widevine-partner/media_cas_proxy_sdk_source
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rollback

Browse Source 
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=224206719
This commit is contained in:
Ramji Chandramouli
2018-12-05 13:02:27 -08:00
committed by Fang Yu
parent df7566c0c1
commit 7f649cf826
49 changed files with 2697 additions and 2130 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
sdk/external/common/wvpl/BUILD vendored
View File

@@ -38,13 +38,14 @@ cc_library(
],
deps = [
# TODO(user): Refactor these deps as classes that derive from WvPLSDKSession may not rely on license SDK(s).
":wvpl_types",
"//base",
"//util:status",
":wvpl_types",
"//common:certificate_type",
"//common:drm_service_certificate",
"//common:client_cert",
"//common:error_space",
"//common:remote_attestation_verifier",
"//common:drm_root_certificate",
"//common:drm_service_certificate",
"//common:verified_media_pipeline",
"//license_server_sdk/internal:sdk",
"//protos/public:client_identification_proto",
@@ -66,16 +67,16 @@ cc_library(
],
deps = [
# TODO(user): Refactor these deps as classes that derive from WvPLSDKEnvironment may not rely on license SDK(s).
":wvpl_types",
"//base",
"@abseil_repo//absl/strings",
"@abseil_repo//absl/synchronization",
"//util:status",
":wvpl_types",
"//common:aes_cbc_util",
"//common:certificate_type",
"//common:certificate_util",
"//common:drm_service_certificate",
"//common:device_status_list",
"//common:drm_root_certificate",
"//common:error_space",
"//common:drm_service_certificate",
"//common:sha_util",
"//license_server_sdk/internal:sdk",
"//protos/public:device_certificate_status_proto",
@@ -99,8 +100,9 @@ cc_library(
"@abseil_repo//absl/synchronization",
"//util:status",
"//common:aes_cbc_util",
"//common:certificate_type",
"//common:certificate_util",
"//common:client_cert",
"//common:device_status_list",
"//common:drm_root_certificate",
"//common:drm_service_certificate",
"//common:error_space",
"//common:remote_attestation_verifier",

39
sdk/external/common/wvpl/wvpl_sdk_environment.cc vendored
View File

@@ -12,8 +12,7 @@
#include "absl/synchronization/mutex.h"
#include "util/status.h"
#include "common/aes_cbc_util.h"
#include "common/certificate_type.h"
#include "common/certificate_util.h"
#include "common/device_status_list.h"
#include "common/drm_service_certificate.h"
#include "common/error_space.h"
#include "common/sha_util.h"
@@ -21,16 +20,16 @@
#include "protos/public/errors.pb.h"
namespace util = widevine::util;
using widevine::AddDrmServiceCertificate;
using widevine::DeviceCertificateStatus;
using widevine::DeviceCertificateStatusList;
using widevine::DeviceStatusList;
using widevine::DrmServiceCertificate;
using widevine::error_space;
using widevine::kCertificateTypeDevelopment;
using widevine::kCertificateTypeProduction;
using widevine::kCertificateTypeTesting;
using widevine::ProvisionedDeviceInfo;
using widevine::SetCertificateStatusList;
using widevine::SignedDeviceCertificateStatusList;
using widevine::crypto_util::EncryptAesCbc;
namespace widevine_server {
@@ -74,8 +73,9 @@ ProvisionedDeviceInfoMap& GetProvisionedDeviceInfoMap() {
WvPLStatus WvPLSDKEnvironment::SetDrmServiceCertificate(
const std::string& service_certificate, const std::string& service_private_key,
const std::string& service_private_key_passphrase) {
WvPLStatus wvpl_status = AddDrmServiceCertificate(
certificate_type_, service_certificate, service_private_key,
CHECK(drm_root_certificate()) << "DRM root certificate not set!";
WvPLStatus wvpl_status = DrmServiceCertificate::AddDrmServiceCertificate(
drm_root_certificate(), service_certificate, service_private_key,
service_private_key_passphrase);
if (!wvpl_status.ok()) return wvpl_status;
wvpl_status = DrmServiceCertificate::ValidateDrmServiceCertificate();
@@ -85,7 +85,6 @@ WvPLStatus WvPLSDKEnvironment::SetDrmServiceCertificate(
return wvpl_status;
}
bool WvPLSDKEnvironment::GenerateErrorResponse(
const WvPLStatus& create_session_status, std::string* license_response) {
return widevine::GenerateErrorResponse(create_session_status,
@@ -198,5 +197,31 @@ void WvPLSDKEnvironment::SetConfigValue(
const std::map<std::string, std::string>& config_values) {
config_values_->insert(config_values.begin(), config_values.end());
}
WvPLStatus WvPLSDKEnvironment::SetDeviceCertificateStatusList(
const std::string& cert_list) const {
WvPLStatus status = util::OkStatus();
SignedDeviceCertificateStatusList device_certificate_status_list;
std::string decoded_certificate_status_list;
std::string device_certicate_status_list;
status = DeviceStatusList::ExtractFromProvisioningServiceResponse(
cert_list, &decoded_certificate_status_list,
&device_certicate_status_list);
if (!status.ok()) return status;
DeviceCertificateStatusList certificate_status_list;
if (!certificate_status_list.ParseFromString(device_certicate_status_list)) {
return util::Status(error_space,
widevine::INVALID_CERTIFICATE_STATUS_LIST,
"certificate status list parse error");
}
status = DeviceStatusList::Instance()->UpdateStatusList(
drm_root_certificate_->public_key(), decoded_certificate_status_list,
device_certificate_expiration_seconds_);
if (!status.ok()) return status;
status = WvPLSDKEnvironment::UpdateProvisionedDeviceInfoMap(
certificate_status_list);
return status;
}
} // namespace wv_pl_sdk
} // namespace widevine_server

17
sdk/external/common/wvpl/wvpl_sdk_environment.h vendored
View File

@@ -9,9 +9,10 @@
#ifndef SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_ENVIRONMENT_H_
#define SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_ENVIRONMENT_H_
#include <memory>
#include <string>
#include "common/certificate_type.h"
#include "common/drm_root_certificate.h"
#include "sdk/external/common/wvpl/wvpl_types.h"
#include "protos/public/device_certificate_status.pb.h"
#include "protos/public/provisioned_device_info.pb.h"
@@ -66,9 +67,10 @@ class WvPLSDKEnvironment {
const std::string& service_certificate, const std::string& service_private_key,
const std::string& service_private_key_passphrase);
// Returns the DRM Root Certificate type. This would be a setting passed into
// the environment, by a derived class constructor.
virtual std::string GetDrmCertificateType() { return drm_certificate_type_; }
// Returns the DRM root certificate configured for this environment.
const widevine::DrmRootCertificate* drm_root_certificate() const {
return drm_root_certificate_.get();
}
protected:
// Return the signature for the provider specified in the |config_values|
@@ -83,6 +85,8 @@ class WvPLSDKEnvironment {
const widevine::DeviceCertificateStatusList&
certificate_status_list);
WvPLStatus SetDeviceCertificateStatusList(const std::string& cert_list) const;
// Number of seconds until the certificate status list expires after its
// creation time. Default value is 604800 seconds.
uint32_t device_certificate_expiration_seconds_ = 604800;
@@ -100,9 +104,8 @@ class WvPLSDKEnvironment {
bool is_service_certificate_loaded_ = false;
// If true, allow devices not in the certificate status list.
bool allow_unknown_device_ = false;
// DRM Certificate type.
widevine::CertificateType certificate_type_ =
widevine::kCertificateTypeProduction;
// DRM root certificate used for verifying all other DRM certificates.
std::unique_ptr<widevine::DrmRootCertificate> drm_root_certificate_;
private:
/**

54
sdk/external/common/wvpl/wvpl_sdk_session.cc vendored
View File

@@ -10,14 +10,15 @@
#include "glog/logging.h"
#include "util/status.h"
#include "absl/memory/memory.h"
#include "common/client_cert.h"
#include "common/drm_service_certificate.h"
#include "common/error_space.h"
#include "common/remote_attestation_verifier.h"
#include "common/verified_media_pipeline.h"
#include "license_server_sdk/internal/client_cert.h"
#include "sdk/external/common/wvpl/wvpl_sdk_environment.h"
#include "sdk/external/common/wvpl/wvpl_types.h"
#include "protos/public/errors.pb.h"
#include "protos/public/provisioned_device_info.pb.h"
// TODO(user): Mark getProvisionedDeviceInfo as deprecated, move the
// implementation of isChromeCDM, getcontentid, parsePsshdata in wvpl_session
@@ -28,8 +29,16 @@
// wvpl_sdk_session_test.cc.
// TODO(user): Remove sdk_license_request_ and both proxy and wvpl LSDK set
// signed_message_request_from_cdm_ when create session.
// TODO(user): Move all the protected memeber variables to private and use
// getter and setter to access it.
// TODO(user): Try to avoid virtual private function like parsepsshdata.
// TODO(user): (b/119566765) Refactor ParseLicenseRequest and break it into
// different classes.
namespace util = widevine::util;
using widevine::ClientCert;
using widevine::ClientIdentification;
using widevine::DrmRootCertificate;
using widevine::DrmServiceCertificate;
using widevine::error_space;
using widevine::KeyboxClientCert;
@@ -38,12 +47,14 @@ using widevine::LicenseRequest;
using widevine::ProvisionedDeviceInfo;
using widevine::RemoteAttestationVerifier;
using widevine::SessionInit;
using widevine::SessionState;
using widevine::SignedMessage;
namespace widevine_server {
namespace wv_pl_sdk {
WvPLSDKSession::WvPLSDKSession(const DrmRootCertificate* drm_root_certificate)
: drm_root_certificate_(drm_root_certificate) {}
WvPLSDKSession::~WvPLSDKSession() {}
WvPLStatus WvPLSDKSession::AddKey(const WvPLKey& key) {
@@ -451,13 +462,22 @@ WvPLStatus WvPLSDKSession::ParseLicenseRequest() {
}
has_client_id_ = true;
}
if (client_id_.has_token()) {
if (client_id_.has_token() &&
client_id_.type() == ClientIdentification::KEYBOX) {
// Get system_id from token field in ClientIdentification.
system_id_ = KeyboxClientCert::GetSystemId(client_id_.token());
has_system_id_ = true;
SetSystemId(KeyboxClientCert::GetSystemId(client_id_.token()));
}
if (!HasSystemId()) {
ClientCert* client_cert_ptr = nullptr;
status = ClientCert::Create(
drm_root_certificate_, sdk_license_request_->client_id().type(),
sdk_license_request_->client_id().token(), &client_cert_ptr);
std::unique_ptr<ClientCert> client_cert(client_cert_ptr);
if (client_cert != nullptr) {
SetSystemId(client_cert->system_id());
}
}
// TODO(user): Consider enforcing missing client id here.
// Verifies platform for license requests and sets Platform Verification
// status.
platform_verification_status_ = VerifyPlatform();
@@ -651,15 +671,14 @@ WvPLStatus WvPLSDKSession::GetDeviceInfo(WvPLDeviceInfo* device_info) const {
return WvPLStatus(error_space, util::error::INVALID_ARGUMENT,
"device_info is NULL");
}
if (!has_system_id_) {
if (!HasSystemId()) {
return WvPLStatus(
error_space, widevine::UNSUPPORTED_SYSTEM_ID,
"Widevine SystemID does not exist because it is not found "
"in the license request");
}
ProvisionedDeviceInfo provisioned_device_info;
status = WvPLSDKEnvironment::LookupDeviceInfo(system_id_,
&provisioned_device_info);
status = LookupDeviceInfo(GetSystemId(), &provisioned_device_info);
if (!status.ok()) {
return status;
}
@@ -697,5 +716,22 @@ WvPLStatus WvPLSDKSession::GetDeviceInfo(WvPLDeviceInfo* device_info) const {
}
return status;
}
WvPLStatus WvPLSDKSession::LookupDeviceInfo(
uint32_t system_id, ProvisionedDeviceInfo* provisioned_device_info) const {
return WvPLSDKEnvironment::LookupDeviceInfo(system_id,
provisioned_device_info);
}
void WvPLSDKSession::SetSystemId(uint32_t system_id) {
system_id_ = absl::make_unique<uint32_t>(system_id);
}
bool WvPLSDKSession::HasSystemId() const { return system_id_ != nullptr; }
uint32_t WvPLSDKSession::GetSystemId() const {
CHECK(system_id_);
return *system_id_;
}
} // namespace wv_pl_sdk
} // namespace widevine_server

30
sdk/external/common/wvpl/wvpl_sdk_session.h vendored
View File

@@ -9,6 +9,7 @@
#ifndef SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_SESSION_H_
#define SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_SESSION_H_
#include <memory>
#include "sdk/external/common/wvpl/wvpl_types.h"
#include "protos/public/client_identification.pb.h"
#include "protos/public/device_certificate_status.pb.h"
@@ -17,13 +18,16 @@
#include "protos/public/provisioned_device_info.pb.h"
namespace widevine {
class DrmRootCertificate;
class SessionInit;
}
} // namespace widevine
namespace widevine_server {
namespace wv_pl_sdk {
class WvPLSDKSession {
public:
explicit WvPLSDKSession(
const widevine::DrmRootCertificate* drm_root_certificate);
virtual ~WvPLSDKSession() = 0;
public:
@@ -102,7 +106,7 @@ class WvPLSDKSession {
}
protected:
uint32_t system_id_ = 0xFFFFFFFF;
const widevine::DrmRootCertificate* drm_root_certificate_;
std::string user_agent_;
std::vector<WvPLKey> keys_;
WvPLPlaybackPolicy policy_;
@@ -110,7 +114,6 @@ class WvPLSDKSession {
WvPLWidevinePsshData pssh_data_;
widevine::ClientIdentification client_id_;
bool has_pssh_data_ = false;
bool has_system_id_ = false;
bool has_client_id_ = false;
MessageType message_type_ = UNKNOWN;
PlatformVerificationStatus platform_verification_status_ =
@@ -182,7 +185,28 @@ class WvPLSDKSession {
void CopySessionState(const WvPLSessionState& wvpl_session_state,
widevine::SessionState* session_state);
// Set system_id value.
virtual void SetSystemId(uint32_t system_id);
// Return has_system_id_ value. True if session has system id.
virtual bool HasSystemId() const;
// Return system_id value in uint32_t. The function will crash if it does not
// have system_id.
virtual uint32_t GetSystemId() const;
/**
* Use system_id to loop up device info.
*
* @return WvPLStatus - Status::OK if success, else error.
*/
virtual WvPLStatus LookupDeviceInfo(
uint32_t system_id,
widevine::ProvisionedDeviceInfo* provisioned_device_info) const;
private:
std::unique_ptr<uint32_t> system_id_;
/**
* Parses WvPLWidevinePsshData in the new license request.
*