widevine-partner/wvpl_license_sdk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

WvPL License SDK release: 16.5.0 update with cc header files.

Browse Source
This commit is contained in:
Buildbot
2021-12-03 20:46:36 +00:00
parent 4db51c1c61
commit 0b20fb7737
66 changed files with 116360 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
ubuntu/cc_header/drm_root_certificate.h Normal file
View File

@@ -0,0 +1,105 @@
// Copyright 2013 Google LLC. All rights reserved.
// Author: tinskip@google.com (Thomas Inskip)
//
// Description:
// Root device certificate holder class which deserializes, validates,
// and extracts the root certificate public key.
#ifndef VIDEO_WIDEVINE_EXPORT_COMMON_DRM_ROOT_CERTIFICATE_H_
#define VIDEO_WIDEVINE_EXPORT_COMMON_DRM_ROOT_CERTIFICATE_H_
// common_typos_disable. Successful / successfull.
#include <cstdint>
#include <memory>
#include <string>
#include "common/certificate_type.h"
#include "common/status.h"
#include "protos/public/drm_certificate.pb.h"
namespace video_widevine {
class RsaKeyFactory;
class RsaPublicKey;
class SignedDrmCertificate;
class VerifiedCertSignatureCache;
// Root certificate and certificate chain verifier with internal caching.
// This object is thread-safe.
class DrmRootCertificate {
public:
DrmRootCertificate(const DrmRootCertificate&) = delete;
DrmRootCertificate& operator=(const DrmRootCertificate&) = delete;
virtual ~DrmRootCertificate();
// Creates a DrmRootCertificate object given a certificate type.
// |cert| may not be nullptr, and it points to a
// std::unique_ptr<DrmRootCertificate> which will be used to return a newly
// created const DrmRootCertificate* if successful. The caller assumes
// ownership of the new DrmRootCertificate. This method returns
// Status::OK on success, or appropriate error status otherwise.
static Status CreateByType(CertificateType cert_type,
std::unique_ptr<DrmRootCertificate>* cert);
// Variant on the method above to make CLIF happy until b/110539622 is fixed.
static std::unique_ptr<DrmRootCertificate> CreateByType(
CertificateType cert_type, Status* status);
// Creates a DrmRootCertificate object given a certificate type string, which
// must be one of "prod", "qa", or "test".
// |cert| may not be nullptr, and it points to a
// std::unique_ptr<DrmRootCertificate> which will be used to return a newly
// created const DrmRootCertificate* if successful. The caller assumes
// ownership of the new DrmRootCertificate. This method returns
// Status::OK on success, or appropriate error status otherwise.
static Status CreateByTypeString(const std::string& cert_type_string,
std::unique_ptr<DrmRootCertificate>* cert);
// |certificate| will contgain the DRM certificate upon successful return.
// May be null.
// Returns Status::OK if successful, or an appropriate error code otherwise.
virtual Status VerifyCertificate(const std::string& serialized_certificate,
SignedDrmCertificate* signed_certificate,
DrmCertificate* certificate) const;
// Returns the hex-encoded SHA-256 digest for this certificate.
virtual std::string GetDigest() const;
const CertificateType type() const { return type_; }
virtual const std::string& public_key() const {
return root_cert_.public_key();
}
protected:
DrmRootCertificate(CertificateType cert_type,
const std::string& serialized_certificate,
const std::string& serial_number,
const std::string& public_key,
std::unique_ptr<RsaKeyFactory> key_factory);
private:
friend class DrmRootCertificateTest;
static Status Create(CertificateType cert_type,
std::unique_ptr<RsaKeyFactory> key_factory,
std::unique_ptr<DrmRootCertificate>* cert);
Status VerifySignatures(const SignedDrmCertificate& signed_cert,
const std::string& cert_serial_number, bool use_cache,
uint32_t* certs_in_chain) const;
CertificateType type_;
std::string serialized_certificate_;
DrmCertificate root_cert_;
// TODO(b/143309971): Either add an ec key_factory object, or drop the rsa
// |key_factory_|.
std::unique_ptr<RsaKeyFactory> key_factory_;
mutable std::unique_ptr<VerifiedCertSignatureCache> signature_cache_;
};
} // namespace video_widevine
#endif // VIDEO_WIDEVINE_EXPORT_COMMON_DRM_ROOT_CERTIFICATE_H_

246
ubuntu/cc_header/environment.h Normal file
View File

@@ -0,0 +1,246 @@
// Copyright 2020 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_PUBLIC_ENVIRONMENT_H_
#define VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_PUBLIC_ENVIRONMENT_H_
#include <memory>
#include "absl/strings/string_view.h"
#include "absl/synchronization/mutex.h"
#include "common/drm_root_certificate.h"
#include "common/security_profile_list.h"
#include "common/status.h"
#include "license_server_sdk/internal/environment_impl.h"
#include "license_server_sdk/public/session.h"
namespace video_widevine {
constexpr char kWrappingKeyLabel[] = "ENCRYPTION";
constexpr uint32_t kWrappingKeySizeBits = 128;
constexpr char kSigningKeyLabel[] = "AUTHENTICATION";
constexpr uint32_t kSigningKeySizeBits = 256;
class Environment {
public:
Environment(absl::string_view provider, const DrmRootCertificate* root_cert);
virtual ~Environment();
// Add a service certificate system-wide.
// |service_certificate| is a Google-generated certificate used to
// authenticate the service provider for purposes of device privacy;
// |service_private_key| is the encrypted PKCS#8 private RSA key corresponding
// to the service certificate; and |service_private_key_passphrase| is the
// password required to decrypt |service_private_key|.
Status AddDrmServiceCertificate(
const std::string& service_certificate,
const std::string& service_private_key,
const std::string& service_private_key_passphrase);
// Returns true if service certificate is loaded.
bool is_service_certificate_loaded();
// Specify a comma separated list of system Ids that can support having
// OEMCrypto version, as specified in the license request, reflected back in
// the Key Control Block which is used by partner. Otherwise, only 'kctl' or
// 'kc09' is returned in KCB.
void SetDevicesToHandleOEMCryptoVersionInKCB(
const std::string& system_id_list);
void SetPreProvisioningKeys(const std::map<uint32_t, std::string>& keys);
void SetPreProvisioningKeys(const std::multimap<uint32_t, std::string>& keys);
// Set the certificate status list system-wide.
// |expiration_period| is the number of seconds until the
// certificate_status_list expires after its creation time
// (creation_time_seconds). If |allow_unknown_devices| is false, an error is
// returned if the device does not appear in the certificate_status_list.
Status SetCertificateStatusList(const std::string& certificate_status_list,
uint32_t expiration_period_seconds,
bool allow_unknown_devices);
// Enable delivery of licenses to client devices. This includes devices with
// TEST_ONLY status, and development platform verification certificates.
// Defaults to false.
void AllowDevelopmentClients(bool enable);
// Enable delivery of licenses to TEST_ONLY client devices.
// |device_list_make| is a comma separated list of devices to allow even
// if the device is in a TEST_ONLY state. This list wil be used only if
// AllowDevelopmentClient(false) is in use.
void AllowTestOnlyDevicesByMake(const std::string& device_list_make);
// Enable delivery of licenses to TEST_ONLY client devices.
// |device_list_provider| is a comma separated list of provider to allow
// even if the device is in a TEST_ONLY state. This list wil be used only if
// AllowDevelopmentClient(false) is in use.
void AllowTestOnlyDevicesByProvider(const std::string& device_list_provider);
// Enable delivery of licenses to revoked client devices. |system_id_list| is
// a comma separated list of systems Ids to allow even if revoked.
void AllowRevokedDevices(const std::string& system_id_list);
// A comma separated list of DRM Certificate Serial Numbers that are revoked.
void RevokedDrmCertificateSerialNumbers(
const std::string& drm_certificate_serial_numbers);
// Restriction on core message features. If this is an empty string, the
// default feature set is used. If it is an integer, that is the ODK version
// supported. This restricts the features that the server will support in an
// oemcrypto core message. For example, we may restrict the server to never
// send a v17 message by setting the std::string to "16". For details, please see
// common/oemcrypto_core_message/odk/include/core_message_features.h
void SetCoreMessageFeatures(const std::string& core_message_features);
// Creates a Session object.
// |root_cert| is the root certificate to be used to validate client
// credentials.
// |signed_license_request| is the serialized SignedMessage received from the
// client. |session| points to a Session*, which must be initialized to NULL
// on entry, but |session| itself may not be NULL. The new Session object will
// be owned by the caller. This method returns Status::OK if successful,
// or an appropriate error status, in which case
// Environment::GenerateErrorResponse should be invoked.
// Example usage:
// Environment env = absl::make_unique<Environment>(kProvider,
// drm_root_cert);
// Session* session = NULL;
// Status status = env->CreateSession(request_from_client,&session);
// if (!status.ok()) {
// std::string error_license;
// if (env->GenerateErrorResponse(status, &error_license)) {
// // Send error_license to the client.
// } else {
// // Handle error
// }
// return ...
// }
// // Create license, invoke GenerateSignedLicense, etc.
Status CreateSession(const std::string& signed_license_request,
Session** session);
// Create a session for generating a license. This variation of Create takes
// options to allow for the creation of the session to succeed even if the
// device is revoked.
Status CreateSessionWithOptions(const std::string& signed_license_request,
const SessionCreateOptions& options,
Session** session);
// Variation of Environment::CreateSession which also fills in the parsed
// LicenseRequest, for use in logging or debugging.
Status CreateSession(const std::string& signed_license_request,
const SessionCreateOptions& options, Session** session,
LicenseRequest* parsed_request_out);
// Same as CreateSession(), but caller can specify the ClientIdentification
// message and/or PlatformVerificationStatus. If ClientIdentification is
// specified, this variation of Create() will use the specified |client_id|
// instead of what is specified in |signed_license_request|. If
// PlatformVerificationStatus is specified, this method will use the specified
// |platform_verification_status| instead of attempting to determine it.
// Background for this function is to support cases where the client
// identification is encrypted with the provider's service certificate in
// which case we won't be able to decrypt OR when the provider determines
// platform verification. The provider will specify the
// clear client identification in |client_id| and the platform verification
// in |platform_verification_status|.
Status CreateSessionForProxy(
const std::string& signed_license_request,
const PlatformVerificationStatus platform_verification_status,
const ClientIdentification* client_id,
const SessionCreateOptions& options, Session** session,
LicenseRequest* parsed_request_out);
// Generates a SignedMessage containing a message generated in response to
// an error condition. |status| is a previous error status returned by the
// Session or Status(error::UNAVAILABLE, ...) to indicate that the
// backend is unavailable, |signed_message| points to a std::string to contain the
// serialized SignedMessage, and may not be NULL. This method returns true if
// there is an error license to be sent to the client, or false otherwise.
// Example usage in the Environment::Create comments above.
bool GenerateErrorResponse(const Status& status,
std::string* signed_message_bytes);
// DeriveKey uses the NIST 800-108 KDF recommendation, using AES-CMAC PRF.
// NIST 800-108:
// http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf
// AES-CMAC:
// http://tools.ietf.org/html/rfc4493
std::string DeriveKey(const std::string& key, const std::string& label,
const std::string& context, const uint32_t size_bits);
// Returns a std::string containing the Widevine License Server SDK version in the
// form <major_version>.<minor_version>.<release> <build date> <build time> .
std::string GetSdkVersionString();
// If set to true, adds SDK and server version information to the license
// response.
void SetIncludeVersionInfoInLicense(bool include_version_info);
// Sets the service version information which can be included with the license
// response. If SetIncludeVersionInfoInLicense() is set to true and the server
// version is not empty, then the server version will be included in the
// license response. The host_version must be <= 32 characters and limited to
// alphanumeric and '_', '-', ':', ';', ' ', '/' and '.'.
void SetHostServerVersion(const std::string& host_version);
// Generate a signed request to be sent to Widevine Certificate Provisioning
// Server to retrieve 'DeviceCertificateStatusList'.
Status GenerateDeviceStatusListRequest(
std::string* signed_device_certificate_status_list_request);
// Set the custom device security profile list which is returned, from a call
// to Widevine PublishedDevicesService.
Status SetCustomDeviceSecurityProfiles(
absl::string_view serialized_signed_device_security_profiles);
// Return a list of the default profile names.
Status GetDefaultDeviceSecurityProfileNames(
std::vector<std::string>* profile_names) const;
// Return the default profile associated with |profile_name|.
Status GetDefaultDeviceSecurityProfile(
absl::string_view profile_name,
SecurityProfile* device_security_profile) const;
// Obtain the owner list for custom profiles.
Status GetCustomDeviceSecurityProfileOwners(
std::vector<std::string>* custom_profile_owners) const;
// Return a list of custom profile names associated with |owner_name|.
Status GetCustomDeviceSecurityProfileNames(
absl::string_view owner_name,
std::vector<std::string>* profile_names) const;
// Return the custom profiles associated with |owner_name|.
Status GetCustomDeviceSecurityProfiles(
absl::string_view owner_name,
std::vector<SecurityProfile>* custom_device_security_profiles) const;
// If |auto_set_provider_session_token| is 'true', the provider session token
// may be automatically set,
//
// The default setting for |auto_set_provider_session_token| is 'true'.
virtual void SetAutosetProviderSessionToken(
bool auto_set_provider_session_token);
// Returns the setting as to whether the provider session token will be
// automatically set.
virtual bool GetAutosetProviderSessionToken() const;
private:
// Environment::CreateSession which also fills in the parsed
// ExternalLicenseRequest. Used to create a Session object.
Status CreateSession(SignedMessage* signed_message, Session** session,
ExternalLicenseRequest* parsed_request_out);
std::string provider_;
std::unique_ptr<video_widevine::SecurityProfileList>
device_security_profile_list_;
std::shared_ptr<EnvironmentImpl> env_impl_;
friend class EnvironmentTest;
};
} // namespace video_widevine
#endif // VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_PUBLIC_ENVIRONMENT_H_

227
ubuntu/cc_header/environment_impl.h Normal file
View File

@@ -0,0 +1,227 @@
// Copyright 2021 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_INTERNAL_ENVIRONMENT_IMPL_H_
#define VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_INTERNAL_ENVIRONMENT_IMPL_H_
#include <cstdint>
#include <list>
#include <map>
#include <memory>
#include <string>
#include <cstdint>
#include "base/macros.h"
#include "absl/strings/string_view.h"
#include "absl/synchronization/mutex.h"
#include "common/core_message_util.h"
#include "common/security_profile_list.h"
#include "common/status.h"
#include "license_server_sdk/internal/session_usage_report.h"
#include "common/crypto_util.h"
#include "protos/public/client_identification.pb.h"
#include "protos/public/device_certificate_status.pb.h"
#include "protos/public/license_protocol.pb.h"
#include "protos/public/license_server_sdk.pb.h"
#include "protos/public/oem_key_container.pb.h"
#include "protos/public/provisioned_device_info.pb.h"
namespace video_widevine {
class ClientCert;
class ClientIdentification;
class DrmRootCertificate;
class Session;
class SessionInit;
class SessionImpl;
using oemcrypto_core_message::features::CoreMessageFeatures;
// Helper function to determine which provider client token to use.
std::string GetProviderClientToken(const SessionInit& session_init,
const ClientIdentification& client_id);
class EnvironmentImpl {
public:
explicit EnvironmentImpl(const DrmRootCertificate* root_cert);
// Set the custom device security profile list which is returned, from a call
// to Widevine PublishedDevicesService.
Status SetCustomDeviceSecurityProfiles(
absl::string_view serialized_signed_device_security_profiles);
// Set pre-provisioning keys system-wide. Map key is system_id, value.
// Value should be human-readable hex digits suitable for passing to
// absl::HexStringToBytes().
// Must be called before any other calls to this class. Calls are
// thread-safe, so the keys can be updated at any time.
void SetPreProvisioningKeys(const std::map<uint32_t, std::string>& keys);
void SetPreProvisioningKeys(const std::multimap<uint32_t, std::string>& keys);
Status AddDrmServiceCertificate(
const std::string& service_certificate,
const std::string& service_private_key,
const std::string& service_private_key_passphrase);
// Returns true if service certificate is loaded.
bool is_service_certificate_loaded();
// Set the certificate status list system-wide.
// |expiration_period| is the number of seconds until the
// certificate_status_list expires after its creation time
// (creation_time_seconds). If |allow_unknown_devices| is false, an error is
// returned if the device does not appear in the certificate_status_list.
Status SetCertificateStatusList(const std::string& certificate_status_list,
uint32_t expiration_period_seconds,
bool allow_unknown_devices);
// Enable delivery of licenses to client devices. This includes devices with
// TEST_ONLY status, and development platform verification certificates.
// Defaults to false.
void AllowDevelopmentClients(bool enable);
// Enable delivery of licenses to TEST_ONLY client devices.
// |device_list_make| is a comma separated list of devices to allow even
// if the device is in a TEST_ONLY state. This list wil be used only if
// AllowDevelopmentClient(false) is in use.
void AllowTestOnlyDevicesByMake(const std::string& device_list_make);
// Enable delivery of licenses to TEST_ONLY client devices.
// |device_list_provider| is a comma separated list of providers to allow
// even if the device is in a TEST_ONLY state. This list wil be used only if
// AllowDevelopmentClient(false) is in use.
void AllowTestOnlyDevicesByProvider(const std::string& device_list_provider);
// Enable delivery of licenses to revoked client devices. |system_id_list| is
// a comma separated list of systems Ids to allow even if the device is in the
// revoked state.
void AllowRevokedDevices(const std::string& system_id_list);
// A comma separated list of DRM Certificate Serial Numbers that are revoked.
void RevokedDrmCertificateSerialNumbers(
const std::string& drm_certificate_serial_numbers);
// Restriction on core message features. If this is an empty string, the
// default feature set is used. If it is an integer, that is the ODK version
// supported.
void SetCoreMessageFeatures(const std::string& core_message_features);
// Generates a SignedMessage containing a message generated in response to
// an error condition. |status| is a previous error status returned by the
// Session or Status(error::UNAVAILABLE, ...) to indicate that the
// backend is unavailable, |signed_message| points to a std::string to contain the
// serialized SignedMessage, and may not be NULL. This method returns true if
// there is an error license to be sent to the client, or false otherwise.
// Example usage in the CreateSession() comments above.
bool GenerateErrorResponse(const Status& status,
std::string* signed_message_bytes);
// Generates a SignedMessage containing a service certifcate for the specified
// |provider|. Returns false if |provider| does not exist. Returns the
// default service certificate if |provider| is empty.
bool GenerateServiceCertificateResponse(const std::string& provider,
std::string* signed_message_bytes);
// DeriveKey uses the NIST 800-108 KDF recommendation, using AES-CMAC PRF.
// NIST 800-108:
// http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf
// AES-CMAC:
// http://tools.ietf.org/html/rfc4493
std::string DeriveKey(const std::string& key, const std::string& label,
const std::string& context, const uint32_t size_bits);
// Returns a std::string containing the Widevine License Server SDK version in the
// form <major_version>.<minor_version>.<release> <build date> <build time> .
std::string GetSdkVersionString();
// Generate a signed request to be sent to Widevine Certificate Provisioning
// Server to retrieve 'DeviceCertificateStatusList'.
Status GenerateDeviceStatusListRequest(
std::string* signed_device_certificate_status_list_request);
// If set to true, adds SDK and server version information to the license
// response.
void SetIncludeVersionInfoInLicense(bool include_version_info);
// Sets the service version information which can be included with the license
// response. If SetIncludeVersionInfoInLicense() is set to true and the server
// version is not empty, then the server version will be included in the
// license response. The host_version must be <= 32 characters and limited to
// alphanumeric and '_', '-', ':', ';'and '.'.
bool SetHostServerVersion(const std::string& host_version);
void SetDefaultDeviceSecurityProfileList(SecurityProfileList* profile_list);
// Return a list of the default profile names.
Status GetDefaultDeviceSecurityProfileNames(
std::vector<std::string>* profile_names) const;
// Return the default profile associated with |profile_name|.
Status GetDefaultDeviceSecurityProfile(
absl::string_view profile_name,
SecurityProfile* device_security_profile) const;
// Obtain the owner list for custom profiles.
Status GetCustomDeviceSecurityProfileOwners(
std::vector<std::string>* custom_profile_owners) const;
// Return a list of custom profile names associated with |owner_name|.
Status GetCustomDeviceSecurityProfileNames(
absl::string_view owner_name,
std::vector<std::string>* profile_names) const;
// Return the custom profiles associated with |owner_name|.
Status GetCustomDeviceSecurityProfiles(
absl::string_view owner_name,
std::vector<SecurityProfile>* custom_device_security_profiles) const;
// Return device security profile list pointer.
video_widevine::SecurityProfileList* device_security_profile_list() const;
// Specify a comma separated list of system Ids that can support having
// OEMCrypto version, as specified in the license request, reflected back in
// the Key Control Block which is used by partner. Otherwise, only 'kctl' or
// 'kc09' is returned in KCB.
void SetDevicesToHandleOEMCryptoVersionInKCB(
const std::string& system_id_list);
// Return drm root certificate pointer.
const DrmRootCertificate* drm_root_certificate() const;
CoreMessageFeatures core_message_features() const;
bool include_version_info_in_license() const;
// If |auto_set_provider_session_token| is 'true', the provider session token
// may be automatically set,
//
// The default setting for |auto_set_provider_session_token| is 'true'.
virtual void SetAutosetProviderSessionToken(
bool auto_set_provider_session_token) {
auto_set_provider_session_token_ = auto_set_provider_session_token;
}
// Returns the setting as to whether the provider session token will be
// automatically set.
virtual bool GetAutosetProviderSessionToken() const {
return auto_set_provider_session_token_;
}
virtual ~EnvironmentImpl();
private:
// This function wrapper allows safe static creation of the version string.
std::string* GetHostVersionString();
bool include_version_info_in_license_ = true;
bool is_service_certificate_loaded_ = false;
CoreMessageFeatures core_message_features_ =
CoreMessageFeatures::kDefaultFeatures;
bool auto_set_provider_session_token_ = true;
// DRM root certificate used for verifying all other DRM certificates.
const DrmRootCertificate* drm_root_certificate_;
mutable absl::Mutex profile_mutex_;
SecurityProfileList* profile_list_ ABSL_GUARDED_BY(profile_mutex_);
};
} // namespace video_widevine
#endif // VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_INTERNAL_ENVIRONMENT_IMPL_H_

35
ubuntu/cc_header/output_protection_util.h Normal file
View File

@@ -0,0 +1,35 @@
// Copyright 2019 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_COMMON_OUTPUT_PROTECTION_UTIL_H_
#define VIDEO_WIDEVINE_EXPORT_COMMON_OUTPUT_PROTECTION_UTIL_H_
#include "common/status.h"
#include "protos/public/client_identification.pb.h"
#include "protos/public/license_protocol.pb.h"
namespace video_widevine {
namespace op_util {
// Verify the device meets the provider's output requirements. Set
// |should_disable_analog_output| to true if device does not meet analog output
// requirements, otherwise |should_disable_analog_error| is false including
// error cases.
Status VerifyDeviceCapabilities(
const ClientIdentification::ClientCapabilities& device_capabilities,
const License::KeyContainer::OutputProtection& output_protection,
bool* should_disable_analog_output);
} // namespace op_util
bool operator<(ClientIdentification::ClientCapabilities::HdcpVersion lValue,
ClientIdentification::ClientCapabilities::HdcpVersion rValue);
bool operator>(ClientIdentification::ClientCapabilities::HdcpVersion lValue,
ClientIdentification::ClientCapabilities::HdcpVersion rValue);
int32_t HdcpEnumToInt(
ClientIdentification::ClientCapabilities::HdcpVersion hdcpEnum);
} // namespace video_widevine
#endif // VIDEO_WIDEVINE_EXPORT_COMMON_OUTPUT_PROTECTION_UTIL_H_

172
ubuntu/cc_header/security_profile_list.h Normal file
View File

@@ -0,0 +1,172 @@
// Copyright 2020 Google LLC. All rights reserved.
//
// Description:
// Container of device security profiles. Security profiles indicate rules
// to allow using the profile. The rules are based on DRM capabilities of a
// device.
#ifndef VIDEO_WIDEVINE_EXPORT_COMMON_SECURITY_PROFILE_LIST_H_
#define VIDEO_WIDEVINE_EXPORT_COMMON_SECURITY_PROFILE_LIST_H_
#include <cstdint>
#include "absl/synchronization/mutex.h"
#include "common/hash_algorithm.h"
#include "common/output_protection_util.h"
#include "common/status.h"
#include "protos/public/client_identification.pb.h"
#include "protos/public/device_security_profile_data.pb.h"
#include "protos/public/device_security_profile_list.pb.h"
#include "protos/public/provisioned_device_info.pb.h"
#include "protos/public/security_profile.pb.h"
namespace video_widevine {
using ClientCapabilities = ClientIdentification::ClientCapabilities;
const char kDefaultProfileOwnerName[] = "Widevine";
// The SecurityProfileList will hold all security profiles. During license
// acquisition, information from the client and information from the server are
// combined to deternmine the device's security profile level.
// TODO(169946984): Clean up the virtual/protected functions once subclass
// default_device_security_profile_list gets removed.
class SecurityProfileList {
public:
explicit SecurityProfileList(const std::string& profile_namespace);
virtual ~SecurityProfileList() {}
// Initialize the security profile list with Widevine default profiles. The
// size of the profile list is returned.
virtual int Init();
// Add the specified profile to the existing list of profiles. Returns true
// if successfully inserted, false if unable to insert.
bool InsertProfile(const SecurityProfile& profile_to_insert);
// Populates |profiles_allow| with a list of profiles from the specified
// |profiles_to_check| list that meet the requirements for the this device.
// The number of profiles is returned.
virtual int GetQualifiedProfilesFromSpecifiedProfiles(
const std::vector<std::string>& profiles_to_check,
const std::string& owner, const ClientIdentification& client_id,
const ProvisionedDeviceInfo& device_info,
PlatformVerificationStatus device_vmp_status,
std::vector<std::string>* qualified_profiles) const;
// Populates |profiles_to_allow| with a list of profiles that meet the
// requirements for the this device. The number of profiles is returned.
virtual int GetQualifiedProfiles(
const ClientIdentification& client_id,
const ProvisionedDeviceInfo& device_info,
const PlatformVerificationStatus device_vmp_status,
const std::string& owner,
std::vector<std::string>* qualified_profiles) const;
// Return true if a profile exist matching the specified parameters {|name|,
// |owner|}. |security_profiles| is owned by the caller and is populated if
// one or more profile exist. For default DSP, the output profiles should
// contain single record. For custom DSP, it may contain multiple records
// since active dsp and inactive dsp could share the same dsp_name under the
// same owner.
virtual bool GetProfileByNameAndOwner(
const std::string& name, const std::string& owner,
std::vector<SecurityProfile>* security_profiles) const;
// Populates |security_profiles| owned by the content owner.
virtual int GetProfilesByOwner(
const std::string& owner,
std::vector<SecurityProfile>* security_profiles) const;
// Populates |owner_list| for security profiles. |is_default_dsp| boolean
// indicates the owner_list for default dsp or custom dsp.
virtual int GetProfilesOwnerList(const bool is_default_dsp,
std::vector<std::string>* owner_list) const;
// Return the device security capabilities. |drm_info| is populated with
// data from |client_id| and |device_info|. |drm_info| must not be null and
// is owned by the caller.
virtual bool GetDrmInfo(const ClientIdentification& client_id,
const ProvisionedDeviceInfo& device_info,
SecurityProfile::DrmInfo* drm_info) const;
// Return the number of profiles in the list.
int NumProfiles() const;
// Return a list of profile names.
virtual void GetProfileNames(std::vector<std::string>* profile_names) const;
// Deserialized SignedDeviceSecurityProfiles for custom DSPs.
static Status DeserializeSignedDeviceSecurityProfiles(
const std::string& serialized_signed_device_security_profiles,
std::string* serialized_device_security_profiles,
HashAlgorithm* hash_algorithm, std::string* signature);
// Validate signature and update security profile list for custom dsps.
Status ValidateAndUpdateProfileList(
const std::string& root_certificate_public_key,
const std::string& serialized_device_security_profiles,
HashAlgorithm hash_algorithm, const std::string& signature,
int* added_profile_num);
// Returns an instance of the Security profile list for default security
// profiles. Default security profiles are owned by Widevine.
// TODO (b/187073516): This singleton can be moved to the "Environment" class
// as a non-static API.
static SecurityProfileList* GetInstanceForDefaultSecurityProfiles();
protected:
void ClearAllProfiles();
private:
friend class SecurityProfileListTest;
// Add Widevine default profiles into profile_list. The number of added
// default profiles will be returned.
virtual int AddDefaultProfiles();
// Add Widevine custom profiles into profile_list. The number of added custom
// profiles will be returned.
virtual int AddCustomProfiles(
const DeviceSecurityProfileList& device_security_profile_list);
virtual int GetDefaultProfileStrings(
std::vector<std::string>* default_profile_strings) const;
bool DoesProfileQualify(const SecurityProfile& profile,
const ClientIdentification& client_id,
const ProvisionedDeviceInfo& device_info,
PlatformVerificationStatus device_vmp_status) const;
bool CheckAnalogOutputCapabilities(
ClientIdentification_ClientCapabilities_AnalogOutputCapabilities
client_output_capabilities,
ClientIdentification_ClientCapabilities_AnalogOutputCapabilities
profile_output_capabilities,
bool client_can_disable_analog_output) const;
int64_t GetCurrentTimeSeconds() const;
bool IsProfileActive(const SecurityProfile& profile,
int64_t current_time_seconds) const;
bool InsertProfileLocked(const SecurityProfile& profile_to_insert)
ABSL_EXCLUSIVE_LOCKS_REQUIRED(mutex_);
// Return true if a profile already exists in the profile_list.
bool DoesProfileExistLocked(const SecurityProfile& profile) const
ABSL_EXCLUSIVE_LOCKS_REQUIRED(mutex_);
void ClearAllDefaultProfilesLocked() ABSL_EXCLUSIVE_LOCKS_REQUIRED(mutex_);
void ClearAllCustomProfilesLocked() ABSL_EXCLUSIVE_LOCKS_REQUIRED(mutex_);
// Return true is the client is a Chrome browser.
virtual bool IsChromeBrowser(const std::string& device_model) const;
mutable absl::Mutex mutex_;
// Security profiles
std::string profile_namespace_;
// TODO(huihli): Modify as Map<owner, DSPs>.
std::vector<SecurityProfile> security_profiles_ ABSL_GUARDED_BY(mutex_);
};
} // namespace video_widevine
#endif // VIDEO_WIDEVINE_EXPORT_COMMON_SECURITY_PROFILE_LIST_H_

509
ubuntu/cc_header/session.h Normal file
View File

@@ -0,0 +1,509 @@
// Copyright 2017 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_PUBLIC_SESSION_H__
#define VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_PUBLIC_SESSION_H__
#include <cstdint>
#include <list>
#include <map>
#include <memory>
#include <string>
#include "absl/strings/string_view.h"
#include "absl/synchronization/mutex.h"
#include "common/status.h"
#include "protos/public/client_identification.pb.h"
#include "protos/public/device_certificate_status.pb.h"
#include "protos/public/drm_certificate.pb.h"
#include "protos/public/external_license.pb.h"
#include "protos/public/license_protocol.pb.h"
#include "protos/public/license_server_sdk.pb.h"
#include "protos/public/oem_key_container.pb.h"
#include "protos/public/security_profile.pb.h"
namespace video_widevine {
class ClientIdentification;
class ContentInfo;
class DrmRootCertificate;
class ExternalPlayReadySessionImpl;
class License;
class LicenseRequest;
class ProvisionedDeviceInfo;
class SecurityProfile;
class SecurityProfileList;
class SessionImpl;
class EnvironmentImpl;
class SessionInit;
class SessionState;
class SessionUsage;
// TODO(tinskip): Rename this to LicenseSession and add LicenseEngine to hold
// global settings and create new sessions.
class Session {
public:
// Specify a comma separated list of system Ids that can support having
// OEMCrypto version, as specified in the license request, reflected back in
// the Key Control Block which is used by partner. Otherwise, only 'kctl' or
// 'kc09' is returned in KCB.
// TODO(tinskip): What is this, and can we do it better? Seems like something
// that would be better in the ClientCapabilities or device metadata.
static void SetDevicesToHandleOEMCryptoVersionInKCB(
const std::string& system_id_list);
// Set pre-provisioning keys system-wide. Map key is system_id, value.
// Value should be human-readable hex digits encoded bytes.
// Must be called before any other calls to this class. Calls are
// thread-safe, so the keys can be updated at any time.
static void SetPreProvisioningKeys(
const std::map<uint32_t, std::string>& keys);
static void SetPreProvisioningKeys(
const std::multimap<uint32_t, std::string>& keys);
// Set the certificate status list system-wide. |root_cert| is the root
// certificate which signed the DCSL.
// |expiration_period| is the number of seconds until the
// certificate_status_list expires after its creation time
// (creation_time_seconds). If |allow_unknown_devices| is false, an error is
// returned if the device does not appear in the certificate_status_list.
static Status SetCertificateStatusList(
const DrmRootCertificate* root_cert,
const std::string& certificate_status_list,
uint32_t expiration_period_seconds, bool allow_unknown_devices);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Add a service certificate system-wide. |root_cert| is the root certificate
// which signed the service certificate; |service_certificate| is a
// Google-generated certificate used to authenticate the service provider for
// purposes of device privacy; |service_private_key| is the encrypted PKCS#8
// private RSA key corresponding to the service certificate; and
// |service_private_key_passphrase| is the password required to decrypt
// |service_private_key|.
static Status AddDrmServiceCertificate(
const DrmRootCertificate* root_cert,
const std::string& service_certificate,
const std::string& service_private_key,
const std::string& service_private_key_passphrase);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Enable delivery of licenses to client devices. This includes devices with
// TEST_ONLY status, and development platform verification certificates.
// Defaults to false.
static void AllowDevelopmentClients(bool enable);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Enable delivery of licenses to TEST_ONLY client devices.
// |device_list_make| is a comma separated list of devices to allow even
// if the device is in a TEST_ONLY state. This list wil be used only if
// AllowDevelopmentClient(false) is in use.
static void AllowTestOnlyDevices(const std::string& device_list_make) {
AllowTestOnlyDevicesByMake(device_list_make);
}
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
static void AllowTestOnlyDevicesByMake(const std::string& device_list_make);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Enable delivery of licenses to TEST_ONLY client devices.
// |device_list_provider| is a comma separated list of provider to allow
// even if the device is in a TEST_ONLY state. This list wil be used only if
// AllowDevelopmentClient(false) is in use.
static void AllowTestOnlyDevicesByProvider(
const std::string& device_list_provider);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Enable delivery of licenses to revoked client devices. |system_id_list| is
// a comma separated list of systems Ids to allow even if revoked.
static void AllowRevokedDevices(const std::string& system_id_list);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// A comma separated list of DRM Certificate Serial Numbers that are revoked.
static void RevokedDrmCertificateSerialNumbers(
const std::string& drm_certificate_serial_numbers);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Restriction on core message features. If this is an empty string, the
// default feature set is used. If it is an integer, that is the ODK version
// supported.
static void SetCoreMessageFeatures(const std::string& core_message_features);
// Creates a Session object.
// |root_cert| is the root certificate to be used to validate client
// credentials.
// |signed_license_request| is the serialized SignedMessage received from the
// client. |session| points to a Session*, which must be initialized to NULL
// on entry, but |session| itself may not be NULL. The new Session object will
// be owned by the caller. This method returns Status::OK if successful,
// or an appropriate error status, in which case
// Session::GenerateErrorResponse should be invoked.
// Example usage:
// Session* session = NULL;
// Status status = Session::Create(root_cert, request_from_client,
// &session);
// if (!status.ok()) {
// std::string error_license;
// if (Session::GenerateErrorResponse(status, &error_license)) {
// // Send error_license to the client.
// } else {
// // Handle error
// }
// return ...
// }
// // Create license, invoke GenerateSignedLicense, etc.
static Status Create(const DrmRootCertificate* root_cert,
const std::string& signed_license_request,
Session** session);
// Create a session for generating a license. This variation of Create takes
// options to allow for the creation of the session to succeed even if the
// device is revoked.
static Status CreateWithOptions(const DrmRootCertificate* root_cert,
const std::string& signed_license_request,
const SessionCreateOptions& options,
Session** session);
// Variation of Session::Create which also fills in the parsed LicenseRequest,
// for use in logging or debugging.
static Status Create(const DrmRootCertificate* root_cert,
const std::string& signed_license_request,
const SessionCreateOptions& options, Session** session,
LicenseRequest* parsed_request_out);
// Same as Create(), but caller can specify the ClientIdentification
// message and/or PlatformVerificationStatus. If ClientIdentification is
// specified, this variation of Create() will use the specified |client_id|
// instead of what is specified in |signed_license_request|. If
// PlatformVerificationStatus is specified, this method will use the specified
// |platform_verification_status| instead of attempting to determine it.
// Background for this function is to support cases where the client
// identification is encrypted with the provider's service certificate in
// which case we won't be able to decrypt OR when the provider determines
// platform verification. The provider will specify the
// clear client identification in |client_id| and the platform verification
// in |platform_verification_status|.
static Status CreateForProxy(
const DrmRootCertificate* root_cert,
const std::string& signed_license_request,
const PlatformVerificationStatus platform_verification_status,
const ClientIdentification* client_id,
const SessionCreateOptions& options, Session** session,
LicenseRequest* parsed_request_out);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Generates a SignedMessage containing a message generated in response to
// an error condition. |status| is a previous error status returned by the
// Session or Status(error::UNAVAILABLE, ...) to indicate that the
// backend is unavailable, |signed_message| points to a std::string to contain the
// serialized SignedMessage, and may not be NULL. This method returns true if
// there is an error license to be sent to the client, or false otherwise.
// Example usage in the Session::Create comments above.
static bool GenerateErrorResponse(const Status& status,
std::string* signed_message_bytes);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Generates a SignedMessage containing a service certificate for the
// specified |provider_id|. This method returns true if a service certificate
// exist for the provider.
static bool GenerateServiceCertificateResponse(
const std::string& provider_id, std::string* signed_message_bytes);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// DeriveKey uses the NIST 800-108 KDF recommendation, using AES-CMAC PRF.
// NIST 800-108:
// http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf
// AES-CMAC:
// http://tools.ietf.org/html/rfc4493
static std::string DeriveKey(const std::string& key, const std::string& label,
const std::string& context,
const uint32_t size_bits);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Returns a std::string containing the Widevine License Server SDK version in the
// form <major_version>.<minor_version>.<release> <build date> <build time> .
static std::string GetSdkVersionString();
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// If set to true, adds SDK and server version information to the license
// response.
static void SetIncludeVersionInfoInLicense(bool include_version_info);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Sets the service version information which can be included with the license
// response. If SetIncludeVersionInfoInLicense() is set to true and the server
// version is not empty, then the server version will be included in the
// license response. The host_version must be <= 32 characters and limited to
// alphanumeric and '_', '-', ':', ';', ' ', '/' and '.'.
static void SetHostServerVersion(const std::string& host_version);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Generate a signed request to be sent to Widevine Certificate Provisioning
// Server to retrieve 'DeviceCertificateStatusList'.
static Status GenerateDeviceStatusListRequest(
std::string* signed_device_certificate_status_list_request);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Set the custom device security profile list which is returned, from a call
// to Widevine PublishedDevicesService.
static Status SetCustomDeviceSecurityProfiles(
const DrmRootCertificate* root_cert,
absl::string_view serialized_signed_device_security_profiles);
virtual ~Session();
virtual const LicenseRequest& request() const;
virtual const std::string& GetSessionId();
// Return list of Widevine profiles meeting the DRM requirements for this
// session.
virtual Status GetQualifiedDefaultDeviceSecurityProfiles(
std::vector<std::string>* qualified_profiles) const;
// Retrieves qualifying Custom Security Profiles names given the owner name.
virtual Status GetQualifiedCustomDeviceSecurityProfiles(
absl::string_view owner_name,
std::vector<std::string>* custom_qualified_profile_names) const;
// Returns true if a provisioned device info exists. Caller
// owns |provisioned_device_info| and it must not be null.
virtual bool GetProvisionedDeviceInfo(
video_widevine::ProvisionedDeviceInfo* device_info);
// Accessor for request_id field which may be encoded in one of multiple
// places in the liciense request protcol buffer. Use this method instead
// of accessing directly. |request_id| is a pointer to a std::string to contain
// the request ID upon successful return.
virtual Status GetRequestId(std::string* request_id) const;
// Accessor for license_type field which may be encoded in one of multiple
// places in the license request protocol buffer. Use this method instead
// of accessing directly. |license_type| is a pointer to a value to contain
// the license type upon successful return.
virtual Status GetLicenseType(LicenseType* license_type) const;
// Method used to get ContentIdentification in a consistent message regardless
// of the type or version of initialization data contained in the content_id
// field of the license request. Use this method instead of accessing the
// fields of ContentIdentification directly. |content_info| is a pointer to a
// message to contain the parsed values from content_id upon successful
// return.
virtual Status GetContentInfo(ContentInfo* content_info) const;
// Returns the serial number of certificate associated with this device and
// content provider.
virtual std::string GetDrmDeviceId() const;
// Copies the session usage table from license request to |usage_report|.
// Returns true if session usage exist in the license request, otherwise
// returns false.
bool GetSessionUsage(SessionUsage* usage_report) const;
// Returns true if client info exists, otherwise returns false. Populate the
// specified |client_info| structure.
virtual bool GetClientInfo(ClientIdentification* client_info) const;
// Generates a serialized signed License response, emptying |policy| and
// |key_container|, encrypting the keys therein. |session_init| and
// |session_state| are returned to be cached and provided in subsequent
// calls to the function. If no additional PolicyItem or KeyContainer objects
// are necessary to fulfill the request (such as the case with license
// renewal), |policy| and/or |key_container| may be NULL.
// The response is expected to be sent to the Widevine CDM.
virtual Status GenerateSignedLicense(
/*IN*/ const License::Policy* policy,
/*IN*/ const std::list<License::KeyContainer>* key_container,
/*IN*/ const SessionInit* session_init,
/*INOUT*/ SessionState* session_state,
/*OUT*/ std::string* signed_message_bytes);
virtual PlatformVerificationStatus GetPlatformVerificationStatus() const;
// Returns the service id of the provider that owns the device certificate.
virtual std::string GetDrmDeviceServiceId() const;
// Returns true, if the license request for this session included a key
// control nonce, else false.
virtual bool HasKeyControlNonce() const;
// If set to 'true', allow licenses to be generated even if VMP data was
// determined to be video_widevine::PLATFORM_UNVERIFIED.
virtual void set_allow_unverified_platform(bool allow_unverified_platform);
// Return the setting of whether licenses are allowed to be generated even
// when VMP data was determined to be video_widevine::PLATFORM_UNVERIFIED.
virtual bool allow_unverified_platform() const;
// If set to 'true', allow licenses to be generated even if VMP data was
// determined to be video_widevine::PLATFORM_TAMPERED.
virtual void set_allow_tampered_platform(bool allow_tampered_platform);
/**
* If set to true, reject WvDrm SDK to reject licensing behaviors to unknown
* make model. Default value is false.
*/
virtual void set_reject_unknown_make_model(bool reject_unknown_make_model);
/**
* Retrieves the setting of whether unknown make model is rejected.
*/
virtual bool reject_unknown_make_model() const;
// Return the setting of whether licenses are allowed to be generated even
// when VMP data was determined to be video_widevine::PLATFORM_TAMPERED.
virtual bool allow_tampered_platform() const;
virtual void SetKeys(std::list<OemKeyContainer>* oem_key_container);
// 'Provider' making the request.
virtual void set_provider(const std::string& provider);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Obtain the owner list for custom profiles.
virtual Status GetCustomDeviceSecurityProfileOwners(
std::vector<std::string>* custom_profile_owners) const;
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Return a list of custom profile names associated with |owner_name|.
virtual Status GetCustomDeviceSecurityProfileNames(
absl::string_view owner_name,
std::vector<std::string>* profile_names) const;
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Return the custom profiles associated with |owner_name|.
virtual Status GetCustomDeviceSecurityProfiles(
absl::string_view owner_name,
std::vector<SecurityProfile>* custom_device_security_profiles) const;
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Return a list of default profile names obtained from default profiles.
// The input argument |profile_names| cannot be null and it will be replaced
// by the results.
// For any non-ok status, |profile_names| won't be modified.
virtual Status GetDefaultDeviceSecurityProfileNames(
std::vector<std::string>* profile_names) const;
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Return the default profile associated with |profile_name|.
virtual Status GetDefaultDeviceSecurityProfile(
absl::string_view profile_name,
SecurityProfile* device_security_profile) const;
// Return the device status such as as RELEASED or REVOKED.
virtual DeviceCertificateStatus::Status GetDeviceStatus() const;
// Returns message type such as LICENSE_REQUEST, SERVICE_CERTIFICATE_REQUEST
// or EXTERNAL_LICENSE_REQUEST.
virtual SignedMessage::MessageType message_type() const;
// Retrieves Widevine Security Profile DrmInfo of the device.
// Returns true if |drm_info| was successully populated, else false.
virtual bool GetDrmInfo(SecurityProfile::DrmInfo* drm_info) const;
// Retrieves the ContentIdentification from the request. Returns OK, if
// successful, else failure.
virtual Status GetContentId(
LicenseRequest::ContentIdentification* content_id) const;
// Retrieves the request type.
virtual LicenseRequest::RequestType request_type() const;
// Deprecated.
// TODO(b/200839386): This API is now available in environment.h. It will be
// removed from this header file in the Q4 2021 SDK release.
// If |auto_set_provider_session_token| is 'true', the provider session token
// will be automatically set,
// * if the provider session token has not been specified.
// * for OFFLINE requests
// * if Policy.can_persist is set to 'true'.
// * if Policy.can_renew is set to 'true'.
// * if OEMCryptoVersion of the client making the request is at least 16.
//
// The default setting for |auto_set_provider_session_token| is 'true'.
virtual void set_auto_set_provider_session_token(
bool auto_set_provider_session_token);
// Deprecated.
// TODO(b/200839386): This API is now available in environment.h. It will be
// removed from this header file in the Q4 2021 SDK release.
// Returns the setting as to whether the provider session token will be
// automatically set.
virtual bool auto_set_provider_session_token() const;
protected:
Session(std::shared_ptr<EnvironmentImpl> env_impl,
std::unique_ptr<SessionImpl> impl);
Session(std::shared_ptr<EnvironmentImpl> env_impl,
std::unique_ptr<ExternalPlayReadySessionImpl>
external_playready_session_impl);
// For testing only. This allows unit tests to define a mock Session class.
Session();
friend class Environment;
private:
#ifndef SWIG
Session(const Session&) = delete;
Session& operator=(const Session&) = delete;
#endif
// Session::Create which also fills in the parsed
// ExternalLicenseRequest. Used to create a Session object.
static Status Create(const DrmRootCertificate* root_cert,
SignedMessage* signed_message, Session** session,
ExternalLicenseRequest* parsed_request_out);
explicit Session(std::unique_ptr<SessionImpl> impl);
explicit Session(std::unique_ptr<ExternalPlayReadySessionImpl>
external_playready_session_impl);
std::shared_ptr<EnvironmentImpl> env_impl_;
std::unique_ptr<SessionImpl> impl_;
std::unique_ptr<ExternalPlayReadySessionImpl>
external_playready_session_impl_;
static absl::Mutex profile_mutex_;
static std::unique_ptr<SecurityProfileList> security_profile_list_
ABSL_GUARDED_BY(profile_mutex_);
};
} // namespace video_widevine
#endif // VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_PUBLIC_SESSION_H__

102
ubuntu/cc_header/wvpl_license_counter.h Normal file
View File

@@ -0,0 +1,102 @@
// Copyright 2017 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_EXTERNAL_COMMON_WVPL_WVPL_LICENSE_COUNTER_H_
#define VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_EXTERNAL_COMMON_WVPL_WVPL_LICENSE_COUNTER_H_
#include <stdint.h>
#include <map>
#include <string>
#include "absl/synchronization/mutex.h"
#include "sdk/external/common/wvpl/wvpl_types.h"
#include "protos/public/provisioned_device_info.pb.h"
#include "protos/public/sdk_stats.pb.h"
namespace video_widevine_server {
namespace wv_pl_sdk {
// Maintains and manages license status values organized by system Id, make and
// models. The class is thread safe.
class WvPLLicenseCounter {
public:
WvPLLicenseCounter();
virtual ~WvPLLicenseCounter();
// Handles the usage counting for the license status. Status values are
// counted based on make/model inforamtion contained in |device_info|.
WvPLStatus LogLicenseStatus(
const video_widevine::ProvisionedDeviceInfo& device_info,
const WvPLStatus& status);
// Copies usage data from internal buffers into the protobuf |counter_proto|.
// The internal data is flushed from memory if |flush_data| is true,
// otherwise usage data remains and will accumulate.
WvPLStatus FlushDataToProto(
bool flush_data,
video_widevine::DeviceLicenseCounterRequest* counter_proto);
// Setting |flag| to true will only count operations resulting in errors.
// Otherwise successes and errors are counted.
void set_limit_usage_stats_to_errors_only(const bool flag) {
limit_usage_stats_to_errors_only_ = flag;
}
bool limit_usage_stats_to_errors_only() const {
return limit_usage_stats_to_errors_only_;
}
private:
friend class WvPLLicenseCounterTest;
friend class WvPLSessionTest;
// Copies content from |system_id_counter_data| into the protobuf
// |system_id_counter_proto|.
WvPLStatus LogUsageSystemIdDataToProto(
const WvPLSystemIdCounterData& system_id_counter_data,
video_widevine::DeviceLicenseCounterBySystemId* system_id_counter_proto);
// Copies content from |make_counter_data| into the protobuf
// |make_counter_proto|.
WvPLStatus LogUsageDeviceMakeDataToProto(
const WvPLDeviceMakeCounterData& make_counter_data,
video_widevine::DeviceLicenseCounterByMake* make_counter_proto);
// Copies content from |model_counter_data| into the protobuf
// |model_counter_proto|.
WvPLStatus LogUsageDeviceModelDataToProto(
const WvPLDeviceModelCounterData& model_counter_data,
video_widevine::DeviceLicenseCounterByModel* model_counter_proto);
// Copies content from |status_counter_data| into the protobuf
// |status_counter_proto|.
WvPLStatus LogUsageLicenseStatusDataToProto(
const WvPLLicenseStatusCounterData& status_counter_data,
video_widevine::DeviceLicenseCounterByStatus* status_counter_proto);
const WvPLCounterData* counter_data() const {
absl::WriterMutexLock lock(const_cast<absl::Mutex*>(&counter_data_lock_));
return counter_data_.get();
}
virtual time_t start_time()
ABSL_EXCLUSIVE_LOCKS_REQUIRED(counter_data_lock_) {
return counter_data_->start_time_utc_;
}
virtual time_t end_time() ABSL_EXCLUSIVE_LOCKS_REQUIRED(counter_data_lock_) {
return counter_data_->end_time_utc_;
}
// Collect usage status only for errors.
bool limit_usage_stats_to_errors_only_;
video_widevine::DeviceLicenseCounterRequest counter_proto_;
absl::Mutex counter_data_lock_;
std::unique_ptr<WvPLCounterData> counter_data_
ABSL_GUARDED_BY(counter_data_lock_);
};
} // namespace wv_pl_sdk
} // namespace video_widevine_server
#endif // VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_EXTERNAL_COMMON_WVPL_WVPL_LICENSE_COUNTER_H_

247
ubuntu/cc_header/wvpl_sdk_environment.h Normal file
View File

@@ -0,0 +1,247 @@
// Copyright 2017 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_ENVIRONMENT_H_
#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_ENVIRONMENT_H_
#include <memory>
#include <string>
#include "absl/synchronization/mutex.h"
#include "sdk/external/common/wvpl/wvpl_types.h"
#include "protos/public/client_identification.pb.h"
#include "protos/public/device_security_profile_list.pb.h"
#include "protos/public/security_profile.pb.h"
namespace video_widevine {
class DeviceCertificateStatusList;
class DrmRootCertificate;
class DrmCertificate;
class ProvisionedDeviceInfo;
class SecurityProfileList;
} // namespace video_widevine
namespace video_widevine_server {
namespace wv_pl_sdk {
// These fields show the configuration options that can be initialized via
// the implementation classes (WvPLEnvironment and WvPLProxyEnvironment).
extern const char kDeviceCertificateExpiration[];
extern const char kAllowUnknownDevice[];
extern const char kProvider[];
extern const char kProviderIv[];
extern const char kProviderKey[];
extern const char kApiVerInKcb[];
extern const char kLimitUsageStatsToErrorsOnly[];
// Valid values are 'test' and 'prod'.
extern const char kDrmCertificateType[];
/**
* Parent class of SDK environment. This class is not be instantiated directly,
* but its API can be accessed via the derived environment classes.
*/
class WvPLSDKEnvironment {
public:
WvPLSDKEnvironment();
virtual ~WvPLSDKEnvironment();
// TODO(b/193920474): This function will be non-static function since end-Q3
// 2021 release.
// Generates a license response containing a message generated in response to
// an error condition. |create_session_status| is a previous error status
// returned by the CreateSession(). |license_response| points to a std::string to
// contain the license response and may not be NULL. This method returns true
// if there is an error license to be sent to the client, or false
// otherwise.
static bool GenerateErrorResponse(const WvPLStatus& create_session_status,
std::string* license_response);
/**
* Add a service certificate system-wide at the sdk. |service_certificate|
* is a Google-generated certificate used to authenticate the service
* provider. |service_private_key| is the encrypted PKCS#8 private RSA key
* corresponding to the service certificate. |service_private_key_passphrase|
* is the password required to decrypt |service_private_key|. This is a
* thread-safe call.
*
* @param service_certificate
* @param service_private_key
* @param service_private_key_passphrase
*
* @return WvPLStatus enumeration
*/
virtual WvPLStatus SetDrmServiceCertificate(
const std::string& service_certificate,
const std::string& service_private_key,
const std::string& service_private_key_passphrase);
// TODO(b/193920758): this function will be non private function since end-Q3
// 2021 release.
// Returns the DRM root certificate configured for this environment.
const video_widevine::DrmRootCertificate* drm_root_certificate() const {
return drm_root_certificate_.get();
}
/**
* Set the device certificate status list from a call to the Widevine
* Certificate Provisioning Service.
*/
virtual WvPLStatus SetDeviceCertificateStatusList(
const std::string& device_certificate_status_list);
/**
* Set the custom device security profile list from a call to the Widevine
* PublishedDevicesService.
*/
virtual WvPLStatus SetCustomDeviceSecurityProfiles(
const std::string& serialized_signed_device_security_profiles) const;
/**
* Return a list of the default profile names.
*/
virtual WvPLStatus GetDefaultDeviceSecurityProfileNames(
std::vector<std::string>* profile_names) const;
/**
* Return the default profile associated with |profile_name|.
*/
virtual WvPLStatus GetDefaultDeviceSecurityProfile(
const std::string& profile_name,
WvPLSecurityProfile* device_security_profile) const;
/**
* Obtain the owner list for custom profiles.
*/
virtual WvPLStatus GetCustomDeviceSecurityProfileOwners(
std::vector<std::string>* custom_profile_owners) const;
/**
* Return a list of custom profile names associated with |owner_name|.
*/
virtual WvPLStatus GetCustomDeviceSecurityProfileNames(
const std::string& owner_name,
std::vector<std::string>* profile_names) const;
/**
* Return the custom profiles associated with |owner_name|.
*/
virtual WvPLStatus GetCustomDeviceSecurityProfiles(
const std::string& owner_name,
std::vector<WvPLSecurityProfile>* custom_device_security_profiles) const;
// Enable delivery of licenses to revoked client devices. |system_id_list| is
// a comma separated list of systems Ids to allow even if revoked.
virtual void AllowRevokedDevices(const std::string& system_id_list);
// Returns true if the system ID is allowed even if revoked.
virtual bool IsRevokedDeviceAllowed(uint32_t system_id) const;
/**
* Translates the license request from the CDM to a human-readable message,
* useful for debugging. This translated request is placed in |request_out|.
* Returns OK in parsing the |request| successfully, else an error status
*/
virtual WvPLStatus GetRequestAsString(const std::string& request,
std::string* request_out) const;
/**
* Generate a signed request to be sent to Widevine Certificate Provisioning
* Server to retrieve 'DeviceCertificateStatusList'.
*/
virtual WvPLStatus GenerateDeviceStatusListRequest(
std::string* signed_device_certificate_status_list_request) = 0;
/**
* Returns WvPLDeviceInfo for specific system_id.
*/
static WvPLDeviceInfo GetDeviceInfo(uint32_t system_id);
protected:
// Return the signature for the provider specified in the |config_values|
// parameter in the constructor. |signature| is owned by the caller.
static WvPLStatus GenerateSignature(const std::string& plain_text,
std::string* signature);
/**
* Insert or update provisionedDeviceInfoMap with device info in
* certificate_status_list.
*/
static WvPLStatus UpdateProvisionedDeviceInfoMap(
const video_widevine::DeviceCertificateStatusList&
certificate_status_list);
const video_widevine::SecurityProfileList* device_security_profile_list()
const {
absl::ReaderMutexLock lock(&profile_mutex_);
return device_security_profile_list_.get();
}
// Number of seconds until the certificate status list expires after its
// creation time. Default value is 604800 seconds.
uint32_t device_certificate_expiration_seconds_ = 604800;
// "config_values" setting for "kDrmCertificateType".
// Supported values are "test" and "prod". Default value is "prod".
std::string drm_certificate_type_ = "prod";
// name of the provider hosting this service.
std::string provider_;
// value of the "iv" specified for the provider.
std::string provider_iv_;
// value of the "key" specified for the provider.
std::string provider_key_;
// is_service_certificate_loaded_ is not thread safe.
bool is_service_certificate_loaded_ = false;
// is_device_certificate_status_list_loaded is not thread safe.
bool is_device_certificate_status_list_loaded_ = false;
// If true, allow devices not in the certificate status list.
bool allow_unknown_device_ = false;
// DRM root certificate used for verifying all other DRM certificates.
std::unique_ptr<video_widevine::DrmRootCertificate> drm_root_certificate_;
// Mutex guarding the revoked devices list.
mutable absl::Mutex allowed_revoked_devices_mutex_;
// List of device system Ids to succeed even if the device is revoked.
std::vector<uint32_t> allowed_revoked_devices_
ABSL_GUARDED_BY(allowed_revoked_devices_mutex_);
private:
// Get the expected service type for drm service certificate.
virtual int GetExpectedServiceCertificateType();
// Check the type of |service_certificate|. Returns "OK" if the cert can be
// used for the current SDK, else an error status.
virtual WvPLStatus CheckServiceCertificateType(
const std::string& service_certificate);
/**
* Retrieves sdk use widevine certificate or not.
*/
virtual bool is_widevine_certificate() { return is_widevine_certificate_; }
/**
* Return provisioned_device_info if the device_info_map_ contains system_id.
*
* @return WvPLStatus - Status::OK if success, else error.
*/
static WvPLStatus LookupDeviceInfo(
uint32_t system_id,
video_widevine::ProvisionedDeviceInfo* provisioned_device_info);
/**
* Add a device to the current environment/session.
*/
static void AddDeviceInfo(
const video_widevine::ProvisionedDeviceInfo& provisioned_device_info);
// Security Profile list to allow for access to Security Profile Level and
// DRM information.
mutable absl::Mutex profile_mutex_;
std::unique_ptr<video_widevine::SecurityProfileList>
device_security_profile_list_ ABSL_GUARDED_BY(profile_mutex_);
// Only for internal content providers. Default value is false.
bool is_widevine_certificate_ = false;
friend class WvPLProxyEnvironmentTest;
friend class WvPLSDKSession;
friend class WvPLProxySession;
friend class WvPLProxySessionTest;
friend class WvPLSessionTest;
};
} // namespace wv_pl_sdk
} // namespace video_widevine_server
#endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_ENVIRONMENT_H_

347
ubuntu/cc_header/wvpl_sdk_session.h Normal file
View File

@@ -0,0 +1,347 @@
// Copyright 2018 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_SESSION_H_
#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_SESSION_H_
#include <memory>
#include "common/security_profile_list.h"
#include "sdk/external/common/wvpl/wvpl_types.h"
#include "protos/public/device_certificate_status.pb.h"
namespace video_widevine {
class ClientIdentification;
class DrmRootCertificate;
class LicenseRequest;
class License_KeyContainer_OutputProtection;
class License_KeyContainer;
class License_Policy;
class ProvisionedDeviceInfo;
class SessionInit;
class SessionState;
class SignedMessage;
} // namespace video_widevine
namespace video_widevine_server {
namespace wv_pl_sdk {
class WvPLSDKSession {
public:
explicit WvPLSDKSession(
const video_widevine::DrmRootCertificate* drm_root_certificate);
WvPLSDKSession(
const video_widevine::DrmRootCertificate* drm_root_certificate,
const video_widevine::SecurityProfileList* security_profile_list);
virtual ~WvPLSDKSession();
public:
// Add WvPLKey.
virtual WvPLStatus AddKey(const WvPLKey& key);
// Get the WvPLKey.
virtual const std::vector<WvPLKey>& keys() const { return keys_; }
// Set the license policy.
virtual void set_policy(const WvPLPlaybackPolicy& policy) {
policy_ = policy;
has_policy_ = true;
}
// Get the license policy.
virtual const WvPLPlaybackPolicy& policy() const { return policy_; }
// Set the Session Init.
virtual void set_session_init(const WvPLSessionInit& session_init) {
session_init_ = session_init;
}
// Get the Session Init.
virtual const WvPLSessionInit& session_init() const { return session_init_; }
virtual bool IsChromeCDM() const;
/**
* Returns the Widevine PSSH data for the license request handled by this
* session.
*
* @param wvpl_widevine_pssh_data.
* @return WvPLStatus - Status::OK if success, else error.
*/
virtual WvPLStatus GetPsshData(
WvPLWidevinePsshData* wvpl_widevine_pssh_data) const;
/**
* Returns the ClientIdentification information for the license request
* handled by this session.
*
* @param client_info
* @return WvPLStatus - Status::OK if success, else error.
*/
virtual WvPLStatus GetClientInfo(WvPLClientInfo* client_info) const;
/**
* Returns the WvPL Client Capabilities information for the license request
* handled by this session.
*
* @param client_capabilities.
* @return WvPLStatus - Status::OK if success, else error.
*/
virtual WvPLStatus GetClientCapabilities(
WvPLClientCapabilities* client_capabilities) const;
/**
* Returns the WvPLDeviceInfo information for the license request
* handled by this session.
*
* @param device_info
* @return WvPLStatus - Status::OK if success, else error.
*/
virtual WvPLStatus GetDeviceInfo(WvPLDeviceInfo* device_info) const;
virtual PlatformVerificationStatus VerifyPlatform() = 0;
virtual WvPLRequestType GetRequestType() const { return request_type_; }
/**
* Returns true if the license type is offline, otherwise return false.
*
* @return bool.
*/
virtual bool is_offline_license() const;
/**
* Returns the license request contains client id or not.
*
* @return bool.
*/
virtual bool has_client_id() const { return has_client_id_; }
/**
* Returns true if license request has encrypted_client_id. Otherwise return
* false.
*
* @return bool.
*/
virtual bool has_encrypted_client_id() { return has_encrypted_client_id_; }
/**
* If set to true, allow generation of licenses with
* PlatformVerificationStatus = PLATFORM_UNVERIFIED.
*/
virtual void set_allow_unverified_platform(bool allow_unverified_platform) {
allow_unverified_platform_ = allow_unverified_platform;
}
/**
* Retrieves the setting of whether license generation is allowed if
* PlatformVerificationStatus = PLATFORM_UNVERIFIED.
*/
virtual bool allow_unverified_platform() const {
return allow_unverified_platform_;
}
/**
* If set to false, SDK can reject licensing behaviors to unknown make
* model. Default value is false.
*/
virtual void set_reject_unknown_make_model(bool reject_unknown_make_model) {
reject_unknown_make_model_ = reject_unknown_make_model;
}
/**
* Retrieves the setting of whether unknown make model is rejected.
*/
virtual bool reject_unknown_make_model() const {
return reject_unknown_make_model_;
}
/**
* If set to true, allow generation of licenses with
* PlatformVerificationStatus = PLATFORM_TAMPERED.
*/
virtual void set_allow_tampered_platform(bool allow_tampered_platform) {
allow_tampered_platform_ = allow_tampered_platform;
}
/**
* Retrieves the setting of whether license generation is allowed if
* PlatformVerificationStatus = PLATFORM_TAMPERED.
*/
virtual bool allow_tampered_platform() const {
return allow_tampered_platform_;
}
/**
* Retrieves Widevine Security Profile DrmInfo of the device.
* Returns true if |drm_info| was successully populated.
*/
virtual bool GetDrmInfo(WvPLSecurityProfile::DrmInfo* drm_info) const;
/**
* Retrieves qualifying Widevine Default Security Profile names.
*/
virtual WvPLStatus GetQualifiedDefaultDeviceSecurityProfiles(
std::vector<std::string>* default_qualified_profile_names) const;
/**
* Retrieves qualifying Custom Security Profiles names given the owner name.
*/
virtual WvPLStatus GetQualifiedCustomDeviceSecurityProfiles(
const std::string& owner_name,
std::vector<std::string>* custom_qualified_profile_names) const;
// Return ok status if get content id information successful and |content_id|
// would be set, else return failure and |content_id| would not be set
WvPLStatus GetContentId(std::string* content_id) const;
protected:
void set_license_request_from_cdm(const std::string& request_from_cdm) {
license_request_from_cdm_ = request_from_cdm;
}
const video_widevine::DrmRootCertificate* drm_root_certificate_;
std::string user_agent_;
std::string device_id_;
std::string content_id_;
std::vector<WvPLKey> keys_;
WvPLPlaybackPolicy policy_;
WvPLSessionInit session_init_;
WvPLWidevinePsshData pssh_data_;
std::unique_ptr<video_widevine::ClientIdentification> client_id_;
std::unique_ptr<video_widevine::ProvisionedDeviceInfo>
provisioned_device_info_;
bool has_pssh_data_ = false;
bool has_client_id_ = false;
PlatformVerificationStatus platform_verification_status_ =
PLATFORM_NO_VERIFICATION;
std::unique_ptr<video_widevine::SignedMessage>
signed_message_request_from_cdm_;
std::string license_request_from_cdm_;
std::string remote_attestation_cert_serial_number_;
std::unique_ptr<video_widevine::LicenseRequest> sdk_license_request_;
WvPLRequestType request_type_;
bool has_session_state_ = false;
bool has_encrypted_client_id_ = false;
std::string provider_;
std::string provider_iv_;
std::string provider_key_;
virtual WvPLStatus VerifyRemoteAttestation();
// Returns the WvPL Client Capabilities information for the license request
// handled by this session.
WvPLStatus GetWvPLClientCapabilities(
const video_widevine::ClientIdentification& client_id,
WvPLClientCapabilities* client_capabilities) const;
// Copy and translates the Key fields from a WvPL Key into an SDK
// key container.
// Copies
// (1) key id
// (2) key
// (3) video_resolution_constraints
// (4) output protection using CopyOutputProtection
// (5) security_level using CopySecurityLevel
// Translates
// (1) key type
void CopyKey(const WvPLKey& wvpl_key,
video_widevine::License_KeyContainer* sdk_key_container);
// Copies/translates output_protection in WvPL Key into an SDK key container.
virtual void CopyOutputProtection(
const WvPLOutputProtection& wvpl_output_protection,
video_widevine::License_KeyContainer_OutputProtection* output_protection);
// Copies/translatessecurity_level in WvPL Key into an SDK key container.
virtual void CopySecurityLevel(
const WvPLOutputProtection& output_protection, TrackType track_type,
video_widevine::License_KeyContainer* key_container);
// Copies/translates the policy from a WvPL policy into an SDK policy. A
// helper function for GenerateLicenseRequestAsJSON.
virtual void CopyPlaybackPolicy(const WvPLPlaybackPolicy& wvpl_policy,
video_widevine::License_Policy* sdk_policy);
// Copy the |hdcp_value| into the key container.
virtual void CopyHDCP(
HDCP hdcp_value,
video_widevine::License_KeyContainer_OutputProtection* output_protection);
// Copy the WvPLSession Init into Session Init.
virtual void CopySessionInit(const WvPLSessionInit& wvpl_session_init,
video_widevine::SessionInit* session_init);
// Copy the WvPLDeviceInfo into ProvisionedDeviceInfo.
virtual void CopyProvisionedDeviceInfo(
const WvPLDeviceInfo& wvpl_device_info,
video_widevine::ProvisionedDeviceInfo* device_info);
// Populate deviceInfo, clientIdentification and psshdata for license request.
WvPLStatus ParseLicenseRequest();
// Copy the WvPLSessionState to SessionState.
void CopySessionState(const WvPLSessionState& wvpl_session_state,
video_widevine::SessionState* session_state);
// Set system_id value. Only used for test case.
virtual void SetSystemId(uint32_t system_id);
// Return has_system_id_ value. True if session has system id.
virtual bool HasSystemId() const;
// Return system_id value in uint32_t. The function will crash if it does not
// have system_id.
virtual uint32_t GetSystemId() const;
// Set drm serial number. Only used for test case.
virtual void SetDrmSerialNumber(const std::string& drm_serial_number);
// Return drm serial number.
virtual std::string GetDrmSerialNumber() const;
/**
* Use system_id to loop up device info.
*
* @return WvPLStatus - Status::OK if success, else error.
*/
virtual WvPLStatus LookupDeviceInfo(
uint32_t system_id,
video_widevine::ProvisionedDeviceInfo* provisioned_device_info) const;
virtual const std::string TrackTypeToString(TrackType track_type) const;
virtual bool has_policy() { return has_policy_; }
virtual const video_widevine::SecurityProfileList*
device_security_profile_list() {
return device_security_profile_list_;
}
// Set the provider which hosts this service.
virtual void set_provider(const std::string& provider) {
provider_ = provider;
}
// Set the iv specified for the provider.
virtual void set_provider_iv(const std::string& provider_iv) {
provider_iv_ = provider_iv;
}
// Set the key specified for the provider.
virtual void set_provider_key(const std::string& provider_key) {
provider_key_ = provider_key;
}
DeviceStatus GetDeviceStatus(video_widevine::DeviceCertificateStatus::Status
device_certificate_status) const;
private:
std::unique_ptr<uint32_t> system_id_;
bool has_policy_ = false;
bool allow_unverified_platform_ = true;
bool allow_tampered_platform_ = true;
bool reject_unknown_make_model_ = false;
const video_widevine::SecurityProfileList* device_security_profile_list_ =
nullptr;
};
} // namespace wv_pl_sdk
} // namespace video_widevine_server
#endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_SESSION_H_

119
ubuntu/cc_header/wvpl_session.h Normal file
View File

@@ -0,0 +1,119 @@
// Copyright 2017 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_EXTERNAL_COMMON_WVPL_WVPL_SESSION_H_
#define VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_EXTERNAL_COMMON_WVPL_WVPL_SESSION_H_
#include <stdint.h>
#include <string>
#include <vector>
#include "license_server_sdk/public/session.h"
#include "sdk/external/common/wvpl/wvpl_sdk_session.h"
#include "sdk/external/common/wvpl/wvpl_types.h"
#include "protos/public/errors.pb.h"
#include "protos/public/license_server_sdk.pb.h"
#include "protos/public/oem_key_container.pb.h"
#include "protos/public/playready.pb.h"
#include "protos/public/widevine_pssh.pb.h"
namespace video_widevine {
class Session;
} // namespace video_widevine
namespace video_widevine_server {
namespace wv_pl_sdk {
// Because we do not want to export wvpl_license_counter.h outside google3, add
// WvPLLicenseCounter here.
class WvPLLicenseCounter;
// major version to line up with latest released OEMCryptoAPI version.
const uint32_t kMajorVersion = 16;
const uint32_t kMinorVersion = 5;
const uint32_t kRelease = 0;
// Once a Widevine environment object is successfully initialized, generate a
// Widevine session object for each license request. CreateSession() parses
// the request and validates the request by verifying the signature. If
// successful, a session object is created and OK is returned.
// Once a Widevine session object is successfully created, setup the session
// object with the policy and keys. Call AddKey() multiple times for each key.
class WvPLSession : public WvPLSDKSession {
public:
WvPLSession();
~WvPLSession() override;
// Generates the license for sending back to the Widevine client. Caller owns
// |license|.
virtual WvPLStatus GenerateLicense(std::string* license);
// Set the session state.
virtual void set_session_state(const WvPLSessionState& wvpl_session_state) {
wvpl_session_state_ = wvpl_session_state;
has_session_state_ = true;
}
// Get the session state.
virtual const WvPLSessionState& session_state() const {
return wvpl_session_state_;
}
bool has_sdk_session() { return !(sdk_session_ == nullptr); }
PlatformVerificationStatus VerifyPlatform() override;
// Returns a std::string containing the WVPL version in the form:
// <major_version>.<minor_version>.<release>
static std::string GetVersionString();
// TODO(b/193921795): this API will be deprecated since end-Q3 2021 release.
// Please use GetDeviceInfo() instead.
// Returns true if a provisioned device info exists. Populates the specified
// |device_info| structure.
virtual bool GetProvisionedDeviceInfo(WvPLDeviceInfo* device_info) const;
// Populates the specified |device_info| structure. This API works only for
// * NEW license requests.
// * RENEWAL/RELEASE requests that include a Client Identification.
WvPLStatus GetDeviceInfo(WvPLDeviceInfo* device_info) const override;
protected:
// This class takes ownership of |sdk_session|. This class keeps a pointer
// to |license_counter| but the caller maintains ownership of
// |license_counter|. Both arguments must not be NULL.
WvPLSession(
const video_widevine::DrmRootCertificate* drm_root_certificate,
video_widevine::Session* sdk_session, WvPLLicenseCounter* license_counter,
const video_widevine::SecurityProfileList* device_security_profile_list);
video_widevine::Session* sdk_session() { return sdk_session_; }
void set_sdk_session(video_widevine::Session* sdk_session) {
sdk_session_ = sdk_session;
}
// Sets the license counter to use. The caller maintains ownership of
// |license_counter| but this class keeps a pointer to |license_counter|.
void set_license_counter(WvPLLicenseCounter* license_counter) {
license_counter_ = license_counter;
}
void CopyOemKey(const WvPLKey& wvpl_key,
video_widevine::OemKeyContainer* oem_key_container);
private:
friend class WvPLEnvironment;
friend class WvPLEnvironmentTest;
friend class WvPLSessionTest;
video_widevine::Session* sdk_session_ = nullptr;
WvPLLicenseCounter* license_counter_ = nullptr;
WvPLSessionState wvpl_session_state_;
video_widevine::SessionState session_state_;
};
} // namespace wv_pl_sdk
} // namespace video_widevine_server
#endif // VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_EXTERNAL_COMMON_WVPL_WVPL_SESSION_H_