////////////////////////////////////////////////////////////////////////////////
// Copyright 2016 Google Inc.
//
// This software is licensed under the terms defined in the Widevine Master
// License Agreement. For a copy of this agreement, please contact
// widevine-licensing@google.com.
////////////////////////////////////////////////////////////////////////////////

//
// Description:
//   Device certificate and certificate status list format definitions.

syntax = "proto2";

package widevine;

option java_outer_classname = "DeviceCertificateProtos";
option java_package = "com.google.video.widevine.protos";

import "protos/public/provisioned_device_info.proto";

// DRM certificate definition for user devices, intermediate, service, and root
// certificates.
message DrmDeviceCertificate {
  enum CertificateType {
    ROOT = 0;
    DRM_INTERMEDIATE = 1;
    DRM_USER_DEVICE = 2;
    SERVICE = 3;
    PROVISIONER = 4;
  }

  // Type of certificate. Required.
  optional CertificateType type = 1;
  // 128-bit globally unique serial number of certificate.
  // Value is 0 for root certificate. Required.
  optional bytes serial_number = 2;
  // POSIX time, in seconds, when the certificate was created. Required.
  optional uint32 creation_time_seconds = 3;
  // Device public key. PKCS#1 ASN.1 DER-encoded. Required.
  optional bytes public_key = 4;
  // Widevine system ID for the device. Required for intermediate and
  // user device certificates.
  optional uint32 system_id = 5;
  // Deprecated field, which used to indicate whether the device was a test
  // (non-production) device. The test_device field in ProvisionedDeviceInfo
  // below should be observed instead.
  optional bool test_device_deprecated = 6 [deprecated = true];
  // Service identifier (web origin) for the provider which owns the
  // certificate. Required for service and provisioner certificates.
  optional string provider_id = 7;
}

// Contains DRM and OEM certificate status and device information for a
// specific system ID.
message DeviceCertificateStatus {
  enum Status {
    VALID = 0;
    REVOKED = 1;
  };

  // Serial number of the intermediate DrmDeviceCertificate to which this
  // message refers. Required.
  optional bytes drm_serial_number = 1;
  // Status of the certificate. Optional.
  optional Status status = 2 [default = VALID];
  // Device model information about the device to which the intermediate
  // certificate(s) correspond.
  optional ProvisionedDeviceInfo device_info = 4;
  // Serial number of the OEM X.509 intermediate certificate for this type
  // of device. Present only if the device is OEM-provisioned.
  optional bytes oem_serial_number = 5;
}

// List of DeviceCertificateStatus. Used to propagate certificate revocation
// status and device information.
message DeviceCertificateStatusList {
  // POSIX time, in seconds, when the list was created. Required.
  optional uint32 creation_time_seconds = 1;
  // DeviceCertificateStatus for each system ID.
  repeated DeviceCertificateStatus certificate_status = 2;
}

// Signed CertificateStatusList
message SignedCertificateStatusList {
  // Serialized DeviceCertificateStatusList. Required.
  optional bytes certificate_status_list = 1;
  // Signature of certificate_status_list. Signed with root certificate private
  // key using RSASSA-PSS. Required.
  optional bytes signature = 2;
}