64 lines
2.4 KiB
C++
64 lines
2.4 KiB
C++
// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
|
|
// source code may only be used and distributed under the Widevine License
|
|
// Agreement.
|
|
#ifndef WIDEVINE_CAS_SERVICE_CERTIFICATE_H_
|
|
#define WIDEVINE_CAS_SERVICE_CERTIFICATE_H_
|
|
|
|
#include <memory>
|
|
#include <string>
|
|
|
|
#include "cas_status.h"
|
|
#include "license_protocol.pb.h"
|
|
#include "privacy_crypto.h"
|
|
|
|
namespace wvcas {
|
|
|
|
// Service Certificates are used to encrypt the ClientIdentification message
|
|
// that is part of Device Provisioning, License, Renewal, and Release requests.
|
|
class ServiceCertificate {
|
|
public:
|
|
ServiceCertificate() = default;
|
|
virtual ~ServiceCertificate() {}
|
|
|
|
// Set up a new service certificate.
|
|
// Accept a serialized video_widevine::SignedDrmDeviceCertificate message.
|
|
virtual CasStatus Init(const std::string& signed_certificate);
|
|
|
|
bool HasSignedCertificate() const { return !signed_certificate_.empty(); }
|
|
const std::string& signed_certificate() const { return signed_certificate_; }
|
|
const std::string& provider_id() const { return provider_id_; }
|
|
|
|
// Encrypt the ClientIdentification message for a provisioning or
|
|
// licensing request. Encryption is performed using the current
|
|
// service certificate. Return a failure if the service certificate is
|
|
// not present, not valid, or if some other error occurs.
|
|
// The routine should not be called if privacy mode is off or if the
|
|
// certificate is empty.
|
|
CasStatus EncryptClientId(
|
|
const video_widevine::ClientIdentification* clear_client_id,
|
|
video_widevine::EncryptedClientIdentification* encrypted_client_id) const;
|
|
|
|
private:
|
|
// Encrypt data using RSA with OAEP padding.
|
|
// |plaintext| is the data to be encrypted. |ciphertext| is a pointer to a
|
|
// string to contain the decrypted data on return, and may not be null.
|
|
// returns NO_ERROR if successful or an appropriate error code otherwise.
|
|
virtual CasStatus EncryptRsaOaep(const std::string& plaintext,
|
|
std::string* ciphertext) const;
|
|
|
|
// Proto serialized SignedDrmCertificate.
|
|
// Verified by Init() to be valid.
|
|
std::string signed_certificate_;
|
|
|
|
// Certificate serial number.
|
|
std::string serial_number_;
|
|
|
|
// Provider ID, extracted from certificate message.
|
|
std::string provider_id_;
|
|
|
|
// Public key.
|
|
std::unique_ptr<RsaPublicKey> public_key_;
|
|
}; // class ServiceCertificate
|
|
|
|
} // namespace wvcas
|
|
#endif // WIDEVINE_CAS_SERVICE_CERTIFICATE_H_
|