Rollback
Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=224206719
This commit is contained in:
Ramji Chandramouli
committed by
Fang Yu
Fang Yu
parent
df7566c0c1
commit
7f649cf826
@@ -13,6 +13,8 @@
|
||||
#ifndef COMMON_DRM_ROOT_CERTIFICATE_H_
|
||||
#define COMMON_DRM_ROOT_CERTIFICATE_H_
|
||||
|
||||
// common_typos_disable. Successful / successfull.
|
||||
|
||||
#include <memory>
|
||||
#include <string>
|
||||
|
||||
@@ -23,41 +25,82 @@
|
||||
|
||||
namespace widevine {
|
||||
|
||||
class DrmCertificate;
|
||||
class RsaKeyFactory;
|
||||
class RsaPublicKey;
|
||||
class SignedDrmCertificate;
|
||||
class VerifiedCertSignatureCache;
|
||||
|
||||
// Root certificate and certificate chain verifier with internal caching.
|
||||
// This object is thread-safe.
|
||||
class DrmRootCertificate {
|
||||
public:
|
||||
virtual ~DrmRootCertificate() {}
|
||||
virtual ~DrmRootCertificate();
|
||||
|
||||
// Creates a DrmRootCertificate object given a certificate type.
|
||||
// |cert| may not be nullptr, and it points to a
|
||||
// std::unique_ptr<DrmRootCertificate> which will be used to return a newly
|
||||
// created DrmRootCertificate* if successful. The caller assumes ownership of
|
||||
// the new DrmRootCertificate. This method returns util::Status::OK on
|
||||
// success, or appropriate error status otherwise.
|
||||
// created const DrmRootCertificate* if successful. The caller assumes
|
||||
// ownership of the new DrmRootCertificate. This method returns
|
||||
// util::Status::OK on success, or appropriate error status otherwise.
|
||||
static util::Status CreateByType(CertificateType cert_type,
|
||||
std::unique_ptr<DrmRootCertificate>* cert);
|
||||
// Returns the hex-encoded SHA-256 digest for the specified root certificate.
|
||||
static std::string GetDigest(CertificateType cert_type);
|
||||
// Given |cert_type|, the appropiate root certificate is returned as
|
||||
// a serialized SignedDrmCertificates.
|
||||
static std::string GetDrmRootCertificate(CertificateType cert_type);
|
||||
|
||||
// Variant on the method above to make CLIF happy until b/110539622 is fixed.
|
||||
static std::unique_ptr<DrmRootCertificate> CreateByType(
|
||||
CertificateType cert_type, util::Status* status);
|
||||
|
||||
// Creates a DrmRootCertificate object given a certificate type std::string, which
|
||||
// must be one of "prod", "qa", or "test".
|
||||
// |cert| may not be nullptr, and it points to a
|
||||
// std::unique_ptr<DrmRootCertificate> which will be used to return a newly
|
||||
// created const DrmRootCertificate* if successful. The caller assumes
|
||||
// ownership of the new DrmRootCertificate. This method returns
|
||||
// util::Status::OK on success, or appropriate error status otherwise.
|
||||
static util::Status CreateByTypeString(
|
||||
const std::string& cert_type_string,
|
||||
std::unique_ptr<DrmRootCertificate>* cert);
|
||||
|
||||
// |certificate| will contgain the DRM certificate upon successful return.
|
||||
// May be null.
|
||||
// Returns util::Status::OK if successful, or an appropriate error code
|
||||
// otherwise.
|
||||
virtual util::Status VerifyCertificate(
|
||||
const std::string& serialized_certificate,
|
||||
SignedDrmCertificate* signed_certificate,
|
||||
DrmCertificate* certificate) const;
|
||||
|
||||
// Returns the hex-encoded SHA-256 digest for this certificate.
|
||||
virtual std::string GetDigest() const;
|
||||
|
||||
const CertificateType type() const { return type_; }
|
||||
|
||||
const std::string& public_key() const { return public_key_; }
|
||||
|
||||
// Verifies a DRM certificate.
|
||||
protected:
|
||||
DrmRootCertificate(CertificateType cert_type,
|
||||
const std::string& serialized_certificate,
|
||||
const std::string& serial_number, const std::string& public_key,
|
||||
std::unique_ptr<RsaKeyFactory> key_factory);
|
||||
|
||||
private:
|
||||
friend class DrmRootCertificateTest;
|
||||
|
||||
// Creates a DrmRootCertificate object given a serialized
|
||||
// SignedDrmCertificate. |cert| may not be nullptr, and it points to a
|
||||
// std::unique_ptr<DrmRootCertificate> which will be used to return a newly
|
||||
// created DrmRootCertificate* if successful. The caller assumes ownership of
|
||||
// the new DrmRootCertificate. This method returns util::Status::OK on
|
||||
// success, or appropriate error status otherwise.
|
||||
// TODO(user): Consider moving to private.
|
||||
static util::Status Create(const std::string& signed_drm_certificate,
|
||||
static util::Status Create(CertificateType cert_type,
|
||||
std::unique_ptr<RsaKeyFactory> key_factory,
|
||||
std::unique_ptr<DrmRootCertificate>* cert);
|
||||
explicit DrmRootCertificate(const std::string& public_key)
|
||||
: public_key_(public_key) {}
|
||||
|
||||
util::Status VerifySignatures(const SignedDrmCertificate& signed_cert,
|
||||
const std::string& cert_serial_number,
|
||||
bool use_cache) const;
|
||||
|
||||
CertificateType type_;
|
||||
std::string serialized_certificate_;
|
||||
std::string serial_number_;
|
||||
std::string public_key_;
|
||||
std::unique_ptr<RsaKeyFactory> key_factory_;
|
||||
mutable std::unique_ptr<VerifiedCertSignatureCache> signature_cache_;
|
||||
|
||||
DISALLOW_IMPLICIT_CONSTRUCTORS(DrmRootCertificate);
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user