Refactor and cleanup codes. No functional changes.

common/remote_attestation_verifier.h

@@ -0,0 +1,92 @@
+////////////////////////////////////////////////////////////////////////////////
+// Copyright 2013 Google LLC.
+//
+// This software is licensed under the terms defined in the Widevine Master
+// License Agreement. For a copy of this agreement, please contact
+// widevine-licensing@google.com.
+////////////////////////////////////////////////////////////////////////////////
+//
+// Description:
+//   Functionality used to verifier ChromeOS remote attestation.
+
+#ifndef COMMON_REMOTE_ATTESTATION_VERIFIER_H_
+#define COMMON_REMOTE_ATTESTATION_VERIFIER_H_
+
+#include <map>
+#include <memory>
+#include <string>
+
+#include "base/macros.h"
+#include "base/thread_annotations.h"
+#include "absl/synchronization/mutex.h"
+#include "common/status.h"
+#include "common/x509_cert.h"
+#include "protos/public/client_identification.pb.h"
+#include "protos/public/remote_attestation.pb.h"
+
+namespace widevine {
+
+// Singleton class used to do remote attestation. Access singleton instance via
+// the get() method.
+// TODO(user): This class is tested as part of the Session unit tests, but
+// finer unit tests should be implemented for the failure cases.
+class RemoteAttestationVerifier {
+ public:
+  RemoteAttestationVerifier() : enable_test_certificates_(false) {}
+  virtual ~RemoteAttestationVerifier() {}
+
+  // Singleton accessor.
+  static RemoteAttestationVerifier& get();
+
+  // Call to use the test (non-production) remote attestation root certificate.
+  // This method is thread-safe.
+  void EnableTestDrmCertificates(bool enable);
+
+  // Call to verify a RemoteAttestation challenge response, used in licensing
+  // protocol.
+  // |message| is the challenge message,
+  // |remote_attestation| is the remote attestation response to verify,
+  // |remote_attestation_cert_sn| is a pointer to a std::string which on successful
+  // return will contain the serial number for the client's remote attestation
+  // certificate.
+  // This method is thread-safe.
+  Status VerifyRemoteAttestation(const std::string& message,
+                                 const RemoteAttestation& remote_attestation,
+                                 std::string* remote_attestation_cert_sn);
+
+  // Call to verify a RemoteAttestation challenge response, used in certificate
+  // provisioning protocol.
+  // |message| is the challenge message,
+  // |remote_attestation| is the remote attestation response to verify,
+  // |privacy_key| is used to decrypt the EncryptedClientIdentification within
+  // the |remote_attestation| message.
+  // This method is thread-safe.
+  Status VerifyRemoteAttestation(const std::string& message,
+                                 const RemoteAttestation& remote_attestation,
+                                 const std::string& privacy_key);
+
+ private:
+  // Common subroutine to perform the verification.
+  // |message| is the challenge message,
+  // |remote_attestation| is the remote attestation response to verify,
+  // |client_id| is the decrypted client identification carrying the token,
+  // |remote_attestation_cert_sn| is a pointer to a std::string which on successful
+  // return will contain the serial number for the client's remote attestation
+  // certificate.
+  Status VerifyRemoteAttestation(const std::string& message,
+                                 const RemoteAttestation& remote_attestation,
+                                 const ClientIdentification& client_id,
+                                 std::string* remote_attestation_cert_sn);
+
+  Status LoadCa();
+
+  bool enable_test_certificates_;
+  absl::Mutex ca_mutex_;
+  std::unique_ptr<X509CA> ca_ GUARDED_BY(ca_mutex_);
+
+  DISALLOW_COPY_AND_ASSIGN(RemoteAttestationVerifier);
+};
+
+}  // namespace widevine
+
+#endif  // COMMON_REMOTE_ATTESTATION_VERIFIER_H_