widevine-partner/wvpl_license_sdk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

WvPL License SDK release: 17.0.1

Browse Source
This commit is contained in:
Buildbot
2022-04-22 02:33:19 +00:00
parent 0b20fb7737
commit 743f4faefe
254 changed files with 12886 additions and 3492 deletions
Download Patch File Download Diff File Expand all files Collapse all files

260
centos/sdk/external/cpp/wvdrm/license_server_sdk/environment.h vendored Executable file
View File

@@ -0,0 +1,260 @@
// Copyright 2020 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVDRM_LICENSE_SERVER_SDK_ENVIRONMENT_H_
#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVDRM_LICENSE_SERVER_SDK_ENVIRONMENT_H_
#include <memory>
#include "absl/strings/string_view.h"
#include "absl/synchronization/mutex.h"
#include "common/drm_root_certificate.h"
#include "common/security_profile_list.h"
#include "common/status.h"
#include "sdk/external/cpp/wvdrm/license_server_sdk/session.h"
#include "sdk/internal/environment_impl.h"
namespace video_widevine {
constexpr char kWrappingKeyLabel[] = "ENCRYPTION";
constexpr uint32_t kWrappingKeySizeBits = 128;
constexpr char kSigningKeyLabel[] = "AUTHENTICATION";
constexpr uint32_t kSigningKeySizeBits = 256;
class Environment {
public:
Environment(absl::string_view provider, const DrmRootCertificate* root_cert);
virtual ~Environment();
// Add a service certificate system-wide.
// |service_certificate| is a Google-generated certificate used to
// authenticate the service provider for purposes of device privacy;
// |service_private_key| is the encrypted PKCS#8 private RSA key corresponding
// to the service certificate; and |service_private_key_passphrase| is the
// password required to decrypt |service_private_key|.
Status AddDrmServiceCertificate(
const std::string& service_certificate,
const std::string& service_private_key,
const std::string& service_private_key_passphrase);
// Returns true if service certificate is loaded.
bool is_service_certificate_loaded();
// Specify a comma separated list of system Ids that can support having
// OEMCrypto version, as specified in the license request, reflected back in
// the Key Control Block which is used by partner. Otherwise, only 'kctl' or
// 'kc09' is returned in KCB.
void SetDevicesToHandleOEMCryptoVersionInKCB(
const std::string& system_id_list);
// Set pre-provisioning keys system-wide. Map key is system_id, value.
// Value should be human-readable hex digits encoded bytes, e.g.
// 'preProvKeys.put(100, "f7008b38acc00ec68c732ac665c55c65")'. Must be called
// before any other calls to this class. Calls are thread-safe, so the keys
// can be updated at any time.
void SetPreProvisioningKeys(const std::map<uint32_t, std::string>& keys);
void SetPreProvisioningKeys(const std::multimap<uint32_t, std::string>& keys);
// Set the certificate status list system-wide.
// |expiration_period| is the number of seconds until the
// certificate_status_list expires after its creation time
// (creation_time_seconds). If |allow_unknown_devices| is false, an error is
// returned if the device does not appear in the certificate_status_list.
Status SetCertificateStatusList(const std::string& certificate_status_list,
uint32_t expiration_period_seconds,
bool allow_unknown_devices);
// Enable delivery of licenses to client devices. This includes devices with
// TEST_ONLY status, and development platform verification certificates.
// Defaults to false.
void AllowDevelopmentClients(bool enable);
// Enable delivery of licenses to TEST_ONLY client devices.
// |device_list_make| is a comma separated list of devices to allow even
// if the device is in a TEST_ONLY state. This list wil be used only if
// AllowDevelopmentClient(false) is in use.
void AllowTestOnlyDevicesByMake(const std::string& device_list_make);
// Enable delivery of licenses to TEST_ONLY client devices.
// |device_list_provider| is a comma separated list of provider to allow
// even if the device is in a TEST_ONLY state. This list wil be used only if
// AllowDevelopmentClient(false) is in use.
void AllowTestOnlyDevicesByProvider(const std::string& device_list_provider);
// Enable delivery of licenses to revoked client devices. |system_id_list| is
// a comma separated list of systems Ids to allow even if revoked.
void AllowRevokedDevices(const std::string& system_id_list);
// A comma separated list of DRM Certificate Serial Numbers that are revoked.
void RevokedDrmCertificateSerialNumbers(
const std::string& drm_certificate_serial_numbers);
// Restriction on core message features. If this is an empty string, the
// default feature set is used. If it is an integer, that is the ODK version
// supported. This restricts the features that the server will support in an
// oemcrypto core message. For example, we may restrict the server to never
// send a v17 message by setting the std::string to "16". For details, please see
// common/oemcrypto_core_message/odk/include/core_message_features.h
void SetCoreMessageFeatures(const std::string& core_message_features);
// Creates a Session object.
// |root_cert| is the root certificate to be used to validate client
// credentials.
// |signed_license_request| is the serialized SignedMessage received from the
// client. |session| points to a Session*, which must be initialized to NULL
// on entry, but |session| itself may not be NULL. The new Session object will
// be owned by the caller. This method returns Status::OK if successful,
// or an appropriate error status, in which case
// Environment::GenerateErrorResponse should be invoked.
// Example usage:
// Environment env = absl::make_unique<Environment>(kProvider,
// drm_root_cert);
// Session* session = NULL;
// Status status = env->CreateSession(request_from_client,&session);
// if (!status.ok()) {
// std::string error_license;
// if (env->GenerateErrorResponse(status, &error_license)) {
// // Send error_license to the client.
// } else {
// // Handle error
// }
// return ...
// }
// // Create license, invoke GenerateSignedLicense, etc.
Status CreateSession(const std::string& signed_license_request,
Session** session);
// Create a session for generating a license. This variation of Create takes
// options to allow for the creation of the session to succeed even if the
// device is revoked.
Status CreateSessionWithOptions(const std::string& signed_license_request,
const SessionCreateOptions& options,
Session** session);
// Variation of Environment::CreateSession which also fills in the parsed
// LicenseRequest, for use in logging or debugging.
Status CreateSession(const std::string& signed_license_request,
const SessionCreateOptions& options, Session** session,
LicenseRequest* parsed_request_out);
// Same as CreateSession(), but caller can specify the ClientIdentification
// message and/or PlatformVerificationStatus. If ClientIdentification is
// specified, this variation of Create() will use the specified |client_id|
// instead of what is specified in |signed_license_request|. If
// PlatformVerificationStatus is specified, this method will use the specified
// |platform_verification_status| instead of attempting to determine it.
// Background for this function is to support cases where the client
// identification is encrypted with the provider's service certificate in
// which case we won't be able to decrypt OR when the provider determines
// platform verification. The provider will specify the
// clear client identification in |client_id| and the platform verification
// in |platform_verification_status|.
Status CreateSessionForProxy(
const std::string& signed_license_request,
const PlatformVerificationStatus platform_verification_status,
const ClientIdentification* client_id,
const SessionCreateOptions& options, Session** session,
LicenseRequest* parsed_request_out);
// Generates a SignedMessage containing a message generated in response to
// an error condition. |status| is a previous error status returned by the
// Session or Status(error::UNAVAILABLE, ...) to indicate that the
// backend is unavailable, |signed_message| points to a std::string to contain the
// serialized SignedMessage, and may not be NULL. This method returns true if
// there is an error license to be sent to the client, or false otherwise.
// Example usage in the Environment::Create comments above.
bool GenerateErrorResponse(const Status& status,
std::string* signed_message_bytes);
// DeriveKey uses the NIST 800-108 KDF recommendation, using AES-CMAC PRF.
// NIST 800-108:
// http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf
// AES-CMAC:
// http://tools.ietf.org/html/rfc4493
std::string DeriveKey(const std::string& key, const std::string& label,
const std::string& context, const uint32_t size_bits);
// Returns a std::string containing the Widevine License Server SDK version in the
// form <major_version>.<minor_version>.<release> <build date> <build time> .
std::string GetSdkVersionString();
// If set to true, adds SDK and server version information to the license
// response.
void SetIncludeVersionInfoInLicense(bool include_version_info);
// Sets the service version information which can be included with the license
// response. If SetIncludeVersionInfoInLicense() is set to true and the server
// version is not empty, then the server version will be included in the
// license response. The host_version must be <= 32 characters and limited to
// alphanumeric and '_', '-', ':', ';', ' ', '/' and '.'.
void SetHostServerVersion(const std::string& host_version);
// Generate a signed request to be sent to Widevine Certificate Provisioning
// Server to retrieve 'DeviceCertificateStatusList'.
Status GenerateDeviceStatusListRequest(
std::string* signed_device_certificate_status_list_request);
// Set the custom device security profile list which is returned, from a call
// to Widevine PublishedDevicesService.
Status SetCustomDeviceSecurityProfiles(
absl::string_view serialized_signed_device_security_profiles);
// Return a list of the default profile names.
Status GetDefaultDeviceSecurityProfileNames(
std::vector<std::string>* profile_names) const;
// Return the default profile associated with |profile_name|.
Status GetDefaultDeviceSecurityProfile(
absl::string_view profile_name,
SecurityProfile* device_security_profile) const;
// Obtain the owner list for custom profiles.
Status GetCustomDeviceSecurityProfileOwners(
std::vector<std::string>* custom_profile_owners) const;
// Return a list of custom profile names associated with |owner_name|.
Status GetCustomDeviceSecurityProfileNames(
absl::string_view owner_name,
std::vector<std::string>* profile_names) const;
// Return the custom profiles associated with |owner_name|.
Status GetCustomDeviceSecurityProfiles(
absl::string_view owner_name,
std::vector<SecurityProfile>* custom_device_security_profiles) const;
// If |auto_set_provider_session_token| is 'true', the provider session token
// may be automatically set,
//
// The default setting for |auto_set_provider_session_token| is 'true'.
virtual void SetAutoSetProviderSessionToken(
bool auto_set_provider_session_token);
// Returns the setting as to whether the provider session token will be
// automatically set.
virtual bool GetAutoSetProviderSessionToken() const;
// Set the provider key used for L3 CDM.
// |provider_key_config_bytes| is a serialized ProviderKeyConfig proto
// message. Return OK if parsing is successful, otherwise an error is
// returned.
virtual Status SetProviderKeyConfig(
const std::string& provider_key_config_bytes);
private:
friend class EnvironmentTest;
// Environment::CreateSession which also fills in the parsed
// ExternalLicenseRequest. Used to create a Session object.
Status CreateSession(SignedMessage* signed_message, Session** session,
ExternalLicenseRequest* parsed_request_out);
std::string provider_;
std::unique_ptr<video_widevine::SecurityProfileList>
device_security_profile_list_;
std::shared_ptr<EnvironmentImpl> env_impl_;
// Provider key configuration assigned to a provider for use with L3 CDM.
ProviderKeyConfig provider_key_config_;
};
} // namespace video_widevine
#endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVDRM_LICENSE_SERVER_SDK_ENVIRONMENT_H_

197
centos/sdk/external/cpp/wvdrm/license_server_sdk/session.h vendored Executable file
View File

@@ -0,0 +1,197 @@
// Copyright 2017 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVDRM_LICENSE_SERVER_SDK_SESSION_H_
#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVDRM_LICENSE_SERVER_SDK_SESSION_H_
#include <cstdint>
#include <list>
#include <map>
#include <memory>
#include <string>
#include "absl/strings/string_view.h"
#include "absl/synchronization/mutex.h"
#include "common/status.h"
#include "protos/public/client_identification.pb.h"
#include "protos/public/device_certificate_status.pb.h"
#include "protos/public/drm_certificate.pb.h"
#include "protos/public/external_license.pb.h"
#include "protos/public/license_protocol.pb.h"
#include "protos/public/license_server_sdk.pb.h"
#include "protos/public/oem_key_container.pb.h"
#include "protos/public/security_profile.pb.h"
#include "protos/public/provider_key.pb.h"
namespace video_widevine {
class ClientIdentification;
class ContentInfo;
class DrmRootCertificate;
class ExternalPlayReadySessionImpl;
class License;
class LicenseRequest;
class ProvisionedDeviceInfo;
class SecurityProfile;
class SecurityProfileList;
class SessionImpl;
class EnvironmentImpl;
class SessionInit;
class SessionState;
class SessionUsage;
// TODO(tinskip): Rename this to LicenseSession and add LicenseEngine to hold
// global settings and create new sessions.
class Session {
public:
virtual ~Session();
virtual const LicenseRequest& request() const;
virtual const std::string& GetSessionId();
// Return list of Widevine profiles meeting the DRM requirements for this
// session.
virtual Status GetQualifiedDefaultDeviceSecurityProfiles(
std::vector<std::string>* qualified_profiles) const;
// Retrieves qualifying Custom Security Profiles names given the owner name.
virtual Status GetQualifiedCustomDeviceSecurityProfiles(
absl::string_view owner_name,
std::vector<std::string>* custom_qualified_profile_names) const;
// Returns true if a provisioned device info exists. Caller
// owns |provisioned_device_info| and it must not be null.
virtual bool GetProvisionedDeviceInfo(
video_widevine::ProvisionedDeviceInfo* device_info);
// Accessor for request_id field which may be encoded in one of multiple
// places in the liciense request protcol buffer. Use this method instead
// of accessing directly. |request_id| is a pointer to a std::string to contain
// the request ID upon successful return.
virtual Status GetRequestId(std::string* request_id) const;
// Accessor for license_type field which may be encoded in one of multiple
// places in the license request protocol buffer. Use this method instead
// of accessing directly. |license_type| is a pointer to a value to contain
// the license type upon successful return.
virtual Status GetLicenseType(LicenseType* license_type) const;
// Method used to get ContentIdentification in a consistent message regardless
// of the type or version of initialization data contained in the content_id
// field of the license request. Use this method instead of accessing the
// fields of ContentIdentification directly. |content_info| is a pointer to a
// message to contain the parsed values from content_id upon successful
// return.
virtual Status GetContentInfo(ContentInfo* content_info) const;
// Returns the serial number of certificate associated with this device and
// content provider.
virtual std::string GetDrmDeviceId() const;
// Copies the session usage table from license request to |usage_report|.
// Returns true if session usage exist in the license request, otherwise
// returns false.
bool GetSessionUsage(SessionUsage* usage_report) const;
// Returns true if client info exists, otherwise returns false. Populate the
// specified |client_info| structure.
virtual bool GetClientInfo(ClientIdentification* client_info) const;
// Generates a serialized signed License response, emptying |policy| and
// |key_container|, encrypting the keys therein. |session_init| and
// |session_state| are returned to be cached and provided in subsequent
// calls to the function. If no additional PolicyItem or KeyContainer objects
// are necessary to fulfill the request (such as the case with license
// renewal), |policy| and/or |key_container| may be NULL.
// The response is expected to be sent to the Widevine CDM.
virtual Status GenerateSignedLicense(
/*IN*/ const License::Policy* policy,
/*IN*/ const std::list<License::KeyContainer>* key_container,
/*IN*/ const SessionInit* session_init,
/*INOUT*/ SessionState* session_state,
/*OUT*/ std::string* signed_message_bytes);
virtual PlatformVerificationStatus GetPlatformVerificationStatus() const;
// Returns the service id of the provider that owns the device certificate.
virtual std::string GetDrmDeviceServiceId() const;
// Returns true, if the license request for this session included a key
// control nonce, else false.
virtual bool HasKeyControlNonce() const;
// If set to 'true', allow licenses to be generated even if VMP data was
// determined to be video_widevine::PLATFORM_UNVERIFIED.
virtual void set_allow_unverified_platform(bool allow_unverified_platform);
// Return the setting of whether licenses are allowed to be generated even
// when VMP data was determined to be video_widevine::PLATFORM_UNVERIFIED.
virtual bool allow_unverified_platform() const;
// If set to 'true', allow licenses to be generated even if VMP data was
// determined to be video_widevine::PLATFORM_TAMPERED.
virtual void set_allow_tampered_platform(bool allow_tampered_platform);
/**
* If set to true, reject WvDrm SDK to reject licensing behaviors to unknown
* make model. Default value is false.
*/
virtual void set_reject_unknown_make_model(bool reject_unknown_make_model);
/**
* Retrieves the setting of whether unknown make model is rejected.
*/
virtual bool reject_unknown_make_model() const;
// Return the setting of whether licenses are allowed to be generated even
// when VMP data was determined to be video_widevine::PLATFORM_TAMPERED.
virtual bool allow_tampered_platform() const;
virtual void SetKeys(std::list<OemKeyContainer>* oem_key_container);
// 'Provider' making the request.
virtual void set_provider(const std::string& provider);
// Return the device status such as as RELEASED or REVOKED.
virtual DeviceCertificateStatus::Status GetDeviceStatus() const;
// Returns message type such as LICENSE_REQUEST, SERVICE_CERTIFICATE_REQUEST
// or EXTERNAL_LICENSE_REQUEST.
virtual SignedMessage::MessageType message_type() const;
// Retrieves Widevine Security Profile DrmInfo of the device.
// Returns true if |drm_info| was successully populated, else false.
virtual bool GetDrmInfo(SecurityProfile::DrmInfo* drm_info) const;
// Retrieves the ContentIdentification from the request. Returns OK, if
// successful, else failure.
virtual Status GetContentId(
LicenseRequest::ContentIdentification* content_id) const;
// Retrieves the request type.
virtual LicenseRequest::RequestType request_type() const;
protected:
Session(std::shared_ptr<EnvironmentImpl> env_impl,
std::unique_ptr<SessionImpl> impl);
Session(std::shared_ptr<EnvironmentImpl> env_impl,
std::unique_ptr<ExternalPlayReadySessionImpl>
external_playready_session_impl);
// For testing only. This allows unit tests to define a mock Session class.
Session();
friend class Environment;
private:
#ifndef SWIG
Session(const Session&) = delete;
Session& operator=(const Session&) = delete;
#endif
std::shared_ptr<EnvironmentImpl> env_impl_;
std::unique_ptr<SessionImpl> impl_;
std::unique_ptr<ExternalPlayReadySessionImpl>
external_playready_session_impl_;
};
} // namespace video_widevine
#endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVDRM_LICENSE_SERVER_SDK_SESSION_H_

8
centos/sdk/external/common/wvpl/wvpl_sdk_copy_utils.h → centos/sdk/external/cpp/wvpl/common/wvpl_sdk_copy_utils.h vendored
View File

@@ -1,9 +1,9 @@
// Copyright 2020 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_COPY_UTILS_H_
#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_COPY_UTILS_H_
#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_COPY_UTILS_H_
#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_COPY_UTILS_H_
#include "sdk/external/common/wvpl/wvpl_types.h"
#include "sdk/external/cpp/wvpl/common/wvpl_types.h"
#include "protos/public/client_identification.pb.h"
#include "protos/public/device_security_profile_data.pb.h"
#include "protos/public/license_server_sdk.pb.h"
@@ -53,4 +53,4 @@ void CopyBrowserRequirement(
} // namespace wv_pl_sdk
} // namespace video_widevine_server
#endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_COPY_UTILS_H_
#endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_COPY_UTILS_H_

27
centos/sdk/external/common/wvpl/wvpl_sdk_environment.h → centos/sdk/external/cpp/wvpl/common/wvpl_sdk_environment.h vendored
View File

@@ -1,15 +1,16 @@
// Copyright 2017 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_ENVIRONMENT_H_
#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_ENVIRONMENT_H_
#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_ENVIRONMENT_H_
#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_ENVIRONMENT_H_
#include <memory>
#include <string>
#include "absl/synchronization/mutex.h"
#include "sdk/external/common/wvpl/wvpl_types.h"
#include "sdk/external/cpp/wvpl/common/wvpl_types.h"
#include "protos/public/client_identification.pb.h"
#include "protos/public/device_security_profile_list.pb.h"
#include "protos/public/provider_key.pb.h"
#include "protos/public/security_profile.pb.h"
namespace video_widevine {
@@ -152,6 +153,22 @@ class WvPLSDKEnvironment {
*/
static WvPLDeviceInfo GetDeviceInfo(uint32_t system_id);
/**
* Set the provider key used for L3 CDM.
* |provider_key_config_bytes| is a serialized ProviderKeyConfig proto
* message. Returns OK if parsing is successful, otherwise an error is
* returned.
*/
virtual WvPLStatus SetProviderKeyConfig(
const std::string& provider_key_config_bytes);
/**
* Returns the provider key config used for L3 CDM.
*/
const video_widevine::ProviderKeyConfig& GetProviderKeyConfig() const {
return provider_key_config_;
}
protected:
// Return the signature for the provider specified in the |config_values|
// parameter in the constructor. |signature| is owned by the caller.
@@ -197,6 +214,8 @@ class WvPLSDKEnvironment {
// List of device system Ids to succeed even if the device is revoked.
std::vector<uint32_t> allowed_revoked_devices_
ABSL_GUARDED_BY(allowed_revoked_devices_mutex_);
// Provider key config used with L3 CDM.
video_widevine::ProviderKeyConfig provider_key_config_;
private:
// Get the expected service type for drm service certificate.
@@ -244,4 +263,4 @@ class WvPLSDKEnvironment {
} // namespace wv_pl_sdk
} // namespace video_widevine_server
#endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_ENVIRONMENT_H_
#endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_ENVIRONMENT_H_

13
centos/sdk/external/common/wvpl/wvpl_sdk_session.h → centos/sdk/external/cpp/wvpl/common/wvpl_sdk_session.h vendored
View File

@@ -1,12 +1,12 @@
// Copyright 2018 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_SESSION_H_
#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_SESSION_H_
#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_SESSION_H_
#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_SESSION_H_
#include <memory>
#include "common/security_profile_list.h"
#include "sdk/external/common/wvpl/wvpl_types.h"
#include "sdk/external/cpp/wvpl/common/wvpl_types.h"
#include "protos/public/device_certificate_status.pb.h"
namespace video_widevine {
@@ -219,6 +219,7 @@ class WvPLSDKSession {
WvPLRequestType request_type_;
bool has_session_state_ = false;
bool has_encrypted_client_id_ = false;
bool using_generated_content_id_ = false;
std::string provider_;
std::string provider_iv_;
std::string provider_key_;
@@ -331,6 +332,10 @@ class WvPLSDKSession {
DeviceStatus GetDeviceStatus(video_widevine::DeviceCertificateStatus::Status
device_certificate_status) const;
bool using_generated_content_id() const {
return using_generated_content_id_;
}
private:
std::unique_ptr<uint32_t> system_id_;
bool has_policy_ = false;
@@ -344,4 +349,4 @@ class WvPLSDKSession {
} // namespace wv_pl_sdk
} // namespace video_widevine_server
#endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_SESSION_H_
#endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_SESSION_H_

46
centos/sdk/external/common/wvpl/wvpl_types.h → centos/sdk/external/cpp/wvpl/common/wvpl_types.h vendored
View File

@@ -1,7 +1,7 @@
// Copyright 2017 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_COMMON_WVPL_WVPL_TYPES_H_
#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_COMMON_WVPL_WVPL_TYPES_H_
#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_TYPES_H_
#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_TYPES_H_
#include <stdint.h>
@@ -46,7 +46,9 @@ enum KeyType {
// for now.
PROVIDER_ECM_VERIFIER_PUBLIC_KEY = 4,
// Wrapped key for auxiliary crypto operations.
OPERATOR_SESSION = 5
OPERATOR_SESSION = 5,
// OEM-specified Entitlement key.
OEM_ENTITLEMENT = 6
};
// A shortcut for specifying whether to return keys for the video feature only
@@ -66,7 +68,7 @@ enum VideoFeatureKeySet {
// not associated with the video feature (e.g., SDR keys).
VF_INCLUDED = 3,
};
// LINT.ThenChange(//depot/google3/license_server_sdk/external/wvpl/java/com/google/video/widevine/sdk/wvpl/WvPLVideoFeatureKeySet.java)
// LINT.ThenChange(//depot/google3/sdk/external/java/com/google/video/widevine/wvpl/license/WvPLVideoFeatureKeySet.java)
// LINT.IfChange
enum LicenseType {
@@ -75,7 +77,7 @@ enum LicenseType {
OFFLINE = 2,
AUTOMATIC = 3,
};
// LINT.ThenChange(//depot/google3/license_server_sdk/external/wvpl/java/com/google/video/widevine/sdk/wvpl/WvPLLicenseType.java)
// LINT.ThenChange(//depot/google3/sdk/external/java/com/google/video/widevine/wvpl/license/WvPLLicenseType.java)
/**
* Represents the type of message. This struct is used by WvPL License SDK,
@@ -88,7 +90,7 @@ enum MessageType {
SERVICE_CERTIFICATE_REQUEST = 4,
EXTERNAL_LICENSE_REQUEST = 9
};
// LINT.ThenChange(//depot/google3/license_server_sdk/external/wvpl/java/com/google/video/widevine/sdk/wvpl/WvPLMessageType.java)
// LINT.ThenChange(//depot/google3/sdk/external/java/com/google/video/widevine/wvpl/license/WvPLMessageType.java)
enum CertificateKeyType {
RSA_2048 = 0,
@@ -121,7 +123,7 @@ enum HDCP {
HDCP_V2_3 = 5,
HDCP_NO_DIGITAL_OUTPUT = 0xff
};
// LINT.ThenChange(//depot/google3/license_server_sdk/external/wvpl/java/com/google/video/widevine/sdk/wvpl/WvPLHdcp.java)
// LINT.ThenChange(//depot/google3/sdk/external/java/com/google/video/widevine/wvpl/license/WvPLHdcp.java)
enum Platform {
PLATFORM_UNSPECIFIED = 0,
@@ -234,6 +236,17 @@ enum DeviceState {
REVOKED_LICENSING = 7,
};
// Client-side watermarking restrictions for the license.
enum WatermarkingControl {
// Watermarking may or may not be used, provider does not care.
WATERMARKING_CONTROL_UNSPECIFIED = 0,
// Watermarking must not be used. The device must disable watermarking
// if it supports it.
WATERMARKING_FORBIDDEN = 1,
// Watermarking is required if the device supports it.
WATERMARKING_REQUIRED = 2,
};
/*
* Defines the type wrapper for wvpl request.
*/
@@ -288,6 +301,7 @@ class WvPLPlaybackPolicy {
soft_enforce_rental_duration_ = true;
always_include_client_id_ = false;
renew_with_usage_ = false;
watermarking_control_ = WATERMARKING_CONTROL_UNSPECIFIED;
}
void set_license_duration_seconds(int64_t duration) {
@@ -352,6 +366,12 @@ class WvPLPlaybackPolicy {
bool soft_enforce_rental_duration() const {
return soft_enforce_rental_duration_;
}
void set_watermarking_control(WatermarkingControl watermarking_control) {
watermarking_control_ = watermarking_control;
}
WatermarkingControl watermarking_control() const {
return watermarking_control_;
}
private:
// The license window. Once a license is granted, the number of seconds to use
@@ -415,6 +435,9 @@ class WvPLPlaybackPolicy {
// indicates to client that RENEWAL and RELEASE requests should include
// Clientidentification.
bool always_include_client_id_;
// Optional requirement to indicate watermarking is allowed.
WatermarkingControl watermarking_control_;
};
/**
@@ -703,8 +726,9 @@ class WvPLKey {
const std::string& key_bytes() const { return key_bytes_; }
// |wrapping_key| must be specified in bytes. This is to be specified only
// when 'key_type' is OEM_CONTENT. This key will be used to 'wrap' or
// 'encrypt' the Widevine-generated key control block in the license.
// when 'key_type' is OEM_CONTENT or OEM_ENTITLEMENT. This key will be used
// to 'wrap' or 'encrypt' the Widevine-generated key control block in the
// license.
void set_wrapping_key(const std::string& wrapping_key) {
wrapping_key_ = wrapping_key;
}
@@ -902,7 +926,7 @@ struct WvPLLicenseStatusCounterData {
// Initialize members
WvPLLicenseStatusCounterData() : license_status_(0), status_count_(0) {}
uint32_t license_status_;
// Count of occurences of the above status;
// Count of occurrences of the above status;
uint32_t status_count_;
};
@@ -1779,4 +1803,4 @@ class WvPLSecurityProfile {
} // namespace wv_pl_sdk
} // namespace video_widevine_server
#endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_COMMON_WVPL_WVPL_TYPES_H_
#endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_TYPES_H_

176
centos/sdk/external/cpp/wvpl/license_server_sdk/wvpl_environment.h vendored Executable file
View File

@@ -0,0 +1,176 @@
// Copyright 2017 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_LICENSE_SERVER_SDK_WVPL_ENVIRONMENT_H_
#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_LICENSE_SERVER_SDK_WVPL_ENVIRONMENT_H_
#include <map>
#include <memory>
#include <string>
#include "sdk/external/cpp/wvdrm/license_server_sdk/environment.h"
#include "sdk/external/cpp/wvpl/common/wvpl_sdk_environment.h"
#include "sdk/external/cpp/wvpl/common/wvpl_types.h"
// TODO(yawenyu): Use generateSignature function in WvPLSDKEnvironement instead
// of get GetSignature.
namespace video_widevine_server {
namespace wv_pl_sdk {
using video_widevine::Environment;
class WvPLLicenseCounter;
class WvPLSession;
// Generate a Widevine environment object one time.  The WvPLEnvironment object
// is used to create widevine sessions.  WvPLEnvironment is used to hold data
// and spans the lifetime of a session, therefore it should be retained by
// the caller.  Sessions will not get generated if the initial call to
// SetDeviceCertificateStatusList() is not successful.
//
// Example:
// map<string, string> config_values;
// config_values.insert(std::make_pair(kAllowUnknownDevice, "true"));
// config_values.insert(std::make_pair(kProvider, "<Provider Name>"));
// config_values.insert(std::make_pair(kProviderIv, "<Provider IV>"));
// config_values.insert(std::make_pair(kProviderKey, "<Provider Key>"));
// WvPLEnvironment* wvpl_environment = new WvPLEnvironment(config_values);
// std::string error_str;
// std::string cert_status_list;
// std::string service_cert;
// WVStatus status;
// status = wvpl_environment->Initialize();
// wvpl_environment->SetPreProvisioningKeys(prev_prov_keys);
// status = wvpl_environment->SetDrmServiceCertificate(
// "<Provider service cert>", "<Service Private Key>",
// "<Service Private Key Passphrase>");
// -- Fetch the intermediate certificates.
// SomeFunctionToFetchTheCertificates(&cert_status_list);
// status =
// wvpl_environment->SetDeviceCertificateStatusList(cert_status_list);
class WvPLEnvironment : public WvPLSDKEnvironment {
public:
// Copies the config_values and constructs a new WvPLEnvironment object.
// TODO(hali): Add all config parameters.
explicit WvPLEnvironment(
const std::map<std::string, std::string>& config_values);
virtual ~WvPLEnvironment();
// TODO(b/194740480): This function will be changed to private since end-Q3
// 2021 release.
// One time initialization. Must be called once after construction.
virtual WvPLStatus Initialize();
// Create a new Session object. Upon success, |session| points to a new
// object created on the heap. Caller retains ownership of the session.
// Example usage:
// WvPLSession* session;
// WvPLStatus status = wvpl_environment->CreateSession(request_from_client,
// &session);
// if (!status.ok()) {
// std::string error_license;
// if (wvpl_environment->GenerateErrorResponse(status, &error_license)) {
// // Send error_license to the client.
// } else {
// // Handle error
// }
// return ...
// }
// // Continue with license flow, invoke GenerateLicense(), etc.
virtual WvPLStatus CreateSession(const std::string& request,
WvPLSession** session) const;
virtual WvPLStatus CreateSessionWithOptions(
const std::string& request, const WvPLSessionCreateOptions& options,
WvPLSession** session) const;
// Deletes |session|. Should be called if CreateSession() was successful and
// the session is no longer needed.
virtual void DestroySession(WvPLSession* session) const;
// Thread-safe call to set the pre-provisioning keys. Map key is the
// system id, value. Value should be human-readable hex digits.
virtual WvPLStatus SetPreProvisioningKeys(
const std::map<uint32_t, std::string>& keys);
// Return the license counter data as bytes. The bytes in
// |signed_license_stats| are binary. The internal data is flushed
// if |flush_data| is true. If |flush_data| is false, license counters will
// accumulate. If this call returns "Status::OK", |signed_license_stats| is
// populated. |signed_license_stats| is owned by the caller.
virtual WvPLStatus GetStatsAsBytes(bool flush_data,
std::string* signed_license_stats);
// TODO(b/193921143): flush_data parameter will be removed since end-Q3 2021
// release.
// Return the license counter data in a human-readable format. The
// internal data is flushed if |flush_data| is true. If |flush_data| is
// false, license counters will accumulate. If this call returns
// "Status::OK", |license_stats| is populated. |license_stats| is owned by
// the caller.
virtual WvPLStatus GetStatsAsString(bool flush_data,
std::string* license_stats);
// Deprecated.
// This API will be replaced by
// WvPLSDKEnvironment::SetDeviceCertificateStatusList(). It will be removed
// from this header file in the mid-Q3 2021 SDK release.
// In order to stay up-to-date with new devices, it is recommended to fetch
// new certificates on a regular basis. The update interval should be once a
// day. If UpdateWithCerftificates() fails, the existing certificates are
// still valid, but are subject to expiration. The expiration is controlled
// by the content provider and configured as a parameter when creating
// WvPLEnvironment.
// |cert_list| is the response provided from the Widevine API
// that produces the certificate list. The method can handle either the new
// API format (the serialized PublishedDevices proto), or the legacy format (a
// JSON response containing the base64-encoded certificate list).
virtual WvPLStatus UpdateWithCertificates(const std::string& cert_list);
// Generate a signed request to be sent to Widevine Certificate Provisioning
// Server to retrieve 'DeviceCertificateStatusList'.
WvPLStatus GenerateDeviceStatusListRequest(
std::string* signed_device_certificate_status_list_request) override;
// TODO(b/193920802): This function will be changed to private function in
// mid-2021 Q3 release.
// Get the expected service type for drm service certificate. The expected
// value is LICENSE_SERVER_SDK.
int GetExpectedServiceCertificateType() override;
// Enable delivery of licenses to revoked client devices. |system_id_list| is
// a comma separated list of systems Ids to allow even if revoked.
void AllowRevokedDevices(const std::string& system_id_list) override;
private:
// Return the signature for the provider specified in the |config_values|
// parameter in the constructor. |signature| is owned by the caller.
virtual WvPLStatus GetSignature(const std::string& text_to_sign,
std::string* signature);
std::unique_ptr<WvPLLicenseCounter> license_counter_;
// list of system ids that support having the Crypto API version specified in
// the Key Control Block (KCB).
std::string system_ids_for_api_ver_in_kcb_;
// Comma separated list of system ids by make allowed to be TEST_ONLY.
std::string allow_test_only_by_make_;
// Comma separated list of system ids by provider allowed to be TEST_ONLY.
std::string allow_test_only_by_provider_;
// Whether all test devices should be allowed.
bool allow_development_clients_;
// Restriction on core message features. If this is an empty string, the
// default feature set is used. If it is an integer, that is the ODK version
// supported. This restricts the features that the server will support in an
// oemcrypto core message. For example, we may restrict the server to never
// send a v17 message by setting the std::string to "16". For details, please see
// common/oemcrypto_core_message/odk/include/core_message_features.h
std::string core_message_features_;
// A few functions from sdk/external/cpp/wvdrm/license_server_sdk/environment
// are used to run wvpl_environment.
std::unique_ptr<Environment> environment_;
};
} // namespace wv_pl_sdk
} // namespace video_widevine_server
#endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_LICENSE_SERVER_SDK_WVPL_ENVIRONMENT_H_

119
centos/sdk/external/cpp/wvpl/license_server_sdk/wvpl_session.h vendored Executable file
View File

@@ -0,0 +1,119 @@
// Copyright 2017 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_LICENSE_SERVER_SDK_WVPL_SESSION_H_
#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_LICENSE_SERVER_SDK_WVPL_SESSION_H_
#include <stdint.h>
#include <string>
#include <vector>
#include "sdk/external/cpp/wvdrm/license_server_sdk/session.h"
#include "sdk/external/cpp/wvpl/common/wvpl_sdk_session.h"
#include "sdk/external/cpp/wvpl/common/wvpl_types.h"
#include "protos/public/errors.pb.h"
#include "protos/public/license_server_sdk.pb.h"
#include "protos/public/oem_key_container.pb.h"
#include "protos/public/playready.pb.h"
#include "protos/public/widevine_pssh.pb.h"
namespace video_widevine {
class Session;
} // namespace video_widevine
namespace video_widevine_server {
namespace wv_pl_sdk {
// Because we do not want to export wvpl_license_counter.h outside google3, add
// WvPLLicenseCounter here.
class WvPLLicenseCounter;
// major version to line up with latest released OEMCryptoAPI version.
const uint32_t kMajorVersion = 17;
const uint32_t kMinorVersion = 0;
const uint32_t kRelease = 1;
// Once a Widevine environment object is successfully initialized, generate a
// Widevine session object for each license request. CreateSession() parses
// the request and validates the request by verifying the signature. If
// successful, a session object is created and OK is returned.
// Once a Widevine session object is successfully created, setup the session
// object with the policy and keys. Call AddKey() multiple times for each key.
class WvPLSession : public WvPLSDKSession {
public:
WvPLSession();
~WvPLSession() override;
// Generates the license for sending back to the Widevine client. Caller owns
// |license|.
virtual WvPLStatus GenerateLicense(std::string* license);
// Set the session state.
virtual void set_session_state(const WvPLSessionState& wvpl_session_state) {
wvpl_session_state_ = wvpl_session_state;
has_session_state_ = true;
}
// Get the session state.
virtual const WvPLSessionState& session_state() const {
return wvpl_session_state_;
}
bool has_sdk_session() { return !(sdk_session_ == nullptr); }
PlatformVerificationStatus VerifyPlatform() override;
// Returns a std::string containing the WVPL version in the form:
// <major_version>.<minor_version>.<release>
static std::string GetVersionString();
// TODO(b/193921795): this API will be deprecated since end-Q3 2021 release.
// Please use GetDeviceInfo() instead.
// Returns true if a provisioned device info exists. Populates the specified
// |device_info| structure.
virtual bool GetProvisionedDeviceInfo(WvPLDeviceInfo* device_info) const;
// Populates the specified |device_info| structure. This API works only for
// * NEW license requests.
// * RENEWAL/RELEASE requests that include a Client Identification.
WvPLStatus GetDeviceInfo(WvPLDeviceInfo* device_info) const override;
protected:
// This class takes ownership of |sdk_session|. This class keeps a pointer
// to |license_counter| but the caller maintains ownership of
// |license_counter|. Both arguments must not be NULL.
WvPLSession(
const video_widevine::DrmRootCertificate* drm_root_certificate,
video_widevine::Session* sdk_session, WvPLLicenseCounter* license_counter,
const video_widevine::SecurityProfileList* device_security_profile_list);
video_widevine::Session* sdk_session() { return sdk_session_; }
void set_sdk_session(video_widevine::Session* sdk_session) {
sdk_session_ = sdk_session;
}
// Sets the license counter to use. The caller maintains ownership of
// |license_counter| but this class keeps a pointer to |license_counter|.
void set_license_counter(WvPLLicenseCounter* license_counter) {
license_counter_ = license_counter;
}
void CopyOemKey(const WvPLKey& wvpl_key,
video_widevine::OemKeyContainer* oem_key_container);
private:
friend class WvPLEnvironment;
friend class WvPLEnvironmentTest;
friend class WvPLSessionTest;
video_widevine::Session* sdk_session_ = nullptr;
WvPLLicenseCounter* license_counter_ = nullptr;
WvPLSessionState wvpl_session_state_;
video_widevine::SessionState session_state_;
};
} // namespace wv_pl_sdk
} // namespace video_widevine_server
#endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_LICENSE_SERVER_SDK_WVPL_SESSION_H_