810ceaf1a1
Widevine ECM v3 is redesigned mainly based on protobuf, and supports new features including carrying fingerprinting and service blocking information. Existing clients must upgrade the Widevine CAS plugin to use the new ECM v3.
152 lines
6.5 KiB
C++
152 lines
6.5 KiB
C++
////////////////////////////////////////////////////////////////////////////////
|
|
// Copyright 2020 Google LLC.
|
|
//
|
|
// This software is licensed under the terms defined in the Widevine Master
|
|
// License Agreement. For a copy of this agreement, please contact
|
|
// widevine-licensing@google.com.
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Description:
|
|
// Container of device security profiles. Security profiles indicate rules
|
|
// to allow using the profile. The rules are based on DRM capabilities of a
|
|
// device.
|
|
|
|
#ifndef COMMON_SECURITY_PROFILE_LIST_H_
|
|
#define COMMON_SECURITY_PROFILE_LIST_H_
|
|
|
|
#include "absl/synchronization/mutex.h"
|
|
#include "common/hash_algorithm.h"
|
|
#include "common/status.h"
|
|
#include "protos/public/client_identification.pb.h"
|
|
#include "protos/public/device_security_profile_data.pb.h"
|
|
#include "protos/public/device_security_profile_list.pb.h"
|
|
#include "protos/public/provisioned_device_info.pb.h"
|
|
#include "protos/public/security_profile.pb.h"
|
|
|
|
namespace widevine {
|
|
using ClientCapabilities = ClientIdentification::ClientCapabilities;
|
|
|
|
const char kDefaultProfileOwnerName[] = "Widevine";
|
|
|
|
// The SecurityProfileList will hold all security profiles. During license
|
|
// acquisition, information from the client and information from the server are
|
|
// combined to deternmine the device's security profile level.
|
|
|
|
// TODO(user): Clean up the virtual/protected functions once subclass
|
|
// default_device_security_profile_list gets removed.
|
|
class SecurityProfileList {
|
|
public:
|
|
explicit SecurityProfileList(const std::string& profile_namespace);
|
|
virtual ~SecurityProfileList() {}
|
|
|
|
// Initialize the security profile list with Widevine default profiles. The
|
|
// size of the profile list is returned.
|
|
virtual int Init();
|
|
|
|
// Add the specified profile to the existing list of profiles. Returns true
|
|
// if successfully inserted, false if unable to insert.
|
|
bool InsertProfile(const SecurityProfile& profile_to_insert);
|
|
|
|
// Populates |profiles_allow| with a list of profiles from the specified
|
|
// |profiles_to_check| list that meet the requirements for the this device.
|
|
// The number of profiles is returned.
|
|
virtual int GetQualifiedProfilesFromSpecifiedProfiles(
|
|
const std::vector<std::string>& profiles_to_check,
|
|
const std::string& owner, const ClientIdentification& client_id,
|
|
const ProvisionedDeviceInfo& device_info,
|
|
std::vector<std::string>* qualified_profiles) const;
|
|
|
|
// Populates |profiles_to_allow| with a list of profiles that meet the
|
|
// requirements for the this device. The number of profiles is returned.
|
|
virtual int GetQualifiedProfiles(
|
|
const ClientIdentification& client_id,
|
|
const ProvisionedDeviceInfo& device_info, const std::string& owner,
|
|
std::vector<std::string>* qualified_profiles) const;
|
|
|
|
// Return true if a profile exist matching the specified parameters {|name|,
|
|
// |owner|}. |security_profiles| is owned by the caller and is populated if
|
|
// one or more profile exist. For default DSP, the output profiles should
|
|
// contain single record. For custom DSP, it may contain multiple records
|
|
// since active dsp and inactive dsp could share the same dsp_name under the
|
|
// same owner.
|
|
bool GetProfileByNameAndOwner(
|
|
const std::string& name, const std::string& owner,
|
|
std::vector<SecurityProfile>* security_profiles) const;
|
|
|
|
// Populates |security_profiles| owned by the content owner.
|
|
int GetProfilesByOwner(const std::string& owner,
|
|
std::vector<SecurityProfile>* security_profiles) const;
|
|
|
|
// Populates |owner_list| for security profiles. |is_default_dsp| boolean
|
|
// indicates the owner_list for default dsp or custom dsp.
|
|
int GetProfilesOwnerList(const bool is_default_dsp,
|
|
std::vector<std::string>* owner_list) const;
|
|
|
|
// Return the device security capabilities. |drm_info| is populated with
|
|
// data from |client_id| and |device_info|. |drm_info| must not be null and
|
|
// is owned by the caller.
|
|
bool GetDrmInfo(const ClientIdentification& client_id,
|
|
const ProvisionedDeviceInfo& device_info,
|
|
SecurityProfile::DrmInfo* drm_info) const;
|
|
|
|
// Return the number of profiles in the list.
|
|
int NumProfiles() const;
|
|
|
|
// Return a list of profile names.
|
|
virtual void GetProfileNames(std::vector<std::string>* profile_names) const;
|
|
|
|
// Deserialized SignedDeviceSecurityProfiles for custom DSPs.
|
|
static Status DeserializeSignedDeviceSecurityProfiles(
|
|
const std::string& serialized_signed_device_security_profiles,
|
|
std::string* serialized_device_security_profiles,
|
|
HashAlgorithm* hash_algorithm, std::string* signature);
|
|
|
|
// Validate signature and update security profile list for custom dsps.
|
|
Status ValidateAndUpdateProfileList(
|
|
const std::string& root_certificate_public_key,
|
|
const std::string& serialized_device_security_profiles,
|
|
HashAlgorithm hash_algorithm, const std::string& signature,
|
|
int* added_profile_num);
|
|
|
|
protected:
|
|
void ClearAllProfiles();
|
|
|
|
private:
|
|
// Add Widevine default profiles into profile_list. The number of added
|
|
// default profiles will be returned.
|
|
virtual int AddDefaultProfiles();
|
|
// Add Widevine custom profiles into profile_list. The number of added custom
|
|
// profiles will be returned.
|
|
virtual int AddCustomProfiles(
|
|
const DeviceSecurityProfileList& device_security_profile_list);
|
|
virtual int GetDefaultProfileStrings(
|
|
std::vector<std::string>* default_profile_strings) const;
|
|
|
|
bool DoesProfileQualify(const SecurityProfile& profile,
|
|
const ClientIdentification& client_id,
|
|
const ProvisionedDeviceInfo& device_info) const;
|
|
|
|
int64_t GetCurrentTimeSeconds() const;
|
|
|
|
bool IsProfileActive(const SecurityProfile& profile,
|
|
int64_t current_time_seconds) const;
|
|
|
|
bool InsertProfileLocked(const SecurityProfile& profile_to_insert)
|
|
ABSL_EXCLUSIVE_LOCKS_REQUIRED(mutex_);
|
|
|
|
// Return true if a profile already exists in the profile_list.
|
|
bool DoesProfileExistLocked(const SecurityProfile& profile) const
|
|
ABSL_EXCLUSIVE_LOCKS_REQUIRED(mutex_);
|
|
|
|
void ClearAllDefaultProfilesLocked() ABSL_EXCLUSIVE_LOCKS_REQUIRED(mutex_);
|
|
void ClearAllCustomProfilesLocked() ABSL_EXCLUSIVE_LOCKS_REQUIRED(mutex_);
|
|
mutable absl::Mutex mutex_;
|
|
// Security profiles
|
|
std::string profile_namespace_;
|
|
// TODO(user): Modify as Map<owner, DSPs>.
|
|
std::vector<SecurityProfile> security_profiles_ ABSL_GUARDED_BY(mutex_);
|
|
};
|
|
|
|
} // namespace widevine
|
|
#endif // COMMON_SECURITY_PROFILE_LIST_H_
|