Add support for Widevine ECM v3
Widevine ECM v3 is redesigned mainly based on protobuf, and supports new features including carrying fingerprinting and service blocking information. Existing clients must upgrade the Widevine CAS plugin to use the new ECM v3.
This commit is contained in:
Widevine Buildbot
@@ -1,39 +0,0 @@
|
||||
////////////////////////////////////////////////////////////////////////////////
|
||||
// Copyright 2020 Google LLC.
|
||||
//
|
||||
// This software is licensed under the terms defined in the Widevine Master
|
||||
// License Agreement. For a copy of this agreement, please contact
|
||||
// widevine-licensing@google.com.
|
||||
////////////////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
// Description:
|
||||
// Container of Widevine default security profiless.
|
||||
|
||||
#ifndef COMMON_DEFAULT_DEVICE_SECURITY_PROFILE_LIST_H_
|
||||
#define COMMON_DEFAULT_DEVICE_SECURITY_PROFILE_LIST_H_
|
||||
|
||||
#include "common/security_profile_list.h"
|
||||
|
||||
namespace widevine {
|
||||
|
||||
class DefaultDeviceSecurityProfileList : public SecurityProfileList {
|
||||
public:
|
||||
DefaultDeviceSecurityProfileList();
|
||||
~DefaultDeviceSecurityProfileList() override {}
|
||||
|
||||
// Initialize the security profile list. The list is initially empty, this
|
||||
// function will populate the list with default profiles. The size of the
|
||||
// list is returned.
|
||||
int Init() override;
|
||||
|
||||
private:
|
||||
// Initialize the list with Widevine default profiles. The size of the
|
||||
// profile list after the additions is returned.
|
||||
virtual int AddDefaultProfiles();
|
||||
virtual int GetDefaultProfileStrings(
|
||||
std::vector<std::string>* default_profile_strings) const;
|
||||
};
|
||||
|
||||
} // namespace widevine
|
||||
|
||||
#endif // COMMON_DEFAULT_DEVICE_SECURITY_PROFILE_LIST_H_
|
||||
18
common/hash_algorithm.h
Normal file
18
common/hash_algorithm.h
Normal file
@@ -0,0 +1,18 @@
|
||||
////////////////////////////////////////////////////////////////////////////////
|
||||
// Copyright 2020 Google LLC.
|
||||
//
|
||||
// This software is licensed under the terms defined in the Widevine Master
|
||||
// License Agreement. For a copy of this agreement, please contact
|
||||
// widevine-licensing@google.com.
|
||||
////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
#ifndef COMMON_HASH_ALGORITHM_H_
|
||||
#define COMMON_HASH_ALGORITHM_H_
|
||||
|
||||
namespace widevine {
|
||||
|
||||
enum class HashAlgorithm { kUnspecified, kSha1, kSha256 };
|
||||
|
||||
} // namespace widevine
|
||||
|
||||
#endif // COMMON_HASH_ALGORITHM_H_
|
||||
@@ -15,25 +15,32 @@
|
||||
#define COMMON_SECURITY_PROFILE_LIST_H_
|
||||
|
||||
#include "absl/synchronization/mutex.h"
|
||||
#include "common/hash_algorithm.h"
|
||||
#include "common/status.h"
|
||||
#include "protos/public/client_identification.pb.h"
|
||||
#include "protos/public/device_security_profile_data.pb.h"
|
||||
#include "protos/public/device_security_profile_list.pb.h"
|
||||
#include "protos/public/provisioned_device_info.pb.h"
|
||||
#include "protos/public/security_profile.pb.h"
|
||||
|
||||
namespace widevine {
|
||||
using ClientCapabilities = ClientIdentification::ClientCapabilities;
|
||||
|
||||
const char kDefaultProfileOwnerName[] = "Widevine";
|
||||
|
||||
// The SecurityProfileList will hold all security profiles. During license
|
||||
// acquisition, information from the client and information from the server are
|
||||
// combined to deternmine the device's security profile level.
|
||||
|
||||
// TODO(user): Clean up the virtual/protected functions once subclass
|
||||
// default_device_security_profile_list gets removed.
|
||||
class SecurityProfileList {
|
||||
public:
|
||||
explicit SecurityProfileList(const std::string& profile_namespace);
|
||||
virtual ~SecurityProfileList() {}
|
||||
|
||||
// Initialize the security profile list. The size of the profile list is
|
||||
// returned.
|
||||
// Initialize the security profile list with Widevine default profiles. The
|
||||
// size of the profile list is returned.
|
||||
virtual int Init();
|
||||
|
||||
// Add the specified profile to the existing list of profiles. Returns true
|
||||
@@ -45,7 +52,7 @@ class SecurityProfileList {
|
||||
// The number of profiles is returned.
|
||||
virtual int GetQualifiedProfilesFromSpecifiedProfiles(
|
||||
const std::vector<std::string>& profiles_to_check,
|
||||
const ClientIdentification& client_id,
|
||||
const std::string& owner, const ClientIdentification& client_id,
|
||||
const ProvisionedDeviceInfo& device_info,
|
||||
std::vector<std::string>* qualified_profiles) const;
|
||||
|
||||
@@ -53,14 +60,28 @@ class SecurityProfileList {
|
||||
// requirements for the this device. The number of profiles is returned.
|
||||
virtual int GetQualifiedProfiles(
|
||||
const ClientIdentification& client_id,
|
||||
const ProvisionedDeviceInfo& device_info,
|
||||
const ProvisionedDeviceInfo& device_info, const std::string& owner,
|
||||
std::vector<std::string>* qualified_profiles) const;
|
||||
|
||||
// Return true if a profile exist matching the specified |name|.
|
||||
// |security_profile| is owned by the caller and is populated if a profile
|
||||
// exist.
|
||||
bool GetProfileByName(const std::string& name,
|
||||
SecurityProfile* security_profile) const;
|
||||
// Return true if a profile exist matching the specified parameters {|name|,
|
||||
// |owner|}. |security_profiles| is owned by the caller and is populated if
|
||||
// one or more profile exist. For default DSP, the output profiles should
|
||||
// contain single record. For custom DSP, it may contain multiple records
|
||||
// since active dsp and inactive dsp could share the same dsp_name under the
|
||||
// same owner.
|
||||
bool GetProfileByNameAndOwner(
|
||||
const std::string& name, const std::string& owner,
|
||||
std::vector<SecurityProfile>* security_profiles) const;
|
||||
|
||||
// Populates |security_profiles| owned by the content owner.
|
||||
int GetProfilesByOwner(const std::string& owner,
|
||||
std::vector<SecurityProfile>* security_profiles) const;
|
||||
|
||||
// Populates |owner_list| for security profiles. |is_default_dsp| boolean
|
||||
// indicates the owner_list for default dsp or custom dsp.
|
||||
int GetProfilesOwnerList(const bool is_default_dsp,
|
||||
std::vector<std::string>* owner_list) const;
|
||||
|
||||
// Return the device security capabilities. |drm_info| is populated with
|
||||
// data from |client_id| and |device_info|. |drm_info| must not be null and
|
||||
// is owned by the caller.
|
||||
@@ -74,10 +95,33 @@ class SecurityProfileList {
|
||||
// Return a list of profile names.
|
||||
virtual void GetProfileNames(std::vector<std::string>* profile_names) const;
|
||||
|
||||
// Deserialized SignedDeviceSecurityProfiles for custom DSPs.
|
||||
static Status DeserializeSignedDeviceSecurityProfiles(
|
||||
const std::string& serialized_signed_device_security_profiles,
|
||||
std::string* serialized_device_security_profiles,
|
||||
HashAlgorithm* hash_algorithm, std::string* signature);
|
||||
|
||||
// Validate signature and update security profile list for custom dsps.
|
||||
Status ValidateAndUpdateProfileList(
|
||||
const std::string& root_certificate_public_key,
|
||||
const std::string& serialized_device_security_profiles,
|
||||
HashAlgorithm hash_algorithm, const std::string& signature,
|
||||
int* added_profile_num);
|
||||
|
||||
protected:
|
||||
void ClearAllProfiles();
|
||||
|
||||
private:
|
||||
// Add Widevine default profiles into profile_list. The number of added
|
||||
// default profiles will be returned.
|
||||
virtual int AddDefaultProfiles();
|
||||
// Add Widevine custom profiles into profile_list. The number of added custom
|
||||
// profiles will be returned.
|
||||
virtual int AddCustomProfiles(
|
||||
const DeviceSecurityProfileList& device_security_profile_list);
|
||||
virtual int GetDefaultProfileStrings(
|
||||
std::vector<std::string>* default_profile_strings) const;
|
||||
|
||||
bool DoesProfileQualify(const SecurityProfile& profile,
|
||||
const ClientIdentification& client_id,
|
||||
const ProvisionedDeviceInfo& device_info) const;
|
||||
@@ -87,9 +131,19 @@ class SecurityProfileList {
|
||||
bool IsProfileActive(const SecurityProfile& profile,
|
||||
int64_t current_time_seconds) const;
|
||||
|
||||
bool InsertProfileLocked(const SecurityProfile& profile_to_insert)
|
||||
ABSL_EXCLUSIVE_LOCKS_REQUIRED(mutex_);
|
||||
|
||||
// Return true if a profile already exists in the profile_list.
|
||||
bool DoesProfileExistLocked(const SecurityProfile& profile) const
|
||||
ABSL_EXCLUSIVE_LOCKS_REQUIRED(mutex_);
|
||||
|
||||
void ClearAllDefaultProfilesLocked() ABSL_EXCLUSIVE_LOCKS_REQUIRED(mutex_);
|
||||
void ClearAllCustomProfilesLocked() ABSL_EXCLUSIVE_LOCKS_REQUIRED(mutex_);
|
||||
mutable absl::Mutex mutex_;
|
||||
// Security profiles
|
||||
std::string profile_namespace_;
|
||||
// TODO(user): Modify as Map<owner, DSPs>.
|
||||
std::vector<SecurityProfile> security_profiles_ ABSL_GUARDED_BY(mutex_);
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user