//////////////////////////////////////////////////////////////////////////////// // Copyright 2019 Google LLC. // // This software is licensed under the terms defined in the Widevine Master // License Agreement. For a copy of this agreement, please contact // widevine-licensing@google.com. //////////////////////////////////////////////////////////////////////////////// #ifndef COMMON_CERTIFICATE_CLIENT_CERT_H_ #define COMMON_CERTIFICATE_CLIENT_CERT_H_ #include "common/client_cert.h" #include "protos/public/drm_certificate.pb.h" namespace widevine { class ClientCertAlgorithm { public: ClientCertAlgorithm() = default; virtual ~ClientCertAlgorithm() = default; ClientCertAlgorithm(const ClientCertAlgorithm&) = delete; ClientCertAlgorithm& operator=(const ClientCertAlgorithm&) = delete; // Initialize the algorithm module using the |public_key| from the drm // certificate. The |algorithm| value provides additional information needed // by the ECC implementation of this interface. virtual Status Initialize(const std::string& public_key, DrmCertificate::Algorithm algorithm) = 0; // Verify the |signature| of an incoming request |message| using the public // key from the drm certificate. virtual Status VerifySignature(const std::string& message, const std::string& signature) const = 0; // Returns the key to be used in key derivation of the license // protocol. virtual const std::string& session_key() const = 0; // Returns a byte std::string to be included in the SignedMessage::session_key // field of a license response. This key may be either an encrypted aes key, // or the bytes of an ephemeral public key. virtual const std::string& wrapped_session_key() const = 0; // Returns information on the type session key used in this format. This value // is intended to be included in the SignedMessage::session_key_type field of // a license response. virtual SignedMessage::SessionKeyType session_key_type() const = 0; }; class CertificateClientCert : public ClientCert { public: CertificateClientCert() {} ~CertificateClientCert() override {} CertificateClientCert(const CertificateClientCert&) = delete; CertificateClientCert& operator=(const CertificateClientCert&) = delete; Status Initialize(const DrmRootCertificate* root_certificate, const std::string& serialized_certificate); Status VerifySignature(const std::string& message, const std::string& signature, ProtocolVersion protocol_version) const override; void GenerateSigningKey(const std::string& message, ProtocolVersion protocol_version) override; const std::string& encrypted_key() const override { return algorithm_->wrapped_session_key(); } const std::string& key() const override { return algorithm_->session_key(); } SignedMessage::SessionKeyType key_type() const override { return algorithm_->session_key_type(); } const std::string& serial_number() const override { return device_cert_.serial_number(); } const std::string& service_id() const override { return provisioner_certificate_.provider_id(); } const std::string& signing_key() const override { return signing_key_; } const std::string& signer_serial_number() const override { return model_certificate_.serial_number(); } uint32_t signer_creation_time_seconds() const override { return model_certificate_.creation_time_seconds(); } bool signed_by_provisioner() const override { return signed_by_provisioner_; } uint32_t system_id() const override { return model_certificate_.system_id(); } widevine::ClientIdentification::TokenType type() const override { return ClientIdentification::DRM_DEVICE_CERTIFICATE; } const std::string& encrypted_unique_id() const override { return device_cert_.rot_id().encrypted_unique_id(); } const std::string& unique_id_hash() const override { return device_cert_.rot_id().unique_id_hash(); } private: std::unique_ptr algorithm_; bool signed_by_provisioner_ = false; std::string signing_key_; DrmCertificate model_certificate_; DrmCertificate device_cert_; DrmCertificate provisioner_certificate_; bool is_initialized_ = false; }; } // namespace widevine #endif // COMMON_CERTIFICATE_CLIENT_CERT_H_