6b00ecfb33
To make it easier to have separate implementations, we have structured the repo so that there are three Bazel workspaces: - The API (and reference) - The vendor implementation for dev - The vendor implementation for prod This allows the vendor implementation to be separated from the API, while it makes little difference in this repo. While it makes little difference for this repo, it makes managing versions much easier internally. We do it here to better reflect our internal structure to partners. A vendor implementation has been stubbed in (BUILD file and directory structure) to provide vendors with some scaffolding to organize their implementation.
94 lines
2.8 KiB
C++
94 lines
2.8 KiB
C++
// Copyright 2020 Google LLC. All Rights Reserved.
|
|
|
|
#ifndef WHITEBOX_API_LICENSE_BUILDER_H_
|
|
#define WHITEBOX_API_LICENSE_BUILDER_H_
|
|
|
|
#include <stdint.h>
|
|
#include <string>
|
|
#include <vector>
|
|
|
|
#include "cdm/protos/license_protocol.pb.h"
|
|
#include "crypto_utils/rsa_key.h"
|
|
|
|
namespace widevine {
|
|
|
|
struct License {
|
|
std::vector<uint8_t> request;
|
|
|
|
std::vector<uint8_t> core_message;
|
|
std::vector<uint8_t> message;
|
|
std::vector<uint8_t> signature;
|
|
|
|
// |session_key_| encrypted using the public key. The white-box expects the
|
|
// session key to be encrypted, so we use the name "session_key_" (even if it
|
|
// is encrypted), we omit the term "encrypted" to match the naming in the API.
|
|
std::vector<uint8_t> session_key;
|
|
};
|
|
|
|
class TestLicenseBuilder {
|
|
public:
|
|
enum class RemoteAttestation {
|
|
kUnavailable,
|
|
kVerified,
|
|
kUnverified,
|
|
};
|
|
|
|
enum class VerificationStatus {
|
|
kUnavailable,
|
|
kHardwareVerified,
|
|
kOther,
|
|
};
|
|
|
|
// Returns padding data the can be used as |padding| when calling
|
|
// AddSigningKey() or AddContentKey().
|
|
static std::vector<uint8_t> NoPadding();
|
|
static std::vector<uint8_t> PKSC8Padding();
|
|
|
|
// Returns a default signing key that can be used with AddSigningKey().
|
|
static std::vector<uint8_t> DefaultSigningKey();
|
|
|
|
TestLicenseBuilder();
|
|
|
|
void AddSigningKey(const std::vector<uint8_t>& key,
|
|
const std::vector<uint8_t>& padding = NoPadding());
|
|
|
|
// Add a content key so that there is some key in the license. This should not
|
|
// be used with AddContentKey().
|
|
void AddStubbedContentKey();
|
|
|
|
void AddContentKey(video_widevine::License_KeyContainer_SecurityLevel level,
|
|
const std::vector<uint8_t>& key_id,
|
|
const std::vector<uint8_t>& key,
|
|
const std::vector<uint8_t>& padding = NoPadding());
|
|
|
|
// The key id will matter as we will need to reference it, but the key won't
|
|
// matter since we are only using it as a means to verify that a non-content
|
|
// key can't be used as a content key.
|
|
void AddOperatorSessionKey(const std::vector<uint8_t>& key_id);
|
|
|
|
void SetRemoteAttestation(RemoteAttestation setting);
|
|
|
|
void SetVerificationStatus(VerificationStatus setting);
|
|
|
|
// If set, then Build() will populate |core_message| in License with the
|
|
// matching ODK core message. If not set, then |core_message| will be empty.
|
|
void SetUseODK(bool setting);
|
|
|
|
// Gets the serialized license request and response (in components) that would
|
|
// have been used in the license exchange.
|
|
void Build(const RsaPublicKey& public_key, License* license) const;
|
|
|
|
private:
|
|
const std::string session_key_ = "0123456789ABCDEF";
|
|
|
|
video_widevine::LicenseRequest request_;
|
|
video_widevine::License response_;
|
|
std::string serialized_request_;
|
|
std::string container_key_;
|
|
bool use_odk_ = false;
|
|
};
|
|
|
|
} // namespace widevine
|
|
|
|
#endif // WHITEBOX_API_LICENSE_BUILDER_H_
|