124 lines
5.1 KiB
C++
124 lines
5.1 KiB
C++
////////////////////////////////////////////////////////////////////////////////
|
|
// Copyright 2013 Google LLC.
|
|
//
|
|
// This software is licensed under the terms defined in the Widevine Master
|
|
// License Agreement. For a copy of this agreement, please contact
|
|
// widevine-licensing@google.com.
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Description:
|
|
// Service certificate holder used to decrypt encrypted client credentials.
|
|
|
|
#ifndef COMMON_DRM_SERVICE_CERTIFICATE_H__
|
|
#define COMMON_DRM_SERVICE_CERTIFICATE_H__
|
|
|
|
#include <map>
|
|
#include <memory>
|
|
#include <string>
|
|
|
|
#include <cstdint>
|
|
#include "base/macros.h"
|
|
#include "util/status.h"
|
|
#include "common/certificate_type.h"
|
|
#include "common/rsa_key.h"
|
|
|
|
namespace widevine {
|
|
class RequestInspectorTest;
|
|
} // namespace widevine
|
|
|
|
namespace widevine {
|
|
|
|
class ClientIdentification;
|
|
class EncryptedClientIdentification;
|
|
|
|
class DrmServiceCertificate {
|
|
public:
|
|
// Create a new DrmServiceCertificate object and add it to the list of valid
|
|
// service certificates. |root_cert_type| indicates which root public key to
|
|
// use to verify |service_certificate|, |service_certificate| is a
|
|
// Google-generated certificate used to authenticate the service provider for
|
|
// purposes of device privacy, |service_private_key| is the encrypted PKCS#8
|
|
// private RSA key corresponding to the service certificate,
|
|
// |service_private_key_passphrase| is the password required to decrypt
|
|
// |service_private_key|.
|
|
// Returns status::OK if successful, or appropriate error code otherwise.
|
|
// If the default service certificate is not set, this certificate will be
|
|
// used as the default service certificate.
|
|
// This method is thread-safe.
|
|
static util::Status AddDrmServiceCertificate(
|
|
CertificateType root_cert_type, const std::string& service_certificate,
|
|
const std::string& service_private_key,
|
|
const std::string& service_private_key_passphrase);
|
|
|
|
// Same as AddDrmServiceCertificate(), but will clear the default service
|
|
// certificate if it's set. This will result in this service certificate
|
|
// being set as the default service certificate.
|
|
static util::Status SetDefaultDrmServiceCertificate(
|
|
CertificateType root_cert_type, const std::string& service_certificate,
|
|
const std::string& service_private_key,
|
|
const std::string& service_private_key_passphrase);
|
|
|
|
// Returns the default service certificate. Will return null if no default
|
|
// Service Certificate is set. This method is thread-safe.
|
|
static const DrmServiceCertificate* GetDefaultDrmServiceCertificate();
|
|
|
|
// Returns the default service certificate. Will abort if no default Service
|
|
// Certificate is set. This method is thread-safe.
|
|
static const DrmServiceCertificate* GetDefaultDrmServiceCertificateOrDie();
|
|
|
|
// Returns the service certificate with the given serial number if found, or
|
|
// null otherwise.
|
|
static const DrmServiceCertificate* GetDrmServiceCertificate(
|
|
const std::string& cert_serial_number);
|
|
|
|
// Decrypts the EncryptedClientIdentification message passed in
|
|
// |encrypted_client_id| into |client_id| using the private key for the
|
|
// certificate which was used to encrypt the information. |client_id| must
|
|
// not be NULL. Returns status::OK if successful, or an appropriate error
|
|
// otherwise. This method is thread-safe.
|
|
static util::Status DecryptClientIdentification(
|
|
const EncryptedClientIdentification& encrypted_client_id,
|
|
ClientIdentification* client_id);
|
|
|
|
const std::string& certificate() const { return certificate_; }
|
|
const std::string& provider_id() const { return provider_id_; }
|
|
const std::string& serial_number() const { return serial_number_; }
|
|
const RsaPrivateKey* const private_key() const { return private_key_.get(); }
|
|
const RsaPublicKey* const public_key() const { return public_key_.get(); }
|
|
|
|
private:
|
|
friend class DrmServiceCertificateTest;
|
|
friend class widevine::RequestInspectorTest;
|
|
|
|
static util::Status AddDrmServiceCertificate(
|
|
const std::string& root_public_key, const std::string& service_certificate,
|
|
const std::string& service_private_key,
|
|
const std::string& service_private_key_passphrase);
|
|
|
|
static util::Status SetDefaultDrmServiceCertificate(
|
|
const std::string& root_public_key, const std::string& service_certificate,
|
|
const std::string& service_private_key,
|
|
const std::string& service_private_key_passphrase);
|
|
|
|
DrmServiceCertificate(const std::string& service_certificate,
|
|
const std::string& provider_id, const std::string& serial_number,
|
|
const uint32_t creation_time_seconds,
|
|
std::unique_ptr<RsaPublicKey> public_key,
|
|
std::unique_ptr<RsaPrivateKey> private_key);
|
|
|
|
static void ResetServiceCertificates();
|
|
|
|
std::string certificate_;
|
|
std::string provider_id_;
|
|
std::string serial_number_;
|
|
uint32_t creation_time_seconds_;
|
|
std::unique_ptr<RsaPublicKey> public_key_;
|
|
std::unique_ptr<RsaPrivateKey> private_key_;
|
|
|
|
DISALLOW_IMPLICIT_CONSTRUCTORS(DrmServiceCertificate);
|
|
};
|
|
|
|
} // namespace widevine
|
|
|
|
#endif // COMMON_DRM_SERVICE_CERTIFICATE_H__
|