//////////////////////////////////////////////////////////////////////////////// // Copyright 2019 Google LLC. // // This software is licensed under the terms defined in the Widevine Master // License Agreement. For a copy of this agreement, please contact // widevine-licensing@google.com. //////////////////////////////////////////////////////////////////////////////// #ifndef COMMON_CLIENT_CERT_H__ #define COMMON_CLIENT_CERT_H__ #include #include "common/drm_root_certificate.h" #include "common/error_space.h" #include "common/hash_algorithm.h" #include "common/status.h" #include "protos/public/client_identification.pb.h" #include "protos/public/errors.pb.h" #include "protos/public/license_protocol.pb.h" namespace widevine { // Handler class for LicenseRequests; validates requests and encrypts licenses. class ClientCert { protected: ClientCert() = default; public: // Creates a Device Certificate from the supplied |client_id|. static Status Create(const DrmRootCertificate* root_certificate, const widevine::ClientIdentification& client_id, std::unique_ptr* client_cert); // Creates a Device Certificate based ClientCert. static Status CreateWithDrmCertificate( const DrmRootCertificate* root_certificate, const std::string& drm_certificate, std::unique_ptr* client_cert); // Creates a Device Certificate using the supplied certificates. // The|signing_drm_certificate| will be used to verify an incoming request. // The |encryption_drm_certificate| will be used to define the session key // used to protect a response message. static Status CreateWithDualDrmCertificates( const DrmRootCertificate* root_certificate, const std::string& signing_drm_certificate, const std::string& encryption_drm_certificate, std::unique_ptr* client_cert); // Creates a Keybox based ClientCert. The |client_cert| is a caller supplied // unique_ptr to receive the new ClientCert. static Status CreateWithKeybox(const std::string& keybox_token, std::unique_ptr* client_cert); virtual ~ClientCert() = default; ClientCert(const ClientCert&) = delete; ClientCert& operator=(const ClientCert&) = delete; // Checks the passed in signature against a signature created used the // classes information and the passed in message. Returns OK if signature // is valid. virtual Status VerifySignature(const std::string& message, HashAlgorithm hash_algorithm, const std::string& signature, ProtocolVersion protocol_version) const = 0; // Creates a signing_key that is accessible using signing_key(). Signing_key // is constructed by doing a key derivation using the key() and message. virtual void GenerateSigningKey(const std::string& message, ProtocolVersion protocol_version) = 0; virtual const std::string& encrypted_key() const = 0; virtual const std::string& key() const = 0; virtual SignedMessage::SessionKeyType key_type() const = 0; virtual bool using_dual_certificate() const = 0; virtual const std::string& serial_number() const = 0; virtual const std::string& service_id() const = 0; virtual const std::string& signing_key() const = 0; virtual const std::string& signer_serial_number() const = 0; virtual uint32_t signer_creation_time_seconds() const = 0; virtual bool signed_by_provisioner() const = 0; virtual uint32_t system_id() const = 0; virtual widevine::ClientIdentification::TokenType type() const = 0; virtual const std::string& encrypted_unique_id() const = 0; virtual const std::string& unique_id_hash() const = 0; virtual Status SystemIdUnknownError() const { return Status(error_space, DRM_DEVICE_CERTIFICATE_UNKNOWN, "device-certificate-status-unknown"); } virtual Status SystemIdRevokedError() const { return Status(error_space, DRM_DEVICE_CERTIFICATE_REVOKED, "device-certificate-revoked"); } }; } // namespace widevine #endif // COMMON_CLIENT_CERT_H__