//////////////////////////////////////////////////////////////////////////////// // Copyright 2013 Google LLC. // // This software is licensed under the terms defined in the Widevine Master // License Agreement. For a copy of this agreement, please contact // widevine-licensing@google.com. //////////////////////////////////////////////////////////////////////////////// // // Description: // Root device certificate holder class which deserializes, validates, // and extracts the root certificate public key. #ifndef COMMON_DRM_ROOT_CERTIFICATE_H_ #define COMMON_DRM_ROOT_CERTIFICATE_H_ // common_typos_disable. Successful / successfull. #include #include #include "common/certificate_type.h" #include "common/signer_public_key.h" #include "common/status.h" #include "protos/public/drm_certificate.pb.h" namespace widevine { class DrmCertificate; class RsaKeyFactory; class RsaPublicKey; class SignedDrmCertificate; class VerifiedCertSignatureCache; // Root certificate and certificate chain verifier with internal caching. // This object is thread-safe. class DrmRootCertificate { public: DrmRootCertificate(const DrmRootCertificate&) = delete; DrmRootCertificate& operator=(const DrmRootCertificate&) = delete; virtual ~DrmRootCertificate(); // Creates a DrmRootCertificate object given a certificate type. // |cert| may not be nullptr, and it points to a // std::unique_ptr which will be used to return a newly // created const DrmRootCertificate* if successful. The caller assumes // ownership of the new DrmRootCertificate. This method returns // Status::OK on success, or appropriate error status otherwise. static Status CreateByType(CertificateType cert_type, std::unique_ptr* cert); // Variant on the method above to make CLIF happy until b/110539622 is fixed. static std::unique_ptr CreateByType( CertificateType cert_type, Status* status); // Creates a DrmRootCertificate object given a certificate type std::string, which // must be one of "prod", "qa", or "test". // |cert| may not be nullptr, and it points to a // std::unique_ptr which will be used to return a newly // created const DrmRootCertificate* if successful. The caller assumes // ownership of the new DrmRootCertificate. This method returns // Status::OK on success, or appropriate error status otherwise. static Status CreateByTypeString(const std::string& cert_type_string, std::unique_ptr* cert); // |certificate| will contgain the DRM certificate upon successful return. // May be null. // Returns Status::OK if successful, or an appropriate error code otherwise. virtual Status VerifyCertificate(const std::string& serialized_certificate, SignedDrmCertificate* signed_certificate, DrmCertificate* certificate) const; // Returns the hex-encoded SHA-256 digest for this certificate. virtual std::string GetDigest() const; const CertificateType type() const { return type_; } virtual const std::string& public_key() const { return root_cert_.public_key(); } protected: DrmRootCertificate(CertificateType cert_type, const std::string& serialized_certificate, const std::string& serial_number, const std::string& public_key, std::unique_ptr key_factory); private: friend class DrmRootCertificateTest; static Status Create(CertificateType cert_type, std::unique_ptr key_factory, std::unique_ptr* cert); Status VerifySignatures(const SignedDrmCertificate& signed_cert, const std::string& cert_serial_number, bool use_cache, uint32_t* certs_in_chain) const; CertificateType type_; std::string serialized_certificate_; DrmCertificate root_cert_; // TODO(b/143309971): Either add an ec key_factory object, or drop the rsa // |key_factory_|. std::unique_ptr key_factory_; mutable std::unique_ptr signature_cache_; }; } // namespace widevine #endif // COMMON_DRM_ROOT_CERTIFICATE_H_