CAS Proxy SDK git checkin as per g3doc.

Adds support for specifying service type when creating a service certificate. A recent change to the SDK allows for service certificates (DrmCertificate) to also specify a ServiceType indicating which type of service they are supposed to be used on. This CL adds certificate creation service support for this. ------------- Fix typo in cas proxy SDK. ------------- Migrate C++ proto_library rules to cc_proto_library. We update dependency edges of cc_* rules on proto_library() rules to use a cc_proto_library() intermediary in preparation for eliminating proto_library()'s cc support as per [] More information: [] Tested: TAP --sample for global presubmit queue [] ------------- Migrate cc proto_library to cc_proto_library. Also fixes build break introduced by [] ------------- Remove unnecessary #MOE directives ------------- [Proxy_SDK] Move generateSignature in WvPLSDKEnvironment to signature_util.cc file. ------------- [SDK]Add service_certificate type check in WVPL LSDK and PROXY SDK. ------------- [Proxy_SDK] Add new API to get remote_attestation_cert_serial_number for proxy SDK. ------------- [Proxy_SDK] Add getDrmDeviceId function ------------- [Proxy_SDK] add getrequesttype function for proxy sdk ------------- [SDK] Add videoFeature field to WvPLWidevinePsshData in WvPLWidevine.java and wvpl_type.h. Related to [] ------------- Allow specified devices to request licenses even if these devices are in TEST_ONLY state. This will also override the global setting of TEST_ONLY devices not being allowed to successfully receive licenses from Widevine License SDK. ------------- [Proxy_SDK] Add ParseDCSL function and test case. ------------- [Proxy_SDK] Return non-ok status for service_certificate_request when create proxy sdk session. Add test case in Java test. ------------- [Proxy_SDK] Add video_feature parsing in GetPsshData function. Also check video_feature when geneateModularDrmLicenseRequest. ------------- [SDK]Deprecated message_type() function, use request_type() instead. ------------- Use JDK instead of JRE The concept of a JRE is going away in JDK 11. The jre/ subdirectory in the JDK will no longer exist and the :jre targets will no longer make sense. Currently in JDK 8, the JDK is a superset of the JRE (it contains all of the files in the JRE), so this is a safe change. Tested: TAP found no affected targets [] ------------- Renaming WvPLSDKSession.request_type() API. Added LICENSE_TYPE_UNSPECIFIED enumeration to WvPLLicenseType. ------------- Additional VLOG messaging for licensing with TEST_ONLY devices. ------------- Remove forward declarations of absl names. The style guide bans this, and those names are not for external users to redeclare. External users should include the public headers instead. ------------- Change Kokoro to use latest bazel version ------------- Update the abseil build to the December 18 release. This fixes a problem where the MOE build is failing because there was no definition for node_hash_map. ------------- [CAS_Proxy]Add WvPLCASProxyEnvironmentJNI.cc and com_google_video_widevine_sdk_wvpl_WvPLCASProxyEnvironment.h file to implement JNI layer for WvPLCASProxyEnvironment. ------------- Apply changes to sdk to match device certificate status list updates. Cleans up some of the protos we're using for the new SignedDeviceInfo. Also, adjusts the sdk implementation to reflect the proto and service changes. ------------- [CAS_PROXY]Add WvPLCASProxyEnvironment.java, WvPLCASProxySession.java and WvPLCASProxyTest.java file. ------------- Add API to return the DRM service certificate by provider. ------------- [CAS_PROXY]Implement SetDrmServiceCertificate and SetDeviceCertificateStatusList JNI layer. ------------- Get DeviceInfo from request. ------------- CAS Proxy SDK updated to 1.1.5. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=248640225
2019-05-21 18:20:53 +00:00
parent cb621e566a
commit dda00601c2
31 changed files with 4438 additions and 0 deletions
--- a/sdk/external/common/wvpl/wvpl_sdk_environment.h
+++ b/sdk/external/common/wvpl/wvpl_sdk_environment.h
@@ -0,0 +1,146 @@
+////////////////////////////////////////////////////////////////////////////////
+// Copyright 2017 Google LLC.
+//
+// This software is licensed under the terms defined in the Widevine Master
+// License Agreement. For a copy of this agreement, please contact
+// widevine-licensing@google.com.
+////////////////////////////////////////////////////////////////////////////////
+
+#ifndef SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_ENVIRONMENT_H_
+#define SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_ENVIRONMENT_H_
+
+#include <memory>
+#include <string>
+
+#include "sdk/external/common/wvpl/wvpl_types.h"
+#include "protos/public/drm_certificate.pb.h"
+
+namespace widevine {
+class DeviceCertificateStatusList;
+class DrmRootCertificate;
+class DrmCertificate;
+class ProvisionedDeviceInfo;
+}  // namespace widevine
+namespace widevine_server {
+namespace wv_pl_sdk {
+
+// These fields show the configuration options that can be initialized via
+// the implementation classes (WvPLEnvironment and WvPLProxyEnvironment).
+const char kDeviceCertificateExpiration[] = "device_certificate_expiration";
+const char kAllowUnknownDevice[] = "allow_unknown_device";
+const char kProvider[] = "provider";
+const char kProviderIv[] = "provider_iv";
+const char kProviderKey[] = "provider_key";
+const char kApiVerInKcb[] = "api_ver_in_kcb";
+const char kLimitUsageStatsToErrorsOnly[] = "limit_usage_stats_to_errors_only";
+// Valid values are 'test' and 'prod'.
+const char kDrmCertificateType[] = "drm_certificate_type";
+
+/**
+ * Parent class of SDK environment. This class is not be instantiated directly,
+ * but its API can be accessed via the derived environment classes.
+ */
+class WvPLSDKEnvironment {
+ public:
+  virtual ~WvPLSDKEnvironment();
+  // Generates a license response containing a message generated in response to
+  // an error condition. |create_session_status| is a previous error status
+  // returned by the CreateSession(). |license_response| points to a std::string to
+  // contain the license response and may not be NULL. This method returns true
+  // if there is an error license to be sent to the client, or false
+  // otherwise.
+  static bool GenerateErrorResponse(const WvPLStatus& create_session_status,
+                                    std::string* license_response);
+
+  /**
+   * Add a service certificate system-wide at the sdk. |service_certificate|
+   * is a Google-generated certificate used to authenticate the service
+   * provider.  |service_private_key| is the encrypted PKCS#8 private RSA key
+   * corresponding to the service certificate. |service_private_key_passphrase|
+   * is the password required to decrypt |service_private_key|.  This is a
+   * thread-safe call.
+   *
+   * @param service_certificate
+   * @param service_private_key
+   * @param service_private_key_passphrase
+   *
+   * @return WvPLStatus enumeration
+   */
+  virtual WvPLStatus SetDrmServiceCertificate(
+      const std::string& service_certificate, const std::string& service_private_key,
+      const std::string& service_private_key_passphrase);
+
+  // Returns the DRM root certificate configured for this environment.
+  const widevine::DrmRootCertificate* drm_root_certificate() const {
+    return drm_root_certificate_.get();
+  }
+
+ protected:
+  // Return the signature for the provider specified in the |config_values|
+  // parameter in the constructor.  |signature| is owned by the caller.
+  static WvPLStatus GenerateSignature(const std::string& plain_text,
+                                      std::string* signature);
+  /**
+   * Insert or update provisionedDeviceInfoMap with device info in
+   * certificate_status_list.
+   */
+  static WvPLStatus UpdateProvisionedDeviceInfoMap(
+      const widevine::DeviceCertificateStatusList&
+          certificate_status_list);
+
+  WvPLStatus SetDeviceCertificateStatusList(const std::string& cert_list) const;
+
+  // Number of seconds until the certificate status list expires after its
+  // creation time. Default value is 604800 seconds.
+  uint32_t device_certificate_expiration_seconds_ = 604800;
+  // "config_values" setting for "kDrmCertificateType".
+  // Supported values are "test" and "prod".  Default value is "prod".
+  std::string drm_certificate_type_ = "prod";
+  // name of the provider hosting this service.
+  std::string provider_;
+  // value of the "iv" specified for the provider.
+  std::string provider_iv_;
+  // value of the "key" specified for the provider.
+  std::string provider_key_;
+  // is_service_certificate_loaded_ is not thread safe.
+  bool is_service_certificate_loaded_ = false;
+  // If true, allow devices not in the certificate status list.
+  bool allow_unknown_device_ = false;
+  // DRM root certificate used for verifying all other DRM certificates.
+  std::unique_ptr<widevine::DrmRootCertificate> drm_root_certificate_;
+
+ private:
+  // Get the expected service type for drm service certificate.
+  virtual widevine::DrmCertificate::ServiceType
+  GetExpectedServiceCertificateType();
+
+  // Check the type of |service_certificate|. Returns "OK" if the cert can be
+  // used for the current SDK, else an error status.
+  virtual WvPLStatus CheckServiceCertificateType(
+      const std::string& service_certificate);
+
+  /**
+   * Return provisioned_device_info if the device_info_map_ contains system_id.
+   *
+   * @return WvPLStatus - Status::OK if success, else error.
+   */
+  static WvPLStatus LookupDeviceInfo(
+      uint32_t system_id,
+      widevine::ProvisionedDeviceInfo* provisioned_device_info);
+
+  /**
+   * Add a device to the current environment/session.
+   */
+  static void AddDeviceInfo(
+      const widevine::ProvisionedDeviceInfo& provisioned_device_info);
+
+  friend class WvPLSDKSession;
+  friend class WvPLProxySession;
+  friend class WvPLProxySessionTest;
+  friend class WvPLSessionTest;
+};
+
+}  // namespace wv_pl_sdk
+}  // namespace widevine_server
+
+#endif  // SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_ENVIRONMENT_H_
--- a/sdk/external/common/wvpl/wvpl_sdk_session.h
+++ b/sdk/external/common/wvpl/wvpl_sdk_session.h
@@ -0,0 +1,231 @@
+////////////////////////////////////////////////////////////////////////////////
+// Copyright 2018 Google LLC.
+//
+// This software is licensed under the terms defined in the Widevine Master
+// License Agreement. For a copy of this agreement, please contact
+// widevine-licensing@google.com.
+////////////////////////////////////////////////////////////////////////////////
+
+#ifndef SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_SESSION_H_
+#define SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_SESSION_H_
+
+#include <memory>
+#include "sdk/external/common/wvpl/wvpl_types.h"
+
+namespace widevine {
+class ClientIdentification;
+class DrmRootCertificate;
+class LicenseRequest;
+class License_KeyContainer_OutputProtection;
+class License_KeyContainer;
+class License_Policy;
+class ProvisionedDeviceInfo;
+class SessionInit;
+class SessionState;
+class SignedMessage;
+}  // namespace widevine
+namespace widevine_server {
+namespace wv_pl_sdk {
+
+class WvPLSDKSession {
+ public:
+  explicit WvPLSDKSession(
+      const widevine::DrmRootCertificate* drm_root_certificate);
+  virtual ~WvPLSDKSession();
+
+ public:
+  // Add WvPLKey.
+  virtual WvPLStatus AddKey(const WvPLKey& key);
+
+  // Get the WvPLKey.
+  virtual const std::vector<WvPLKey>& keys() const { return keys_; }
+
+  // Set the license policy.
+  virtual void set_policy(const WvPLPlaybackPolicy& policy) {
+    policy_ = policy;
+  }
+
+  // Get the license policy.
+  virtual const WvPLPlaybackPolicy& policy() const { return policy_; }
+
+  // Set the Session Init.
+  virtual void set_session_init(const WvPLSessionInit& session_init) {
+    session_init_ = session_init;
+  }
+
+  // Get the Session Init.
+  virtual const WvPLSessionInit& session_init() const { return session_init_; }
+
+  virtual bool IsChromeCDM() const;
+
+  /**
+   * Returns the Widevine PSSH data for the license request handled by this
+   * session.
+   *
+   * @param wvpl_widevine_pssh_data.
+   * @return WvPLStatus - Status::OK if success, else error.
+   */
+  virtual WvPLStatus GetPsshData(
+      WvPLWidevinePsshData* wvpl_widevine_pssh_data) const;
+
+  /**
+   * Returns the ClientIdentification information for the license request
+   * handled by this session.
+   *
+   * @param client_info
+   * @return WvPLStatus - Status::OK if success, else error.
+   */
+  virtual WvPLStatus GetClientInfo(WvPLClientInfo* client_info) const;
+  /**
+   * Returns the WvPL Client Capabilities information for the license request
+   * handled by this session.
+   *
+   * @param client_capabilities.
+   * @return WvPLStatus - Status::OK if success, else error.
+   */
+  virtual WvPLStatus GetClientCapabilities(
+      WvPLClientCapabilities* client_capabilities) const;
+
+  /**
+   * Returns the WvPLDeviceInfo information for the license request
+   * handled by this session.
+   *
+   * @param device_info
+   * @return WvPLStatus - Status::OK if success, else error.
+   */
+  virtual WvPLStatus GetDeviceInfo(WvPLDeviceInfo* device_info) const;
+
+  virtual PlatformVerificationStatus VerifyPlatform() = 0;
+
+  virtual WvPLRequestType GetRequestType() const { return type_; }
+
+  /**
+   * Returns true if the license type is offline, otherwise return false.
+   *
+   * @return bool.
+   */
+  virtual bool is_offline_license() const;
+
+  /**
+   * Returns the license request contains client id or not.
+   *
+   * @return bool.
+   */
+  virtual bool has_client_id() const { return has_client_id_; }
+
+  /**
+   * Returns true if license request has encrypted_client_id. Otherwise return
+   * false.
+   *
+   * @return bool.
+   */
+  virtual bool has_encrypted_client_id() { return has_encrypted_client_id_; }
+
+ protected:
+  const widevine::DrmRootCertificate* drm_root_certificate_;
+  std::string user_agent_;
+  std::string device_id_;
+  std::vector<WvPLKey> keys_;
+  WvPLPlaybackPolicy policy_;
+  WvPLSessionInit session_init_;
+  WvPLWidevinePsshData pssh_data_;
+  std::unique_ptr<widevine::ClientIdentification> client_id_;
+  bool has_pssh_data_ = false;
+  bool has_client_id_ = false;
+  PlatformVerificationStatus platform_verification_status_ =
+      PLATFORM_NO_VERIFICATION;
+  std::unique_ptr<widevine::SignedMessage>
+      signed_message_request_from_cdm_;
+  std::string license_request_from_cdm_;
+  std::string remote_attestation_cert_serial_number_;
+  std::unique_ptr<widevine::LicenseRequest> sdk_license_request_;
+  WvPLRequestType type_;
+  bool has_session_state_ = false;
+  bool has_encrypted_client_id_ = false;
+
+  virtual WvPLStatus VerifyRemoteAttestation();
+
+  // Returns the WvPL Client Capabilities information for the license request
+  // handled by this session.
+  WvPLStatus GetWvPLClientCapabilities(
+      const widevine::ClientIdentification& client_id,
+      WvPLClientCapabilities* client_capabilities) const;
+
+  // Copy and translates the Key fields from a WvPL Key into an SDK
+  // key container.
+  // Copies
+  // (1) key id
+  // (2) key
+  // (3) video_resolution_constraints
+  // (4) output protection using CopyOutputProtection
+  // (5) security_level using CopySecurityLevel
+  // Translates
+  // (1) key type
+  void CopyKey(const WvPLKey& wvpl_key,
+               widevine::License_KeyContainer* sdk_key_container);
+
+  // Copies/translates output_protection in WvPL Key into an SDK key container.
+  void CopyOutputProtection(
+      const WvPLOutputProtection& wvpl_output_protection,
+      widevine::License_KeyContainer_OutputProtection* output_protection);
+
+  // Copies/translatessecurity_level in WvPL Key into an SDK key container.
+  virtual void CopySecurityLevel(
+      const WvPLOutputProtection& output_protection, TrackType track_type,
+      widevine::License_KeyContainer* key_container);
+
+  // Copies/translates the policy from a WvPL policy into an SDK policy. A
+  // helper function for GenerateLicenseRequestAsJSON.
+  virtual void CopyPlaybackPolicy(const WvPLPlaybackPolicy& wvpl_policy,
+                                  widevine::License_Policy* sdk_policy);
+
+  // Copy the |hdcp_value| into the key container.
+  virtual void CopyHDCP(
+      HDCP hdcp_value,
+      widevine::License_KeyContainer_OutputProtection* output_protection);
+
+  // Copy the WvPLSession Init into Session Init.
+  virtual void CopySessionInit(const WvPLSessionInit& wvpl_session_init,
+                               widevine::SessionInit* session_init);
+
+  // Copy the WvPLDeviceInfo into ProvisionedDeviceInfo.
+  virtual void CopyProvisionedDeviceInfo(
+      const WvPLDeviceInfo& wvpl_device_info,
+      widevine::ProvisionedDeviceInfo* device_info);
+
+  // Populate deviceInfo, clientIdentification and psshdata for license request.
+  WvPLStatus ParseLicenseRequest();
+
+  // Copy the WvPLSessionState to SessionState.
+  void CopySessionState(const WvPLSessionState& wvpl_session_state,
+                        widevine::SessionState* session_state);
+
+  // Set system_id value.
+  virtual void SetSystemId(uint32_t system_id);
+
+  // Return has_system_id_ value. True if session has system id.
+  virtual bool HasSystemId() const;
+
+  // Return system_id value in uint32_t. The function will crash if it does not
+  // have system_id.
+  virtual uint32_t GetSystemId() const;
+
+  /**
+   * Use system_id to loop up device info.
+   *
+   * @return WvPLStatus - Status::OK if success, else error.
+   */
+  virtual WvPLStatus LookupDeviceInfo(
+      uint32_t system_id,
+      widevine::ProvisionedDeviceInfo* provisioned_device_info) const;
+
+  virtual const std::string TrackTypeToString(TrackType track_type) const;
+
+ private:
+  std::unique_ptr<uint32_t> system_id_;
+};
+
+}  // namespace wv_pl_sdk
+}  // namespace widevine_server
+
+#endif  // SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_SESSION_H_
--- a/sdk/external/common/wvpl/wvpl_types.h
+++ b/sdk/external/common/wvpl/wvpl_types.h