Entitlement rotation support

Updates also include:
- Add APIs to query current Simulcrypt channel & stream status;
- EMM format change (used only to carry fingerprinting and service
blocking info);
- Key fetcher example to use curl key fetcher.

common/BUILD

@@ -105,6 +105,7 @@ cc_library(
         ":status",
         "//base",
         "//external:protobuf",
+        "@abseil_repo//absl/strings",
         "@abseil_repo//absl/synchronization",
         "//protos/public:client_identification_cc_proto",
         "//protos/public:device_certificate_status_cc_proto",
@@ -134,6 +135,7 @@ cc_test(
         "//external:protobuf",
         "//testing:gunit_main",
         "@abseil_repo//absl/memory",
+        "@abseil_repo//absl/strings",
         "//protos/public:device_common_cc_proto",
         "//protos/public:device_security_profile_data_cc_proto",
         "//protos/public:device_security_profile_list_cc_proto",
@@ -305,6 +307,7 @@ cc_library(
         "@abseil_repo//absl/memory",
         "@abseil_repo//absl/strings",
         "@abseil_repo//absl/synchronization",
+        "@abseil_repo//absl/time",
         "//protos/public:drm_certificate_cc_proto",
         "//protos/public:errors_cc_proto",
         "//protos/public:signed_drm_certificate_cc_proto",
@@ -1046,6 +1049,25 @@ cc_library(
     ],
 )
 
+cc_library(
+    name = "policy_verifier",
+    srcs = ["policy_verifier.cc"],
+    hdrs = ["policy_verifier.h"],
+    deps = [
+        "//protos/public:license_protocol_cc_proto",
+    ],
+)
+
+cc_test(
+    name = "policy_verifier_test",
+    srcs = ["policy_verifier_test.cc"],
+    deps = [
+        ":policy_verifier",
+        "//testing:gunit_main",
+        "//protos/public:license_protocol_cc_proto",
+    ],
+)
+
 cc_test(
     name = "output_protection_util_test",
     srcs = ["output_protection_util_test.cc"],
@@ -1150,6 +1172,7 @@ cc_library(
         ":sha_util",
         "//base",
         "@abseil_repo//absl/strings",
+        "//common/oemcrypto_core_message/odk",
         "//common/oemcrypto_core_message/odk:kdo",
     ],
 )
@@ -1161,6 +1184,9 @@ cc_test(
         ":core_message_util",
         "//testing:gunit_main",
         "@abseil_repo//absl/strings",
+        "//common/oemcrypto_core_message/odk",
+        "//protos/public:certificate_provisioning_cc_proto",
+        "//protos/public:license_protocol_cc_proto",
     ],
 )
 

common/rsa_key.h

@@ -18,9 +18,7 @@
 #include <memory>
 #include <string>
 
-#include <cstdint>
-#include "absl/base/macros.h"
-#include "openssl/rsa.h"
+#include "openssl/pem.h"
 #include "common/hash_algorithm.h"
 
 namespace widevine {

common/rsa_util.h

@@ -16,7 +16,7 @@
 
 #include <string>
 
-#include "openssl/rsa.h"
+#include "openssl/pem.h"
 
 namespace widevine {
 namespace rsa_util {

common/security_profile_list.h

@@ -71,25 +71,26 @@ class SecurityProfileList {
   // contain single record. For custom DSP, it may contain multiple records
   // since active dsp and inactive dsp could share the same dsp_name under the
   // same owner.
-  bool GetProfileByNameAndOwner(
+  virtual bool GetProfileByNameAndOwner(
       const std::string& name, const std::string& owner,
       std::vector<SecurityProfile>* security_profiles) const;
 
   // Populates |security_profiles| owned by the content owner.
-  int GetProfilesByOwner(const std::string& owner,
-                         std::vector<SecurityProfile>* security_profiles) const;
+  virtual int GetProfilesByOwner(
+      const std::string& owner,
+      std::vector<SecurityProfile>* security_profiles) const;
 
   // Populates |owner_list| for security profiles. |is_default_dsp| boolean
   // indicates the owner_list for default dsp or custom dsp.
-  int GetProfilesOwnerList(const bool is_default_dsp,
-                           std::vector<std::string>* owner_list) const;
+  virtual int GetProfilesOwnerList(const bool is_default_dsp,
+                                   std::vector<std::string>* owner_list) const;
 
   // Return the device security capabilities.  |drm_info| is populated with
   // data from |client_id| and |device_info|.  |drm_info| must not be null and
   // is owned by the caller.
-  bool GetDrmInfo(const ClientIdentification& client_id,
-                  const ProvisionedDeviceInfo& device_info,
-                  SecurityProfile::DrmInfo* drm_info) const;
+  virtual bool GetDrmInfo(const ClientIdentification& client_id,
+                          const ProvisionedDeviceInfo& device_info,
+                          SecurityProfile::DrmInfo* drm_info) const;
 
   // Return the number of profiles in the list.
   int NumProfiles() const;
@@ -110,6 +111,12 @@ class SecurityProfileList {
       HashAlgorithm hash_algorithm, const std::string& signature,
       int* added_profile_num);
 
+  // Returns an instance of the Security profile list for default security
+  // profiles.  Default security profiles are owned by Widevine.
+  // TODO (b/187073516): This singleton can be moved to the "Environment" class
+  // as a non-static API.
+  static SecurityProfileList* GetInstanceForDefaultSecurityProfiles();
+
  protected:
   void ClearAllProfiles();