Release provisioning sdk bb7f2d7
This commit is contained in:
Widevine Buildbot
Binary file not shown.
Binary file not shown.
@@ -61,6 +61,8 @@ message ClientIdentification {
|
|||||||
optional uint32 license_counter = 5;
|
optional uint32 license_counter = 5;
|
||||||
// List of non-baseline client capabilities.
|
// List of non-baseline client capabilities.
|
||||||
optional ClientCapabilities client_capabilities = 6;
|
optional ClientCapabilities client_capabilities = 6;
|
||||||
|
// Serialized VmpData message. Optional.
|
||||||
|
optional bytes vmp_data = 7;
|
||||||
}
|
}
|
||||||
|
|
||||||
// EncryptedClientIdentification message used to hold ClientIdentification
|
// EncryptedClientIdentification message used to hold ClientIdentification
|
||||||
|
|||||||
@@ -16,20 +16,21 @@ enum ProvisioningStatus {
|
|||||||
// Invalid provisioning private key or private key passphrase.
|
// Invalid provisioning private key or private key passphrase.
|
||||||
INVALID_PROVISIONING_PRIVATE_KEY = 6,
|
INVALID_PROVISIONING_PRIVATE_KEY = 6,
|
||||||
INVALID_INTERMEDIATE_DRM_CERTIFICATE = 7,
|
INVALID_INTERMEDIATE_DRM_CERTIFICATE = 7,
|
||||||
|
INVALID_INTERMEDIATE_PUBLIC_KEY = 8,
|
||||||
// Invalid intermediate private key or private key passphrase.
|
// Invalid intermediate private key or private key passphrase.
|
||||||
INVALID_INTERMEDIATE_PRIVATE_KEY = 8,
|
INVALID_INTERMEDIATE_PRIVATE_KEY = 9,
|
||||||
INVALID_STATUS_LIST = 9,
|
INVALID_STATUS_LIST = 10,
|
||||||
STATUS_LIST_EXPIRED = 10,
|
STATUS_LIST_EXPIRED = 11,
|
||||||
UNKNOWN_SYSTEM_ID = 11,
|
UNKNOWN_SYSTEM_ID = 12,
|
||||||
INVALID_DEVICE_PUBLIC_KEY = 12,
|
INVALID_DEVICE_PUBLIC_KEY = 13,
|
||||||
INVALID_DEVICE_PRIVATE_KEY = 13,
|
INVALID_DEVICE_PRIVATE_KEY = 14,
|
||||||
INVALID_REQUEST_MESSAGE = 14,
|
INVALID_REQUEST_MESSAGE = 15,
|
||||||
INVALID_MAC = 15,
|
INVALID_MAC = 16,
|
||||||
MISSING_DRM_INTERMEDIATE_CERT = 16,
|
MISSING_DRM_INTERMEDIATE_CERT = 17,
|
||||||
DRM_DEVICE_CERTIFICATE_NOT_SET = 17,
|
DRM_DEVICE_CERTIFICATE_NOT_SET = 18,
|
||||||
DEVICE_REVOKED = 18,
|
DEVICE_REVOKED = 19,
|
||||||
INVALID_SERIAL_NUMBER = 19,
|
INVALID_SERIAL_NUMBER = 20,
|
||||||
INTERNAL_ERROR = 20,
|
INTERNAL_ERROR = 21,
|
||||||
NUM_PROVISIONING_STATUS,
|
NUM_PROVISIONING_STATUS,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
17
provisioning_sdk/public/python/crypto_utility.py
Normal file
17
provisioning_sdk/public/python/crypto_utility.py
Normal file
@@ -0,0 +1,17 @@
|
|||||||
|
"""Utility functions for cryptography."""
|
||||||
|
|
||||||
|
from cryptography.hazmat import backends
|
||||||
|
from cryptography.hazmat.primitives import hashes
|
||||||
|
from cryptography.hazmat.primitives import serialization
|
||||||
|
from cryptography.hazmat.primitives.asymmetric import padding
|
||||||
|
|
||||||
|
|
||||||
|
def VerifySignature(public_key, signature, data):
|
||||||
|
hash_algorithm = hashes.SHA1()
|
||||||
|
salt_len = 20
|
||||||
|
|
||||||
|
key = serialization.load_der_public_key(
|
||||||
|
public_key, backend=backends.default_backend())
|
||||||
|
key.verify(signature, data,
|
||||||
|
padding.PSS(padding.MGF1(hash_algorithm), salt_len),
|
||||||
|
hash_algorithm)
|
||||||
@@ -0,0 +1,56 @@
|
|||||||
|
import unittest
|
||||||
|
|
||||||
|
import crypto_utility
|
||||||
|
import pywrapprovisioning_engine
|
||||||
|
import pywrapprovisioning_status
|
||||||
|
import test_data_utility
|
||||||
|
from protos.public import signed_device_certificate_pb2
|
||||||
|
|
||||||
|
|
||||||
|
class EngineGenerateCertificateTest(unittest.TestCase):
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
self._engine = pywrapprovisioning_engine.ProvisioningEngine()
|
||||||
|
test_data_utility.InitProvisionEngineWithTestData(
|
||||||
|
self._engine, verify_success=True)
|
||||||
|
test_data_utility.SetCertificateStatusListWithTestData(
|
||||||
|
self._engine, 0, verify_success=True)
|
||||||
|
test_data_utility.AddDrmIntermediateCertificateWithTestData(
|
||||||
|
self._engine, 2001, verify_success=True)
|
||||||
|
|
||||||
|
def testSuccess(self):
|
||||||
|
status, signed_cert_string = self._engine.GenerateDeviceDrmCertificate(
|
||||||
|
2001, test_data_utility.DEVICE_PUBLIC_KEY, 'DEVICE_SERIAL_NUMBER')
|
||||||
|
self.assertEqual(pywrapprovisioning_status.OK, status)
|
||||||
|
|
||||||
|
signed_cert = signed_device_certificate_pb2.SignedDrmDeviceCertificate()
|
||||||
|
signed_cert.ParseFromString(signed_cert_string)
|
||||||
|
crypto_utility.VerifySignature(test_data_utility.CA_PUBLIC_KEY,
|
||||||
|
signed_cert.signature,
|
||||||
|
signed_cert.drm_certificate)
|
||||||
|
|
||||||
|
def testEmptySerialNumber(self):
|
||||||
|
status, _ = self._engine.GenerateDeviceDrmCertificate(
|
||||||
|
2001, test_data_utility.DEVICE_PUBLIC_KEY, '')
|
||||||
|
self.assertEqual(pywrapprovisioning_status.INVALID_SERIAL_NUMBER, status)
|
||||||
|
|
||||||
|
def testEmptyPublicKey(self):
|
||||||
|
status, _ = self._engine.GenerateDeviceDrmCertificate(
|
||||||
|
2001, '', 'DEVICE_SERIAL_NUMBER')
|
||||||
|
self.assertEqual(pywrapprovisioning_status.INVALID_DEVICE_PUBLIC_KEY,
|
||||||
|
status)
|
||||||
|
|
||||||
|
def testInvalidPublicKey(self):
|
||||||
|
status, _ = self._engine.GenerateDeviceDrmCertificate(
|
||||||
|
2001, 'PUBLIC_KEY_MUST_BE_IN_DER_ENCODED_PKCS1_FORMAT',
|
||||||
|
'DEVICE_SERIAL_NUMBER')
|
||||||
|
self.assertEqual(pywrapprovisioning_status.INVALID_DEVICE_PUBLIC_KEY,
|
||||||
|
status)
|
||||||
|
|
||||||
|
def testMissingIntermediateCertificate(self):
|
||||||
|
status, _ = self._engine.GenerateDeviceDrmCertificate(
|
||||||
|
2002, test_data_utility.DEVICE_PUBLIC_KEY, 'DEVICE_SERIAL_NUMBER')
|
||||||
|
self.assertEqual(pywrapprovisioning_status.DEVICE_REVOKED, status)
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
unittest.main()
|
||||||
@@ -1,9 +1,6 @@
|
|||||||
import unittest
|
import unittest
|
||||||
|
|
||||||
from cryptography.hazmat.backends import default_backend
|
import crypto_utility
|
||||||
from cryptography.hazmat.primitives.asymmetric import padding
|
|
||||||
from cryptography.hazmat.primitives.serialization import load_der_public_key
|
|
||||||
|
|
||||||
import pywrapprovisioning_engine
|
import pywrapprovisioning_engine
|
||||||
import pywrapprovisioning_status
|
import pywrapprovisioning_status
|
||||||
import test_data_utility
|
import test_data_utility
|
||||||
@@ -79,12 +76,12 @@ class NewSessionTest(unittest.TestCase):
|
|||||||
session_status)
|
session_status)
|
||||||
|
|
||||||
def _VerifyMessageSignature(self, public_key, signed_response):
|
def _VerifyMessageSignature(self, public_key, signed_response):
|
||||||
self._VerifySignature(public_key, signed_response.signature,
|
crypto_utility.VerifySignature(public_key, signed_response.signature,
|
||||||
signed_response.message)
|
signed_response.message)
|
||||||
|
|
||||||
def _VerifyCertSignature(self, public_key, signed_cert):
|
def _VerifyCertSignature(self, public_key, signed_cert):
|
||||||
self._VerifySignature(public_key, signed_cert.signature,
|
crypto_utility.VerifySignature(public_key, signed_cert.signature,
|
||||||
signed_cert.drm_certificate)
|
signed_cert.drm_certificate)
|
||||||
|
|
||||||
def _VerifyProvisioningResponse(self, request, response):
|
def _VerifyProvisioningResponse(self, request, response):
|
||||||
self.assertEqual(request.nonce, response.nonce)
|
self.assertEqual(request.nonce, response.nonce)
|
||||||
@@ -94,14 +91,5 @@ class NewSessionTest(unittest.TestCase):
|
|||||||
|
|
||||||
self._VerifyCertSignature(test_data_utility.CA_PUBLIC_KEY, signed_cert)
|
self._VerifyCertSignature(test_data_utility.CA_PUBLIC_KEY, signed_cert)
|
||||||
|
|
||||||
def _VerifySignature(self, public_key, signature, data):
|
|
||||||
key = load_der_public_key(public_key, backend=default_backend())
|
|
||||||
key.verify(signature, data,
|
|
||||||
padding.PSS(
|
|
||||||
padding.MGF1(test_data_utility.HASH_ALGORITHM),
|
|
||||||
test_data_utility.SALT_LEN),
|
|
||||||
test_data_utility.HASH_ALGORITHM)
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
unittest.main()
|
unittest.main()
|
||||||
|
|||||||
@@ -27,6 +27,7 @@
|
|||||||
%unignore widevine::INVALID_REQUEST_MESSAGE;
|
%unignore widevine::INVALID_REQUEST_MESSAGE;
|
||||||
%unignore widevine::MISSING_DRM_INTERMEDIATE_CERT;
|
%unignore widevine::MISSING_DRM_INTERMEDIATE_CERT;
|
||||||
%unignore widevine::DEVICE_REVOKED;
|
%unignore widevine::DEVICE_REVOKED;
|
||||||
|
%unignore widevine::INVALID_SERIAL_NUMBER;
|
||||||
%unignore widevine::GetProvisioningStatusMessage;
|
%unignore widevine::GetProvisioningStatusMessage;
|
||||||
|
|
||||||
%include "provisioning_sdk/public/provisioning_status.h"
|
%include "provisioning_sdk/public/provisioning_status.h"
|
||||||
|
|||||||
@@ -2,8 +2,7 @@
|
|||||||
|
|
||||||
import os
|
import os
|
||||||
|
|
||||||
from distutils.core import Extension
|
from distutils import core
|
||||||
from distutils.core import setup
|
|
||||||
|
|
||||||
OUT_DIRNAME = 'test_genfiles'
|
OUT_DIRNAME = 'test_genfiles'
|
||||||
|
|
||||||
@@ -26,7 +25,7 @@ SDK_LIBRARY_DIR = os.path.join(SDK_ROOT_DIR, 'bazel-bin', 'provisioning_sdk',
|
|||||||
|
|
||||||
|
|
||||||
def ProvisioningSwigExtension(extension_name):
|
def ProvisioningSwigExtension(extension_name):
|
||||||
return Extension(
|
return core.Extension(
|
||||||
name=SWIG_CONFIG_MODULE_PATH % ('_pywrap' + extension_name),
|
name=SWIG_CONFIG_MODULE_PATH % ('_pywrap' + extension_name),
|
||||||
sources=[SWIG_CONFIG_FILE % extension_name],
|
sources=[SWIG_CONFIG_FILE % extension_name],
|
||||||
include_dirs=[SDK_ROOT_DIR],
|
include_dirs=[SDK_ROOT_DIR],
|
||||||
@@ -39,7 +38,7 @@ def ProvisioningSwigExtension(extension_name):
|
|||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
os.chdir(SDK_ROOT_DIR)
|
os.chdir(SDK_ROOT_DIR)
|
||||||
setup(
|
core.setup(
|
||||||
name='provisioning_sdk',
|
name='provisioning_sdk',
|
||||||
ext_modules=[
|
ext_modules=[
|
||||||
ProvisioningSwigExtension('certificate_type'),
|
ProvisioningSwigExtension('certificate_type'),
|
||||||
|
|||||||
@@ -2,15 +2,10 @@
|
|||||||
|
|
||||||
import os
|
import os
|
||||||
|
|
||||||
from cryptography.hazmat.primitives import hashes
|
|
||||||
|
|
||||||
import pywrapcertificate_type
|
import pywrapcertificate_type
|
||||||
import pywrapprovisioning_status
|
import pywrapprovisioning_status
|
||||||
from protos.public import certificate_provisioning_pb2
|
from protos.public import certificate_provisioning_pb2
|
||||||
|
|
||||||
HASH_ALGORITHM = hashes.SHA1()
|
|
||||||
SALT_LEN = 20
|
|
||||||
|
|
||||||
TEST_DATA_FOLDER = os.path.join('example', 'example_data')
|
TEST_DATA_FOLDER = os.path.join('example', 'example_data')
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -26,7 +26,7 @@ protoc -I="$(pwd)" --python_out="$(pwd)/test_genfiles" "$(pwd)/protos/public/pro
|
|||||||
protoc -I="$(pwd)" --python_out="$(pwd)/test_genfiles" "$(pwd)/protos/public/certificate_provisioning.proto"
|
protoc -I="$(pwd)" --python_out="$(pwd)/test_genfiles" "$(pwd)/protos/public/certificate_provisioning.proto"
|
||||||
protoc -I="$(pwd)" --python_out="$(pwd)/test_genfiles" "$(pwd)/protos/public/signed_device_certificate.proto"
|
protoc -I="$(pwd)" --python_out="$(pwd)/test_genfiles" "$(pwd)/protos/public/signed_device_certificate.proto"
|
||||||
|
|
||||||
cp provisioning_sdk/public/python/* test_genfiles/
|
cp -a provisioning_sdk/public/python/* test_genfiles/
|
||||||
cd test_genfiles
|
cd test_genfiles
|
||||||
python setup.py build_ext --inplace
|
python setup.py build_ext --inplace
|
||||||
|
|
||||||
@@ -38,4 +38,5 @@ done;
|
|||||||
python init_engine_test.py
|
python init_engine_test.py
|
||||||
python set_certificate_status_list_test.py
|
python set_certificate_status_list_test.py
|
||||||
python drm_intermediate_certificate_test.py
|
python drm_intermediate_certificate_test.py
|
||||||
|
python engine_generate_certificate_test.py
|
||||||
python new_session_test.py
|
python new_session_test.py
|
||||||
|
|||||||
Reference in New Issue
Block a user