114 lines
4.0 KiB
C++
114 lines
4.0 KiB
C++
////////////////////////////////////////////////////////////////////////////////
|
|
// Copyright 2020 Google LLC.
|
|
//
|
|
// This software is licensed under the terms defined in the Widevine Master
|
|
// License Agreement. For a copy of this agreement, please contact
|
|
// widevine-licensing@google.com.
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
|
|
#include "common/dual_certificate_client_cert.h"
|
|
|
|
#include "common/error_space.h"
|
|
#include "common/status.h"
|
|
#include "protos/public/errors.pb.h"
|
|
|
|
namespace widevine {
|
|
|
|
Status DualCertificateClientCert::Initialize(
|
|
const DrmRootCertificate* root_certificate,
|
|
const std::string& serialized_signing_certificate,
|
|
const std::string& serialized_encryption_certificate) {
|
|
Status status = signing_certificate_.Initialize(
|
|
root_certificate, serialized_signing_certificate);
|
|
if (!status.ok()) {
|
|
return status;
|
|
}
|
|
status = encryption_certificate_.Initialize(
|
|
root_certificate, serialized_encryption_certificate);
|
|
if (!status.ok()) {
|
|
return status;
|
|
}
|
|
if (encryption_certificate_.signer_serial_number() !=
|
|
signing_certificate_.signer_serial_number()) {
|
|
return Status(error_space, INVALID_DRM_CERTIFICATE,
|
|
"certificate_signer_mismatch");
|
|
}
|
|
if ((encryption_certificate_.system_id() !=
|
|
signing_certificate_.system_id()) ||
|
|
(encryption_certificate_.service_id() !=
|
|
signing_certificate_.service_id()) ||
|
|
(encryption_certificate_.signer_creation_time_seconds() !=
|
|
signing_certificate_.signer_creation_time_seconds()) ||
|
|
(encryption_certificate_.signed_by_provisioner() !=
|
|
signing_certificate_.signed_by_provisioner())) {
|
|
return Status(error_space, INVALID_DRM_CERTIFICATE,
|
|
"invalid_certificate_pair");
|
|
}
|
|
return OkStatus();
|
|
}
|
|
|
|
Status DualCertificateClientCert::VerifySignature(
|
|
const std::string& message, HashAlgorithm hash_algorithm,
|
|
const std::string& signature, ProtocolVersion protocol_version) const {
|
|
return signing_certificate_.VerifySignature(message, hash_algorithm,
|
|
signature, protocol_version);
|
|
}
|
|
|
|
void DualCertificateClientCert::GenerateSigningKey(
|
|
const std::string& message, ProtocolVersion protocol_version) {
|
|
encryption_certificate_.GenerateSigningKey(message, protocol_version);
|
|
}
|
|
|
|
const std::string& DualCertificateClientCert::encrypted_key() const {
|
|
return encryption_certificate_.encrypted_key();
|
|
}
|
|
|
|
const std::string& DualCertificateClientCert::key() const {
|
|
return encryption_certificate_.key();
|
|
}
|
|
|
|
SignedMessage::SessionKeyType DualCertificateClientCert::key_type() const {
|
|
return encryption_certificate_.key_type();
|
|
}
|
|
|
|
// TODO(b/155979840): Support revocation check for the encryption certificate.
|
|
const std::string& DualCertificateClientCert::serial_number() const {
|
|
return signing_certificate_.serial_number();
|
|
}
|
|
|
|
const std::string& DualCertificateClientCert::service_id() const {
|
|
return signing_certificate_.service_id();
|
|
}
|
|
|
|
const std::string& DualCertificateClientCert::signing_key() const {
|
|
return encryption_certificate_.signing_key();
|
|
}
|
|
|
|
const std::string& DualCertificateClientCert::signer_serial_number() const {
|
|
return signing_certificate_.signer_serial_number();
|
|
}
|
|
|
|
uint32_t DualCertificateClientCert::signer_creation_time_seconds() const {
|
|
return signing_certificate_.signer_creation_time_seconds();
|
|
}
|
|
|
|
bool DualCertificateClientCert::signed_by_provisioner() const {
|
|
return signing_certificate_.signed_by_provisioner();
|
|
}
|
|
|
|
uint32_t DualCertificateClientCert::system_id() const {
|
|
return signing_certificate_.system_id();
|
|
}
|
|
|
|
// TODO(b/155979840): Support revocation check for the encryption certificate.
|
|
const std::string& DualCertificateClientCert::encrypted_unique_id() const {
|
|
return signing_certificate_.encrypted_unique_id();
|
|
}
|
|
|
|
// TODO(b/155979840): Support revocation check for the encryption certificate.
|
|
const std::string& DualCertificateClientCert::unique_id_hash() const {
|
|
return signing_certificate_.unique_id_hash();
|
|
}
|
|
|
|
} // namespace widevine
|