Update to support OEMCrypto v16 with ODK

common/drm_service_certificate.h

@@ -17,10 +17,10 @@
 #include <string>
 
 #include <cstdint>
-#include "base/macros.h"
 #include "common/certificate_type.h"
 #include "common/rsa_key.h"
 #include "common/status.h"
+#include "protos/public/external_license.pb.h"
 
 namespace widevine {
 class RequestInspectorTest;
@@ -36,6 +36,9 @@ class EncryptedClientIdentification;
 // functionality.
 class DrmServiceCertificate {
  public:
+  DrmServiceCertificate(const DrmServiceCertificate&) = delete;
+  DrmServiceCertificate& operator=(const DrmServiceCertificate&) = delete;
+
   // Create a new DrmServiceCertificate object and add it to the list of valid
   // service certificates. |drm_root_cert| is the root certificate for the type
   // of certifiate being added. |service_certificate| is a
@@ -50,7 +53,8 @@ class DrmServiceCertificate {
   // This method is thread-safe.
   static Status AddDrmServiceCertificate(
       const DrmRootCertificate* root_drm_cert,
-      const std::string& service_certificate, const std::string& service_private_key,
+      const std::string& service_certificate,
+      const std::string& service_private_key,
       const std::string& service_private_key_passphrase);
 
   // Same as AddDrmServiceCertificate(), but will clear the default service
@@ -58,7 +62,8 @@ class DrmServiceCertificate {
   // being set as the default service certificate.
   static Status SetDefaultDrmServiceCertificate(
       const DrmRootCertificate* root_drm_cert,
-      const std::string& service_certificate, const std::string& service_private_key,
+      const std::string& service_certificate,
+      const std::string& service_private_key,
       const std::string& service_private_key_passphrase);
 
   // Returns the default service certificate. Will return null if no default
@@ -69,11 +74,17 @@ class DrmServiceCertificate {
   // Certificate is set. This method is thread-safe.
   static const DrmServiceCertificate* GetDefaultDrmServiceCertificateOrDie();
 
-  // Returns the service certificate with the given serial number if found, or
+  // Returns the service certificate with the given |cert_serial_number|, or
   // null otherwise.
-  static const DrmServiceCertificate* GetDrmServiceCertificate(
+  static const DrmServiceCertificate* GetDrmServiceCertificateBySerialNumber(
       const std::string& cert_serial_number);
 
+  // Returns the service certificate with the given |provider_id|, or
+  // null otherwise.  If multple certificates exist for the provider, the
+  // newest certificate is returned.
+  static const DrmServiceCertificate* GetDrmServiceCertificateByProvider(
+      const std::string& provider_id);
+
   // Decrypts the EncryptedClientIdentification message passed in
   // |encrypted_client_id| into |client_id| using the private key for the
   // certificate which was used to encrypt the information. |client_id| must
@@ -86,6 +97,7 @@ class DrmServiceCertificate {
   const std::string& certificate() const { return certificate_; }
   const std::string& provider_id() const { return provider_id_; }
   const std::string& serial_number() const { return serial_number_; }
+  uint32_t creation_time_seconds() const { return creation_time_seconds_; }
   const RsaPrivateKey* const private_key() const { return private_key_.get(); }
   const RsaPublicKey* const public_key() const { return public_key_.get(); }
 
@@ -95,22 +107,41 @@ class DrmServiceCertificate {
   // via get deviceCertificate StatusList.
   static Status ValidateDrmServiceCertificate();
 
+  // Decrypts the EncryptedLicenseRequest message passed in
+  // |encrypted_license_request|.  If successful, the decrypted license request
+  // is placed into |license_challenge|.  The decryption is performed using the
+  // private key for the certificate which was used to encrypt the information.
+  // |license_challenge| must not be NULL. Returns status::OK if successful,
+  // or an appropriate error otherwise. This method is thread-safe.
+  static Status DecryptLicenseChallenge(
+      const EncryptedLicenseRequest& encrypted_license_request,
+      std::string* license_challenge);
+
  private:
   friend class DrmServiceCertificateTest;
   friend class widevine::RequestInspectorTest;
 
   static Status AddDrmServiceCertificate(
-      const std::string& root_public_key, const std::string& service_certificate,
+      const std::string& root_public_key,
+      const std::string& service_certificate,
       const std::string& service_private_key,
       const std::string& service_private_key_passphrase);
 
   static Status SetDefaultDrmServiceCertificate(
-      const std::string& root_public_key, const std::string& service_certificate,
+      const std::string& root_public_key,
+      const std::string& service_certificate,
       const std::string& service_private_key,
       const std::string& service_private_key_passphrase);
 
+  static Status DecryptEncryptedPayload(
+      const std::string& service_certificate_serial_number,
+      const std::string& provider_id, const std::string& encrypted_payload,
+      const std::string& iv, const std::string& privacy_key,
+      std::string* payload);
+
   DrmServiceCertificate(const std::string& service_certificate,
-                        const std::string& provider_id, const std::string& serial_number,
+                        const std::string& provider_id,
+                        const std::string& serial_number,
                         const uint32_t creation_time_seconds,
                         std::unique_ptr<RsaPublicKey> public_key,
                         std::unique_ptr<RsaPrivateKey> private_key);
@@ -123,8 +154,6 @@ class DrmServiceCertificate {
   uint32_t creation_time_seconds_;
   std::unique_ptr<RsaPublicKey> public_key_;
   std::unique_ptr<RsaPrivateKey> private_key_;
-
-  DISALLOW_IMPLICIT_CONSTRUCTORS(DrmServiceCertificate);
 };
 
 }  // namespace widevine