widevine-partner/wvpl_license_sdk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

WvPL License SDK release: 17.0.1

Browse Source
This commit is contained in:
Buildbot
2022-04-22 02:33:19 +00:00
parent 0b20fb7737
commit 743f4faefe
254 changed files with 12886 additions and 3492 deletions
Download Patch File Download Diff File Expand all files Collapse all files

320
centos/cc_header/session.h
View File

@@ -1,7 +1,7 @@
// Copyright 2017 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_PUBLIC_SESSION_H__
#define VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_PUBLIC_SESSION_H__
#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVDRM_LICENSE_SERVER_SDK_SESSION_H_
#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVDRM_LICENSE_SERVER_SDK_SESSION_H_
#include <cstdint>
#include <list>
@@ -20,6 +20,7 @@
#include "protos/public/license_server_sdk.pb.h"
#include "protos/public/oem_key_container.pb.h"
#include "protos/public/security_profile.pb.h"
#include "protos/public/provider_key.pb.h"
namespace video_widevine {
@@ -42,242 +43,6 @@ class SessionUsage;
// global settings and create new sessions.
class Session {
public:
// Specify a comma separated list of system Ids that can support having
// OEMCrypto version, as specified in the license request, reflected back in
// the Key Control Block which is used by partner. Otherwise, only 'kctl' or
// 'kc09' is returned in KCB.
// TODO(tinskip): What is this, and can we do it better? Seems like something
// that would be better in the ClientCapabilities or device metadata.
static void SetDevicesToHandleOEMCryptoVersionInKCB(
const std::string& system_id_list);
// Set pre-provisioning keys system-wide. Map key is system_id, value.
// Value should be human-readable hex digits encoded bytes.
// Must be called before any other calls to this class. Calls are
// thread-safe, so the keys can be updated at any time.
static void SetPreProvisioningKeys(
const std::map<uint32_t, std::string>& keys);
static void SetPreProvisioningKeys(
const std::multimap<uint32_t, std::string>& keys);
// Set the certificate status list system-wide. |root_cert| is the root
// certificate which signed the DCSL.
// |expiration_period| is the number of seconds until the
// certificate_status_list expires after its creation time
// (creation_time_seconds). If |allow_unknown_devices| is false, an error is
// returned if the device does not appear in the certificate_status_list.
static Status SetCertificateStatusList(
const DrmRootCertificate* root_cert,
const std::string& certificate_status_list,
uint32_t expiration_period_seconds, bool allow_unknown_devices);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Add a service certificate system-wide. |root_cert| is the root certificate
// which signed the service certificate; |service_certificate| is a
// Google-generated certificate used to authenticate the service provider for
// purposes of device privacy; |service_private_key| is the encrypted PKCS#8
// private RSA key corresponding to the service certificate; and
// |service_private_key_passphrase| is the password required to decrypt
// |service_private_key|.
static Status AddDrmServiceCertificate(
const DrmRootCertificate* root_cert,
const std::string& service_certificate,
const std::string& service_private_key,
const std::string& service_private_key_passphrase);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Enable delivery of licenses to client devices. This includes devices with
// TEST_ONLY status, and development platform verification certificates.
// Defaults to false.
static void AllowDevelopmentClients(bool enable);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Enable delivery of licenses to TEST_ONLY client devices.
// |device_list_make| is a comma separated list of devices to allow even
// if the device is in a TEST_ONLY state. This list wil be used only if
// AllowDevelopmentClient(false) is in use.
static void AllowTestOnlyDevices(const std::string& device_list_make) {
AllowTestOnlyDevicesByMake(device_list_make);
}
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
static void AllowTestOnlyDevicesByMake(const std::string& device_list_make);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Enable delivery of licenses to TEST_ONLY client devices.
// |device_list_provider| is a comma separated list of provider to allow
// even if the device is in a TEST_ONLY state. This list wil be used only if
// AllowDevelopmentClient(false) is in use.
static void AllowTestOnlyDevicesByProvider(
const std::string& device_list_provider);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Enable delivery of licenses to revoked client devices. |system_id_list| is
// a comma separated list of systems Ids to allow even if revoked.
static void AllowRevokedDevices(const std::string& system_id_list);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// A comma separated list of DRM Certificate Serial Numbers that are revoked.
static void RevokedDrmCertificateSerialNumbers(
const std::string& drm_certificate_serial_numbers);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Restriction on core message features. If this is an empty string, the
// default feature set is used. If it is an integer, that is the ODK version
// supported.
static void SetCoreMessageFeatures(const std::string& core_message_features);
// Creates a Session object.
// |root_cert| is the root certificate to be used to validate client
// credentials.
// |signed_license_request| is the serialized SignedMessage received from the
// client. |session| points to a Session*, which must be initialized to NULL
// on entry, but |session| itself may not be NULL. The new Session object will
// be owned by the caller. This method returns Status::OK if successful,
// or an appropriate error status, in which case
// Session::GenerateErrorResponse should be invoked.
// Example usage:
// Session* session = NULL;
// Status status = Session::Create(root_cert, request_from_client,
// &session);
// if (!status.ok()) {
// std::string error_license;
// if (Session::GenerateErrorResponse(status, &error_license)) {
// // Send error_license to the client.
// } else {
// // Handle error
// }
// return ...
// }
// // Create license, invoke GenerateSignedLicense, etc.
static Status Create(const DrmRootCertificate* root_cert,
const std::string& signed_license_request,
Session** session);
// Create a session for generating a license. This variation of Create takes
// options to allow for the creation of the session to succeed even if the
// device is revoked.
static Status CreateWithOptions(const DrmRootCertificate* root_cert,
const std::string& signed_license_request,
const SessionCreateOptions& options,
Session** session);
// Variation of Session::Create which also fills in the parsed LicenseRequest,
// for use in logging or debugging.
static Status Create(const DrmRootCertificate* root_cert,
const std::string& signed_license_request,
const SessionCreateOptions& options, Session** session,
LicenseRequest* parsed_request_out);
// Same as Create(), but caller can specify the ClientIdentification
// message and/or PlatformVerificationStatus. If ClientIdentification is
// specified, this variation of Create() will use the specified |client_id|
// instead of what is specified in |signed_license_request|. If
// PlatformVerificationStatus is specified, this method will use the specified
// |platform_verification_status| instead of attempting to determine it.
// Background for this function is to support cases where the client
// identification is encrypted with the provider's service certificate in
// which case we won't be able to decrypt OR when the provider determines
// platform verification. The provider will specify the
// clear client identification in |client_id| and the platform verification
// in |platform_verification_status|.
static Status CreateForProxy(
const DrmRootCertificate* root_cert,
const std::string& signed_license_request,
const PlatformVerificationStatus platform_verification_status,
const ClientIdentification* client_id,
const SessionCreateOptions& options, Session** session,
LicenseRequest* parsed_request_out);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Generates a SignedMessage containing a message generated in response to
// an error condition. |status| is a previous error status returned by the
// Session or Status(error::UNAVAILABLE, ...) to indicate that the
// backend is unavailable, |signed_message| points to a std::string to contain the
// serialized SignedMessage, and may not be NULL. This method returns true if
// there is an error license to be sent to the client, or false otherwise.
// Example usage in the Session::Create comments above.
static bool GenerateErrorResponse(const Status& status,
std::string* signed_message_bytes);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Generates a SignedMessage containing a service certificate for the
// specified |provider_id|. This method returns true if a service certificate
// exist for the provider.
static bool GenerateServiceCertificateResponse(
const std::string& provider_id, std::string* signed_message_bytes);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// DeriveKey uses the NIST 800-108 KDF recommendation, using AES-CMAC PRF.
// NIST 800-108:
// http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf
// AES-CMAC:
// http://tools.ietf.org/html/rfc4493
static std::string DeriveKey(const std::string& key, const std::string& label,
const std::string& context,
const uint32_t size_bits);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Returns a std::string containing the Widevine License Server SDK version in the
// form <major_version>.<minor_version>.<release> <build date> <build time> .
static std::string GetSdkVersionString();
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// If set to true, adds SDK and server version information to the license
// response.
static void SetIncludeVersionInfoInLicense(bool include_version_info);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Sets the service version information which can be included with the license
// response. If SetIncludeVersionInfoInLicense() is set to true and the server
// version is not empty, then the server version will be included in the
// license response. The host_version must be <= 32 characters and limited to
// alphanumeric and '_', '-', ':', ';', ' ', '/' and '.'.
static void SetHostServerVersion(const std::string& host_version);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Generate a signed request to be sent to Widevine Certificate Provisioning
// Server to retrieve 'DeviceCertificateStatusList'.
static Status GenerateDeviceStatusListRequest(
std::string* signed_device_certificate_status_list_request);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Set the custom device security profile list which is returned, from a call
// to Widevine PublishedDevicesService.
static Status SetCustomDeviceSecurityProfiles(
const DrmRootCertificate* root_cert,
absl::string_view serialized_signed_device_security_profiles);
virtual ~Session();
virtual const LicenseRequest& request() const;
virtual const std::string& GetSessionId();
@@ -385,47 +150,6 @@ class Session {
// 'Provider' making the request.
virtual void set_provider(const std::string& provider);
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Obtain the owner list for custom profiles.
virtual Status GetCustomDeviceSecurityProfileOwners(
std::vector<std::string>* custom_profile_owners) const;
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Return a list of custom profile names associated with |owner_name|.
virtual Status GetCustomDeviceSecurityProfileNames(
absl::string_view owner_name,
std::vector<std::string>* profile_names) const;
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Return the custom profiles associated with |owner_name|.
virtual Status GetCustomDeviceSecurityProfiles(
absl::string_view owner_name,
std::vector<SecurityProfile>* custom_device_security_profiles) const;
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Return a list of default profile names obtained from default profiles.
// The input argument |profile_names| cannot be null and it will be replaced
// by the results.
// For any non-ok status, |profile_names| won't be modified.
virtual Status GetDefaultDeviceSecurityProfileNames(
std::vector<std::string>* profile_names) const;
// Deprecated.
// TODO(b/187189998): This API is now available in environment.h. It will be
// removed from this header file in the mid-Q3 2021 SDK release.
// Return the default profile associated with |profile_name|.
virtual Status GetDefaultDeviceSecurityProfile(
absl::string_view profile_name,
SecurityProfile* device_security_profile) const;
// Return the device status such as as RELEASED or REVOKED.
virtual DeviceCertificateStatus::Status GetDeviceStatus() const;
@@ -445,28 +169,6 @@ class Session {
// Retrieves the request type.
virtual LicenseRequest::RequestType request_type() const;
// Deprecated.
// TODO(b/200839386): This API is now available in environment.h. It will be
// removed from this header file in the Q4 2021 SDK release.
// If |auto_set_provider_session_token| is 'true', the provider session token
// will be automatically set,
// * if the provider session token has not been specified.
// * for OFFLINE requests
// * if Policy.can_persist is set to 'true'.
// * if Policy.can_renew is set to 'true'.
// * if OEMCryptoVersion of the client making the request is at least 16.
//
// The default setting for |auto_set_provider_session_token| is 'true'.
virtual void set_auto_set_provider_session_token(
bool auto_set_provider_session_token);
// Deprecated.
// TODO(b/200839386): This API is now available in environment.h. It will be
// removed from this header file in the Q4 2021 SDK release.
// Returns the setting as to whether the provider session token will be
// automatically set.
virtual bool auto_set_provider_session_token() const;
protected:
Session(std::shared_ptr<EnvironmentImpl> env_impl,
std::unique_ptr<SessionImpl> impl);
@@ -484,26 +186,12 @@ class Session {
Session& operator=(const Session&) = delete;
#endif
// Session::Create which also fills in the parsed
// ExternalLicenseRequest. Used to create a Session object.
static Status Create(const DrmRootCertificate* root_cert,
SignedMessage* signed_message, Session** session,
ExternalLicenseRequest* parsed_request_out);
explicit Session(std::unique_ptr<SessionImpl> impl);
explicit Session(std::unique_ptr<ExternalPlayReadySessionImpl>
external_playready_session_impl);
std::shared_ptr<EnvironmentImpl> env_impl_;
std::unique_ptr<SessionImpl> impl_;
std::unique_ptr<ExternalPlayReadySessionImpl>
external_playready_session_impl_;
static absl::Mutex profile_mutex_;
static std::unique_ptr<SecurityProfileList> security_profile_list_
ABSL_GUARDED_BY(profile_mutex_);
};
} // namespace video_widevine
#endif // VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_PUBLIC_SESSION_H__
#endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVDRM_LICENSE_SERVER_SDK_SESSION_H_