Refactor and cleanup codes. No functional changes.

2019-01-23 15:16:31 -08:00
parent 84f66d2320
commit 93265ab9d1
207 changed files with 14893 additions and 3332 deletions
--- a/common/device_status_list.h
+++ b/common/device_status_list.h
@@ -0,0 +1,122 @@
+////////////////////////////////////////////////////////////////////////////////
+// Copyright 2017 Google LLC.
+//
+// This software is licensed under the terms defined in the Widevine Master
+// License Agreement. For a copy of this agreement, please contact
+// widevine-licensing@google.com.
+////////////////////////////////////////////////////////////////////////////////
+
+// DeviceStatusList class header.
+
+#ifndef COMMON_DEVICE_STATUS_LIST_H__
+#define COMMON_DEVICE_STATUS_LIST_H__
+
+#include <map>
+#include <string>
+
+#include "base/macros.h"
+#include "absl/synchronization/mutex.h"
+#include "common/status.h"
+#include "protos/public/device_certificate_status.pb.h"
+#include "protos/public/provisioned_device_info.pb.h"
+
+namespace widevine {
+
+class ClientCert;
+// Manages the certificate status of devices.  The list of
+// DeviceCertificateStatus is provided by the DRM server.  Each license
+// request is checked to ensure the certificate in the request is valid and
+// not revoked.  Also checks to see if the intermediate certificates were
+// updated where the system Id is the same, but the serial number changes.
+// This case should cause the clients to re-provision.
+class DeviceStatusList {
+ public:
+  // Returns a pointer to a singleton DeviceStatusList.
+  static DeviceStatusList* Instance();
+
+  DeviceStatusList();
+  virtual ~DeviceStatusList();
+
+  // Takes |serialized_certificate_status_list| and copies to an internal map of
+  // device certifcate status list.  The internal map is used to verify
+  // a device was not revoked. Returns true is the list was successfully parsed.
+  Status UpdateStatusList(const std::string& root_certificate_public_key,
+                          const std::string& serialized_certificate_status_list,
+                          uint32_t expiration_period_seconds);
+  void set_allow_unknown_devices(bool flag) { allow_unknown_devices_ = flag; }
+  bool allow_unknown_devices() const { return allow_unknown_devices_; }
+  void set_allow_test_only_devices(bool allow) {
+    allow_test_only_devices_ = allow;
+  }
+  bool allow_test_only_devices() const { return allow_test_only_devices_; }
+
+  // Checks the device status list and returns either:
+  //   OK
+  //   UNSUPPORTED_SYSTEM_ID
+  //   INVALID_DRM_CERTIFICATE
+  //   DRM_DEVICE_CERTIFICATE_REVOKED
+  //   DRM_DEVICE_CERTIFICATE_UNKNOWN
+  // If status is OK, a copy of the provisioned device info is copied
+  // into |device_info|. Caller owns |device_info| and it must not be null.
+  Status GetCertStatus(const ClientCert& client_cert,
+                       widevine::ProvisionedDeviceInfo* device_info);
+  // Returns true if the pre-provisioning key or certificate for the specified
+  // system ID are active (not disallowed or revoked).
+  bool IsSystemIdActive(uint32_t system_id);
+
+  // Returns true if the system ID
+  // Returns true is a ProvisionedDeviceInfo exist based on <client_cert>.
+  // Caller owns <device_info> and it must not be null.
+  bool GetDeviceInfo(const ClientCert& client_cert,
+                     widevine::ProvisionedDeviceInfo* device_info);
+  // Returns the current POSIX time.
+  virtual uint32_t GetCurrentTime() const;
+
+  // Enable delivery of licenses to revoked client devices. |system_id_list| is
+  // a comma separated list of systems Ids to allow even if revoked.
+  virtual void AllowRevokedDevices(const std::string& system_id_list);
+
+  /**
+   * Parses signed device certificate status list and certificate status list
+   * from certificateProvisoningServer response.
+   *
+   * @param certificate_provisioning_service_response
+   * @param signed_certificate_status_list
+   * @param certificate_status_list
+   * @return WvPLStatus - Status::OK if success, else error.
+   */
+  static Status ExtractFromProvisioningServiceResponse(
+      const std::string& certificate_provisioning_service_response,
+      std::string* signed_certificate_status_list, std::string* certificate_status_list);
+  /**
+   * Constructs signed device certificate status list request string.
+   *
+   * @param signed_device_certificate_status_list_request
+   * @param version
+   * @return Status - Status::OK if success, else error.
+   */
+  static Status GenerateSignedDeviceCertificateStatusListRequest(
+      const std::string& version,
+      std::string* signed_device_certificate_status_list_request);
+
+ private:
+  // Returns true if the system ID is allowed to be revoked.
+  // Caller owns |system_id|. They must not be null.
+  bool IsRevokedSystemIdAllowed(uint32_t system_id);
+
+  absl::Mutex status_map_lock_;
+  // Key is the system id for the device.
+  std::map<uint32_t, widevine::DeviceCertificateStatus> device_status_map_;
+  uint32_t creation_time_seconds_;
+  uint32_t expiration_period_seconds_;
+  bool allow_unknown_devices_;
+  bool allow_test_only_devices_;
+  // Contains the list of system_id values that are allowed to succeed even if
+  // revoked.
+  std::vector<uint32_t> allowed_revoked_devices_;
+
+  DISALLOW_COPY_AND_ASSIGN(DeviceStatusList);
+};
+
+}  // namespace widevine
+#endif  // COMMON_DEVICE_STATUS_LIST_H__