Change order of loading certificates from pk7 cert

------------- Add libcurl to media_cas_packager_sdk. libcurl will later be used by a key fetcher to retrieve entitlement key from License Server using a HTTP request. ------------- Add a function named parsehelper to parse DCSL from the key smith response. ------------- Move wv_cas_key_fetcher to media_cas_packager_sdk so partners can use it request entitlement keys from License Server. ------------- Add pkcs7 write method to x509_cert.cc ------------- Update boringssl_repo to latest in master-with-bazel ------------- Add a TsPacket class to media_cas_packager_sdk to allow the construction of a ECM TS packet in the SDK. ------------- Move InsertEcm() from our internal CAS directory to the media_cas_packager_sdk, to be used to build a ECM TS packet by the SDK. ------------- Add METADATA in common folder ------------- Refactoring of certificate verification into DrmRootCertificate. ------------- Extend the default duration of leaf certificates. ------------- Fix moe_test ------------- Add a new method to WvCasEcm to allow partner to create a TS packet carrying the generated ECM. ------------- Change from SHA1 to SHA256 for Cast certificates ------------- Update crypto mode enumeration to match WV ECM document ------------- Fix the way we set the validity dates ------------- Move exported_root/util/status to common/ to prepare for util::Status migration Also added constructor/operator to copy from/to util::Status. ------------- Add GenerateDCSLrequest function to certificate_util.h. ------------- Fix build break ------------- Allow 'table_id' (in the section header) be specified by caller of SDK method WvCasEcm::GenerateTsPacket(). ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=224535399
2018-12-07 10:16:38 -08:00
parent fb96918196
commit 121d554c20
63 changed files with 4834 additions and 560 deletions
--- a/common/drm_service_certificate.cc
+++ b/common/drm_service_certificate.cc
@@ -108,49 +108,24 @@ DrmServiceCertificateMap* DrmServiceCertificateMap::GetInstance() {
 }  // namespace

 util::Status DrmServiceCertificate::AddDrmServiceCertificate(
-    const std::string& root_public_key, const std::string& service_certificate,
+    const DrmRootCertificate* root_cert, const std::string& service_certificate,
    const std::string& service_private_key,
    const std::string& service_private_key_passphrase) {
-  std::unique_ptr<RsaPublicKey> root_key(RsaPublicKey::Create(root_public_key));
-  if (root_key == nullptr) {
-    return util::Status(error_space, INVALID_DRM_CERTIFICATE,
-                        "root-certificate-rsa-public-key-failed");
-  }
-  SignedDrmCertificate signed_cert;
-  if (!signed_cert.ParseFromString(service_certificate)) {
-    return util::Status(error_space, INVALID_SERVICE_CERTIFICATE,
-                        "signed-certificate-parse-failed");
-  }
-  if (!root_key->VerifySignature(signed_cert.drm_certificate(),
-                                 signed_cert.signature())) {
-    return util::Status(error_space, INVALID_SERVICE_CERTIFICATE,
-                        "certificate-signature-verification-failed");
-  }
  DrmCertificate drm_cert;
-  if (!drm_cert.ParseFromString(signed_cert.drm_certificate())) {
-    return util::Status(error_space, INVALID_SERVICE_CERTIFICATE,
-                        "certificate-parse-failed");
+  util::Status status =
+      root_cert->VerifyCertificate(service_certificate, nullptr, &drm_cert);
+  if (!status.ok()) {
+    return status;
  }
+
  if (drm_cert.type() != DrmCertificate::SERVICE) {
    return util::Status(error_space, INVALID_SERVICE_CERTIFICATE,
                        "not-service-certificate");
  }
-  if (drm_cert.serial_number().empty()) {
-    return util::Status(error_space, INVALID_SERVICE_CERTIFICATE,
-                        "missing-certificate-serial-number");
-  }
  if (drm_cert.provider_id().empty()) {
    return util::Status(error_space, INVALID_SERVICE_CERTIFICATE,
                        "missing-certificate-service-id");
  }
-  if (!drm_cert.has_creation_time_seconds()) {
-    return util::Status(error_space, INVALID_SERVICE_CERTIFICATE,
-                        "missing-certificate-creation-time");
-  }
-  if (drm_cert.public_key().empty()) {
-    return util::Status(error_space, INVALID_SERVICE_CERTIFICATE,
-                        "missing-certificate-public-key");
-  }
  std::unique_ptr<RsaPublicKey> public_key(
      RsaPublicKey::Create(drm_cert.public_key()));
  if (!public_key) {
@@ -178,21 +153,6 @@ util::Status DrmServiceCertificate::AddDrmServiceCertificate(
  return util::OkStatus();
 }

-util::Status DrmServiceCertificate::AddDrmServiceCertificate(
-    CertificateType root_cert_type, const std::string& service_certificate,
-    const std::string& service_private_key,
-    const std::string& service_private_key_passphrase) {
-  std::unique_ptr<DrmRootCertificate> root_cert;
-  util::Status status =
-      DrmRootCertificate::CreateByType(root_cert_type, &root_cert);
-  if (!status.ok()) {
-    return status;
-  }
-  return AddDrmServiceCertificate(root_cert->public_key(), service_certificate,
-                                  service_private_key,
-                                  service_private_key_passphrase);
-}
-
 const DrmServiceCertificate*
 DrmServiceCertificate::GetDefaultDrmServiceCertificate() {
  return DrmServiceCertificateMap::GetInstance()->GetDefaultCert();
@@ -212,30 +172,15 @@ const DrmServiceCertificate* DrmServiceCertificate::GetDrmServiceCertificate(
 }

 util::Status DrmServiceCertificate::SetDefaultDrmServiceCertificate(
-    const std::string& root_public_key, const std::string& service_certificate,
+    const DrmRootCertificate* root_drm_cert, const std::string& service_certificate,
    const std::string& service_private_key,
    const std::string& service_private_key_passphrase) {
  DrmServiceCertificateMap::GetInstance()->ClearDefaultDrmServiceCertificate();
-  return AddDrmServiceCertificate(root_public_key, service_certificate,
+  return AddDrmServiceCertificate(root_drm_cert, service_certificate,
                                  service_private_key,
                                  service_private_key_passphrase);
 }

-util::Status DrmServiceCertificate::SetDefaultDrmServiceCertificate(
-    CertificateType root_cert_type, const std::string& service_certificate,
-    const std::string& service_private_key,
-    const std::string& service_private_key_passphrase) {
-  std::unique_ptr<DrmRootCertificate> root_cert;
-  util::Status status =
-      DrmRootCertificate::CreateByType(root_cert_type, &root_cert);
-  if (!status.ok()) {
-    return status;
-  }
-  return SetDefaultDrmServiceCertificate(
-      root_cert->public_key(), service_certificate, service_private_key,
-      service_private_key_passphrase);
-}
-
 util::Status DrmServiceCertificate::DecryptClientIdentification(
    const EncryptedClientIdentification& encrypted_client_id,
    ClientIdentification* client_id) {