//////////////////////////////////////////////////////////////////////////////// // Copyright 2020 Google LLC. // // This software is licensed under the terms defined in the Widevine Master // License Agreement. For a copy of this agreement, please contact // widevine-licensing@google.com. //////////////////////////////////////////////////////////////////////////////// #include "common/dual_certificate_client_cert.h" #include "common/error_space.h" #include "common/status.h" #include "protos/public/errors.pb.h" namespace widevine { Status DualCertificateClientCert::Initialize( const DrmRootCertificate* root_certificate, const std::string& serialized_signing_certificate, const std::string& serialized_encryption_certificate) { Status status = signing_certificate_.Initialize( root_certificate, serialized_signing_certificate); if (!status.ok()) { return status; } status = encryption_certificate_.Initialize( root_certificate, serialized_encryption_certificate); if (!status.ok()) { return status; } if (encryption_certificate_.signer_serial_number() != signing_certificate_.signer_serial_number()) { return Status(error_space, INVALID_DRM_CERTIFICATE, "certificate_signer_mismatch"); } if ((encryption_certificate_.system_id() != signing_certificate_.system_id()) || (encryption_certificate_.service_id() != signing_certificate_.service_id()) || (encryption_certificate_.signer_creation_time_seconds() != signing_certificate_.signer_creation_time_seconds()) || (encryption_certificate_.signed_by_provisioner() != signing_certificate_.signed_by_provisioner())) { return Status(error_space, INVALID_DRM_CERTIFICATE, "invalid_certificate_pair"); } return OkStatus(); } Status DualCertificateClientCert::VerifySignature( const std::string& message, HashAlgorithm hash_algorithm, const std::string& signature, ProtocolVersion protocol_version) const { return signing_certificate_.VerifySignature(message, hash_algorithm, signature, protocol_version); } void DualCertificateClientCert::GenerateSigningKey( const std::string& message, ProtocolVersion protocol_version) { encryption_certificate_.GenerateSigningKey(message, protocol_version); } const std::string& DualCertificateClientCert::encrypted_key() const { return encryption_certificate_.encrypted_key(); } const std::string& DualCertificateClientCert::key() const { return encryption_certificate_.key(); } SignedMessage::SessionKeyType DualCertificateClientCert::key_type() const { return encryption_certificate_.key_type(); } // TODO(b/155979840): Support revocation check for the encryption certificate. const std::string& DualCertificateClientCert::serial_number() const { return signing_certificate_.serial_number(); } const std::string& DualCertificateClientCert::service_id() const { return signing_certificate_.service_id(); } const std::string& DualCertificateClientCert::signing_key() const { return encryption_certificate_.signing_key(); } const std::string& DualCertificateClientCert::signer_serial_number() const { return signing_certificate_.signer_serial_number(); } uint32_t DualCertificateClientCert::signer_creation_time_seconds() const { return signing_certificate_.signer_creation_time_seconds(); } bool DualCertificateClientCert::signed_by_provisioner() const { return signing_certificate_.signed_by_provisioner(); } uint32_t DualCertificateClientCert::system_id() const { return signing_certificate_.system_id(); } // TODO(b/155979840): Support revocation check for the encryption certificate. const std::string& DualCertificateClientCert::encrypted_unique_id() const { return signing_certificate_.encrypted_unique_id(); } // TODO(b/155979840): Support revocation check for the encryption certificate. const std::string& DualCertificateClientCert::unique_id_hash() const { return signing_certificate_.unique_id_hash(); } } // namespace widevine