widevine-partner/wvpl_license_sdk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

WvPL License SDK release: 17.0.1

Browse Source
This commit is contained in:
Buildbot
2022-04-22 02:33:19 +00:00
parent 0b20fb7737
commit 743f4faefe
254 changed files with 12886 additions and 3492 deletions
Download Patch File Download Diff File Expand all files Collapse all files

260
centos/sdk/external/cpp/wvdrm/license_server_sdk/environment.h vendored Executable file
View File

@@ -0,0 +1,260 @@
// Copyright 2020 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVDRM_LICENSE_SERVER_SDK_ENVIRONMENT_H_
#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVDRM_LICENSE_SERVER_SDK_ENVIRONMENT_H_
#include <memory>
#include "absl/strings/string_view.h"
#include "absl/synchronization/mutex.h"
#include "common/drm_root_certificate.h"
#include "common/security_profile_list.h"
#include "common/status.h"
#include "sdk/external/cpp/wvdrm/license_server_sdk/session.h"
#include "sdk/internal/environment_impl.h"
namespace video_widevine {
constexpr char kWrappingKeyLabel[] = "ENCRYPTION";
constexpr uint32_t kWrappingKeySizeBits = 128;
constexpr char kSigningKeyLabel[] = "AUTHENTICATION";
constexpr uint32_t kSigningKeySizeBits = 256;
class Environment {
public:
Environment(absl::string_view provider, const DrmRootCertificate* root_cert);
virtual ~Environment();
// Add a service certificate system-wide.
// |service_certificate| is a Google-generated certificate used to
// authenticate the service provider for purposes of device privacy;
// |service_private_key| is the encrypted PKCS#8 private RSA key corresponding
// to the service certificate; and |service_private_key_passphrase| is the
// password required to decrypt |service_private_key|.
Status AddDrmServiceCertificate(
const std::string& service_certificate,
const std::string& service_private_key,
const std::string& service_private_key_passphrase);
// Returns true if service certificate is loaded.
bool is_service_certificate_loaded();
// Specify a comma separated list of system Ids that can support having
// OEMCrypto version, as specified in the license request, reflected back in
// the Key Control Block which is used by partner. Otherwise, only 'kctl' or
// 'kc09' is returned in KCB.
void SetDevicesToHandleOEMCryptoVersionInKCB(
const std::string& system_id_list);
// Set pre-provisioning keys system-wide. Map key is system_id, value.
// Value should be human-readable hex digits encoded bytes, e.g.
// 'preProvKeys.put(100, "f7008b38acc00ec68c732ac665c55c65")'. Must be called
// before any other calls to this class. Calls are thread-safe, so the keys
// can be updated at any time.
void SetPreProvisioningKeys(const std::map<uint32_t, std::string>& keys);
void SetPreProvisioningKeys(const std::multimap<uint32_t, std::string>& keys);
// Set the certificate status list system-wide.
// |expiration_period| is the number of seconds until the
// certificate_status_list expires after its creation time
// (creation_time_seconds). If |allow_unknown_devices| is false, an error is
// returned if the device does not appear in the certificate_status_list.
Status SetCertificateStatusList(const std::string& certificate_status_list,
uint32_t expiration_period_seconds,
bool allow_unknown_devices);
// Enable delivery of licenses to client devices. This includes devices with
// TEST_ONLY status, and development platform verification certificates.
// Defaults to false.
void AllowDevelopmentClients(bool enable);
// Enable delivery of licenses to TEST_ONLY client devices.
// |device_list_make| is a comma separated list of devices to allow even
// if the device is in a TEST_ONLY state. This list wil be used only if
// AllowDevelopmentClient(false) is in use.
void AllowTestOnlyDevicesByMake(const std::string& device_list_make);
// Enable delivery of licenses to TEST_ONLY client devices.
// |device_list_provider| is a comma separated list of provider to allow
// even if the device is in a TEST_ONLY state. This list wil be used only if
// AllowDevelopmentClient(false) is in use.
void AllowTestOnlyDevicesByProvider(const std::string& device_list_provider);
// Enable delivery of licenses to revoked client devices. |system_id_list| is
// a comma separated list of systems Ids to allow even if revoked.
void AllowRevokedDevices(const std::string& system_id_list);
// A comma separated list of DRM Certificate Serial Numbers that are revoked.
void RevokedDrmCertificateSerialNumbers(
const std::string& drm_certificate_serial_numbers);
// Restriction on core message features. If this is an empty string, the
// default feature set is used. If it is an integer, that is the ODK version
// supported. This restricts the features that the server will support in an
// oemcrypto core message. For example, we may restrict the server to never
// send a v17 message by setting the std::string to "16". For details, please see
// common/oemcrypto_core_message/odk/include/core_message_features.h
void SetCoreMessageFeatures(const std::string& core_message_features);
// Creates a Session object.
// |root_cert| is the root certificate to be used to validate client
// credentials.
// |signed_license_request| is the serialized SignedMessage received from the
// client. |session| points to a Session*, which must be initialized to NULL
// on entry, but |session| itself may not be NULL. The new Session object will
// be owned by the caller. This method returns Status::OK if successful,
// or an appropriate error status, in which case
// Environment::GenerateErrorResponse should be invoked.
// Example usage:
// Environment env = absl::make_unique<Environment>(kProvider,
// drm_root_cert);
// Session* session = NULL;
// Status status = env->CreateSession(request_from_client,&session);
// if (!status.ok()) {
// std::string error_license;
// if (env->GenerateErrorResponse(status, &error_license)) {
// // Send error_license to the client.
// } else {
// // Handle error
// }
// return ...
// }
// // Create license, invoke GenerateSignedLicense, etc.
Status CreateSession(const std::string& signed_license_request,
Session** session);
// Create a session for generating a license. This variation of Create takes
// options to allow for the creation of the session to succeed even if the
// device is revoked.
Status CreateSessionWithOptions(const std::string& signed_license_request,
const SessionCreateOptions& options,
Session** session);
// Variation of Environment::CreateSession which also fills in the parsed
// LicenseRequest, for use in logging or debugging.
Status CreateSession(const std::string& signed_license_request,
const SessionCreateOptions& options, Session** session,
LicenseRequest* parsed_request_out);
// Same as CreateSession(), but caller can specify the ClientIdentification
// message and/or PlatformVerificationStatus. If ClientIdentification is
// specified, this variation of Create() will use the specified |client_id|
// instead of what is specified in |signed_license_request|. If
// PlatformVerificationStatus is specified, this method will use the specified
// |platform_verification_status| instead of attempting to determine it.
// Background for this function is to support cases where the client
// identification is encrypted with the provider's service certificate in
// which case we won't be able to decrypt OR when the provider determines
// platform verification. The provider will specify the
// clear client identification in |client_id| and the platform verification
// in |platform_verification_status|.
Status CreateSessionForProxy(
const std::string& signed_license_request,
const PlatformVerificationStatus platform_verification_status,
const ClientIdentification* client_id,
const SessionCreateOptions& options, Session** session,
LicenseRequest* parsed_request_out);
// Generates a SignedMessage containing a message generated in response to
// an error condition. |status| is a previous error status returned by the
// Session or Status(error::UNAVAILABLE, ...) to indicate that the
// backend is unavailable, |signed_message| points to a std::string to contain the
// serialized SignedMessage, and may not be NULL. This method returns true if
// there is an error license to be sent to the client, or false otherwise.
// Example usage in the Environment::Create comments above.
bool GenerateErrorResponse(const Status& status,
std::string* signed_message_bytes);
// DeriveKey uses the NIST 800-108 KDF recommendation, using AES-CMAC PRF.
// NIST 800-108:
// http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf
// AES-CMAC:
// http://tools.ietf.org/html/rfc4493
std::string DeriveKey(const std::string& key, const std::string& label,
const std::string& context, const uint32_t size_bits);
// Returns a std::string containing the Widevine License Server SDK version in the
// form <major_version>.<minor_version>.<release> <build date> <build time> .
std::string GetSdkVersionString();
// If set to true, adds SDK and server version information to the license
// response.
void SetIncludeVersionInfoInLicense(bool include_version_info);
// Sets the service version information which can be included with the license
// response. If SetIncludeVersionInfoInLicense() is set to true and the server
// version is not empty, then the server version will be included in the
// license response. The host_version must be <= 32 characters and limited to
// alphanumeric and '_', '-', ':', ';', ' ', '/' and '.'.
void SetHostServerVersion(const std::string& host_version);
// Generate a signed request to be sent to Widevine Certificate Provisioning
// Server to retrieve 'DeviceCertificateStatusList'.
Status GenerateDeviceStatusListRequest(
std::string* signed_device_certificate_status_list_request);
// Set the custom device security profile list which is returned, from a call
// to Widevine PublishedDevicesService.
Status SetCustomDeviceSecurityProfiles(
absl::string_view serialized_signed_device_security_profiles);
// Return a list of the default profile names.
Status GetDefaultDeviceSecurityProfileNames(
std::vector<std::string>* profile_names) const;
// Return the default profile associated with |profile_name|.
Status GetDefaultDeviceSecurityProfile(
absl::string_view profile_name,
SecurityProfile* device_security_profile) const;
// Obtain the owner list for custom profiles.
Status GetCustomDeviceSecurityProfileOwners(
std::vector<std::string>* custom_profile_owners) const;
// Return a list of custom profile names associated with |owner_name|.
Status GetCustomDeviceSecurityProfileNames(
absl::string_view owner_name,
std::vector<std::string>* profile_names) const;
// Return the custom profiles associated with |owner_name|.
Status GetCustomDeviceSecurityProfiles(
absl::string_view owner_name,
std::vector<SecurityProfile>* custom_device_security_profiles) const;
// If |auto_set_provider_session_token| is 'true', the provider session token
// may be automatically set,
//
// The default setting for |auto_set_provider_session_token| is 'true'.
virtual void SetAutoSetProviderSessionToken(
bool auto_set_provider_session_token);
// Returns the setting as to whether the provider session token will be
// automatically set.
virtual bool GetAutoSetProviderSessionToken() const;
// Set the provider key used for L3 CDM.
// |provider_key_config_bytes| is a serialized ProviderKeyConfig proto
// message. Return OK if parsing is successful, otherwise an error is
// returned.
virtual Status SetProviderKeyConfig(
const std::string& provider_key_config_bytes);
private:
friend class EnvironmentTest;
// Environment::CreateSession which also fills in the parsed
// ExternalLicenseRequest. Used to create a Session object.
Status CreateSession(SignedMessage* signed_message, Session** session,
ExternalLicenseRequest* parsed_request_out);
std::string provider_;
std::unique_ptr<video_widevine::SecurityProfileList>
device_security_profile_list_;
std::shared_ptr<EnvironmentImpl> env_impl_;
// Provider key configuration assigned to a provider for use with L3 CDM.
ProviderKeyConfig provider_key_config_;
};
} // namespace video_widevine
#endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVDRM_LICENSE_SERVER_SDK_ENVIRONMENT_H_

197
centos/sdk/external/cpp/wvdrm/license_server_sdk/session.h vendored Executable file
View File

@@ -0,0 +1,197 @@
// Copyright 2017 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVDRM_LICENSE_SERVER_SDK_SESSION_H_
#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVDRM_LICENSE_SERVER_SDK_SESSION_H_
#include <cstdint>
#include <list>
#include <map>
#include <memory>
#include <string>
#include "absl/strings/string_view.h"
#include "absl/synchronization/mutex.h"
#include "common/status.h"
#include "protos/public/client_identification.pb.h"
#include "protos/public/device_certificate_status.pb.h"
#include "protos/public/drm_certificate.pb.h"
#include "protos/public/external_license.pb.h"
#include "protos/public/license_protocol.pb.h"
#include "protos/public/license_server_sdk.pb.h"
#include "protos/public/oem_key_container.pb.h"
#include "protos/public/security_profile.pb.h"
#include "protos/public/provider_key.pb.h"
namespace video_widevine {
class ClientIdentification;
class ContentInfo;
class DrmRootCertificate;
class ExternalPlayReadySessionImpl;
class License;
class LicenseRequest;
class ProvisionedDeviceInfo;
class SecurityProfile;
class SecurityProfileList;
class SessionImpl;
class EnvironmentImpl;
class SessionInit;
class SessionState;
class SessionUsage;
// TODO(tinskip): Rename this to LicenseSession and add LicenseEngine to hold
// global settings and create new sessions.
class Session {
public:
virtual ~Session();
virtual const LicenseRequest& request() const;
virtual const std::string& GetSessionId();
// Return list of Widevine profiles meeting the DRM requirements for this
// session.
virtual Status GetQualifiedDefaultDeviceSecurityProfiles(
std::vector<std::string>* qualified_profiles) const;
// Retrieves qualifying Custom Security Profiles names given the owner name.
virtual Status GetQualifiedCustomDeviceSecurityProfiles(
absl::string_view owner_name,
std::vector<std::string>* custom_qualified_profile_names) const;
// Returns true if a provisioned device info exists. Caller
// owns |provisioned_device_info| and it must not be null.
virtual bool GetProvisionedDeviceInfo(
video_widevine::ProvisionedDeviceInfo* device_info);
// Accessor for request_id field which may be encoded in one of multiple
// places in the liciense request protcol buffer. Use this method instead
// of accessing directly. |request_id| is a pointer to a std::string to contain
// the request ID upon successful return.
virtual Status GetRequestId(std::string* request_id) const;
// Accessor for license_type field which may be encoded in one of multiple
// places in the license request protocol buffer. Use this method instead
// of accessing directly. |license_type| is a pointer to a value to contain
// the license type upon successful return.
virtual Status GetLicenseType(LicenseType* license_type) const;
// Method used to get ContentIdentification in a consistent message regardless
// of the type or version of initialization data contained in the content_id
// field of the license request. Use this method instead of accessing the
// fields of ContentIdentification directly. |content_info| is a pointer to a
// message to contain the parsed values from content_id upon successful
// return.
virtual Status GetContentInfo(ContentInfo* content_info) const;
// Returns the serial number of certificate associated with this device and
// content provider.
virtual std::string GetDrmDeviceId() const;
// Copies the session usage table from license request to |usage_report|.
// Returns true if session usage exist in the license request, otherwise
// returns false.
bool GetSessionUsage(SessionUsage* usage_report) const;
// Returns true if client info exists, otherwise returns false. Populate the
// specified |client_info| structure.
virtual bool GetClientInfo(ClientIdentification* client_info) const;
// Generates a serialized signed License response, emptying |policy| and
// |key_container|, encrypting the keys therein. |session_init| and
// |session_state| are returned to be cached and provided in subsequent
// calls to the function. If no additional PolicyItem or KeyContainer objects
// are necessary to fulfill the request (such as the case with license
// renewal), |policy| and/or |key_container| may be NULL.
// The response is expected to be sent to the Widevine CDM.
virtual Status GenerateSignedLicense(
/*IN*/ const License::Policy* policy,
/*IN*/ const std::list<License::KeyContainer>* key_container,
/*IN*/ const SessionInit* session_init,
/*INOUT*/ SessionState* session_state,
/*OUT*/ std::string* signed_message_bytes);
virtual PlatformVerificationStatus GetPlatformVerificationStatus() const;
// Returns the service id of the provider that owns the device certificate.
virtual std::string GetDrmDeviceServiceId() const;
// Returns true, if the license request for this session included a key
// control nonce, else false.
virtual bool HasKeyControlNonce() const;
// If set to 'true', allow licenses to be generated even if VMP data was
// determined to be video_widevine::PLATFORM_UNVERIFIED.
virtual void set_allow_unverified_platform(bool allow_unverified_platform);
// Return the setting of whether licenses are allowed to be generated even
// when VMP data was determined to be video_widevine::PLATFORM_UNVERIFIED.
virtual bool allow_unverified_platform() const;
// If set to 'true', allow licenses to be generated even if VMP data was
// determined to be video_widevine::PLATFORM_TAMPERED.
virtual void set_allow_tampered_platform(bool allow_tampered_platform);
/**
* If set to true, reject WvDrm SDK to reject licensing behaviors to unknown
* make model. Default value is false.
*/
virtual void set_reject_unknown_make_model(bool reject_unknown_make_model);
/**
* Retrieves the setting of whether unknown make model is rejected.
*/
virtual bool reject_unknown_make_model() const;
// Return the setting of whether licenses are allowed to be generated even
// when VMP data was determined to be video_widevine::PLATFORM_TAMPERED.
virtual bool allow_tampered_platform() const;
virtual void SetKeys(std::list<OemKeyContainer>* oem_key_container);
// 'Provider' making the request.
virtual void set_provider(const std::string& provider);
// Return the device status such as as RELEASED or REVOKED.
virtual DeviceCertificateStatus::Status GetDeviceStatus() const;
// Returns message type such as LICENSE_REQUEST, SERVICE_CERTIFICATE_REQUEST
// or EXTERNAL_LICENSE_REQUEST.
virtual SignedMessage::MessageType message_type() const;
// Retrieves Widevine Security Profile DrmInfo of the device.
// Returns true if |drm_info| was successully populated, else false.
virtual bool GetDrmInfo(SecurityProfile::DrmInfo* drm_info) const;
// Retrieves the ContentIdentification from the request. Returns OK, if
// successful, else failure.
virtual Status GetContentId(
LicenseRequest::ContentIdentification* content_id) const;
// Retrieves the request type.
virtual LicenseRequest::RequestType request_type() const;
protected:
Session(std::shared_ptr<EnvironmentImpl> env_impl,
std::unique_ptr<SessionImpl> impl);
Session(std::shared_ptr<EnvironmentImpl> env_impl,
std::unique_ptr<ExternalPlayReadySessionImpl>
external_playready_session_impl);
// For testing only. This allows unit tests to define a mock Session class.
Session();
friend class Environment;
private:
#ifndef SWIG
Session(const Session&) = delete;
Session& operator=(const Session&) = delete;
#endif
std::shared_ptr<EnvironmentImpl> env_impl_;
std::unique_ptr<SessionImpl> impl_;
std::unique_ptr<ExternalPlayReadySessionImpl>
external_playready_session_impl_;
};
} // namespace video_widevine
#endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVDRM_LICENSE_SERVER_SDK_SESSION_H_

56
centos/sdk/external/cpp/wvpl/common/wvpl_sdk_copy_utils.h vendored Executable file
View File

@@ -0,0 +1,56 @@
// Copyright 2020 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_COPY_UTILS_H_
#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_COPY_UTILS_H_
#include "sdk/external/cpp/wvpl/common/wvpl_types.h"
#include "protos/public/client_identification.pb.h"
#include "protos/public/device_security_profile_data.pb.h"
#include "protos/public/license_server_sdk.pb.h"
namespace video_widevine_server {
namespace wv_pl_sdk {
// copy |wvpl_session_create_options into |session_create_options|
void CopySessionCreateOptions(
const WvPLSessionCreateOptions& wvpl_session_create_options,
video_widevine::SessionCreateOptions* session_create_options);
// Copy functions shared by wvpl_sdk_environment.cc and wvpl_sdk_session.cc.
void CopyOutputRequirement(
const video_widevine::OutputRequirement output_requirement,
video_widevine_server::wv_pl_sdk::WvPLSecurityProfile::OutputRequirement*
wvpl_output_requirement);
void CopyVulnerabilityLevel(
const video_widevine::VulnerabilityLevel& vulnerability_level,
video_widevine_server::wv_pl_sdk::WvPLSecurityProfile::SecurityRequirement::
VulnerabilityLevel* wvpl_vulnerability_level);
void CopyAnalogOutputCapabilities(
video_widevine::ClientIdentification::ClientCapabilities::
AnalogOutputCapabilities analog_output_capabilities,
WvPLClientCapabilities* client_capabilities);
void CopySecurityRequirement(
const video_widevine::SecurityRequirement& security_requirement,
video_widevine_server::wv_pl_sdk::WvPLSecurityProfile::SecurityRequirement*
wvpl_security_requirement);
void CopyDeviceState(
const video_widevine::DeviceState& device_state,
video_widevine_server::wv_pl_sdk::DeviceState* wvpl_device_state);
void CppPlatformVerificationStatus(
const video_widevine::PlatformVerificationStatus& vmp_status,
video_widevine_server::wv_pl_sdk::PlatformVerificationStatus*
wvpl_vmp_status);
void CopyBrowserRequirement(
const video_widevine::BrowserRequirement& browser_requirements,
video_widevine_server::wv_pl_sdk::WvPLSecurityProfile::BrowserRequirement*
wvpl_browser_requirement);
} // namespace wv_pl_sdk
} // namespace video_widevine_server
#endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_COPY_UTILS_H_

266
centos/sdk/external/cpp/wvpl/common/wvpl_sdk_environment.h vendored Executable file
View File

@@ -0,0 +1,266 @@
// Copyright 2017 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_ENVIRONMENT_H_
#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_ENVIRONMENT_H_
#include <memory>
#include <string>
#include "absl/synchronization/mutex.h"
#include "sdk/external/cpp/wvpl/common/wvpl_types.h"
#include "protos/public/client_identification.pb.h"
#include "protos/public/device_security_profile_list.pb.h"
#include "protos/public/provider_key.pb.h"
#include "protos/public/security_profile.pb.h"
namespace video_widevine {
class DeviceCertificateStatusList;
class DrmRootCertificate;
class DrmCertificate;
class ProvisionedDeviceInfo;
class SecurityProfileList;
} // namespace video_widevine
namespace video_widevine_server {
namespace wv_pl_sdk {
// These fields show the configuration options that can be initialized via
// the implementation classes (WvPLEnvironment and WvPLProxyEnvironment).
extern const char kDeviceCertificateExpiration[];
extern const char kAllowUnknownDevice[];
extern const char kProvider[];
extern const char kProviderIv[];
extern const char kProviderKey[];
extern const char kApiVerInKcb[];
extern const char kLimitUsageStatsToErrorsOnly[];
// Valid values are 'test' and 'prod'.
extern const char kDrmCertificateType[];
/**
* Parent class of SDK environment. This class is not be instantiated directly,
* but its API can be accessed via the derived environment classes.
*/
class WvPLSDKEnvironment {
public:
WvPLSDKEnvironment();
virtual ~WvPLSDKEnvironment();
// TODO(b/193920474): This function will be non-static function since end-Q3
// 2021 release.
// Generates a license response containing a message generated in response to
// an error condition. |create_session_status| is a previous error status
// returned by the CreateSession(). |license_response| points to a std::string to
// contain the license response and may not be NULL. This method returns true
// if there is an error license to be sent to the client, or false
// otherwise.
static bool GenerateErrorResponse(const WvPLStatus& create_session_status,
std::string* license_response);
/**
* Add a service certificate system-wide at the sdk. |service_certificate|
* is a Google-generated certificate used to authenticate the service
* provider. |service_private_key| is the encrypted PKCS#8 private RSA key
* corresponding to the service certificate. |service_private_key_passphrase|
* is the password required to decrypt |service_private_key|. This is a
* thread-safe call.
*
* @param service_certificate
* @param service_private_key
* @param service_private_key_passphrase
*
* @return WvPLStatus enumeration
*/
virtual WvPLStatus SetDrmServiceCertificate(
const std::string& service_certificate,
const std::string& service_private_key,
const std::string& service_private_key_passphrase);
// TODO(b/193920758): this function will be non private function since end-Q3
// 2021 release.
// Returns the DRM root certificate configured for this environment.
const video_widevine::DrmRootCertificate* drm_root_certificate() const {
return drm_root_certificate_.get();
}
/**
* Set the device certificate status list from a call to the Widevine
* Certificate Provisioning Service.
*/
virtual WvPLStatus SetDeviceCertificateStatusList(
const std::string& device_certificate_status_list);
/**
* Set the custom device security profile list from a call to the Widevine
* PublishedDevicesService.
*/
virtual WvPLStatus SetCustomDeviceSecurityProfiles(
const std::string& serialized_signed_device_security_profiles) const;
/**
* Return a list of the default profile names.
*/
virtual WvPLStatus GetDefaultDeviceSecurityProfileNames(
std::vector<std::string>* profile_names) const;
/**
* Return the default profile associated with |profile_name|.
*/
virtual WvPLStatus GetDefaultDeviceSecurityProfile(
const std::string& profile_name,
WvPLSecurityProfile* device_security_profile) const;
/**
* Obtain the owner list for custom profiles.
*/
virtual WvPLStatus GetCustomDeviceSecurityProfileOwners(
std::vector<std::string>* custom_profile_owners) const;
/**
* Return a list of custom profile names associated with |owner_name|.
*/
virtual WvPLStatus GetCustomDeviceSecurityProfileNames(
const std::string& owner_name,
std::vector<std::string>* profile_names) const;
/**
* Return the custom profiles associated with |owner_name|.
*/
virtual WvPLStatus GetCustomDeviceSecurityProfiles(
const std::string& owner_name,
std::vector<WvPLSecurityProfile>* custom_device_security_profiles) const;
// Enable delivery of licenses to revoked client devices. |system_id_list| is
// a comma separated list of systems Ids to allow even if revoked.
virtual void AllowRevokedDevices(const std::string& system_id_list);
// Returns true if the system ID is allowed even if revoked.
virtual bool IsRevokedDeviceAllowed(uint32_t system_id) const;
/**
* Translates the license request from the CDM to a human-readable message,
* useful for debugging. This translated request is placed in |request_out|.
* Returns OK in parsing the |request| successfully, else an error status
*/
virtual WvPLStatus GetRequestAsString(const std::string& request,
std::string* request_out) const;
/**
* Generate a signed request to be sent to Widevine Certificate Provisioning
* Server to retrieve 'DeviceCertificateStatusList'.
*/
virtual WvPLStatus GenerateDeviceStatusListRequest(
std::string* signed_device_certificate_status_list_request) = 0;
/**
* Returns WvPLDeviceInfo for specific system_id.
*/
static WvPLDeviceInfo GetDeviceInfo(uint32_t system_id);
/**
* Set the provider key used for L3 CDM.
* |provider_key_config_bytes| is a serialized ProviderKeyConfig proto
* message. Returns OK if parsing is successful, otherwise an error is
* returned.
*/
virtual WvPLStatus SetProviderKeyConfig(
const std::string& provider_key_config_bytes);
/**
* Returns the provider key config used for L3 CDM.
*/
const video_widevine::ProviderKeyConfig& GetProviderKeyConfig() const {
return provider_key_config_;
}
protected:
// Return the signature for the provider specified in the |config_values|
// parameter in the constructor. |signature| is owned by the caller.
static WvPLStatus GenerateSignature(const std::string& plain_text,
std::string* signature);
/**
* Insert or update provisionedDeviceInfoMap with device info in
* certificate_status_list.
*/
static WvPLStatus UpdateProvisionedDeviceInfoMap(
const video_widevine::DeviceCertificateStatusList&
certificate_status_list);
const video_widevine::SecurityProfileList* device_security_profile_list()
const {
absl::ReaderMutexLock lock(&profile_mutex_);
return device_security_profile_list_.get();
}
// Number of seconds until the certificate status list expires after its
// creation time. Default value is 604800 seconds.
uint32_t device_certificate_expiration_seconds_ = 604800;
// "config_values" setting for "kDrmCertificateType".
// Supported values are "test" and "prod". Default value is "prod".
std::string drm_certificate_type_ = "prod";
// name of the provider hosting this service.
std::string provider_;
// value of the "iv" specified for the provider.
std::string provider_iv_;
// value of the "key" specified for the provider.
std::string provider_key_;
// is_service_certificate_loaded_ is not thread safe.
bool is_service_certificate_loaded_ = false;
// is_device_certificate_status_list_loaded is not thread safe.
bool is_device_certificate_status_list_loaded_ = false;
// If true, allow devices not in the certificate status list.
bool allow_unknown_device_ = false;
// DRM root certificate used for verifying all other DRM certificates.
std::unique_ptr<video_widevine::DrmRootCertificate> drm_root_certificate_;
// Mutex guarding the revoked devices list.
mutable absl::Mutex allowed_revoked_devices_mutex_;
// List of device system Ids to succeed even if the device is revoked.
std::vector<uint32_t> allowed_revoked_devices_
ABSL_GUARDED_BY(allowed_revoked_devices_mutex_);
// Provider key config used with L3 CDM.
video_widevine::ProviderKeyConfig provider_key_config_;
private:
// Get the expected service type for drm service certificate.
virtual int GetExpectedServiceCertificateType();
// Check the type of |service_certificate|. Returns "OK" if the cert can be
// used for the current SDK, else an error status.
virtual WvPLStatus CheckServiceCertificateType(
const std::string& service_certificate);
/**
* Retrieves sdk use widevine certificate or not.
*/
virtual bool is_widevine_certificate() { return is_widevine_certificate_; }
/**
* Return provisioned_device_info if the device_info_map_ contains system_id.
*
* @return WvPLStatus - Status::OK if success, else error.
*/
static WvPLStatus LookupDeviceInfo(
uint32_t system_id,
video_widevine::ProvisionedDeviceInfo* provisioned_device_info);
/**
* Add a device to the current environment/session.
*/
static void AddDeviceInfo(
const video_widevine::ProvisionedDeviceInfo& provisioned_device_info);
// Security Profile list to allow for access to Security Profile Level and
// DRM information.
mutable absl::Mutex profile_mutex_;
std::unique_ptr<video_widevine::SecurityProfileList>
device_security_profile_list_ ABSL_GUARDED_BY(profile_mutex_);
// Only for internal content providers. Default value is false.
bool is_widevine_certificate_ = false;
friend class WvPLProxyEnvironmentTest;
friend class WvPLSDKSession;
friend class WvPLProxySession;
friend class WvPLProxySessionTest;
friend class WvPLSessionTest;
};
} // namespace wv_pl_sdk
} // namespace video_widevine_server
#endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_ENVIRONMENT_H_

352
centos/sdk/external/cpp/wvpl/common/wvpl_sdk_session.h vendored Executable file
View File

@@ -0,0 +1,352 @@
// Copyright 2018 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_SESSION_H_
#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_SESSION_H_
#include <memory>
#include "common/security_profile_list.h"
#include "sdk/external/cpp/wvpl/common/wvpl_types.h"
#include "protos/public/device_certificate_status.pb.h"
namespace video_widevine {
class ClientIdentification;
class DrmRootCertificate;
class LicenseRequest;
class License_KeyContainer_OutputProtection;
class License_KeyContainer;
class License_Policy;
class ProvisionedDeviceInfo;
class SessionInit;
class SessionState;
class SignedMessage;
} // namespace video_widevine
namespace video_widevine_server {
namespace wv_pl_sdk {
class WvPLSDKSession {
public:
explicit WvPLSDKSession(
const video_widevine::DrmRootCertificate* drm_root_certificate);
WvPLSDKSession(
const video_widevine::DrmRootCertificate* drm_root_certificate,
const video_widevine::SecurityProfileList* security_profile_list);
virtual ~WvPLSDKSession();
public:
// Add WvPLKey.
virtual WvPLStatus AddKey(const WvPLKey& key);
// Get the WvPLKey.
virtual const std::vector<WvPLKey>& keys() const { return keys_; }
// Set the license policy.
virtual void set_policy(const WvPLPlaybackPolicy& policy) {
policy_ = policy;
has_policy_ = true;
}
// Get the license policy.
virtual const WvPLPlaybackPolicy& policy() const { return policy_; }
// Set the Session Init.
virtual void set_session_init(const WvPLSessionInit& session_init) {
session_init_ = session_init;
}
// Get the Session Init.
virtual const WvPLSessionInit& session_init() const { return session_init_; }
virtual bool IsChromeCDM() const;
/**
* Returns the Widevine PSSH data for the license request handled by this
* session.
*
* @param wvpl_widevine_pssh_data.
* @return WvPLStatus - Status::OK if success, else error.
*/
virtual WvPLStatus GetPsshData(
WvPLWidevinePsshData* wvpl_widevine_pssh_data) const;
/**
* Returns the ClientIdentification information for the license request
* handled by this session.
*
* @param client_info
* @return WvPLStatus - Status::OK if success, else error.
*/
virtual WvPLStatus GetClientInfo(WvPLClientInfo* client_info) const;
/**
* Returns the WvPL Client Capabilities information for the license request
* handled by this session.
*
* @param client_capabilities.
* @return WvPLStatus - Status::OK if success, else error.
*/
virtual WvPLStatus GetClientCapabilities(
WvPLClientCapabilities* client_capabilities) const;
/**
* Returns the WvPLDeviceInfo information for the license request
* handled by this session.
*
* @param device_info
* @return WvPLStatus - Status::OK if success, else error.
*/
virtual WvPLStatus GetDeviceInfo(WvPLDeviceInfo* device_info) const;
virtual PlatformVerificationStatus VerifyPlatform() = 0;
virtual WvPLRequestType GetRequestType() const { return request_type_; }
/**
* Returns true if the license type is offline, otherwise return false.
*
* @return bool.
*/
virtual bool is_offline_license() const;
/**
* Returns the license request contains client id or not.
*
* @return bool.
*/
virtual bool has_client_id() const { return has_client_id_; }
/**
* Returns true if license request has encrypted_client_id. Otherwise return
* false.
*
* @return bool.
*/
virtual bool has_encrypted_client_id() { return has_encrypted_client_id_; }
/**
* If set to true, allow generation of licenses with
* PlatformVerificationStatus = PLATFORM_UNVERIFIED.
*/
virtual void set_allow_unverified_platform(bool allow_unverified_platform) {
allow_unverified_platform_ = allow_unverified_platform;
}
/**
* Retrieves the setting of whether license generation is allowed if
* PlatformVerificationStatus = PLATFORM_UNVERIFIED.
*/
virtual bool allow_unverified_platform() const {
return allow_unverified_platform_;
}
/**
* If set to false, SDK can reject licensing behaviors to unknown make
* model. Default value is false.
*/
virtual void set_reject_unknown_make_model(bool reject_unknown_make_model) {
reject_unknown_make_model_ = reject_unknown_make_model;
}
/**
* Retrieves the setting of whether unknown make model is rejected.
*/
virtual bool reject_unknown_make_model() const {
return reject_unknown_make_model_;
}
/**
* If set to true, allow generation of licenses with
* PlatformVerificationStatus = PLATFORM_TAMPERED.
*/
virtual void set_allow_tampered_platform(bool allow_tampered_platform) {
allow_tampered_platform_ = allow_tampered_platform;
}
/**
* Retrieves the setting of whether license generation is allowed if
* PlatformVerificationStatus = PLATFORM_TAMPERED.
*/
virtual bool allow_tampered_platform() const {
return allow_tampered_platform_;
}
/**
* Retrieves Widevine Security Profile DrmInfo of the device.
* Returns true if |drm_info| was successully populated.
*/
virtual bool GetDrmInfo(WvPLSecurityProfile::DrmInfo* drm_info) const;
/**
* Retrieves qualifying Widevine Default Security Profile names.
*/
virtual WvPLStatus GetQualifiedDefaultDeviceSecurityProfiles(
std::vector<std::string>* default_qualified_profile_names) const;
/**
* Retrieves qualifying Custom Security Profiles names given the owner name.
*/
virtual WvPLStatus GetQualifiedCustomDeviceSecurityProfiles(
const std::string& owner_name,
std::vector<std::string>* custom_qualified_profile_names) const;
// Return ok status if get content id information successful and |content_id|
// would be set, else return failure and |content_id| would not be set
WvPLStatus GetContentId(std::string* content_id) const;
protected:
void set_license_request_from_cdm(const std::string& request_from_cdm) {
license_request_from_cdm_ = request_from_cdm;
}
const video_widevine::DrmRootCertificate* drm_root_certificate_;
std::string user_agent_;
std::string device_id_;
std::string content_id_;
std::vector<WvPLKey> keys_;
WvPLPlaybackPolicy policy_;
WvPLSessionInit session_init_;
WvPLWidevinePsshData pssh_data_;
std::unique_ptr<video_widevine::ClientIdentification> client_id_;
std::unique_ptr<video_widevine::ProvisionedDeviceInfo>
provisioned_device_info_;
bool has_pssh_data_ = false;
bool has_client_id_ = false;
PlatformVerificationStatus platform_verification_status_ =
PLATFORM_NO_VERIFICATION;
std::unique_ptr<video_widevine::SignedMessage>
signed_message_request_from_cdm_;
std::string license_request_from_cdm_;
std::string remote_attestation_cert_serial_number_;
std::unique_ptr<video_widevine::LicenseRequest> sdk_license_request_;
WvPLRequestType request_type_;
bool has_session_state_ = false;
bool has_encrypted_client_id_ = false;
bool using_generated_content_id_ = false;
std::string provider_;
std::string provider_iv_;
std::string provider_key_;
virtual WvPLStatus VerifyRemoteAttestation();
// Returns the WvPL Client Capabilities information for the license request
// handled by this session.
WvPLStatus GetWvPLClientCapabilities(
const video_widevine::ClientIdentification& client_id,
WvPLClientCapabilities* client_capabilities) const;
// Copy and translates the Key fields from a WvPL Key into an SDK
// key container.
// Copies
// (1) key id
// (2) key
// (3) video_resolution_constraints
// (4) output protection using CopyOutputProtection
// (5) security_level using CopySecurityLevel
// Translates
// (1) key type
void CopyKey(const WvPLKey& wvpl_key,
video_widevine::License_KeyContainer* sdk_key_container);
// Copies/translates output_protection in WvPL Key into an SDK key container.
virtual void CopyOutputProtection(
const WvPLOutputProtection& wvpl_output_protection,
video_widevine::License_KeyContainer_OutputProtection* output_protection);
// Copies/translatessecurity_level in WvPL Key into an SDK key container.
virtual void CopySecurityLevel(
const WvPLOutputProtection& output_protection, TrackType track_type,
video_widevine::License_KeyContainer* key_container);
// Copies/translates the policy from a WvPL policy into an SDK policy. A
// helper function for GenerateLicenseRequestAsJSON.
virtual void CopyPlaybackPolicy(const WvPLPlaybackPolicy& wvpl_policy,
video_widevine::License_Policy* sdk_policy);
// Copy the |hdcp_value| into the key container.
virtual void CopyHDCP(
HDCP hdcp_value,
video_widevine::License_KeyContainer_OutputProtection* output_protection);
// Copy the WvPLSession Init into Session Init.
virtual void CopySessionInit(const WvPLSessionInit& wvpl_session_init,
video_widevine::SessionInit* session_init);
// Copy the WvPLDeviceInfo into ProvisionedDeviceInfo.
virtual void CopyProvisionedDeviceInfo(
const WvPLDeviceInfo& wvpl_device_info,
video_widevine::ProvisionedDeviceInfo* device_info);
// Populate deviceInfo, clientIdentification and psshdata for license request.
WvPLStatus ParseLicenseRequest();
// Copy the WvPLSessionState to SessionState.
void CopySessionState(const WvPLSessionState& wvpl_session_state,
video_widevine::SessionState* session_state);
// Set system_id value. Only used for test case.
virtual void SetSystemId(uint32_t system_id);
// Return has_system_id_ value. True if session has system id.
virtual bool HasSystemId() const;
// Return system_id value in uint32_t. The function will crash if it does not
// have system_id.
virtual uint32_t GetSystemId() const;
// Set drm serial number. Only used for test case.
virtual void SetDrmSerialNumber(const std::string& drm_serial_number);
// Return drm serial number.
virtual std::string GetDrmSerialNumber() const;
/**
* Use system_id to loop up device info.
*
* @return WvPLStatus - Status::OK if success, else error.
*/
virtual WvPLStatus LookupDeviceInfo(
uint32_t system_id,
video_widevine::ProvisionedDeviceInfo* provisioned_device_info) const;
virtual const std::string TrackTypeToString(TrackType track_type) const;
virtual bool has_policy() { return has_policy_; }
virtual const video_widevine::SecurityProfileList*
device_security_profile_list() {
return device_security_profile_list_;
}
// Set the provider which hosts this service.
virtual void set_provider(const std::string& provider) {
provider_ = provider;
}
// Set the iv specified for the provider.
virtual void set_provider_iv(const std::string& provider_iv) {
provider_iv_ = provider_iv;
}
// Set the key specified for the provider.
virtual void set_provider_key(const std::string& provider_key) {
provider_key_ = provider_key;
}
DeviceStatus GetDeviceStatus(video_widevine::DeviceCertificateStatus::Status
device_certificate_status) const;
bool using_generated_content_id() const {
return using_generated_content_id_;
}
private:
std::unique_ptr<uint32_t> system_id_;
bool has_policy_ = false;
bool allow_unverified_platform_ = true;
bool allow_tampered_platform_ = true;
bool reject_unknown_make_model_ = false;
const video_widevine::SecurityProfileList* device_security_profile_list_ =
nullptr;
};
} // namespace wv_pl_sdk
} // namespace video_widevine_server
#endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_SESSION_H_

1806
centos/sdk/external/cpp/wvpl/common/wvpl_types.h vendored Executable file
View File

File diff suppressed because it is too large Load Diff

176
centos/sdk/external/cpp/wvpl/license_server_sdk/wvpl_environment.h vendored Executable file
View File

@@ -0,0 +1,176 @@
// Copyright 2017 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_LICENSE_SERVER_SDK_WVPL_ENVIRONMENT_H_
#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_LICENSE_SERVER_SDK_WVPL_ENVIRONMENT_H_
#include <map>
#include <memory>
#include <string>
#include "sdk/external/cpp/wvdrm/license_server_sdk/environment.h"
#include "sdk/external/cpp/wvpl/common/wvpl_sdk_environment.h"
#include "sdk/external/cpp/wvpl/common/wvpl_types.h"
// TODO(yawenyu): Use generateSignature function in WvPLSDKEnvironement instead
// of get GetSignature.
namespace video_widevine_server {
namespace wv_pl_sdk {
using video_widevine::Environment;
class WvPLLicenseCounter;
class WvPLSession;
// Generate a Widevine environment object one time.  The WvPLEnvironment object
// is used to create widevine sessions.  WvPLEnvironment is used to hold data
// and spans the lifetime of a session, therefore it should be retained by
// the caller.  Sessions will not get generated if the initial call to
// SetDeviceCertificateStatusList() is not successful.
//
// Example:
// map<string, string> config_values;
// config_values.insert(std::make_pair(kAllowUnknownDevice, "true"));
// config_values.insert(std::make_pair(kProvider, "<Provider Name>"));
// config_values.insert(std::make_pair(kProviderIv, "<Provider IV>"));
// config_values.insert(std::make_pair(kProviderKey, "<Provider Key>"));
// WvPLEnvironment* wvpl_environment = new WvPLEnvironment(config_values);
// std::string error_str;
// std::string cert_status_list;
// std::string service_cert;
// WVStatus status;
// status = wvpl_environment->Initialize();
// wvpl_environment->SetPreProvisioningKeys(prev_prov_keys);
// status = wvpl_environment->SetDrmServiceCertificate(
// "<Provider service cert>", "<Service Private Key>",
// "<Service Private Key Passphrase>");
// -- Fetch the intermediate certificates.
// SomeFunctionToFetchTheCertificates(&cert_status_list);
// status =
// wvpl_environment->SetDeviceCertificateStatusList(cert_status_list);
class WvPLEnvironment : public WvPLSDKEnvironment {
public:
// Copies the config_values and constructs a new WvPLEnvironment object.
// TODO(hali): Add all config parameters.
explicit WvPLEnvironment(
const std::map<std::string, std::string>& config_values);
virtual ~WvPLEnvironment();
// TODO(b/194740480): This function will be changed to private since end-Q3
// 2021 release.
// One time initialization. Must be called once after construction.
virtual WvPLStatus Initialize();
// Create a new Session object. Upon success, |session| points to a new
// object created on the heap. Caller retains ownership of the session.
// Example usage:
// WvPLSession* session;
// WvPLStatus status = wvpl_environment->CreateSession(request_from_client,
// &session);
// if (!status.ok()) {
// std::string error_license;
// if (wvpl_environment->GenerateErrorResponse(status, &error_license)) {
// // Send error_license to the client.
// } else {
// // Handle error
// }
// return ...
// }
// // Continue with license flow, invoke GenerateLicense(), etc.
virtual WvPLStatus CreateSession(const std::string& request,
WvPLSession** session) const;
virtual WvPLStatus CreateSessionWithOptions(
const std::string& request, const WvPLSessionCreateOptions& options,
WvPLSession** session) const;
// Deletes |session|. Should be called if CreateSession() was successful and
// the session is no longer needed.
virtual void DestroySession(WvPLSession* session) const;
// Thread-safe call to set the pre-provisioning keys. Map key is the
// system id, value. Value should be human-readable hex digits.
virtual WvPLStatus SetPreProvisioningKeys(
const std::map<uint32_t, std::string>& keys);
// Return the license counter data as bytes. The bytes in
// |signed_license_stats| are binary. The internal data is flushed
// if |flush_data| is true. If |flush_data| is false, license counters will
// accumulate. If this call returns "Status::OK", |signed_license_stats| is
// populated. |signed_license_stats| is owned by the caller.
virtual WvPLStatus GetStatsAsBytes(bool flush_data,
std::string* signed_license_stats);
// TODO(b/193921143): flush_data parameter will be removed since end-Q3 2021
// release.
// Return the license counter data in a human-readable format. The
// internal data is flushed if |flush_data| is true. If |flush_data| is
// false, license counters will accumulate. If this call returns
// "Status::OK", |license_stats| is populated. |license_stats| is owned by
// the caller.
virtual WvPLStatus GetStatsAsString(bool flush_data,
std::string* license_stats);
// Deprecated.
// This API will be replaced by
// WvPLSDKEnvironment::SetDeviceCertificateStatusList(). It will be removed
// from this header file in the mid-Q3 2021 SDK release.
// In order to stay up-to-date with new devices, it is recommended to fetch
// new certificates on a regular basis. The update interval should be once a
// day. If UpdateWithCerftificates() fails, the existing certificates are
// still valid, but are subject to expiration. The expiration is controlled
// by the content provider and configured as a parameter when creating
// WvPLEnvironment.
// |cert_list| is the response provided from the Widevine API
// that produces the certificate list. The method can handle either the new
// API format (the serialized PublishedDevices proto), or the legacy format (a
// JSON response containing the base64-encoded certificate list).
virtual WvPLStatus UpdateWithCertificates(const std::string& cert_list);
// Generate a signed request to be sent to Widevine Certificate Provisioning
// Server to retrieve 'DeviceCertificateStatusList'.
WvPLStatus GenerateDeviceStatusListRequest(
std::string* signed_device_certificate_status_list_request) override;
// TODO(b/193920802): This function will be changed to private function in
// mid-2021 Q3 release.
// Get the expected service type for drm service certificate. The expected
// value is LICENSE_SERVER_SDK.
int GetExpectedServiceCertificateType() override;
// Enable delivery of licenses to revoked client devices. |system_id_list| is
// a comma separated list of systems Ids to allow even if revoked.
void AllowRevokedDevices(const std::string& system_id_list) override;
private:
// Return the signature for the provider specified in the |config_values|
// parameter in the constructor. |signature| is owned by the caller.
virtual WvPLStatus GetSignature(const std::string& text_to_sign,
std::string* signature);
std::unique_ptr<WvPLLicenseCounter> license_counter_;
// list of system ids that support having the Crypto API version specified in
// the Key Control Block (KCB).
std::string system_ids_for_api_ver_in_kcb_;
// Comma separated list of system ids by make allowed to be TEST_ONLY.
std::string allow_test_only_by_make_;
// Comma separated list of system ids by provider allowed to be TEST_ONLY.
std::string allow_test_only_by_provider_;
// Whether all test devices should be allowed.
bool allow_development_clients_;
// Restriction on core message features. If this is an empty string, the
// default feature set is used. If it is an integer, that is the ODK version
// supported. This restricts the features that the server will support in an
// oemcrypto core message. For example, we may restrict the server to never
// send a v17 message by setting the std::string to "16". For details, please see
// common/oemcrypto_core_message/odk/include/core_message_features.h
std::string core_message_features_;
// A few functions from sdk/external/cpp/wvdrm/license_server_sdk/environment
// are used to run wvpl_environment.
std::unique_ptr<Environment> environment_;
};
} // namespace wv_pl_sdk
} // namespace video_widevine_server
#endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_LICENSE_SERVER_SDK_WVPL_ENVIRONMENT_H_

119
centos/sdk/external/cpp/wvpl/license_server_sdk/wvpl_session.h vendored Executable file
View File

@@ -0,0 +1,119 @@
// Copyright 2017 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_LICENSE_SERVER_SDK_WVPL_SESSION_H_
#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_LICENSE_SERVER_SDK_WVPL_SESSION_H_
#include <stdint.h>
#include <string>
#include <vector>
#include "sdk/external/cpp/wvdrm/license_server_sdk/session.h"
#include "sdk/external/cpp/wvpl/common/wvpl_sdk_session.h"
#include "sdk/external/cpp/wvpl/common/wvpl_types.h"
#include "protos/public/errors.pb.h"
#include "protos/public/license_server_sdk.pb.h"
#include "protos/public/oem_key_container.pb.h"
#include "protos/public/playready.pb.h"
#include "protos/public/widevine_pssh.pb.h"
namespace video_widevine {
class Session;
} // namespace video_widevine
namespace video_widevine_server {
namespace wv_pl_sdk {
// Because we do not want to export wvpl_license_counter.h outside google3, add
// WvPLLicenseCounter here.
class WvPLLicenseCounter;
// major version to line up with latest released OEMCryptoAPI version.
const uint32_t kMajorVersion = 17;
const uint32_t kMinorVersion = 0;
const uint32_t kRelease = 1;
// Once a Widevine environment object is successfully initialized, generate a
// Widevine session object for each license request. CreateSession() parses
// the request and validates the request by verifying the signature. If
// successful, a session object is created and OK is returned.
// Once a Widevine session object is successfully created, setup the session
// object with the policy and keys. Call AddKey() multiple times for each key.
class WvPLSession : public WvPLSDKSession {
public:
WvPLSession();
~WvPLSession() override;
// Generates the license for sending back to the Widevine client. Caller owns
// |license|.
virtual WvPLStatus GenerateLicense(std::string* license);
// Set the session state.
virtual void set_session_state(const WvPLSessionState& wvpl_session_state) {
wvpl_session_state_ = wvpl_session_state;
has_session_state_ = true;
}
// Get the session state.
virtual const WvPLSessionState& session_state() const {
return wvpl_session_state_;
}
bool has_sdk_session() { return !(sdk_session_ == nullptr); }
PlatformVerificationStatus VerifyPlatform() override;
// Returns a std::string containing the WVPL version in the form:
// <major_version>.<minor_version>.<release>
static std::string GetVersionString();
// TODO(b/193921795): this API will be deprecated since end-Q3 2021 release.
// Please use GetDeviceInfo() instead.
// Returns true if a provisioned device info exists. Populates the specified
// |device_info| structure.
virtual bool GetProvisionedDeviceInfo(WvPLDeviceInfo* device_info) const;
// Populates the specified |device_info| structure. This API works only for
// * NEW license requests.
// * RENEWAL/RELEASE requests that include a Client Identification.
WvPLStatus GetDeviceInfo(WvPLDeviceInfo* device_info) const override;
protected:
// This class takes ownership of |sdk_session|. This class keeps a pointer
// to |license_counter| but the caller maintains ownership of
// |license_counter|. Both arguments must not be NULL.
WvPLSession(
const video_widevine::DrmRootCertificate* drm_root_certificate,
video_widevine::Session* sdk_session, WvPLLicenseCounter* license_counter,
const video_widevine::SecurityProfileList* device_security_profile_list);
video_widevine::Session* sdk_session() { return sdk_session_; }
void set_sdk_session(video_widevine::Session* sdk_session) {
sdk_session_ = sdk_session;
}
// Sets the license counter to use. The caller maintains ownership of
// |license_counter| but this class keeps a pointer to |license_counter|.
void set_license_counter(WvPLLicenseCounter* license_counter) {
license_counter_ = license_counter;
}
void CopyOemKey(const WvPLKey& wvpl_key,
video_widevine::OemKeyContainer* oem_key_container);
private:
friend class WvPLEnvironment;
friend class WvPLEnvironmentTest;
friend class WvPLSessionTest;
video_widevine::Session* sdk_session_ = nullptr;
WvPLLicenseCounter* license_counter_ = nullptr;
WvPLSessionState wvpl_session_state_;
video_widevine::SessionState session_state_;
};
} // namespace wv_pl_sdk
} // namespace video_widevine_server
#endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_LICENSE_SERVER_SDK_WVPL_SESSION_H_