//////////////////////////////////////////////////////////////////////////////// // Copyright 2013 Google LLC. // // This software is licensed under the terms defined in the Widevine Master // License Agreement. For a copy of this agreement, please contact // widevine-licensing@google.com. //////////////////////////////////////////////////////////////////////////////// // // Description: // Root device certificate holder class which deserializes, validates, // and extracts the root certificate public key. #ifndef COMMON_DRM_ROOT_CERTIFICATE_H_ #define COMMON_DRM_ROOT_CERTIFICATE_H_ // common_typos_disable. Successful / successfull. #include #include #include "base/macros.h" #include "common/status.h" #include "common/certificate_type.h" namespace widevine { class DrmCertificate; class RsaKeyFactory; class RsaPublicKey; class SignedDrmCertificate; class VerifiedCertSignatureCache; // Root certificate and certificate chain verifier with internal caching. // This object is thread-safe. class DrmRootCertificate { public: virtual ~DrmRootCertificate(); // Creates a DrmRootCertificate object given a certificate type. // |cert| may not be nullptr, and it points to a // std::unique_ptr which will be used to return a newly // created const DrmRootCertificate* if successful. The caller assumes // ownership of the new DrmRootCertificate. This method returns // Status::OK on success, or appropriate error status otherwise. static Status CreateByType(CertificateType cert_type, std::unique_ptr* cert); // Variant on the method above to make CLIF happy until b/110539622 is fixed. static std::unique_ptr CreateByType( CertificateType cert_type, Status* status); // Creates a DrmRootCertificate object given a certificate type std::string, which // must be one of "prod", "qa", or "test". // |cert| may not be nullptr, and it points to a // std::unique_ptr which will be used to return a newly // created const DrmRootCertificate* if successful. The caller assumes // ownership of the new DrmRootCertificate. This method returns // Status::OK on success, or appropriate error status otherwise. static Status CreateByTypeString(const std::string& cert_type_string, std::unique_ptr* cert); // |certificate| will contgain the DRM certificate upon successful return. // May be null. // Returns Status::OK if successful, or an appropriate error code otherwise. virtual Status VerifyCertificate(const std::string& serialized_certificate, SignedDrmCertificate* signed_certificate, DrmCertificate* certificate) const; // Returns the hex-encoded SHA-256 digest for this certificate. virtual std::string GetDigest() const; const CertificateType type() const { return type_; } const std::string& public_key() const { return public_key_; } protected: DrmRootCertificate(CertificateType cert_type, const std::string& serialized_certificate, const std::string& serial_number, const std::string& public_key, std::unique_ptr key_factory); private: friend class DrmRootCertificateTest; static Status Create(CertificateType cert_type, std::unique_ptr key_factory, std::unique_ptr* cert); Status VerifySignatures(const SignedDrmCertificate& signed_cert, const std::string& cert_serial_number, bool use_cache) const; CertificateType type_; std::string serialized_certificate_; std::string serial_number_; std::string public_key_; std::unique_ptr key_factory_; mutable std::unique_ptr signature_cache_; DISALLOW_IMPLICIT_CONSTRUCTORS(DrmRootCertificate); }; } // namespace widevine #endif // COMMON_DRM_ROOT_CERTIFICATE_H_