widevine-partner/wvpl_license_sdk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

WvPL License SDK release: 16.5.0 update with cc header files.

Browse Source
This commit is contained in:
Buildbot
2021-12-03 20:46:36 +00:00
parent 4db51c1c61
commit 0b20fb7737
66 changed files with 116360 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

227
ubuntu/cc_header/environment_impl.h Normal file
View File

@@ -0,0 +1,227 @@
// Copyright 2021 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_INTERNAL_ENVIRONMENT_IMPL_H_
#define VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_INTERNAL_ENVIRONMENT_IMPL_H_
#include <cstdint>
#include <list>
#include <map>
#include <memory>
#include <string>
#include <cstdint>
#include "base/macros.h"
#include "absl/strings/string_view.h"
#include "absl/synchronization/mutex.h"
#include "common/core_message_util.h"
#include "common/security_profile_list.h"
#include "common/status.h"
#include "license_server_sdk/internal/session_usage_report.h"
#include "common/crypto_util.h"
#include "protos/public/client_identification.pb.h"
#include "protos/public/device_certificate_status.pb.h"
#include "protos/public/license_protocol.pb.h"
#include "protos/public/license_server_sdk.pb.h"
#include "protos/public/oem_key_container.pb.h"
#include "protos/public/provisioned_device_info.pb.h"
namespace video_widevine {
class ClientCert;
class ClientIdentification;
class DrmRootCertificate;
class Session;
class SessionInit;
class SessionImpl;
using oemcrypto_core_message::features::CoreMessageFeatures;
// Helper function to determine which provider client token to use.
std::string GetProviderClientToken(const SessionInit& session_init,
const ClientIdentification& client_id);
class EnvironmentImpl {
public:
explicit EnvironmentImpl(const DrmRootCertificate* root_cert);
// Set the custom device security profile list which is returned, from a call
// to Widevine PublishedDevicesService.
Status SetCustomDeviceSecurityProfiles(
absl::string_view serialized_signed_device_security_profiles);
// Set pre-provisioning keys system-wide. Map key is system_id, value.
// Value should be human-readable hex digits suitable for passing to
// absl::HexStringToBytes().
// Must be called before any other calls to this class. Calls are
// thread-safe, so the keys can be updated at any time.
void SetPreProvisioningKeys(const std::map<uint32_t, std::string>& keys);
void SetPreProvisioningKeys(const std::multimap<uint32_t, std::string>& keys);
Status AddDrmServiceCertificate(
const std::string& service_certificate,
const std::string& service_private_key,
const std::string& service_private_key_passphrase);
// Returns true if service certificate is loaded.
bool is_service_certificate_loaded();
// Set the certificate status list system-wide.
// |expiration_period| is the number of seconds until the
// certificate_status_list expires after its creation time
// (creation_time_seconds). If |allow_unknown_devices| is false, an error is
// returned if the device does not appear in the certificate_status_list.
Status SetCertificateStatusList(const std::string& certificate_status_list,
uint32_t expiration_period_seconds,
bool allow_unknown_devices);
// Enable delivery of licenses to client devices. This includes devices with
// TEST_ONLY status, and development platform verification certificates.
// Defaults to false.
void AllowDevelopmentClients(bool enable);
// Enable delivery of licenses to TEST_ONLY client devices.
// |device_list_make| is a comma separated list of devices to allow even
// if the device is in a TEST_ONLY state. This list wil be used only if
// AllowDevelopmentClient(false) is in use.
void AllowTestOnlyDevicesByMake(const std::string& device_list_make);
// Enable delivery of licenses to TEST_ONLY client devices.
// |device_list_provider| is a comma separated list of providers to allow
// even if the device is in a TEST_ONLY state. This list wil be used only if
// AllowDevelopmentClient(false) is in use.
void AllowTestOnlyDevicesByProvider(const std::string& device_list_provider);
// Enable delivery of licenses to revoked client devices. |system_id_list| is
// a comma separated list of systems Ids to allow even if the device is in the
// revoked state.
void AllowRevokedDevices(const std::string& system_id_list);
// A comma separated list of DRM Certificate Serial Numbers that are revoked.
void RevokedDrmCertificateSerialNumbers(
const std::string& drm_certificate_serial_numbers);
// Restriction on core message features. If this is an empty string, the
// default feature set is used. If it is an integer, that is the ODK version
// supported.
void SetCoreMessageFeatures(const std::string& core_message_features);
// Generates a SignedMessage containing a message generated in response to
// an error condition. |status| is a previous error status returned by the
// Session or Status(error::UNAVAILABLE, ...) to indicate that the
// backend is unavailable, |signed_message| points to a std::string to contain the
// serialized SignedMessage, and may not be NULL. This method returns true if
// there is an error license to be sent to the client, or false otherwise.
// Example usage in the CreateSession() comments above.
bool GenerateErrorResponse(const Status& status,
std::string* signed_message_bytes);
// Generates a SignedMessage containing a service certifcate for the specified
// |provider|. Returns false if |provider| does not exist. Returns the
// default service certificate if |provider| is empty.
bool GenerateServiceCertificateResponse(const std::string& provider,
std::string* signed_message_bytes);
// DeriveKey uses the NIST 800-108 KDF recommendation, using AES-CMAC PRF.
// NIST 800-108:
// http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf
// AES-CMAC:
// http://tools.ietf.org/html/rfc4493
std::string DeriveKey(const std::string& key, const std::string& label,
const std::string& context, const uint32_t size_bits);
// Returns a std::string containing the Widevine License Server SDK version in the
// form <major_version>.<minor_version>.<release> <build date> <build time> .
std::string GetSdkVersionString();
// Generate a signed request to be sent to Widevine Certificate Provisioning
// Server to retrieve 'DeviceCertificateStatusList'.
Status GenerateDeviceStatusListRequest(
std::string* signed_device_certificate_status_list_request);
// If set to true, adds SDK and server version information to the license
// response.
void SetIncludeVersionInfoInLicense(bool include_version_info);
// Sets the service version information which can be included with the license
// response. If SetIncludeVersionInfoInLicense() is set to true and the server
// version is not empty, then the server version will be included in the
// license response. The host_version must be <= 32 characters and limited to
// alphanumeric and '_', '-', ':', ';'and '.'.
bool SetHostServerVersion(const std::string& host_version);
void SetDefaultDeviceSecurityProfileList(SecurityProfileList* profile_list);
// Return a list of the default profile names.
Status GetDefaultDeviceSecurityProfileNames(
std::vector<std::string>* profile_names) const;
// Return the default profile associated with |profile_name|.
Status GetDefaultDeviceSecurityProfile(
absl::string_view profile_name,
SecurityProfile* device_security_profile) const;
// Obtain the owner list for custom profiles.
Status GetCustomDeviceSecurityProfileOwners(
std::vector<std::string>* custom_profile_owners) const;
// Return a list of custom profile names associated with |owner_name|.
Status GetCustomDeviceSecurityProfileNames(
absl::string_view owner_name,
std::vector<std::string>* profile_names) const;
// Return the custom profiles associated with |owner_name|.
Status GetCustomDeviceSecurityProfiles(
absl::string_view owner_name,
std::vector<SecurityProfile>* custom_device_security_profiles) const;
// Return device security profile list pointer.
video_widevine::SecurityProfileList* device_security_profile_list() const;
// Specify a comma separated list of system Ids that can support having
// OEMCrypto version, as specified in the license request, reflected back in
// the Key Control Block which is used by partner. Otherwise, only 'kctl' or
// 'kc09' is returned in KCB.
void SetDevicesToHandleOEMCryptoVersionInKCB(
const std::string& system_id_list);
// Return drm root certificate pointer.
const DrmRootCertificate* drm_root_certificate() const;
CoreMessageFeatures core_message_features() const;
bool include_version_info_in_license() const;
// If |auto_set_provider_session_token| is 'true', the provider session token
// may be automatically set,
//
// The default setting for |auto_set_provider_session_token| is 'true'.
virtual void SetAutosetProviderSessionToken(
bool auto_set_provider_session_token) {
auto_set_provider_session_token_ = auto_set_provider_session_token;
}
// Returns the setting as to whether the provider session token will be
// automatically set.
virtual bool GetAutosetProviderSessionToken() const {
return auto_set_provider_session_token_;
}
virtual ~EnvironmentImpl();
private:
// This function wrapper allows safe static creation of the version string.
std::string* GetHostVersionString();
bool include_version_info_in_license_ = true;
bool is_service_certificate_loaded_ = false;
CoreMessageFeatures core_message_features_ =
CoreMessageFeatures::kDefaultFeatures;
bool auto_set_provider_session_token_ = true;
// DRM root certificate used for verifying all other DRM certificates.
const DrmRootCertificate* drm_root_certificate_;
mutable absl::Mutex profile_mutex_;
SecurityProfileList* profile_list_ ABSL_GUARDED_BY(profile_mutex_);
};
} // namespace video_widevine
#endif // VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_INTERNAL_ENVIRONMENT_IMPL_H_