NewProvisioningSession expects pkcs8 private key and SHA race fix

------------- Fix SHA hashing to remove race condition. This change fixes the implementation by passing in the digest buffer. ------------- The input to ProvisioningEngine::NewProvisioningSession should be pkcs8 private key instead of pkcs1 private key ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=151273394 Change-Id: Ibcdff7757b2ac2878ee8b1b88365083964bfa10a
2017-03-26 15:26:46 -07:00
parent 187d13a5c3
commit 84f66d2320
33 changed files with 620 additions and 310 deletions
--- a/provisioning_sdk/public/python/test_data_utility.py
+++ b/provisioning_sdk/public/python/test_data_utility.py
@@ -8,63 +8,48 @@

 """Utility class for Provisioning SDK testing."""

-import os
+import logging

 import pywrapcertificate_type
 import pywrapprovisioning_status
+import test_data_provider
 from protos.public import certificate_provisioning_pb2

-TEST_DATA_FOLDER = os.path.join('example', 'example_data')
+logging.basicConfig(level=logging.DEBUG)


-def GetTestData(filename):
-  current_dir = os.path.realpath(os.path.dirname(__file__))
-  while not os.path.isdir(os.path.join(current_dir, TEST_DATA_FOLDER)):
-    current_dir = os.path.dirname(current_dir)
-  filename = os.path.join(current_dir, TEST_DATA_FOLDER, filename)
-  with open(filename, 'rb') as data_file:
-    data = data_file.read()
-  return data
-
-
-SERVICE_DRM_CERT = GetTestData('service.cert')
-SERVICE_PUBLIC_KEY = GetTestData('service.public')
-SERVICE_PRIVATE_KEY = GetTestData('service.encrypted.private')
-SERVICE_PRIVATE_KEY_PASS = GetTestData('service.passphrase')
-PROVISIONER_DRM_CERT = GetTestData('provisioner.cert')
-PROVISIONER_PRIVATE_KEY = GetTestData('provisioner.encrypted.private')
-PROVISIONER_PRIVATE_KEY_PASS = GetTestData('provisioner.passphrase')
-PROVISIONER_SPOID_SECRET = GetTestData('provisioner.spoid_secret')
-CA_PUBLIC_KEY = GetTestData('intermediate.public')
-DEVICE_PUBLIC_KEY = GetTestData('user.public')
-DEVICE_PRIVATE_KEY = GetTestData('user.private')
-MESSAGE = GetTestData('message')
-
-
-def InitProvisionEngineWithTestData(engine, verify_success=False):
+def InitProvisionEngineWithTestData(
+    engine, verify_success=False,
+    cert_type=pywrapcertificate_type.kCertTesting):
  """Initialize the provisioning engine with sample credentials.

  Args:
    engine: a pywrapprovisioning_engine.ProvisioningEngine instance
    verify_success: whether to verify that resulting status code equals OK
+    cert_type: The type of certificate to use for initializing SDK -
+      {kCertTesting/kCertDevelopment}

  Returns:
    OK on success, or an appropriate error status code otherwise.
  """
-  status = engine.Initialize(pywrapcertificate_type.kCertTesting,
-                             SERVICE_DRM_CERT, SERVICE_PRIVATE_KEY,
-                             SERVICE_PRIVATE_KEY_PASS, PROVISIONER_DRM_CERT,
-                             PROVISIONER_PRIVATE_KEY,
-                             PROVISIONER_PRIVATE_KEY_PASS,
-                             PROVISIONER_SPOID_SECRET)
+  logging.info('Initializing provisioning engine with test data.')
+  data_provider = test_data_provider.TestDataProvider(cert_type)
+  status = engine.Initialize(cert_type,
+                             data_provider.service_drm_cert,
+                             data_provider.service_private_key,
+                             data_provider.service_private_key_passphrase,
+                             data_provider.provisioner_drm_cert,
+                             data_provider.provisioner_private_key,
+                             data_provider.provisioner_private_key_passphrase,
+                             data_provider.provisioner_spoid_secret)
  if verify_success:
    AssertSuccess(status, 'Failed to initialize.')
  return status


-def SetCertificateStatusListWithTestData(engine,
-                                         expiration_period_seconds,
-                                         verify_success=False):
+def SetCertificateStatusListWithTestData(
+    engine, expiration_period_seconds, verify_success=False,
+    cert_type=pywrapcertificate_type.kCertTesting):
  """Set the certificate status list with sample certificate status list.

  Args:
@@ -72,11 +57,15 @@ def SetCertificateStatusListWithTestData(engine,
    expiration_period_seconds: number of seconds until certificate_status_list
      expires after its creation time
    verify_success: whether to verify that resulting status code equals OK
+    cert_type: The type of certificate to use for initializing SDK -
+      {kCertTesting/kCertDevelopment}

  Returns:
    OK on success, or an appropriate error status code otherwise.
  """
-  certificate_status_list = GetTestData('certificate_list')
+  logging.info('Setting certificate status list with test data.')
+  data_provider = test_data_provider.TestDataProvider(cert_type)
+  certificate_status_list = data_provider.certificate_list

  status = engine.SetCertificateStatusList(certificate_status_list,
                                           expiration_period_seconds)
@@ -87,9 +76,9 @@ def SetCertificateStatusListWithTestData(engine,
  return status


-def AddDrmIntermediateCertificateWithTestData(engine,
-                                              system_id,
-                                              verify_success=False):
+def AddDrmIntermediateCertificateWithTestData(
+    engine, system_id, verify_success=False,
+    cert_type=pywrapcertificate_type.kCertTesting):
  """Generate an intermediate DRM cert and add it to provisioning engine.

  The intermediate DRM certificate is generated with sample public key and
@@ -100,19 +89,23 @@ def AddDrmIntermediateCertificateWithTestData(engine,
    engine: a pywrapprovisioning_engine.ProvisioningEngine instance
    system_id: Widevine system ID for the type of device
    verify_success: whether to verify that resulting status code equals OK
+    cert_type: The type of certificate to use for initializing SDK -
+      {kCertTesting/kCertDevelopment}

  Returns:
    OK on success, or an appropriate error status code otherwise.
  """
-  ca_private_key = GetTestData('intermediate.encrypted.private')
-  ca_private_key_passphrase = GetTestData('intermediate.passphrase')
-
+  logging.info(
+      'Generating DRM intermediate certificate for system_id <%d>.', system_id)
+  data_provider = test_data_provider.TestDataProvider(cert_type)
  gen_status, ca_certificate = engine.GenerateDrmIntermediateCertificate(
-      system_id, CA_PUBLIC_KEY)
+      system_id, data_provider.ca_public_key)
  AssertSuccess(gen_status, 'Failed to generate intermediate certificate.')

+  logging.info('Adding DRM intermediate certificate.')
  add_ca_status = engine.AddDrmIntermediateCertificate(
-      ca_certificate, ca_private_key, ca_private_key_passphrase)
+      ca_certificate, data_provider.ca_private_key,
+      data_provider.ca_private_key_passphrase)

  if verify_success:
    AssertSuccess(add_ca_status, 'Failed to add intermediate certificate.')
@@ -120,24 +113,57 @@ def AddDrmIntermediateCertificateWithTestData(engine,
  return add_ca_status


-def NewProvisioningSessionWithTestData(engine, verify_success=False):
+def GenerateDeviceDrmCertificate(engine, system_id, serial_number,
+                                 verify_success=False,
+                                 cert_type=pywrapcertificate_type.kCertTesting):
+  """Generate a device DRM certificate.
+
+  Args:
+    engine: a pywrapprovisioning_engine.ProvisioningEngine instance
+    system_id: Widevine system ID for the type of device
+    serial_number: The serial number for the device DRM certificate.
+    verify_success: whether to verify that resulting status code equals OK
+    cert_type: The type of certificate to use for initializing SDK -
+      {kCertTesting/kCertDevelopment}
+
+  Returns:
+    OK on success, or an appropriate error status code otherwise.
+  """
+  logging.info(
+      'Generating Device cert for system_id <%d> and serial_number <%s>.',
+      system_id, serial_number)
+  data_provider = test_data_provider.TestDataProvider(cert_type)
+  gen_status, ca_certificate = engine.GenerateDeviceDrmCertificate(
+      system_id, data_provider.device_public_key, serial_number)
+  if verify_success:
+    AssertSuccess(gen_status, 'Failed to generate device DRM certificate.')
+  return ca_certificate
+
+
+def NewProvisioningSessionWithTestData(
+    engine, verify_success=False,
+    cert_type=pywrapcertificate_type.kCertTesting):
  """Create a provisioning session with sample device public and private keys.

  Args:
    engine: a pywrapprovisioning_engine.ProvisioningEngine instance
    verify_success: whether to verify that resulting status code equals OK
+    cert_type: The type of certificate to use for initializing SDK -
+      {kCertTesting/kCertDevelopment}

  Returns:
      status: OK on success, or an appropriate error status code otherwise.
      new_session: A new provisioning_session.
  """
-  status, new_session = engine.NewProvisioningSession(DEVICE_PUBLIC_KEY,
-                                                      DEVICE_PRIVATE_KEY)
-
+  logging.info('Starting a new provisioning session with'
+               'sample device public and private keys.')
+  data_provider = test_data_provider.TestDataProvider(cert_type)
+  status, new_session = engine.NewProvisioningSession(
+      data_provider.device_public_key, data_provider.device_private_key)
  if verify_success:
    AssertSuccess(status, 'Failed to create session.')

-  return (status, new_session)
+  return status, new_session


 def AssertSuccess(status, message=None):