Export media_cas_packager_sdk

2018-10-01 14:59:29 -07:00
parent 5bdf48b400
commit ba0d63e2c1
110 changed files with 14079 additions and 0 deletions
--- a/common/drm_service_certificate.h
+++ b/common/drm_service_certificate.h
@@ -0,0 +1,123 @@
+////////////////////////////////////////////////////////////////////////////////
+// Copyright 2013 Google LLC.
+//
+// This software is licensed under the terms defined in the Widevine Master
+// License Agreement. For a copy of this agreement, please contact
+// widevine-licensing@google.com.
+////////////////////////////////////////////////////////////////////////////////
+//
+// Description:
+//   Service certificate holder used to decrypt encrypted client credentials.
+
+#ifndef COMMON_DRM_SERVICE_CERTIFICATE_H__
+#define COMMON_DRM_SERVICE_CERTIFICATE_H__
+
+#include <map>
+#include <memory>
+#include <string>
+
+#include <cstdint>
+#include "base/macros.h"
+#include "util/status.h"
+#include "common/certificate_type.h"
+#include "common/rsa_key.h"
+
+namespace widevine {
+class RequestInspectorTest;
+}  // namespace widevine
+
+namespace widevine {
+
+class ClientIdentification;
+class EncryptedClientIdentification;
+
+class DrmServiceCertificate {
+ public:
+  // Create a new DrmServiceCertificate object and add it to the list of valid
+  // service certificates. |root_cert_type| indicates which root public key to
+  // use to verify |service_certificate|, |service_certificate| is a
+  // Google-generated certificate used to authenticate the service provider for
+  // purposes of device privacy, |service_private_key| is the encrypted PKCS#8
+  // private RSA key corresponding to the service certificate,
+  // |service_private_key_passphrase| is the password required to decrypt
+  // |service_private_key|.
+  // Returns status::OK if successful, or appropriate error code otherwise.
+  // If the default service certificate is not set, this certificate will be
+  // used as the default service certificate.
+  // This method is thread-safe.
+  static util::Status AddDrmServiceCertificate(
+      CertificateType root_cert_type, const std::string& service_certificate,
+      const std::string& service_private_key,
+      const std::string& service_private_key_passphrase);
+
+  // Same as AddDrmServiceCertificate(), but will clear the default service
+  // certificate if it's set.  This will result in this service certificate
+  // being set as the default service certificate.
+  static util::Status SetDefaultDrmServiceCertificate(
+      CertificateType root_cert_type, const std::string& service_certificate,
+      const std::string& service_private_key,
+      const std::string& service_private_key_passphrase);
+
+  // Returns the default service certificate. Will return null if no default
+  // Service Certificate is set. This method is thread-safe.
+  static const DrmServiceCertificate* GetDefaultDrmServiceCertificate();
+
+  // Returns the default service certificate. Will abort if no default Service
+  // Certificate is set. This method is thread-safe.
+  static const DrmServiceCertificate* GetDefaultDrmServiceCertificateOrDie();
+
+  // Returns the service certificate with the given serial number if found, or
+  // null otherwise.
+  static const DrmServiceCertificate* GetDrmServiceCertificate(
+      const std::string& cert_serial_number);
+
+  // Decrypts the EncryptedClientIdentification message passed in
+  // |encrypted_client_id| into |client_id| using the private key for the
+  // certificate which was used to encrypt the information. |client_id| must
+  // not be NULL. Returns status::OK if successful, or an appropriate error
+  // otherwise. This method is thread-safe.
+  static util::Status DecryptClientIdentification(
+      const EncryptedClientIdentification& encrypted_client_id,
+      ClientIdentification* client_id);
+
+  const std::string& certificate() const { return certificate_; }
+  const std::string& provider_id() const { return provider_id_; }
+  const std::string& serial_number() const { return serial_number_; }
+  const RsaPrivateKey* const private_key() const { return private_key_.get(); }
+  const RsaPublicKey* const public_key() const { return public_key_.get(); }
+
+ private:
+  friend class DrmServiceCertificateTest;
+  friend class widevine::RequestInspectorTest;
+
+  static util::Status AddDrmServiceCertificate(
+      const std::string& root_public_key, const std::string& service_certificate,
+      const std::string& service_private_key,
+      const std::string& service_private_key_passphrase);
+
+  static util::Status SetDefaultDrmServiceCertificate(
+      const std::string& root_public_key, const std::string& service_certificate,
+      const std::string& service_private_key,
+      const std::string& service_private_key_passphrase);
+
+  DrmServiceCertificate(const std::string& service_certificate,
+                        const std::string& provider_id, const std::string& serial_number,
+                        const uint32_t creation_time_seconds,
+                        std::unique_ptr<RsaPublicKey> public_key,
+                        std::unique_ptr<RsaPrivateKey> private_key);
+
+  static void ResetServiceCertificates();
+
+  std::string certificate_;
+  std::string provider_id_;
+  std::string serial_number_;
+  uint32_t creation_time_seconds_;
+  std::unique_ptr<RsaPublicKey> public_key_;
+  std::unique_ptr<RsaPrivateKey> private_key_;
+
+  DISALLOW_IMPLICIT_CONSTRUCTORS(DrmServiceCertificate);
+};
+
+}  // namespace widevine
+
+#endif  // COMMON_DRM_SERVICE_CERTIFICATE_H__