//////////////////////////////////////////////////////////////////////////////// // Copyright 2017 Google LLC. // // This software is licensed under the terms defined in the Widevine Master // License Agreement. For a copy of this agreement, please contact // widevine-licensing@google.com. //////////////////////////////////////////////////////////////////////////////// // // // Description: // Device certificate status list object definitions. syntax = "proto2"; package widevine; option java_outer_classname = "DeviceCertificateStatusProtos"; option java_package = "com.google.video.widevine.protos"; import "protos/public/provisioned_device_info.proto"; // Contains DRM and OEM certificate status and device information for a // specific system ID. // TODO(user): Move this to its own file. message DeviceCertificateStatus { enum DeprecatedStatus { DEPRECATED_VALID = 0; DEPRECATED_REVOKED = 1; } enum Status { STATUS_UNKNOWN = 0; STATUS_IN_TESTING = 10; // Pre-release, active device. STATUS_RELEASED = 20; // Released, active device. STATUS_TEST_ONLY = 30; // Development-only device. STATUS_REVOKED = 40; // Revoked device. } // Serial number of the intermediate DrmCertificate to which this // message refers. Required. optional bytes drm_serial_number = 1; // Status of the certificate. Optional & deprecated in favor of |status| // below. optional DeprecatedStatus deprecated_status = 2 [default = DEPRECATED_VALID]; // Device model information about the device to which the intermediate // certificate(s) correspond. optional ProvisionedDeviceInfo device_info = 4; // Serial number of the OEM X.509 intermediate certificate for this type // of device. Present only if the device is OEM-provisioned. optional bytes oem_serial_number = 5; // Status of the device. Optional. optional Status status = 6 [default = STATUS_UNKNOWN]; } // List of DeviceCertificateStatus. Used to propagate certificate revocation // status and device information. message DeviceCertificateStatusList { // POSIX time, in seconds, when the list was created. Required. optional uint32 creation_time_seconds = 1; // DeviceCertificateStatus for each system ID. repeated DeviceCertificateStatus certificate_status = 2; // The duration for this device certificate status list in seconds. Within // this grace period, content provider can set device certificate status list // in the SDK. The default time is 7 days. optional uint32 duration_time_seconds = 3; } // Signed CertificateStatusList message SignedDeviceCertificateStatusList { // Serialized DeviceCertificateStatusList. Required. optional bytes certificate_status_list = 1; // Signature of certificate_status_list. Signed with root certificate private // key using RSASSA-PSS. Required. optional bytes signature = 2; } // A signed request sent to Widevine Provisioning Server (keysmith) to retrieve // 'DeviceCertificateStatusList'. message SignedDeviceCertificateStatusListRequest { // Serialized DeviceCertificateStatusListRequest. Required. optional bytes device_certificate_status_list_request = 1; // Signature of device_certificate_status_list_request. Signed with root // certificate private key using RSASSA-PSS. Required. optional bytes signature = 2; } // A request sent to Widevine Provisioning Server (keysmith) to retrieve // 'DeviceCertificateStatusList'. message DeviceCertificateStatusListRequest { // The version of sdk. Required. optional string sdk_version = 1; // POSIX time, in seconds, when this request was created. Required. optional uint64 sdk_time_seconds = 2; } // Contains response from Widevine Provisioning Server with status and // DeviceCertificateStatusList information. message DeviceCertificateStatusListResponse { enum Status { UNKNOWN = 0; OK = 1; SIGNATURE_FAILED = 2; NOT_AUTHORIZED = 3; AUTHORIZATION_EXPIRED = 4; PROVIDER_ID_MISSING = 5; INTERNAL_ERROR = 6; } // Status returned by the Widevine Provisioning Server. Required. optional Status status = 1; // String message returned by the Widevine Provisioning Server. optional string status_message = 2; // Serialized SignedDeviceCertificateStatusList. Required. optional bytes signed_device_certificate_status_list = 3; }