_cast(g_cutoff)); EXPECT_EQ(Cdm::kTypeError, status); broken_client_info = working_client_info; broken_client_info.device_name.clear(); // Not required status = Cdm::initialize( Cdm::kNoSecureOutput, broken_client_info, g_host, g_host, g_host, static_cast(g_cutoff)); EXPECT_EQ(Cdm::kSuccess, status); broken_client_info = working_client_info; broken_client_info.model_name.clear(); status = Cdm::initialize( Cdm::kNoSecureOutput, broken_client_info, g_host, g_host, g_host, static_cast(g_cutoff)); EXPECT_EQ(Cdm::kTypeError, status); broken_client_info = working_client_info; broken_client_info.arch_name.clear(); // Not required status = Cdm::initialize( Cdm::kNoSecureOutput, broken_client_info, g_host, g_host, g_host, static_cast(g_cutoff)); EXPECT_EQ(Cdm::kSuccess, status); broken_client_info = working_client_info; broken_client_info.build_info.clear(); // Not required status = Cdm::initialize( Cdm::kNoSecureOutput, broken_client_info, g_host, g_host, g_host, static_cast(g_cutoff)); EXPECT_EQ(Cdm::kSuccess, status); // Try with various host interfaces missing. status = Cdm::initialize( Cdm::kNoSecureOutput, working_client_info, NULL, g_host, g_host, static_cast(g_cutoff)); EXPECT_EQ(Cdm::kTypeError, status); status = Cdm::initialize( Cdm::kNoSecureOutput, working_client_info, g_host, NULL, g_host, static_cast(g_cutoff)); EXPECT_EQ(Cdm::kTypeError, status); status = Cdm::initialize( Cdm::kNoSecureOutput, working_client_info, g_host, g_host, NULL, static_cast(g_cutoff)); EXPECT_EQ(Cdm::kTypeError, status); // Try all output types. status = Cdm::initialize( Cdm::kDirectRender, working_client_info, g_host, g_host, g_host, static_cast(g_cutoff)); EXPECT_EQ(Cdm::kSuccess, status); status = Cdm::initialize( Cdm::kOpaqueHandle, working_client_info, g_host, g_host, g_host, static_cast(g_cutoff)); if (wvoec::global_features.supports_level_1) { EXPECT_EQ(Cdm::kSuccess, status); } else { EXPECT_EQ(Cdm::kNotSupported, status); } // One last init with everything correct and working. status = Cdm::initialize( Cdm::kNoSecureOutput, working_client_info, g_host, g_host, g_host, static_cast(g_cutoff)); EXPECT_EQ(Cdm::kSuccess, status); } TEST_F(CdmTest, GetServiceCertificateRequest) { // Set a server certificate with privacy mode disabled - should work. ASSERT_NO_FATAL_FAILURE(RecreateCdm(false /* privacy_mode */)); std::string message; Cdm::Status status = cdm_->getServiceCertificateRequest(&message); EXPECT_EQ(Cdm::kSuccess, status); } TEST_F(CdmTest, ServiceCertificateRequestResponseUat) { ConfigTestEnv uat_config(kContentProtectionUatServer); std::string response; ASSERT_TRUE(FetchServiceCertificate(uat_config.license_server(), &response)); LOGV("response size=%d", response.size()); #if 0 // enable to extract the service certificate in byte form size_t done = 0; while (done < response.size()) { for (int i = 0; i < 12; i++) { if (done >= response.size()) { break; } uint32_t x = static_cast(response.data()[done]); printf("0x%02x, ", x); done++; } printf ("\n"); } #endif } TEST_F(CdmTest, ServiceCertificateRequestResponseStaging) { ConfigTestEnv staging_config(kContentProtectionStagingServer); std::string response; ASSERT_TRUE(FetchServiceCertificate(staging_config.license_server(), &response)); LOGV("response size=%d", response.size()); #if 0 // enable to extract the service certificate in byte form size_t done = 0; while (done < response.size()) { for (int i = 0; i < 12; i++) { if (done >= response.size()) { break; } uint32_t x = static_cast(response.data()[done]); printf("0x%02x, ", x); done++; } printf ("\n"); } #endif } TEST_F(CdmTest, SetServiceCertificate) { // Set a server certificate with privacy mode disabled - should work. ASSERT_NO_FATAL_FAILURE(RecreateCdm(false /* privacy_mode */)); Cdm::Status status = cdm_->setServiceCertificate(config_.license_service_certificate()); EXPECT_EQ(Cdm::kSuccess, status); // Can set a server certificate if privacy mode is enabled. ASSERT_NO_FATAL_FAILURE(RecreateCdm(true /* privacy_mode */)); status = cdm_->setServiceCertificate(config_.license_service_certificate()); EXPECT_EQ(Cdm::kSuccess, status); // It is invalid to set a malformed cert. status = cdm_->setServiceCertificate("asdf"); EXPECT_EQ(Cdm::kTypeError, status); } TEST_F(CdmTest, Provision) { // Clear any existing certificates. g_host->remove("cert.bin"); g_host->SaveProvisioningInformation(); // Creating a session should succeed. std::string session_id; Cdm::Status status; status = cdm_->setServiceCertificate(config_.provisioning_service_certificate()); EXPECT_EQ(Cdm::kSuccess, status); status = cdm_->createSession(Cdm::kTemporary, &session_id); EXPECT_EQ(Cdm::kSuccess, status); // Should get an individualization request when we generate request. std::string message; EXPECT_CALL(*this, onDirectIndividualizationRequest(session_id, _)) .WillOnce(SaveArg<1>(&message)); status = generateRequestWithRetry(session_id, Cdm::kCenc, kCencInitData); EXPECT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // Complete the provisioning request. std::string reply = GetProvisioningResponse(message); ASSERT_FALSE(reply.empty()); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRequest, _)).Times(1); EXPECT_CALL(*this, onDeferredComplete(_, _)).Times(0); status = updateWithRetry(session_id, reply); ASSERT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); } TEST_F(CdmTest, CreateSession) { // Create a temporary session. std::string session_id; Cdm::Status status = cdm_->createSession(Cdm::kTemporary, &session_id); EXPECT_EQ(Cdm::kSuccess, status); EXPECT_FALSE(session_id.empty()); // Create another using the same pointer to an already-filled-out string, // and expect the session ID to change. std::string original_session_id = session_id; status = cdm_->createSession(Cdm::kTemporary, &session_id); EXPECT_EQ(Cdm::kSuccess, status); EXPECT_NE(original_session_id, session_id); // Create a persistent session. status = cdm_->createSession(Cdm::kPersistentLicense, &session_id); EXPECT_EQ(Cdm::kSuccess, status); // Try a NULL pointer for session ID. status = cdm_->createSession(Cdm::kTemporary, NULL); EXPECT_EQ(Cdm::kTypeError, status); // Try a bogus session type. status = cdm_->createSession(kBogusSessionType, &session_id); EXPECT_EQ(Cdm::kNotSupported, status); } TEST_F(CdmTest, GenerateRequest) { EnsureProvisioned(); std::string session_id; Cdm::Status status; status = cdm_->setServiceCertificate(config_.license_service_certificate()); ASSERT_EQ(Cdm::kSuccess, status); status = cdm_->createSession(Cdm::kTemporary, &session_id); ASSERT_EQ(Cdm::kSuccess, status); // Generate a license request for CENC. EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRequest, _)); status = generateRequestWithRetry(session_id, Cdm::kCenc, kCencInitData); EXPECT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // Can't call generateRequest more than once on a session. EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRequest, _)).Times(0); status = generateRequestWithRetry(session_id, Cdm::kCenc, kCencInitData); EXPECT_EQ(Cdm::kInvalidState, status); Mock::VerifyAndClear(this); // Create a new session and generate a license request for WebM. status = cdm_->createSession(Cdm::kTemporary, &session_id); ASSERT_EQ(Cdm::kSuccess, status); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRequest, _)); status = generateRequestWithRetry(session_id, Cdm::kWebM, kWebMInitData); EXPECT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // Create a new session and try the as-yet-unsupported key-ids format. status = cdm_->createSession(Cdm::kTemporary, &session_id); ASSERT_EQ(Cdm::kSuccess, status); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRequest, _)).Times(0); status = generateRequestWithRetry(session_id, Cdm::kKeyIds, kKeyIdsInitData); EXPECT_EQ(Cdm::kNotSupported, status); Mock::VerifyAndClear(this); // Create a new session and generate a license request for HLS. status = cdm_->createSession(Cdm::kTemporary, &session_id); ASSERT_EQ(Cdm::kSuccess, status); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRequest, _)); status = generateRequestWithRetry(session_id, Cdm::kHls, kHlsInitData); EXPECT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // Create a new session and try a bogus init data type. status = cdm_->createSession(Cdm::kTemporary, &session_id); ASSERT_EQ(Cdm::kSuccess, status); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRequest, _)).Times(0); status = generateRequestWithRetry(session_id, kBogusInitDataType, "asdf"); EXPECT_EQ(Cdm::kTypeError, status); Mock::VerifyAndClear(this); // This same session should still be usable with a supported init data type // after failing with an unsupported or bogus type. EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRequest, _)); status = generateRequestWithRetry(session_id, Cdm::kCenc, kCencInitData); EXPECT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // Create a new session and try to pass empty init data. status = cdm_->createSession(Cdm::kTemporary, &session_id); ASSERT_EQ(Cdm::kSuccess, status); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRequest, _)).Times(0); status = generateRequestWithRetry(session_id, Cdm::kCenc, ""); EXPECT_EQ(Cdm::kTypeError, status); Mock::VerifyAndClear(this); // Try to pass invalid CENC init data. status = cdm_->createSession(Cdm::kTemporary, &session_id); ASSERT_EQ(Cdm::kSuccess, status); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRequest, _)).Times(0); status = generateRequestWithRetry(session_id, Cdm::kCenc, kInvalidCencInitData); EXPECT_EQ(Cdm::kNotSupported, status); Mock::VerifyAndClear(this); // Try to pass non-Widevine CENC init data. status = cdm_->createSession(Cdm::kTemporary, &session_id); ASSERT_EQ(Cdm::kSuccess, status); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRequest, _)).Times(0); status = generateRequestWithRetry(session_id, Cdm::kCenc, kNonWidevineCencInitData); EXPECT_EQ(Cdm::kNotSupported, status); Mock::VerifyAndClear(this); // Try a bogus session ID. EXPECT_CALL(*this, onMessage(_, _, _)).Times(0); status = generateRequestWithRetry(kBogusSessionId, Cdm::kCenc, kCencInitData); EXPECT_EQ(Cdm::kSessionNotFound, status); Mock::VerifyAndClear(this); } TEST_F(CdmTest, Update) { EnsureProvisioned(); std::string session_id; std::string message; Cdm::Status status; status = cdm_->setServiceCertificate(config_.license_service_certificate()); ASSERT_EQ(Cdm::kSuccess, status); ASSERT_NO_FATAL_FAILURE(CreateSessionAndGenerateRequest( Cdm::kTemporary, Cdm::kCenc, &session_id, &message)); // Acquire a license. std::string response; ASSERT_NO_FATAL_FAILURE(FetchLicense( config_.license_server(), message, &response)); // Update the session. EXPECT_CALL(*this, onKeyStatusesChange(session_id, true)); status = updateWithRetry(session_id, response); EXPECT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // Try updating a bogus session ID. status = updateWithRetry(kBogusSessionId, response); EXPECT_EQ(Cdm::kSessionNotFound, status); // Try updating with an empty response. status = updateWithRetry(session_id, ""); EXPECT_EQ(Cdm::kTypeError, status); // Create a new session and try updating before generating a request. status = cdm_->createSession(Cdm::kTemporary, &session_id); ASSERT_EQ(Cdm::kSuccess, status); status = updateWithRetry(session_id, response); ASSERT_EQ(Cdm::kInvalidState, status); } TEST_F(CdmTest, Close) { EnsureProvisioned(); // Create a temporary session. std::string session_id; Cdm::Status status = cdm_->createSession(Cdm::kTemporary, &session_id); ASSERT_EQ(Cdm::kSuccess, status); // Close it. status = cdm_->close(session_id); ASSERT_EQ(Cdm::kSuccess, status); // Can't generate a license request after close. EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRequest, _)).Times(0); status = generateRequestWithRetry(session_id, Cdm::kCenc, kCencInitData); EXPECT_EQ(Cdm::kSessionNotFound, status); Mock::VerifyAndClear(this); // Try to close the same session again. status = cdm_->close(session_id); EXPECT_EQ(Cdm::kSessionNotFound, status); // Try to close a bogus session. status = cdm_->close(kBogusSessionId); EXPECT_EQ(Cdm::kSessionNotFound, status); } TEST_F(CdmTest, LoadTemporary) { EnsureProvisioned(); std::string session_id; std::string response; Cdm::Status status; status = cdm_->setServiceCertificate(config_.license_service_certificate()); ASSERT_EQ(Cdm::kSuccess, status); ASSERT_NO_FATAL_FAILURE(CreateSessionAndFetchLicense( Cdm::kTemporary, Cdm::kCenc, &session_id, &response)); // Update the temporary session. EXPECT_CALL(*this, onKeyStatusesChange(session_id, true)); status = updateWithRetry(session_id, response); ASSERT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // Close the session. status = cdm_->close(session_id); ASSERT_EQ(Cdm::kSuccess, status); // Can't load a temporary session. status = cdm_->load(session_id); EXPECT_EQ(Cdm::kSessionNotFound, status); } TEST_F(CdmTest, LoadPersistent) { EnsureProvisioned(); std::string session_id; std::string response; Cdm::Status status; ASSERT_NO_FATAL_FAILURE(CreateSessionAndFetchLicense( Cdm::kPersistentLicense, Cdm::kCenc, &session_id, &response)); // Update the persistent session. EXPECT_CALL(*this, onKeyStatusesChange(session_id, true)); status = updateWithRetry(session_id, response); ASSERT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // Should be able to load the session again after closing it. status = cdm_->close(session_id); ASSERT_EQ(Cdm::kSuccess, status); EXPECT_CALL(*this, onKeyStatusesChange(session_id, true)); status = cdm_->load(session_id); EXPECT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // Should be able to load the session again after recreating the CDM. ASSERT_NO_FATAL_FAILURE(RecreateCdm(true /* privacy_mode */)); EXPECT_CALL(*this, onKeyStatusesChange(session_id, true)); status = cdm_->load(session_id); EXPECT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // Should not be able to load the session again clearing storage. status = cdm_->close(session_id); ASSERT_EQ(Cdm::kSuccess, status); g_host->Reset(); EnsureProvisioned(); EXPECT_CALL(*this, onKeyStatusesChange(session_id, _)).Times(0); status = cdm_->load(session_id); EXPECT_EQ(Cdm::kSessionNotFound, status); Mock::VerifyAndClear(this); } TEST_F(CdmTest, LoadWillFireExpiration) { EnsureProvisioned(); // There was a bug where calling load() would not start the PolicyEngine timer // because it was only started in update(). std::string session_id; ASSERT_NO_FATAL_FAILURE(CreateSessionAndUpdate( Cdm::kPersistentLicense, Cdm::kCenc, &session_id)); // Should be able to load the session again after recreating the CDM. ASSERT_NO_FATAL_FAILURE(RecreateCdm(true /* privacy_mode */)); EXPECT_CALL(*this, onKeyStatusesChange(session_id, true)); ASSERT_EQ(Cdm::kSuccess, cdm_->load(session_id)); Mock::VerifyAndClear(this); // Let the key expire, make sure we get a key status update. EXPECT_CALL(*this, onKeyStatusesChange(session_id, false)); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRenewal, _)) .Times(AtLeast(1)); g_host->ElapseTime(kOfflineLicenseDurationMs); Mock::VerifyAndClear(this); } // TODO(b/110802394): Fix this test or remove auto-provisioning. TEST_F(CdmTest, DISABLED_PerOriginLoadPersistent) { EnsureProvisioned(); std::string session_id; std::string response; ASSERT_NO_FATAL_FAILURE(CreateSessionAndFetchLicense( Cdm::kPersistentLicense, Cdm::kCenc, &session_id, &response)); // Update and close the persistent session. Cdm::Status status = updateWithRetry(session_id, response); ASSERT_EQ(Cdm::kSuccess, status); status = cdm_->close(session_id); ASSERT_EQ(Cdm::kSuccess, status); // Should be able to load the session again after recreating the CDM. ASSERT_NO_FATAL_FAILURE(RecreateCdm(true /* privacy_mode */)); status = cdm_->load(session_id); EXPECT_EQ(Cdm::kSuccess, status); // Create another host to use its storage. This will simulate another origin. TestHost other_host; scoped_ptr other_cdm( Cdm::create(this, &other_host, /* privacy_mode */ true)); ASSERT_TRUE(other_cdm.get()); status = other_cdm->setServiceCertificate(config_.license_service_certificate()); ASSERT_EQ(Cdm::kSuccess, status); // Should not be able to load from another origin. EXPECT_CALL(*this, onKeyStatusesChange(session_id, _)).Times(0); status = other_cdm->load(session_id); EXPECT_EQ(Cdm::kSessionNotFound, status); Mock::VerifyAndClear(this); } // TODO(b/34949512): Fix this test so it can be re-enabled. TEST_F(CdmTest, DISABLED_LoadUsageRecord) { std::string session_id; std::string response; ASSERT_NO_FATAL_FAILURE(CreateSessionAndFetchLicense( Cdm::kPersistentUsageRecord, Cdm::kCenc, &session_id, &response)); // Update the session. EXPECT_CALL(*this, onKeyStatusesChange(session_id, true)); Cdm::Status status = updateWithRetry(session_id, response); ASSERT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // Should be able to load the session again after closing it. status = cdm_->close(session_id); ASSERT_EQ(Cdm::kSuccess, status); // There should be no usable keys after loading this session. EXPECT_CALL(*this, onKeyStatusesChange(session_id, _)).Times(0); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRelease, _)).Times(0); status = cdm_->load(session_id); EXPECT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // Should be able to load the session again after recreating the CDM. ASSERT_NO_FATAL_FAILURE(RecreateCdm(true /* privacy_mode */)); EXPECT_CALL(*this, onKeyStatusesChange(session_id, _)).Times(0); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRelease, _)).Times(0); status = cdm_->load(session_id); EXPECT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // Should not be able to load the session again clearing storage. status = cdm_->close(session_id); ASSERT_EQ(Cdm::kSuccess, status); g_host->Reset(); EXPECT_CALL(*this, onKeyStatusesChange(session_id, _)).Times(0); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRelease, _)).Times(0); status = cdm_->load(session_id); EXPECT_EQ(Cdm::kSessionNotFound, status); Mock::VerifyAndClear(this); } // TODO(b/109897011): Temporarily Disabled TEST_F(CdmTest, DISABLED_DestroyUsageRecord) { std::string session_id; std::string response; ASSERT_NO_FATAL_FAILURE(CreateSessionAndFetchLicense( Cdm::kPersistentUsageRecord, Cdm::kCenc, &session_id, &response)); // Update the session. EXPECT_CALL(*this, onKeyStatusesChange(session_id, true)); Cdm::Status status = updateWithRetry(session_id, response); ASSERT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // Should be able to load the session again after closing it. status = cdm_->close(session_id); ASSERT_EQ(Cdm::kSuccess, status); // There should be no usable keys after loading this session. EXPECT_CALL(*this, onKeyStatusesChange(session_id, _)).Times(0); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRelease, _)).Times(0); status = cdm_->load(session_id); EXPECT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // Should be able to load the session again after recreating the CDM. ASSERT_NO_FATAL_FAILURE(RecreateCdm(true /* privacy_mode */)); EXPECT_CALL(*this, onKeyStatusesChange(session_id, _)).Times(0); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRelease, _)).Times(0); status = cdm_->deleteUsageRecord(session_id); EXPECT_EQ(Cdm::kSuccess, status); status = cdm_->load(session_id); EXPECT_EQ(Cdm::kSessionNotFound, status); Mock::VerifyAndClear(this); } // TODO(b/109897011): Temporarily Disabled TEST_F(CdmTest, DISABLED_DestroyAllUsageRecords) { std::string session_id; std::string response; ASSERT_NO_FATAL_FAILURE(CreateSessionAndFetchLicense( Cdm::kPersistentUsageRecord, Cdm::kCenc, &session_id, &response)); // Update the session. EXPECT_CALL(*this, onKeyStatusesChange(session_id, true)); Cdm::Status status = updateWithRetry(session_id, response); ASSERT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // Should be able to load the session again after closing it. status = cdm_->close(session_id); ASSERT_EQ(Cdm::kSuccess, status); // There should be no usable keys after loading this session. EXPECT_CALL(*this, onKeyStatusesChange(session_id, _)).Times(0); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRelease, _)).Times(0); status = cdm_->load(session_id); EXPECT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // Should be able to load the session again after recreating the CDM. ASSERT_NO_FATAL_FAILURE(RecreateCdm(true /* privacy_mode */)); EXPECT_CALL(*this, onKeyStatusesChange(session_id, _)).Times(0); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRelease, _)).Times(0); status = cdm_->deleteAllUsageRecords(); EXPECT_EQ(Cdm::kSuccess, status); status = cdm_->load(session_id); EXPECT_EQ(Cdm::kSessionNotFound, status); Mock::VerifyAndClear(this); } // TODO(b/109897011): Temporarily Disabled TEST_F(CdmTest, DISABLED_ListUsageRecords) { std::string session_id; std::string response; ASSERT_NO_FATAL_FAILURE(CreateSessionAndFetchLicense( Cdm::kPersistentUsageRecord, Cdm::kCenc, &session_id, &response)); // Update the session. EXPECT_CALL(*this, onKeyStatusesChange(session_id, true)); Cdm::Status status = updateWithRetry(session_id, response); ASSERT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // Should be able to load the session again after closing it. status = cdm_->close(session_id); ASSERT_EQ(Cdm::kSuccess, status); // There should be no usable keys after loading this session. EXPECT_CALL(*this, onKeyStatusesChange(session_id, _)).Times(0); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRelease, _)).Times(0); status = cdm_->load(session_id); EXPECT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // Should be able to load the session again after recreating the CDM. ASSERT_NO_FATAL_FAILURE(RecreateCdm(true /* privacy_mode */)); EXPECT_CALL(*this, onKeyStatusesChange(session_id, _)).Times(0); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRelease, _)).Times(0); std::vector ksids; status = cdm_->listUsageRecords(&ksids); EXPECT_EQ(Cdm::kSuccess, status); EXPECT_EQ(ksids.size(), 1UL); if (ksids.size() > 0UL) { EXPECT_TRUE(ksids[0] == session_id); } status = cdm_->load(session_id); EXPECT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); } TEST_F(CdmTest, LoadBogus) { EnsureProvisioned(); EXPECT_CALL(*this, onKeyStatusesChange(_, _)).Times(0); Cdm::Status status = cdm_->load(kBogusSessionId); EXPECT_EQ(Cdm::kSessionNotFound, status); } TEST_F(CdmTest, GetKeyStatuses) { EnsureProvisioned(); std::string session_id; ASSERT_NO_FATAL_FAILURE(CreateSessionAndUpdate( Cdm::kTemporary, Cdm::kCenc, &session_id)); // We should be able to query status and see a usable key. Cdm::KeyStatusMap map; Cdm::Status status = cdm_->getKeyStatuses(session_id, &map); ASSERT_EQ(Cdm::kSuccess, status); EXPECT_EQ(Cdm::kUsable, map.begin()->second); // The key ID should be the one we are expecting. const std::string expected_key_id( reinterpret_cast(kKeyIdCtr.data()), kKeyIdCtr.size()); EXPECT_EQ(expected_key_id, map.begin()->first); // Let the key expire. EXPECT_CALL(*this, onKeyStatusesChange(session_id, false)); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRenewal, _)).Times( AtLeast(1)); g_host->ElapseTime(kExpirationTestDelayMs); Mock::VerifyAndClear(this); // We should see expiration reflected in the map. status = cdm_->getKeyStatuses(session_id, &map); ASSERT_EQ(Cdm::kSuccess, status); EXPECT_EQ(Cdm::kExpired, map.begin()->second); // We can't get status after closing a session. status = cdm_->close(session_id); ASSERT_EQ(Cdm::kSuccess, status); status = cdm_->getKeyStatuses(session_id, &map); ASSERT_EQ(Cdm::kSessionNotFound, status); } TEST_F(CdmTest, GetExpiration) { EnsureProvisioned(); std::string session_id; ASSERT_NO_FATAL_FAILURE(CreateSessionAndUpdate( Cdm::kTemporary, Cdm::kCenc, &session_id)); // We should be able to query expiration and get a value in the future. int64_t expiration; Cdm::Status status = cdm_->getExpiration(session_id, &expiration); ASSERT_EQ(Cdm::kSuccess, status); EXPECT_GT(expiration, g_host->now()); int64_t original_expiration = expiration; // Let the key expire. EXPECT_CALL(*this, onKeyStatusesChange(session_id, false)); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRenewal, _)).Times( AtLeast(1)); g_host->ElapseTime(kExpirationTestDelayMs); Mock::VerifyAndClear(this); // We should see expiration in the past now. status = cdm_->getExpiration(session_id, &expiration); ASSERT_EQ(Cdm::kSuccess, status); EXPECT_LE(expiration, g_host->now()); // Expiration should not have changed. EXPECT_EQ(original_expiration, expiration); // We can't get expiration after closing a session. status = cdm_->close(session_id); ASSERT_EQ(Cdm::kSuccess, status); status = cdm_->getExpiration(session_id, &expiration); ASSERT_EQ(Cdm::kSessionNotFound, status); } TEST_P(CdmTestWithRemoveParam, Remove) { const bool intermediate_close = GetParam(); EnsureProvisioned(); std::string session_id; ASSERT_NO_FATAL_FAILURE(CreateSessionAndUpdate( Cdm::kPersistentLicense, Cdm::kCenc, &session_id)); // Remove the session. This causes a release message to be generated. std::string message; EXPECT_CALL(*this, onKeyStatusesChange(session_id, false)); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRelease, _)).WillOnce( SaveArg<2>(&message)); Cdm::Status status = cdm_->remove(session_id); ASSERT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // The keys should already be unusable. Cdm::KeyStatusMap map; status = cdm_->getKeyStatuses(session_id, &map); ASSERT_EQ(Cdm::kSuccess, status); EXPECT_EQ(Cdm::kReleased, map.begin()->second); // If we are testing intermediate closing, close the session. if (intermediate_close) { status = cdm_->close(session_id); ASSERT_EQ(Cdm::kSuccess, status); } // Post the release message to the license server. std::string response; ASSERT_NO_FATAL_FAILURE(FetchLicense( config_.license_server(), message, &response)); // If we are testing intermediate closing, reopen the session. if (intermediate_close) { status = cdm_->load(session_id); ASSERT_EQ(Cdm::kSuccess, status); } // Update the session. EXPECT_CALL(*this, onRemoveComplete(session_id)); status = updateWithRetry(session_id, response); ASSERT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // The session is now completely gone. status = cdm_->close(session_id); ASSERT_EQ(Cdm::kSessionNotFound, status); status = cdm_->load(session_id); ASSERT_EQ(Cdm::kSessionNotFound, status); // Try a bogus session ID. status = cdm_->remove(kBogusSessionId); EXPECT_EQ(Cdm::kSessionNotFound, status); // Try a new session. status = cdm_->createSession(Cdm::kPersistentLicense, &session_id); ASSERT_EQ(Cdm::kSuccess, status); status = cdm_->remove(session_id); EXPECT_EQ(Cdm::kInvalidState, status); // Try a temporary session. ASSERT_NO_FATAL_FAILURE(CreateSessionAndUpdate( Cdm::kTemporary, Cdm::kCenc, &session_id)); status = cdm_->remove(session_id); EXPECT_EQ(Cdm::kRangeError, status); } INSTANTIATE_TEST_CASE_P(CdmRemoveTest, CdmTestWithRemoveParam, Bool(), testing::PrintToStringParamName()); TEST_F(CdmTest, ForceRemove) { EnsureProvisioned(); std::string session_id; ASSERT_NO_FATAL_FAILURE(CreateSessionAndUpdate( Cdm::kPersistentLicense, Cdm::kCenc, &session_id)); // Forcibly remove the session. This should immediately trigger a removal // callback and should *not* cause a release message to be generated. EXPECT_CALL(*this, onRemoveComplete(session_id)).Times(1); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRelease, _)).Times(0); Cdm::Status status = cdm_->forceRemove(session_id); ASSERT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // The session is now completely gone. status = cdm_->close(session_id); ASSERT_EQ(Cdm::kSessionNotFound, status); status = cdm_->load(session_id); ASSERT_EQ(Cdm::kSessionNotFound, status); // Try a bogus session ID. status = cdm_->forceRemove(kBogusSessionId); EXPECT_EQ(Cdm::kSessionNotFound, status); // Try a new session. status = cdm_->createSession(Cdm::kPersistentLicense, &session_id); ASSERT_EQ(Cdm::kSuccess, status); status = cdm_->forceRemove(session_id); EXPECT_EQ(Cdm::kInvalidState, status); // Try a temporary session. ASSERT_NO_FATAL_FAILURE(CreateSessionAndUpdate( Cdm::kTemporary, Cdm::kCenc, &session_id)); status = cdm_->forceRemove(session_id); EXPECT_EQ(Cdm::kRangeError, status); } TEST_F(CdmTest, RemoveUsageRecord) { EnsureProvisioned(); std::string session_id; ASSERT_NO_FATAL_FAILURE(CreateSessionAndUpdate( Cdm::kPersistentUsageRecord, Cdm::kCenc, &session_id)); // Remove the session. This causes a release message to be generated. std::string message; EXPECT_CALL(*this, onKeyStatusesChange(session_id, false)); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRelease, _)).WillOnce( SaveArg<2>(&message)); Cdm::Status status = cdm_->remove(session_id); ASSERT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // The keys should already be unusable. Cdm::KeyStatusMap map; status = cdm_->getKeyStatuses(session_id, &map); ASSERT_EQ(Cdm::kSuccess, status); EXPECT_EQ(Cdm::kReleased, map.begin()->second); // Post the release message to the license server. std::string response; ASSERT_NO_FATAL_FAILURE(FetchLicense( config_.license_server(), message, &response)); // Update the session. EXPECT_CALL(*this, onRemoveComplete(session_id)); status = updateWithRetry(session_id, response); ASSERT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // The session is now completely gone. status = cdm_->close(session_id); ASSERT_EQ(Cdm::kSessionNotFound, status); } TEST_F(CdmTest, RemoveIncomplete) { EnsureProvisioned(); std::string session_id; ASSERT_NO_FATAL_FAILURE(CreateSessionAndUpdate( Cdm::kPersistentLicense, Cdm::kCenc, &session_id)); // Remove the session. This causes a release message to be generated. std::string message; EXPECT_CALL(*this, onKeyStatusesChange(session_id, false)); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRelease, _)).WillOnce( SaveArg<2>(&message)); Cdm::Status status = cdm_->remove(session_id); ASSERT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // The keys should already be unusable, but they should still exist. Cdm::KeyStatusMap map; status = cdm_->getKeyStatuses(session_id, &map); ASSERT_EQ(Cdm::kSuccess, status); ASSERT_FALSE(map.empty()); EXPECT_EQ(Cdm::kReleased, map.begin()->second); // Recreate the CDM. ASSERT_NO_FATAL_FAILURE(RecreateCdm(true /* privacy_mode */)); // Load the partially removed session. EXPECT_CALL(*this, onKeyStatusesChange(session_id, _)).Times(0); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRelease, _)).Times(0); status = cdm_->load(session_id); ASSERT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // This session has no keys. status = cdm_->getKeyStatuses(session_id, &map); ASSERT_EQ(Cdm::kSuccess, status); EXPECT_TRUE(map.empty()); // Remove the session again to fire the release message. message.clear(); EXPECT_CALL(*this, onKeyStatusesChange(session_id, _)).Times(0); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRelease, _)).WillOnce( SaveArg<2>(&message)); status = cdm_->remove(session_id); ASSERT_EQ(Cdm::kSuccess, status); ASSERT_FALSE(message.empty()); Mock::VerifyAndClear(this); // Post the release message to the license server. std::string response; ASSERT_NO_FATAL_FAILURE(FetchLicense( config_.license_server(), message, &response)); // Update the session. EXPECT_CALL(*this, onKeyStatusesChange(session_id, _)).Times(0); EXPECT_CALL(*this, onRemoveComplete(session_id)); status = updateWithRetry(session_id, response); ASSERT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // The session is now completely gone. status = cdm_->load(session_id); ASSERT_EQ(Cdm::kSessionNotFound, status); } TEST_F(CdmTest, RemoveUsageRecordIncomplete) { EnsureProvisioned(); std::string session_id; ASSERT_NO_FATAL_FAILURE(CreateSessionAndUpdate( Cdm::kPersistentUsageRecord, Cdm::kCenc, &session_id)); // Remove the session. This causes a release message to be generated. std::string message; EXPECT_CALL(*this, onKeyStatusesChange(session_id, false)); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRelease, _)).WillOnce( SaveArg<2>(&message)); Cdm::Status status = cdm_->remove(session_id); ASSERT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // The keys should already be unusable, but they should still exist. Cdm::KeyStatusMap map; status = cdm_->getKeyStatuses(session_id, &map); ASSERT_EQ(Cdm::kSuccess, status); ASSERT_FALSE(map.empty()); EXPECT_EQ(Cdm::kReleased, map.begin()->second); // Recreate the CDM. ASSERT_NO_FATAL_FAILURE(RecreateCdm(true /* privacy_mode */)); // Load the partially removed session. EXPECT_CALL(*this, onKeyStatusesChange(session_id, _)).Times(0); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRelease, _)).Times(0); status = cdm_->load(session_id); ASSERT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // Remove the session again to fire a release message. message.clear(); EXPECT_CALL(*this, onKeyStatusesChange(session_id, _)).Times(0); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRelease, _)).WillOnce( SaveArg<2>(&message)); status = cdm_->remove(session_id); ASSERT_EQ(Cdm::kSuccess, status); ASSERT_FALSE(message.empty()); Mock::VerifyAndClear(this); // This session has no keys. status = cdm_->getKeyStatuses(session_id, &map); ASSERT_EQ(Cdm::kSuccess, status); EXPECT_TRUE(map.empty()); // Post the release message to the license server. std::string response; ASSERT_NO_FATAL_FAILURE(FetchLicense( config_.license_server(), message, &response)); // Update the session. EXPECT_CALL(*this, onKeyStatusesChange(session_id, _)).Times(0); EXPECT_CALL(*this, onRemoveComplete(session_id)); status = updateWithRetry(session_id, response); ASSERT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // The session is now completely gone. status = cdm_->load(session_id); ASSERT_EQ(Cdm::kSessionNotFound, status); } TEST_F(CdmTest, RemoveNotLoaded) { EnsureProvisioned(); // Create a persistent session and then close it. std::string session_id; ASSERT_NO_FATAL_FAILURE(CreateSessionAndUpdate( Cdm::kPersistentLicense, Cdm::kCenc, &session_id)); Cdm::Status status = cdm_->close(session_id); ASSERT_EQ(Cdm::kSuccess, status); // A session must be loaded before removing it. Remove only works on active // sessions. status = cdm_->remove(session_id); EXPECT_EQ(Cdm::kSessionNotFound, status); } TEST_F(CdmTest, RequestPersistentLicenseWithWrongInitData) { EnsureProvisioned(); // Generate a request for a persistent license without using the correct // persistent content init data. std::string session_id; Cdm::Status status; status = cdm_->setServiceCertificate(config_.license_service_certificate()); ASSERT_EQ(Cdm::kSuccess, status); status = cdm_->createSession(Cdm::kPersistentLicense, &session_id); ASSERT_EQ(Cdm::kSuccess, status); std::string message; EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRequest, _)) .WillOnce(SaveArg<2>(&message)); status = generateRequestWithRetry(session_id, Cdm::kCenc, kCencInitData); ASSERT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // The license server will reject this. FetchLicenseFailure(message, 500); } // TODO(b/34949512): Fix this test so it can be re-enabled. TEST_F(CdmTest, DISABLED_RequestTemporaryLicenseWithWrongInitData) { EnsureProvisioned(); // Generate a request for a temporary license using persistent init data. std::string session_id; Cdm::Status status; status = cdm_->setServiceCertificate(config_.license_service_certificate()); ASSERT_EQ(Cdm::kSuccess, status); status = cdm_->createSession(Cdm::kTemporary, &session_id); ASSERT_EQ(Cdm::kSuccess, status); std::string message; EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRequest, _)) .WillOnce(SaveArg<2>(&message)); status = generateRequestWithRetry(session_id, Cdm::kCenc, kCencPersistentInitData); ASSERT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); // Acquire a license. std::string response; ASSERT_NO_FATAL_FAILURE(FetchLicense( config_.license_server(), message, &response)); // This license should not be accepted. EXPECT_CALL(*this, onKeyStatusesChange(session_id, false)); status = updateWithRetry(session_id, response); EXPECT_EQ(Cdm::kRangeError, status); Mock::VerifyAndClear(this); } TEST_F(CdmTest, Renewal) { EnsureProvisioned(); std::string session_id; ASSERT_NO_FATAL_FAILURE(CreateSessionAndUpdate( Cdm::kTemporary, Cdm::kCenc, &session_id)); // We should have a timer. EXPECT_NE(0, g_host->NumTimers()); // When we elapse time, we should get a renewal message. std::string message; EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRenewal, _)).WillOnce( SaveArg<2>(&message)); g_host->ElapseTime(kRenewalTestDelayMs); Mock::VerifyAndClear(this); ASSERT_FALSE(message.empty()); // Stop the test if no message came through. // When should still have a timer. EXPECT_NE(0, g_host->NumTimers()); // We should be able to update the session. ASSERT_NO_FATAL_FAILURE(FetchLicenseAndUpdate(session_id, message)); // After closing the session, there should be no more renewals. Cdm::Status status = cdm_->close(session_id); ASSERT_EQ(Cdm::kSuccess, status); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRenewal, _)).Times(0); g_host->ElapseTime(kRenewalTestDelayMs * 10); Mock::VerifyAndClear(this); } TEST_F(CdmTest, SetAppParameters) { EnsureProvisioned(); // Must use privacy_mode = false to ensure that the message is in plain-text. std::string session_id; ASSERT_NO_FATAL_FAILURE(RecreateCdm(false /* privacy_mode */)); Cdm::Status status = cdm_->createSession(Cdm::kTemporary, &session_id); ASSERT_EQ(Cdm::kSuccess, status); // Set a new app parameter, and check by getting. std::string result; status = cdm_->setAppParameter(kParamName, kValue); ASSERT_EQ(Cdm::kSuccess, status); status = cdm_->getAppParameter(kParamName, &result); ASSERT_EQ(Cdm::kSuccess, status); ASSERT_EQ(kValue, result); // Try to get using a null result. status = cdm_->getAppParameter(kParamName, NULL); ASSERT_EQ(Cdm::kTypeError, status); // Try to get using an empty key. status = cdm_->getAppParameter("", &result); ASSERT_EQ(Cdm::kTypeError, status); // Try to set using an empty key. status = cdm_->setAppParameter("", kValue); ASSERT_EQ(Cdm::kTypeError, status); // Try to remove using an empty key. status = cdm_->removeAppParameter(""); ASSERT_EQ(Cdm::kTypeError, status); // Change an existing app parameter. status = cdm_->setAppParameter(kParamName, kNewValue); ASSERT_EQ(Cdm::kSuccess, status); status = cdm_->getAppParameter(kParamName, &result); ASSERT_EQ(Cdm::kSuccess, status); ASSERT_EQ(kNewValue, result); // Remove an existing app parameter, check for invalid access when it's gone. status = cdm_->removeAppParameter(kParamName); ASSERT_EQ(Cdm::kSuccess, status); status = cdm_->getAppParameter(kParamName, &result); ASSERT_EQ(Cdm::kTypeError, status); // Try to remove an absent value. status = cdm_->removeAppParameter(kParamName2); ASSERT_EQ(Cdm::kTypeError, status); // Set some values to check for. status = cdm_->setAppParameter(kParamName, kValue); ASSERT_EQ(Cdm::kSuccess, status); status = cdm_->setAppParameter(kParamName2, kNewValue); ASSERT_EQ(Cdm::kSuccess, status); // Send a generate request to ensure the parameter is in the message. std::string message; EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRequest, _)) .WillOnce(SaveArg<2>(&message)); status = generateRequestWithRetry(session_id, Cdm::kCenc, kCencInitData); EXPECT_EQ(Cdm::kSuccess, status); EXPECT_TRUE(!message.empty() && message.find(kValue) != std::string::npos); Mock::VerifyAndClear(this); // Ensure that the value is still present and correct. status = cdm_->getAppParameter(kParamName, &result); ASSERT_EQ(Cdm::kSuccess, status); ASSERT_EQ(kValue, result); status = cdm_->getAppParameter(kParamName2, &result); ASSERT_EQ(Cdm::kSuccess, status); ASSERT_EQ(kNewValue, result); // Clear all the parameters. status = cdm_->clearAppParameters(); ASSERT_EQ(Cdm::kSuccess, status); status = cdm_->getAppParameter(kParamName, &result); ASSERT_EQ(Cdm::kTypeError, status); status = cdm_->getAppParameter(kParamName2, &result); ASSERT_EQ(Cdm::kTypeError, status); } TEST_F(CdmTest, SetVideoResolutionBadSession) { EnsureProvisioned(); std::string session_id; ASSERT_NO_FATAL_FAILURE(CreateSessionAndUpdate( Cdm::kTemporary, Cdm::kCenc, &session_id)); Cdm::Status status = cdm_->setVideoResolution(kBogusSessionId, 100, 100); ASSERT_EQ(Cdm::kSessionNotFound, status); cdm_->close(session_id); } TEST_F(CdmTest, SetVideoResolutionOK) { EnsureProvisioned(); std::string session_id; ASSERT_NO_FATAL_FAILURE(CreateSessionAndUpdate( Cdm::kTemporary, Cdm::kCenc, &session_id)); Cdm::Status status = cdm_->setVideoResolution(session_id, 100, 100); ASSERT_EQ(Cdm::kSuccess, status); cdm_->close(session_id); } TEST_F(CdmTest, SetVideoResolutionOverflow) { EnsureProvisioned(); std::string session_id; ASSERT_NO_FATAL_FAILURE(CreateSessionAndUpdate( Cdm::kTemporary, Cdm::kCenc, &session_id)); const uint32_t kUintTooLarge = (1 << 16); Cdm::Status status = cdm_->setVideoResolution(session_id, kUintTooLarge, kUintTooLarge); ASSERT_EQ(Cdm::kRangeError, status); cdm_->close(session_id); } TEST_F(CdmTest, GetStatusForHdcpResolution) { // Unfortunately, since we cannot mock the HDCP state, we cannot validate // the validity of the values returned here, only that meaningful values are // returned. Cdm::KeyStatus key_status; ASSERT_EQ(Cdm::kSuccess, cdm_->getStatusForHdcpVersion(Cdm::kHdcp1_x, &key_status)); EXPECT_THAT(key_status, AnyOf(Cdm::kUsable, Cdm::kOutputRestricted)); ASSERT_EQ(Cdm::kSuccess, cdm_->getStatusForHdcpVersion(Cdm::kHdcp2_0, &key_status)); EXPECT_THAT(key_status, AnyOf(Cdm::kUsable, Cdm::kOutputRestricted)); ASSERT_EQ(Cdm::kSuccess, cdm_->getStatusForHdcpVersion(Cdm::kHdcp2_1, &key_status)); EXPECT_THAT(key_status, AnyOf(Cdm::kUsable, Cdm::kOutputRestricted)); ASSERT_EQ(Cdm::kSuccess, cdm_->getStatusForHdcpVersion(Cdm::kHdcp2_2, &key_status)); EXPECT_THAT(key_status, AnyOf(Cdm::kUsable, Cdm::kOutputRestricted)); } TEST_F(CdmTest, HandlesKeyRotationWithOnlyOneLicenseRequest) { EnsureProvisioned(); std::string session_id; // TODO(b/77152154): // The CreateSessionAndX helpers need to be reworked so this function can use // them. ASSERT_EQ(Cdm::kSuccess, cdm_->setServiceCertificate(config_.license_service_certificate())); ASSERT_EQ(Cdm::kSuccess, cdm_->createSession(Cdm::kTemporary, &session_id)); // Generate a license request for the 1st entitlement init data. std::string license_request; { EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRequest, _)) .WillOnce(SaveArg<2>(&license_request)); ASSERT_EQ(Cdm::kSuccess, generateRequestWithRetry(session_id, Cdm::kCenc, kCencEntitlementInitData1)); Mock::VerifyAndClear(this); } // Send the request to the license server and receive the license response. std::string license_response; FetchLicense(config_.license_server(), license_request, &license_response); // Update the session with the new keys. { EXPECT_CALL(*this, onKeyStatusesChange(session_id, true)); ASSERT_EQ(Cdm::kSuccess, updateWithRetry(session_id, license_response)); Mock::VerifyAndClear(this); } // Set up decrypt input and output. Cdm::InputBuffer input; input.data = kInput.data(); input.data_length = kInput.size(); input.encryption_scheme = Cdm::kAesCtr; input.pattern = kPatternNone; Cdm::OutputBuffer output; std::vector output_buffer(input.data_length); output.data = &(output_buffer[0]); output.data_length = output_buffer.size(); // Attempt decrypt with a key from the first license. input.key_id = kKeyIdEntitlement1.data(); input.key_id_length = kKeyIdEntitlement1.size(); input.iv = kIvEntitlement1.data(); input.iv_length = kIvEntitlement1.size(); ASSERT_EQ(Cdm::kSuccess, cdm_->decrypt(input, output)); EXPECT_EQ(kOutputEntitlement1, output_buffer); // Load the second entitlement license using the first. This should not // require any server roundtrip. ASSERT_EQ(Cdm::kSuccess, cdm_->load(session_id, Cdm::kCenc, kCencEntitlementInitData2)); // Attempt decrypt with a key from the second license. input.key_id = kKeyIdEntitlement2.data(); input.key_id_length = kKeyIdEntitlement2.size(); input.iv = kIvEntitlement2.data(); input.iv_length = kIvEntitlement2.size(); ASSERT_EQ(Cdm::kSuccess, cdm_->decrypt(input, output)); EXPECT_EQ(kOutputEntitlement2, output_buffer); // Attempt decrypt with a key from the first license again. input.key_id = kKeyIdEntitlement1.data(); input.key_id_length = kKeyIdEntitlement1.size(); input.iv = kIvEntitlement1.data(); input.iv_length = kIvEntitlement1.size(); ASSERT_EQ(Cdm::kSuccess, cdm_->decrypt(input, output)); EXPECT_EQ(kOutputEntitlement1, output_buffer); } TEST_P(CdmTestWithDecryptParam, DecryptToClearBuffer) { EnsureProvisioned(); DecryptParam param = GetParam(); Cdm::InputBuffer input; Cdm::OutputBuffer output; input.key_id = param.key_id->data(); input.key_id_length = param.key_id->size(); input.iv = param.iv->data(); input.iv_length = param.iv->size(); input.data = param.input->data(); input.data_length = param.input->size(); input.encryption_scheme = param.scheme; input.pattern = *param.pattern; std::vector output_buffer(input.data_length); output.data = &(output_buffer[0]); output.data_length = output_buffer.size(); // Decrypt without keys loaded should fail. Cdm::Status status = cdm_->decrypt(input, output); ASSERT_EQ(Cdm::kNoKey, status); // Create a session with the right keys. std::string session_id; ASSERT_NO_FATAL_FAILURE(CreateSessionAndUpdate( Cdm::kTemporary, param.init_data_type, &session_id)); // Decrypt should now succeed. status = cdm_->decrypt(input, output); ASSERT_EQ(Cdm::kSuccess, status); EXPECT_EQ(*param.output, output_buffer); } INSTANTIATE_TEST_CASE_P(CdmDecryptTest, CdmTestWithDecryptParam, Values( DecryptParam("CENC 3.0 cenc Mode", Cdm::kCenc, kKeyIdCtr, kIvCenc, Cdm::kAesCtr, kPatternNone, kInput, kOutputCenc), DecryptParam("CENC 3.0 cens Mode", Cdm::kCenc, kKeyIdCtr, kIvCens, Cdm::kAesCtr, kPatternRecommended, kInput, kOutputCens), DecryptParam("CENC 3.0 cbc1 Mode", Cdm::kHls, kKeyIdCbc, kIvCbc1, Cdm::kAesCbc, kPatternNone, kInput, kOutputCbc1), DecryptParam("CENC 3.0 cbcs Mode", Cdm::kHls, kKeyIdCbc, kIvCbcs, Cdm::kAesCbc, kPatternRecommended, kInput, kOutputCbcs), DecryptParam("HLS Audio (CENC 3.0 cbcs Mode Without a Pattern)", Cdm::kHls, kKeyIdCbc, kIvCbc1, Cdm::kAesCbc, kPatternHlsAudio, kInput, kOutputCbc1) )); // TODO: add infrastructure to test secure buffer decrypt for some platforms class CdmIndividualizationTest : public CdmTest { protected: bool CheckProvisioningSupport() { if (wvoec::global_features.loads_certificate) return true; LOGW( "WARNING: Skipping PerOriginDeviceProvisioning because the device " "does not support provisioning. If you are using a baked-in " "certificate, this is expected. Otherwise, something is wrong."); return false; } std::string GetProvisioningResponse(const std::string& message) { std::string reply; std::string uri = config_.provisioning_server(); LOGV("GetProvisioningResponse: URI: %s", uri.c_str()); LOGV("GetProvisioningResponse: message:\n%s\n", message.c_str()); uri += "&signedRequest=" + message; FetchCertificate(uri, &reply); if (HasFatalFailure()) { LOGE("GetProvisioningResponse: Failed."); return ""; } LOGV("GetProvisioningResponse: response:\n%s\n", reply.c_str()); return reply; } }; TEST_F(CdmIndividualizationTest, BasicFlow) { if (!CheckProvisioningSupport()) return; // Clear any existing certificates. g_host->remove("cert.bin"); // Provision the device Cdm::Status status = cdm_->setServiceCertificate(config_.provisioning_service_certificate()); EXPECT_EQ(Cdm::kSuccess, status); std::string message; status = cdm_->getProvisioningRequest(&message); EXPECT_EQ(Cdm::kSuccess, status); std::string reply = GetProvisioningResponse(message); ASSERT_FALSE(reply.empty()); status = cdm_->handleProvisioningResponse(reply); EXPECT_EQ(Cdm::kSuccess, status); // We should now be able to create a session and generate a request. std::string session_id; status = cdm_->setServiceCertificate(config_.license_service_certificate()); EXPECT_EQ(Cdm::kSuccess, status); ASSERT_NO_FATAL_FAILURE(CreateSessionAndGenerateRequest( Cdm::kTemporary, Cdm::kCenc, &session_id, &message)); // Acquire a license and update the session. ASSERT_NO_FATAL_FAILURE(FetchLicense( config_.license_server(), message, &reply)); EXPECT_CALL(*this, onKeyStatusesChange(session_id, true)); status = updateWithRetry(session_id, reply); EXPECT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); } TEST_F(CdmIndividualizationTest, IsProvisioned) { if (!CheckProvisioningSupport()) return; // Clear any existing certificates. g_host->remove("cert.bin"); EXPECT_FALSE(cdm_->isProvisioned()); // Provision the device Cdm::Status status = cdm_->setServiceCertificate(config_.provisioning_service_certificate()); EXPECT_EQ(Cdm::kSuccess, status); std::string message; status = cdm_->getProvisioningRequest(&message); EXPECT_EQ(Cdm::kSuccess, status); std::string reply = GetProvisioningResponse(message); ASSERT_FALSE(reply.empty()); status = cdm_->handleProvisioningResponse(reply); EXPECT_EQ(Cdm::kSuccess, status); EXPECT_TRUE(cdm_->isProvisioned()); } // TODO(fredgc,rfrias): turn this on after big usage tables work. TEST_F(CdmIndividualizationTest, RemoveProvisioning) { if (!CheckProvisioningSupport()) return; // Clear any existing certificates. EXPECT_EQ(Cdm::kSuccess, cdm_->removeProvisioning()); EXPECT_FALSE(cdm_->isProvisioned()); // Provision the device Cdm::Status status = cdm_->setServiceCertificate(config_.provisioning_service_certificate()); EXPECT_EQ(Cdm::kSuccess, status); std::string message; status = cdm_->getProvisioningRequest(&message); EXPECT_EQ(Cdm::kSuccess, status); std::string reply = GetProvisioningResponse(message); ASSERT_FALSE(reply.empty()); status = cdm_->handleProvisioningResponse(reply); EXPECT_EQ(Cdm::kSuccess, status); EXPECT_TRUE(cdm_->isProvisioned()); EXPECT_EQ(Cdm::kSuccess, cdm_->removeProvisioning()); EXPECT_FALSE(cdm_->isProvisioned()); } TEST_F(CdmIndividualizationTest, HandlesAutomaticProvisioning) { if (!CheckProvisioningSupport()) return; // Clear any existing certificates. g_host->remove("cert.bin"); // Creating a session should succeed. std::string session_id; Cdm::Status status = cdm_->setServiceCertificate(config_.provisioning_service_certificate()); EXPECT_EQ(Cdm::kSuccess, status); ASSERT_EQ(Cdm::kSuccess, cdm_->createSession(Cdm::kTemporary, &session_id)); // Should get an individualization request when we generate request. std::string message; EXPECT_CALL(*this, onDirectIndividualizationRequest(session_id, _)) .WillOnce(SaveArg<1>(&message)); ASSERT_EQ(Cdm::kSuccess, generateRequestWithRetry(session_id, Cdm::kCenc, kCencInitData)); Mock::VerifyAndClear(this); // Complete the provisioning request. std::string reply = GetProvisioningResponse(message); ASSERT_FALSE(reply.empty()); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRequest, _)).Times(1); EXPECT_EQ(Cdm::kSuccess, updateWithRetry(session_id, reply)); Mock::VerifyAndClear(this); // We should now be able to create a session and generate a request. status = cdm_->setServiceCertificate(config_.license_service_certificate()); EXPECT_EQ(Cdm::kSuccess, status); ASSERT_NO_FATAL_FAILURE(CreateSessionAndGenerateRequest( Cdm::kTemporary, Cdm::kCenc, &session_id, &message)); // Acquire a license and update the session. ASSERT_NO_FATAL_FAILURE(FetchLicense( config_.license_server(), message, &reply)); EXPECT_CALL(*this, onKeyStatusesChange(session_id, true)); status = updateWithRetry(session_id, reply); EXPECT_EQ(Cdm::kSuccess, status); Mock::VerifyAndClear(this); } TEST_F(CdmIndividualizationTest, WillNotSendRequestTwice) { if (!CheckProvisioningSupport()) return; // Clear any existing certificates. g_host->remove("cert.bin"); // Creating a session should succeed. Cdm::Status status = cdm_->setServiceCertificate(config_.provisioning_service_certificate()); EXPECT_EQ(Cdm::kSuccess, status); std::string session_id; ASSERT_EQ(Cdm::kSuccess, cdm_->createSession(Cdm::kTemporary, &session_id)); // Should get an individualization request when we generate request. std::string message; EXPECT_CALL(*this, onDirectIndividualizationRequest(session_id, _)) .WillOnce(SaveArg<1>(&message)); ASSERT_EQ(Cdm::kSuccess, generateRequestWithRetry(session_id, Cdm::kCenc, kCencInitData)); Mock::VerifyAndClear(this); // Create a second session. std::string session_id2; ASSERT_EQ(Cdm::kSuccess, cdm_->createSession(Cdm::kTemporary, &session_id2)); // Should not get another individualization request. EXPECT_CALL(*this, onMessage(_, _, _)).Times(0); ASSERT_EQ(Cdm::kDeferred, generateRequestWithRetry(session_id2, Cdm::kCenc, kCencInitData)); Mock::VerifyAndClear(this); // Complete the provisioning request, should generate requests for both // sessions. std::string reply = GetProvisioningResponse(message); ASSERT_FALSE(reply.empty()); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRequest, _)).Times(1); EXPECT_CALL(*this, onMessage(session_id2, Cdm::kLicenseRequest, _)).Times(1); EXPECT_CALL(*this, onDeferredComplete(session_id2, Cdm::kSuccess)).Times(1); EXPECT_EQ(Cdm::kSuccess, updateWithRetry(session_id, reply)); Mock::VerifyAndClear(this); } TEST_F(CdmIndividualizationTest, WillNotSendMessageWhenGenerateRequestNotCalled) { if (!CheckProvisioningSupport()) return; // Clear any existing certificates. g_host->remove("cert.bin"); // Creating a session should succeed. Cdm::Status status = cdm_->setServiceCertificate(config_.provisioning_service_certificate()); EXPECT_EQ(Cdm::kSuccess, status); std::string session_id; ASSERT_EQ(Cdm::kSuccess, cdm_->createSession(Cdm::kTemporary, &session_id)); // Should get an individualization request when we generate request. std::string message; EXPECT_CALL(*this, onDirectIndividualizationRequest(session_id, _)) .WillOnce(SaveArg<1>(&message)); ASSERT_EQ(Cdm::kSuccess, generateRequestWithRetry(session_id, Cdm::kCenc, kCencInitData)); Mock::VerifyAndClear(this); // Create a second session, don't call generateRequest for it. std::string session_id2; ASSERT_EQ(Cdm::kSuccess, cdm_->createSession(Cdm::kTemporary, &session_id2)); // Complete the provisioning request, should not get calls for the second // session. std::string reply = GetProvisioningResponse(message); ASSERT_FALSE(reply.empty()); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRequest, _)).Times(1); EXPECT_CALL(*this, onMessage(session_id2, Cdm::kLicenseRequest, _)).Times(0); EXPECT_CALL(*this, onDeferredComplete(_, _)).Times(0); EXPECT_EQ(Cdm::kSuccess, updateWithRetry(session_id, reply)); Mock::VerifyAndClear(this); // We should get a license message for the second session. status = cdm_->setServiceCertificate(config_.license_service_certificate()); EXPECT_EQ(Cdm::kSuccess, status); EXPECT_CALL(*this, onMessage(session_id2, Cdm::kLicenseRequest, _)).Times(1); ASSERT_EQ(Cdm::kSuccess, generateRequestWithRetry(session_id2, Cdm::kCenc, kCencInitData)); Mock::VerifyAndClear(this); } TEST_F(CdmIndividualizationTest, PropagatesErrorsInUpdate) { if (!CheckProvisioningSupport()) return; // Clear any existing certificates. g_host->remove("cert.bin"); // Creating a session should succeed. Cdm::Status status = cdm_->setServiceCertificate(config_.provisioning_service_certificate()); EXPECT_EQ(Cdm::kSuccess, status); std::string session_id; ASSERT_EQ(Cdm::kSuccess, cdm_->createSession(Cdm::kTemporary, &session_id)); // Should get an individualization request when we generate request. std::string message; EXPECT_CALL(*this, onDirectIndividualizationRequest(session_id, _)) .WillOnce(SaveArg<1>(&message)); ASSERT_EQ(Cdm::kSuccess, generateRequestWithRetry(session_id, Cdm::kCenc, kInvalidCencInitData)); Mock::VerifyAndClear(this); // Complete the provisioning request, should get an error call. std::string reply = GetProvisioningResponse(message); ASSERT_FALSE(reply.empty()); EXPECT_CALL(*this, onMessage(_, _, _)).Times(0); EXPECT_CALL(*this, onDeferredComplete(_, _)).Times(0); EXPECT_EQ(Cdm::kNotSupported, updateWithRetry(session_id, reply)); Mock::VerifyAndClear(this); } TEST_F(CdmIndividualizationTest, OnlyPropagatesErrorsForThisSession) { if (!CheckProvisioningSupport()) return; // Clear any existing certificates. g_host->remove("cert.bin"); // Creating a session should succeed. Cdm::Status status = cdm_->setServiceCertificate(config_.provisioning_service_certificate()); EXPECT_EQ(Cdm::kSuccess, status); std::string session_id; ASSERT_EQ(Cdm::kSuccess, cdm_->createSession(Cdm::kTemporary, &session_id)); // Should get an individualization request when we generate request. std::string message; EXPECT_CALL(*this, onDirectIndividualizationRequest(session_id, _)) .WillOnce(SaveArg<1>(&message)); ASSERT_EQ(Cdm::kSuccess, generateRequestWithRetry(session_id, Cdm::kCenc, kCencInitData)); Mock::VerifyAndClear(this); // Create another session that will cause an error. std::string session_id_2; ASSERT_EQ(Cdm::kSuccess, cdm_->createSession(Cdm::kTemporary, &session_id_2)); ASSERT_EQ(Cdm::kDeferred, generateRequestWithRetry(session_id_2, Cdm::kCenc, kInvalidCencInitData)); // Complete the provisioning request, should succeed, but get an error // callback. std::string reply = GetProvisioningResponse(message); ASSERT_FALSE(reply.empty()); EXPECT_CALL(*this, onMessage(session_id, Cdm::kLicenseRequest, _)).Times(1); EXPECT_CALL(*this, onMessage(session_id_2, _, _)).Times(0); EXPECT_CALL(*this, onDeferredComplete(session_id_2, Cdm::kNotSupported)) .Times(1); EXPECT_EQ(Cdm::kSuccess, updateWithRetry(session_id, reply)); Mock::VerifyAndClear(this); } // TODO(b/34949512): Fix this test so it can be re-enabled. TEST_F(CdmIndividualizationTest, DISABLED_WorksWithLoad) { if (!CheckProvisioningSupport()) return; // Create an offline session to load. std::string session_id; ASSERT_NO_FATAL_FAILURE( CreateSessionAndUpdate(Cdm::kPersistentLicense, Cdm::kCenc, &session_id)); EXPECT_EQ(Cdm::kSuccess, cdm_->close(session_id)); // Clear any existing certificates. g_host->remove("cert.bin"); // Loading a session should succeed, we should get an individualization // request right away. std::string message; EXPECT_CALL(*this, onDirectIndividualizationRequest(session_id, _)) .WillOnce(SaveArg<1>(&message)); ASSERT_EQ(Cdm::kSuccess, cdm_->load(session_id)); Mock::VerifyAndClear(this); // Complete the provisioning request. std::string reply = GetProvisioningResponse(message); ASSERT_FALSE(reply.empty()); // Because we are now provisioned with a new key, we can't load the session, // but we will still be provisioned. EXPECT_CALL(*this, onDeferredComplete(_, _)).Times(0); EXPECT_EQ(Cdm::kUnexpectedError, updateWithRetry(session_id, reply)); Mock::VerifyAndClear(this); // Create a second session, we should be previsioned at this point. std::string session_id2; ASSERT_EQ(Cdm::kSuccess, cdm_->createSession(Cdm::kTemporary, &session_id2)); EXPECT_CALL(*this, onMessage(session_id2, Cdm::kLicenseRequest, _)).Times(1); ASSERT_EQ(Cdm::kSuccess, generateRequestWithRetry(session_id2, Cdm::kCenc, kCencInitData)); Mock::VerifyAndClear(this); } TEST_F(CdmIndividualizationTest, WillResendOnProvisioningError) { if (!CheckProvisioningSupport()) return; // Clear any existing certificates. g_host->remove("cert.bin"); // Creating a session should succeed. Cdm::Status status = cdm_->setServiceCertificate(config_.provisioning_service_certificate()); EXPECT_EQ(Cdm::kSuccess, status); std::string session_id; ASSERT_EQ(Cdm::kSuccess, cdm_->createSession(Cdm::kTemporary, &session_id)); // Should get an individualization request when we generate request. std::string message; EXPECT_CALL(*this, onDirectIndividualizationRequest(session_id, _)) .WillOnce(SaveArg<1>(&message)); ASSERT_EQ(Cdm::kSuccess, generateRequestWithRetry(session_id, Cdm::kCenc, kCencInitData)); Mock::VerifyAndClear(this); // Fail to provision the device. EXPECT_CALL(*this, onMessage(_, _, _)).Times(0); EXPECT_CALL(*this, onDeferredComplete(_, _)).Times(0); EXPECT_EQ(Cdm::kUnexpectedError, updateWithRetry(session_id, "")); Mock::VerifyAndClear(this); // Should get another individualization request. std::string session_id_2; ASSERT_EQ(Cdm::kSuccess, cdm_->createSession(Cdm::kTemporary, &session_id_2)); EXPECT_CALL(*this, onDirectIndividualizationRequest(session_id_2, _)) .WillOnce(SaveArg<1>(&message)); ASSERT_EQ(Cdm::kSuccess, generateRequestWithRetry(session_id_2, Cdm::kCenc, kCencInitData)); Mock::VerifyAndClear(this); } } // namespace widevine