WvPL License SDK release: 16.5.0 update with cc header files.

ubuntu/cc_header/drm_root_certificate.h

@@ -0,0 +1,105 @@
+// Copyright 2013 Google LLC. All rights reserved.
+// Author: tinskip@google.com (Thomas Inskip)
+//
+// Description:
+//   Root device certificate holder class which deserializes, validates,
+//   and extracts the root certificate public key.
+
+#ifndef VIDEO_WIDEVINE_EXPORT_COMMON_DRM_ROOT_CERTIFICATE_H_
+#define VIDEO_WIDEVINE_EXPORT_COMMON_DRM_ROOT_CERTIFICATE_H_
+
+// common_typos_disable. Successful / successfull.
+
+#include <cstdint>
+#include <memory>
+#include <string>
+
+#include "common/certificate_type.h"
+#include "common/status.h"
+#include "protos/public/drm_certificate.pb.h"
+
+namespace video_widevine {
+
+class RsaKeyFactory;
+class RsaPublicKey;
+class SignedDrmCertificate;
+class VerifiedCertSignatureCache;
+
+// Root certificate and certificate chain verifier with internal caching.
+// This object is thread-safe.
+class DrmRootCertificate {
+ public:
+  DrmRootCertificate(const DrmRootCertificate&) = delete;
+  DrmRootCertificate& operator=(const DrmRootCertificate&) = delete;
+
+  virtual ~DrmRootCertificate();
+
+  // Creates a DrmRootCertificate object given a certificate type.
+  // |cert| may not be nullptr, and it points to a
+  // std::unique_ptr<DrmRootCertificate> which will be used to return a newly
+  // created const DrmRootCertificate* if successful. The caller assumes
+  // ownership of the new DrmRootCertificate. This method returns
+  // Status::OK on success, or appropriate error status otherwise.
+  static Status CreateByType(CertificateType cert_type,
+                             std::unique_ptr<DrmRootCertificate>* cert);
+
+  // Variant on the method above to make CLIF happy until b/110539622 is fixed.
+  static std::unique_ptr<DrmRootCertificate> CreateByType(
+      CertificateType cert_type, Status* status);
+
+  // Creates a DrmRootCertificate object given a certificate type string, which
+  // must be one of "prod", "qa", or "test".
+  // |cert| may not be nullptr, and it points to a
+  // std::unique_ptr<DrmRootCertificate> which will be used to return a newly
+  // created const DrmRootCertificate* if successful. The caller assumes
+  // ownership of the new DrmRootCertificate. This method returns
+  // Status::OK on success, or appropriate error status otherwise.
+  static Status CreateByTypeString(const std::string& cert_type_string,
+                                   std::unique_ptr<DrmRootCertificate>* cert);
+
+  // |certificate| will contgain the DRM certificate upon successful return.
+  // May be null.
+  // Returns Status::OK if successful, or an appropriate error code otherwise.
+  virtual Status VerifyCertificate(const std::string& serialized_certificate,
+                                   SignedDrmCertificate* signed_certificate,
+                                   DrmCertificate* certificate) const;
+
+  // Returns the hex-encoded SHA-256 digest for this certificate.
+  virtual std::string GetDigest() const;
+
+  const CertificateType type() const { return type_; }
+
+  virtual const std::string& public_key() const {
+    return root_cert_.public_key();
+  }
+
+ protected:
+  DrmRootCertificate(CertificateType cert_type,
+                     const std::string& serialized_certificate,
+                     const std::string& serial_number,
+                     const std::string& public_key,
+                     std::unique_ptr<RsaKeyFactory> key_factory);
+
+ private:
+  friend class DrmRootCertificateTest;
+
+  static Status Create(CertificateType cert_type,
+                       std::unique_ptr<RsaKeyFactory> key_factory,
+                       std::unique_ptr<DrmRootCertificate>* cert);
+
+  Status VerifySignatures(const SignedDrmCertificate& signed_cert,
+                          const std::string& cert_serial_number, bool use_cache,
+                          uint32_t* certs_in_chain) const;
+
+  CertificateType type_;
+  std::string serialized_certificate_;
+  DrmCertificate root_cert_;
+  // TODO(b/143309971): Either add an ec key_factory object, or drop the rsa
+  // |key_factory_|.
+  std::unique_ptr<RsaKeyFactory> key_factory_;
+  mutable std::unique_ptr<VerifiedCertSignatureCache> signature_cache_;
+};
+
+}  // namespace video_widevine
+
+#endif  // VIDEO_WIDEVINE_EXPORT_COMMON_DRM_ROOT_CERTIFICATE_H_