WvPL License SDK release: 17.0.1

centos/sdk/external/cpp/wvpl/common/wvpl_sdk_copy_utils.h

@@ -0,0 +1,56 @@
+// Copyright 2020 Google LLC. All rights reserved.
+
+#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_COPY_UTILS_H_
+#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_COPY_UTILS_H_
+
+#include "sdk/external/cpp/wvpl/common/wvpl_types.h"
+#include "protos/public/client_identification.pb.h"
+#include "protos/public/device_security_profile_data.pb.h"
+#include "protos/public/license_server_sdk.pb.h"
+
+namespace video_widevine_server {
+namespace wv_pl_sdk {
+
+// copy |wvpl_session_create_options into |session_create_options|
+void CopySessionCreateOptions(
+    const WvPLSessionCreateOptions& wvpl_session_create_options,
+    video_widevine::SessionCreateOptions* session_create_options);
+
+// Copy functions shared by wvpl_sdk_environment.cc and wvpl_sdk_session.cc.
+void CopyOutputRequirement(
+    const video_widevine::OutputRequirement output_requirement,
+    video_widevine_server::wv_pl_sdk::WvPLSecurityProfile::OutputRequirement*
+        wvpl_output_requirement);
+
+void CopyVulnerabilityLevel(
+    const video_widevine::VulnerabilityLevel& vulnerability_level,
+    video_widevine_server::wv_pl_sdk::WvPLSecurityProfile::SecurityRequirement::
+        VulnerabilityLevel* wvpl_vulnerability_level);
+
+void CopyAnalogOutputCapabilities(
+    video_widevine::ClientIdentification::ClientCapabilities::
+        AnalogOutputCapabilities analog_output_capabilities,
+    WvPLClientCapabilities* client_capabilities);
+
+void CopySecurityRequirement(
+    const video_widevine::SecurityRequirement& security_requirement,
+    video_widevine_server::wv_pl_sdk::WvPLSecurityProfile::SecurityRequirement*
+        wvpl_security_requirement);
+
+void CopyDeviceState(
+    const video_widevine::DeviceState& device_state,
+    video_widevine_server::wv_pl_sdk::DeviceState* wvpl_device_state);
+
+void CppPlatformVerificationStatus(
+    const video_widevine::PlatformVerificationStatus& vmp_status,
+    video_widevine_server::wv_pl_sdk::PlatformVerificationStatus*
+        wvpl_vmp_status);
+
+void CopyBrowserRequirement(
+    const video_widevine::BrowserRequirement& browser_requirements,
+    video_widevine_server::wv_pl_sdk::WvPLSecurityProfile::BrowserRequirement*
+        wvpl_browser_requirement);
+}  // namespace wv_pl_sdk
+}  // namespace video_widevine_server
+
+#endif  // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_COPY_UTILS_H_

centos/sdk/external/cpp/wvpl/common/wvpl_sdk_environment.h

@@ -0,0 +1,266 @@
+// Copyright 2017 Google LLC. All rights reserved.
+
+#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_ENVIRONMENT_H_
+#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_ENVIRONMENT_H_
+
+#include <memory>
+#include <string>
+
+#include "absl/synchronization/mutex.h"
+#include "sdk/external/cpp/wvpl/common/wvpl_types.h"
+#include "protos/public/client_identification.pb.h"
+#include "protos/public/device_security_profile_list.pb.h"
+#include "protos/public/provider_key.pb.h"
+#include "protos/public/security_profile.pb.h"
+
+namespace video_widevine {
+class DeviceCertificateStatusList;
+class DrmRootCertificate;
+class DrmCertificate;
+class ProvisionedDeviceInfo;
+class SecurityProfileList;
+}  // namespace video_widevine
+namespace video_widevine_server {
+namespace wv_pl_sdk {
+
+// These fields show the configuration options that can be initialized via
+// the implementation classes (WvPLEnvironment and WvPLProxyEnvironment).
+extern const char kDeviceCertificateExpiration[];
+extern const char kAllowUnknownDevice[];
+extern const char kProvider[];
+extern const char kProviderIv[];
+extern const char kProviderKey[];
+extern const char kApiVerInKcb[];
+extern const char kLimitUsageStatsToErrorsOnly[];
+// Valid values are 'test' and 'prod'.
+extern const char kDrmCertificateType[];
+
+/**
+ * Parent class of SDK environment. This class is not be instantiated directly,
+ * but its API can be accessed via the derived environment classes.
+ */
+class WvPLSDKEnvironment {
+ public:
+  WvPLSDKEnvironment();
+  virtual ~WvPLSDKEnvironment();
+  // TODO(b/193920474): This function will be non-static function since end-Q3
+  // 2021 release.
+  // Generates a license response containing a message generated in response to
+  // an error condition. |create_session_status| is a previous error status
+  // returned by the CreateSession(). |license_response| points to a std::string to
+  // contain the license response and may not be NULL. This method returns true
+  // if there is an error license to be sent to the client, or false
+  // otherwise.
+  static bool GenerateErrorResponse(const WvPLStatus& create_session_status,
+                                    std::string* license_response);
+
+  /**
+   * Add a service certificate system-wide at the sdk. |service_certificate|
+   * is a Google-generated certificate used to authenticate the service
+   * provider.  |service_private_key| is the encrypted PKCS#8 private RSA key
+   * corresponding to the service certificate. |service_private_key_passphrase|
+   * is the password required to decrypt |service_private_key|.  This is a
+   * thread-safe call.
+   *
+   * @param service_certificate
+   * @param service_private_key
+   * @param service_private_key_passphrase
+   *
+   * @return WvPLStatus enumeration
+   */
+  virtual WvPLStatus SetDrmServiceCertificate(
+      const std::string& service_certificate,
+      const std::string& service_private_key,
+      const std::string& service_private_key_passphrase);
+
+  // TODO(b/193920758): this function will be non private function since end-Q3
+  // 2021 release.
+  // Returns the DRM root certificate configured for this environment.
+  const video_widevine::DrmRootCertificate* drm_root_certificate() const {
+    return drm_root_certificate_.get();
+  }
+
+  /**
+   * Set the device certificate status list from a call to the Widevine
+   * Certificate Provisioning Service.
+   */
+  virtual WvPLStatus SetDeviceCertificateStatusList(
+      const std::string& device_certificate_status_list);
+
+  /**
+   * Set the custom device security profile list from a call to the Widevine
+   * PublishedDevicesService.
+   */
+  virtual WvPLStatus SetCustomDeviceSecurityProfiles(
+      const std::string& serialized_signed_device_security_profiles) const;
+
+  /**
+   *  Return a list of the default profile names.
+   */
+  virtual WvPLStatus GetDefaultDeviceSecurityProfileNames(
+      std::vector<std::string>* profile_names) const;
+
+  /**
+   * Return the default profile associated with |profile_name|.
+   */
+  virtual WvPLStatus GetDefaultDeviceSecurityProfile(
+      const std::string& profile_name,
+      WvPLSecurityProfile* device_security_profile) const;
+
+  /**
+   * Obtain the owner list for custom profiles.
+   */
+  virtual WvPLStatus GetCustomDeviceSecurityProfileOwners(
+      std::vector<std::string>* custom_profile_owners) const;
+
+  /**
+   * Return a list of custom profile names associated with |owner_name|.
+   */
+  virtual WvPLStatus GetCustomDeviceSecurityProfileNames(
+      const std::string& owner_name,
+      std::vector<std::string>* profile_names) const;
+
+  /**
+   * Return the custom profiles associated with |owner_name|.
+   */
+  virtual WvPLStatus GetCustomDeviceSecurityProfiles(
+      const std::string& owner_name,
+      std::vector<WvPLSecurityProfile>* custom_device_security_profiles) const;
+
+  // Enable delivery of licenses to revoked client devices. |system_id_list| is
+  // a comma separated list of systems Ids to allow even if revoked.
+  virtual void AllowRevokedDevices(const std::string& system_id_list);
+
+  // Returns true if the system ID is allowed even if revoked.
+  virtual bool IsRevokedDeviceAllowed(uint32_t system_id) const;
+
+  /**
+   * Translates the license request from the CDM to a human-readable message,
+   * useful for debugging.  This translated request is placed in |request_out|.
+   * Returns OK in parsing the |request| successfully, else an error status
+   */
+  virtual WvPLStatus GetRequestAsString(const std::string& request,
+                                        std::string* request_out) const;
+
+  /**
+   * Generate a signed request to be sent to Widevine Certificate Provisioning
+   * Server to retrieve 'DeviceCertificateStatusList'.
+   */
+  virtual WvPLStatus GenerateDeviceStatusListRequest(
+      std::string* signed_device_certificate_status_list_request) = 0;
+  /**
+   * Returns WvPLDeviceInfo for specific system_id.
+   */
+  static WvPLDeviceInfo GetDeviceInfo(uint32_t system_id);
+
+  /**
+   * Set the provider key used for L3 CDM.
+   * |provider_key_config_bytes| is a serialized ProviderKeyConfig proto
+   * message. Returns OK if parsing is successful, otherwise an error is
+   * returned.
+   */
+  virtual WvPLStatus SetProviderKeyConfig(
+      const std::string& provider_key_config_bytes);
+
+  /**
+   * Returns the provider key config used for L3 CDM.
+   */
+  const video_widevine::ProviderKeyConfig& GetProviderKeyConfig() const {
+    return provider_key_config_;
+  }
+
+ protected:
+  // Return the signature for the provider specified in the |config_values|
+  // parameter in the constructor.  |signature| is owned by the caller.
+  static WvPLStatus GenerateSignature(const std::string& plain_text,
+                                      std::string* signature);
+  /**
+   * Insert or update provisionedDeviceInfoMap with device info in
+   * certificate_status_list.
+   */
+  static WvPLStatus UpdateProvisionedDeviceInfoMap(
+      const video_widevine::DeviceCertificateStatusList&
+          certificate_status_list);
+
+  const video_widevine::SecurityProfileList* device_security_profile_list()
+      const {
+    absl::ReaderMutexLock lock(&profile_mutex_);
+    return device_security_profile_list_.get();
+  }
+
+  // Number of seconds until the certificate status list expires after its
+  // creation time. Default value is 604800 seconds.
+  uint32_t device_certificate_expiration_seconds_ = 604800;
+  // "config_values" setting for "kDrmCertificateType".
+  // Supported values are "test" and "prod".  Default value is "prod".
+  std::string drm_certificate_type_ = "prod";
+  // name of the provider hosting this service.
+  std::string provider_;
+  // value of the "iv" specified for the provider.
+  std::string provider_iv_;
+  // value of the "key" specified for the provider.
+  std::string provider_key_;
+  // is_service_certificate_loaded_ is not thread safe.
+  bool is_service_certificate_loaded_ = false;
+  // is_device_certificate_status_list_loaded is not thread safe.
+  bool is_device_certificate_status_list_loaded_ = false;
+
+  // If true, allow devices not in the certificate status list.
+  bool allow_unknown_device_ = false;
+  // DRM root certificate used for verifying all other DRM certificates.
+  std::unique_ptr<video_widevine::DrmRootCertificate> drm_root_certificate_;
+  // Mutex guarding the revoked devices list.
+  mutable absl::Mutex allowed_revoked_devices_mutex_;
+  // List of device system Ids to succeed even if the device is revoked.
+  std::vector<uint32_t> allowed_revoked_devices_
+      ABSL_GUARDED_BY(allowed_revoked_devices_mutex_);
+  // Provider key config used with L3 CDM.
+  video_widevine::ProviderKeyConfig provider_key_config_;
+
+ private:
+  // Get the expected service type for drm service certificate.
+  virtual int GetExpectedServiceCertificateType();
+
+  // Check the type of |service_certificate|. Returns "OK" if the cert can be
+  // used for the current SDK, else an error status.
+  virtual WvPLStatus CheckServiceCertificateType(
+      const std::string& service_certificate);
+
+  /**
+   * Retrieves sdk use widevine certificate or not.
+   */
+  virtual bool is_widevine_certificate() { return is_widevine_certificate_; }
+
+  /**
+   * Return provisioned_device_info if the device_info_map_ contains system_id.
+   *
+   * @return WvPLStatus - Status::OK if success, else error.
+   */
+  static WvPLStatus LookupDeviceInfo(
+      uint32_t system_id,
+      video_widevine::ProvisionedDeviceInfo* provisioned_device_info);
+
+  /**
+   * Add a device to the current environment/session.
+   */
+  static void AddDeviceInfo(
+      const video_widevine::ProvisionedDeviceInfo& provisioned_device_info);
+
+  // Security Profile list to allow for access to Security Profile Level and
+  // DRM information.
+  mutable absl::Mutex profile_mutex_;
+  std::unique_ptr<video_widevine::SecurityProfileList>
+      device_security_profile_list_ ABSL_GUARDED_BY(profile_mutex_);
+  // Only for internal content providers. Default value is false.
+  bool is_widevine_certificate_ = false;
+  friend class WvPLProxyEnvironmentTest;
+  friend class WvPLSDKSession;
+  friend class WvPLProxySession;
+  friend class WvPLProxySessionTest;
+  friend class WvPLSessionTest;
+};
+
+}  // namespace wv_pl_sdk
+}  // namespace video_widevine_server
+
+#endif  // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_ENVIRONMENT_H_

centos/sdk/external/cpp/wvpl/common/wvpl_sdk_session.h

@@ -0,0 +1,352 @@
+// Copyright 2018 Google LLC. All rights reserved.
+
+#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_SESSION_H_
+#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_SESSION_H_
+
+#include <memory>
+
+#include "common/security_profile_list.h"
+#include "sdk/external/cpp/wvpl/common/wvpl_types.h"
+#include "protos/public/device_certificate_status.pb.h"
+
+namespace video_widevine {
+class ClientIdentification;
+class DrmRootCertificate;
+class LicenseRequest;
+class License_KeyContainer_OutputProtection;
+class License_KeyContainer;
+class License_Policy;
+class ProvisionedDeviceInfo;
+class SessionInit;
+class SessionState;
+class SignedMessage;
+}  // namespace video_widevine
+namespace video_widevine_server {
+namespace wv_pl_sdk {
+
+class WvPLSDKSession {
+ public:
+  explicit WvPLSDKSession(
+      const video_widevine::DrmRootCertificate* drm_root_certificate);
+  WvPLSDKSession(
+      const video_widevine::DrmRootCertificate* drm_root_certificate,
+      const video_widevine::SecurityProfileList* security_profile_list);
+  virtual ~WvPLSDKSession();
+
+ public:
+  // Add WvPLKey.
+  virtual WvPLStatus AddKey(const WvPLKey& key);
+
+  // Get the WvPLKey.
+  virtual const std::vector<WvPLKey>& keys() const { return keys_; }
+
+  // Set the license policy.
+  virtual void set_policy(const WvPLPlaybackPolicy& policy) {
+    policy_ = policy;
+    has_policy_ = true;
+  }
+
+  // Get the license policy.
+  virtual const WvPLPlaybackPolicy& policy() const { return policy_; }
+
+  // Set the Session Init.
+  virtual void set_session_init(const WvPLSessionInit& session_init) {
+    session_init_ = session_init;
+  }
+
+  // Get the Session Init.
+  virtual const WvPLSessionInit& session_init() const { return session_init_; }
+
+  virtual bool IsChromeCDM() const;
+
+  /**
+   * Returns the Widevine PSSH data for the license request handled by this
+   * session.
+   *
+   * @param wvpl_widevine_pssh_data.
+   * @return WvPLStatus - Status::OK if success, else error.
+   */
+  virtual WvPLStatus GetPsshData(
+      WvPLWidevinePsshData* wvpl_widevine_pssh_data) const;
+
+  /**
+   * Returns the ClientIdentification information for the license request
+   * handled by this session.
+   *
+   * @param client_info
+   * @return WvPLStatus - Status::OK if success, else error.
+   */
+  virtual WvPLStatus GetClientInfo(WvPLClientInfo* client_info) const;
+  /**
+   * Returns the WvPL Client Capabilities information for the license request
+   * handled by this session.
+   *
+   * @param client_capabilities.
+   * @return WvPLStatus - Status::OK if success, else error.
+   */
+  virtual WvPLStatus GetClientCapabilities(
+      WvPLClientCapabilities* client_capabilities) const;
+
+  /**
+   * Returns the WvPLDeviceInfo information for the license request
+   * handled by this session.
+   *
+   * @param device_info
+   * @return WvPLStatus - Status::OK if success, else error.
+   */
+  virtual WvPLStatus GetDeviceInfo(WvPLDeviceInfo* device_info) const;
+
+  virtual PlatformVerificationStatus VerifyPlatform() = 0;
+
+  virtual WvPLRequestType GetRequestType() const { return request_type_; }
+
+  /**
+   * Returns true if the license type is offline, otherwise return false.
+   *
+   * @return bool.
+   */
+  virtual bool is_offline_license() const;
+
+  /**
+   * Returns the license request contains client id or not.
+   *
+   * @return bool.
+   */
+  virtual bool has_client_id() const { return has_client_id_; }
+
+  /**
+   * Returns true if license request has encrypted_client_id. Otherwise return
+   * false.
+   *
+   * @return bool.
+   */
+  virtual bool has_encrypted_client_id() { return has_encrypted_client_id_; }
+
+  /**
+   * If set to true, allow generation of licenses with
+   * PlatformVerificationStatus = PLATFORM_UNVERIFIED.
+   */
+  virtual void set_allow_unverified_platform(bool allow_unverified_platform) {
+    allow_unverified_platform_ = allow_unverified_platform;
+  }
+
+  /**
+   * Retrieves the setting of whether license generation is allowed if
+   * PlatformVerificationStatus = PLATFORM_UNVERIFIED.
+   */
+  virtual bool allow_unverified_platform() const {
+    return allow_unverified_platform_;
+  }
+
+  /**
+   * If set to false, SDK can reject licensing behaviors to unknown make
+   * model. Default value is false.
+   */
+  virtual void set_reject_unknown_make_model(bool reject_unknown_make_model) {
+    reject_unknown_make_model_ = reject_unknown_make_model;
+  }
+
+  /**
+   * Retrieves the setting of whether unknown make model is rejected.
+   */
+  virtual bool reject_unknown_make_model() const {
+    return reject_unknown_make_model_;
+  }
+
+  /**
+   * If set to true, allow generation of licenses with
+   * PlatformVerificationStatus = PLATFORM_TAMPERED.
+   */
+  virtual void set_allow_tampered_platform(bool allow_tampered_platform) {
+    allow_tampered_platform_ = allow_tampered_platform;
+  }
+
+  /**
+   * Retrieves the setting of whether license generation is allowed if
+   * PlatformVerificationStatus = PLATFORM_TAMPERED.
+   */
+  virtual bool allow_tampered_platform() const {
+    return allow_tampered_platform_;
+  }
+
+  /**
+   * Retrieves Widevine Security Profile DrmInfo of the device.
+   * Returns true if |drm_info| was successully populated.
+   */
+  virtual bool GetDrmInfo(WvPLSecurityProfile::DrmInfo* drm_info) const;
+
+  /**
+   * Retrieves qualifying Widevine Default Security Profile names.
+   */
+  virtual WvPLStatus GetQualifiedDefaultDeviceSecurityProfiles(
+      std::vector<std::string>* default_qualified_profile_names) const;
+
+  /**
+   * Retrieves qualifying Custom Security Profiles names given the owner name.
+   */
+  virtual WvPLStatus GetQualifiedCustomDeviceSecurityProfiles(
+      const std::string& owner_name,
+      std::vector<std::string>* custom_qualified_profile_names) const;
+
+  // Return ok status if get content id information successful and |content_id|
+  // would be set, else return failure and |content_id| would not be set
+  WvPLStatus GetContentId(std::string* content_id) const;
+
+ protected:
+  void set_license_request_from_cdm(const std::string& request_from_cdm) {
+    license_request_from_cdm_ = request_from_cdm;
+  }
+  const video_widevine::DrmRootCertificate* drm_root_certificate_;
+  std::string user_agent_;
+  std::string device_id_;
+  std::string content_id_;
+  std::vector<WvPLKey> keys_;
+  WvPLPlaybackPolicy policy_;
+  WvPLSessionInit session_init_;
+  WvPLWidevinePsshData pssh_data_;
+  std::unique_ptr<video_widevine::ClientIdentification> client_id_;
+  std::unique_ptr<video_widevine::ProvisionedDeviceInfo>
+      provisioned_device_info_;
+  bool has_pssh_data_ = false;
+  bool has_client_id_ = false;
+  PlatformVerificationStatus platform_verification_status_ =
+      PLATFORM_NO_VERIFICATION;
+  std::unique_ptr<video_widevine::SignedMessage>
+      signed_message_request_from_cdm_;
+  std::string license_request_from_cdm_;
+  std::string remote_attestation_cert_serial_number_;
+  std::unique_ptr<video_widevine::LicenseRequest> sdk_license_request_;
+  WvPLRequestType request_type_;
+  bool has_session_state_ = false;
+  bool has_encrypted_client_id_ = false;
+  bool using_generated_content_id_ = false;
+  std::string provider_;
+  std::string provider_iv_;
+  std::string provider_key_;
+
+  virtual WvPLStatus VerifyRemoteAttestation();
+
+  // Returns the WvPL Client Capabilities information for the license request
+  // handled by this session.
+  WvPLStatus GetWvPLClientCapabilities(
+      const video_widevine::ClientIdentification& client_id,
+      WvPLClientCapabilities* client_capabilities) const;
+
+  // Copy and translates the Key fields from a WvPL Key into an SDK
+  // key container.
+  // Copies
+  // (1) key id
+  // (2) key
+  // (3) video_resolution_constraints
+  // (4) output protection using CopyOutputProtection
+  // (5) security_level using CopySecurityLevel
+  // Translates
+  // (1) key type
+  void CopyKey(const WvPLKey& wvpl_key,
+               video_widevine::License_KeyContainer* sdk_key_container);
+
+  // Copies/translates output_protection in WvPL Key into an SDK key container.
+  virtual void CopyOutputProtection(
+      const WvPLOutputProtection& wvpl_output_protection,
+      video_widevine::License_KeyContainer_OutputProtection* output_protection);
+
+  // Copies/translatessecurity_level in WvPL Key into an SDK key container.
+  virtual void CopySecurityLevel(
+      const WvPLOutputProtection& output_protection, TrackType track_type,
+      video_widevine::License_KeyContainer* key_container);
+
+  // Copies/translates the policy from a WvPL policy into an SDK policy. A
+  // helper function for GenerateLicenseRequestAsJSON.
+  virtual void CopyPlaybackPolicy(const WvPLPlaybackPolicy& wvpl_policy,
+                                  video_widevine::License_Policy* sdk_policy);
+
+  // Copy the |hdcp_value| into the key container.
+  virtual void CopyHDCP(
+      HDCP hdcp_value,
+      video_widevine::License_KeyContainer_OutputProtection* output_protection);
+
+  // Copy the WvPLSession Init into Session Init.
+  virtual void CopySessionInit(const WvPLSessionInit& wvpl_session_init,
+                               video_widevine::SessionInit* session_init);
+
+  // Copy the WvPLDeviceInfo into ProvisionedDeviceInfo.
+  virtual void CopyProvisionedDeviceInfo(
+      const WvPLDeviceInfo& wvpl_device_info,
+      video_widevine::ProvisionedDeviceInfo* device_info);
+
+  // Populate deviceInfo, clientIdentification and psshdata for license request.
+  WvPLStatus ParseLicenseRequest();
+
+  // Copy the WvPLSessionState to SessionState.
+  void CopySessionState(const WvPLSessionState& wvpl_session_state,
+                        video_widevine::SessionState* session_state);
+
+  // Set system_id value. Only used for test case.
+  virtual void SetSystemId(uint32_t system_id);
+
+  // Return has_system_id_ value. True if session has system id.
+  virtual bool HasSystemId() const;
+
+  // Return system_id value in uint32_t. The function will crash if it does not
+  // have system_id.
+  virtual uint32_t GetSystemId() const;
+
+  // Set drm serial number. Only used for test case.
+  virtual void SetDrmSerialNumber(const std::string& drm_serial_number);
+
+  // Return drm serial number.
+  virtual std::string GetDrmSerialNumber() const;
+  /**
+   * Use system_id to loop up device info.
+   *
+   * @return WvPLStatus - Status::OK if success, else error.
+   */
+  virtual WvPLStatus LookupDeviceInfo(
+      uint32_t system_id,
+      video_widevine::ProvisionedDeviceInfo* provisioned_device_info) const;
+
+  virtual const std::string TrackTypeToString(TrackType track_type) const;
+
+  virtual bool has_policy() { return has_policy_; }
+
+  virtual const video_widevine::SecurityProfileList*
+  device_security_profile_list() {
+    return device_security_profile_list_;
+  }
+
+  // Set the provider which hosts this service.
+  virtual void set_provider(const std::string& provider) {
+    provider_ = provider;
+  }
+
+  // Set the iv specified for the provider.
+  virtual void set_provider_iv(const std::string& provider_iv) {
+    provider_iv_ = provider_iv;
+  }
+
+  // Set the key specified for the provider.
+  virtual void set_provider_key(const std::string& provider_key) {
+    provider_key_ = provider_key;
+  }
+
+  DeviceStatus GetDeviceStatus(video_widevine::DeviceCertificateStatus::Status
+                                   device_certificate_status) const;
+
+  bool using_generated_content_id() const {
+    return using_generated_content_id_;
+  }
+
+ private:
+  std::unique_ptr<uint32_t> system_id_;
+  bool has_policy_ = false;
+  bool allow_unverified_platform_ = true;
+  bool allow_tampered_platform_ = true;
+  bool reject_unknown_make_model_ = false;
+  const video_widevine::SecurityProfileList* device_security_profile_list_ =
+      nullptr;
+};
+
+}  // namespace wv_pl_sdk
+}  // namespace video_widevine_server
+
+#endif  // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_SESSION_H_

centos/sdk/external/cpp/wvpl/license_server_sdk/wvpl_environment.h

@@ -0,0 +1,176 @@
+// Copyright 2017 Google LLC. All rights reserved.
+
+#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_LICENSE_SERVER_SDK_WVPL_ENVIRONMENT_H_
+#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_LICENSE_SERVER_SDK_WVPL_ENVIRONMENT_H_
+
+#include <map>
+#include <memory>
+#include <string>
+
+#include "sdk/external/cpp/wvdrm/license_server_sdk/environment.h"
+#include "sdk/external/cpp/wvpl/common/wvpl_sdk_environment.h"
+#include "sdk/external/cpp/wvpl/common/wvpl_types.h"
+
+// TODO(yawenyu): Use generateSignature function in WvPLSDKEnvironement instead
+// of get GetSignature.
+namespace video_widevine_server {
+namespace wv_pl_sdk {
+
+using video_widevine::Environment;
+
+class WvPLLicenseCounter;
+class WvPLSession;
+
+// Generate a Widevine environment object one time.  The WvPLEnvironment object
+// is used to create widevine sessions.  WvPLEnvironment is used to hold data
+// and spans the lifetime of a session, therefore it should be retained by
+// the caller.  Sessions will not get generated if the initial call to
+// SetDeviceCertificateStatusList() is not successful.
+//
+// Example:
+//   map<string, string> config_values;
+//   config_values.insert(std::make_pair(kAllowUnknownDevice, "true"));
+//   config_values.insert(std::make_pair(kProvider, "<Provider Name>"));
+//   config_values.insert(std::make_pair(kProviderIv, "<Provider IV>"));
+//   config_values.insert(std::make_pair(kProviderKey, "<Provider Key>"));
+//   WvPLEnvironment* wvpl_environment = new WvPLEnvironment(config_values);
+//   std::string error_str;
+//   std::string cert_status_list;
+//   std::string service_cert;
+//   WVStatus status;
+//   status = wvpl_environment->Initialize();
+//   wvpl_environment->SetPreProvisioningKeys(prev_prov_keys);
+//   status = wvpl_environment->SetDrmServiceCertificate(
+//                "<Provider service cert>", "<Service Private Key>",
+//                "<Service Private Key Passphrase>");
+//   -- Fetch the intermediate certificates.
+//   SomeFunctionToFetchTheCertificates(&cert_status_list);
+//   status =
+//   wvpl_environment->SetDeviceCertificateStatusList(cert_status_list);
+
+class WvPLEnvironment : public WvPLSDKEnvironment {
+ public:
+  // Copies the config_values and constructs a new WvPLEnvironment object.
+  // TODO(hali): Add all config parameters.
+  explicit WvPLEnvironment(
+      const std::map<std::string, std::string>& config_values);
+
+  virtual ~WvPLEnvironment();
+
+  // TODO(b/194740480): This function will be changed to private since end-Q3
+  // 2021 release.
+  // One time initialization.  Must be called once after construction.
+  virtual WvPLStatus Initialize();
+
+  // Create a new Session object. Upon success, |session| points to a new
+  // object created on the heap.  Caller retains ownership of the session.
+  // Example usage:
+  // WvPLSession* session;
+  // WvPLStatus status = wvpl_environment->CreateSession(request_from_client,
+  //                                                     &session);
+  // if (!status.ok()) {
+  //   std::string error_license;
+  //   if (wvpl_environment->GenerateErrorResponse(status, &error_license)) {
+  //     // Send error_license to the client.
+  //   } else {
+  //     // Handle error
+  //   }
+  //   return ...
+  // }
+  // // Continue with license flow, invoke GenerateLicense(), etc.
+  virtual WvPLStatus CreateSession(const std::string& request,
+                                   WvPLSession** session) const;
+
+  virtual WvPLStatus CreateSessionWithOptions(
+      const std::string& request, const WvPLSessionCreateOptions& options,
+      WvPLSession** session) const;
+  // Deletes |session|. Should be called if CreateSession() was successful and
+  // the session is no longer needed.
+  virtual void DestroySession(WvPLSession* session) const;
+
+  // Thread-safe call to set the pre-provisioning keys.  Map key is the
+  // system id, value. Value should be human-readable hex digits.
+  virtual WvPLStatus SetPreProvisioningKeys(
+      const std::map<uint32_t, std::string>& keys);
+
+  // Return the license counter data as bytes. The bytes in
+  // |signed_license_stats| are binary. The internal data is flushed
+  // if |flush_data| is true. If |flush_data| is false, license counters will
+  // accumulate.  If this call returns "Status::OK", |signed_license_stats| is
+  // populated.  |signed_license_stats| is owned by the caller.
+  virtual WvPLStatus GetStatsAsBytes(bool flush_data,
+                                     std::string* signed_license_stats);
+
+  // TODO(b/193921143): flush_data parameter will be removed since end-Q3 2021
+  // release.
+  // Return the license counter data in a human-readable format. The
+  // internal data is flushed if |flush_data| is true.  If |flush_data| is
+  // false, license counters will accumulate.  If this call returns
+  // "Status::OK", |license_stats| is populated.  |license_stats| is owned by
+  // the caller.
+  virtual WvPLStatus GetStatsAsString(bool flush_data,
+                                      std::string* license_stats);
+
+  // Deprecated.
+  // This API will be replaced by
+  // WvPLSDKEnvironment::SetDeviceCertificateStatusList(). It will be removed
+  // from this header file in the mid-Q3 2021 SDK release.
+  // In order to stay up-to-date with new devices, it is recommended to fetch
+  // new certificates on a regular basis.  The update interval should be once a
+  // day.  If UpdateWithCerftificates() fails, the existing certificates are
+  // still valid, but are subject to expiration.  The expiration is controlled
+  // by the content provider and configured as a parameter when creating
+  // WvPLEnvironment.
+  // |cert_list| is the response provided from the Widevine API
+  // that produces the certificate list. The method can handle either the new
+  // API format (the serialized PublishedDevices proto), or the legacy format (a
+  // JSON response containing the base64-encoded certificate list).
+  virtual WvPLStatus UpdateWithCertificates(const std::string& cert_list);
+
+  // Generate a signed request to be sent to Widevine Certificate Provisioning
+  // Server to retrieve 'DeviceCertificateStatusList'.
+  WvPLStatus GenerateDeviceStatusListRequest(
+      std::string* signed_device_certificate_status_list_request) override;
+
+  // TODO(b/193920802): This function will be changed to private function in
+  // mid-2021 Q3 release.
+  // Get the expected service type for drm service certificate. The expected
+  // value is LICENSE_SERVER_SDK.
+  int GetExpectedServiceCertificateType() override;
+
+  // Enable delivery of licenses to revoked client devices. |system_id_list| is
+  // a comma separated list of systems Ids to allow even if revoked.
+  void AllowRevokedDevices(const std::string& system_id_list) override;
+
+ private:
+  // Return the signature for the provider specified in the |config_values|
+  // parameter in the constructor.  |signature| is owned by the caller.
+  virtual WvPLStatus GetSignature(const std::string& text_to_sign,
+                                  std::string* signature);
+
+  std::unique_ptr<WvPLLicenseCounter> license_counter_;
+  // list of system ids that support having the Crypto API version specified in
+  // the Key Control Block (KCB).
+  std::string system_ids_for_api_ver_in_kcb_;
+  // Comma separated list of system ids by make allowed to be TEST_ONLY.
+  std::string allow_test_only_by_make_;
+  // Comma separated list of system ids by provider allowed to be TEST_ONLY.
+  std::string allow_test_only_by_provider_;
+  // Whether all test devices should be allowed.
+  bool allow_development_clients_;
+  // Restriction on core message features. If this is an empty string, the
+  // default feature set is used. If it is an integer, that is the ODK version
+  // supported. This restricts the features that the server will support in an
+  // oemcrypto core message. For example, we may restrict the server to never
+  // send a v17 message by setting the std::string to "16". For details, please see
+  // common/oemcrypto_core_message/odk/include/core_message_features.h
+  std::string core_message_features_;
+  // A few functions from sdk/external/cpp/wvdrm/license_server_sdk/environment
+  // are used to run wvpl_environment.
+  std::unique_ptr<Environment> environment_;
+};
+
+}  // namespace wv_pl_sdk
+}  // namespace video_widevine_server
+
+#endif  // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_LICENSE_SERVER_SDK_WVPL_ENVIRONMENT_H_

centos/sdk/external/cpp/wvpl/license_server_sdk/wvpl_session.h

@@ -0,0 +1,119 @@
+// Copyright 2017 Google LLC. All rights reserved.
+
+#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_LICENSE_SERVER_SDK_WVPL_SESSION_H_
+#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_LICENSE_SERVER_SDK_WVPL_SESSION_H_
+
+#include <stdint.h>
+
+#include <string>
+#include <vector>
+
+#include "sdk/external/cpp/wvdrm/license_server_sdk/session.h"
+#include "sdk/external/cpp/wvpl/common/wvpl_sdk_session.h"
+#include "sdk/external/cpp/wvpl/common/wvpl_types.h"
+#include "protos/public/errors.pb.h"
+#include "protos/public/license_server_sdk.pb.h"
+#include "protos/public/oem_key_container.pb.h"
+#include "protos/public/playready.pb.h"
+#include "protos/public/widevine_pssh.pb.h"
+
+namespace video_widevine {
+class Session;
+}  // namespace video_widevine
+
+namespace video_widevine_server {
+namespace wv_pl_sdk {
+// Because we do not want to export wvpl_license_counter.h outside google3, add
+// WvPLLicenseCounter here.
+class WvPLLicenseCounter;
+
+// major version to line up with latest released OEMCryptoAPI version.
+const uint32_t kMajorVersion = 17;
+const uint32_t kMinorVersion = 0;
+const uint32_t kRelease = 1;
+
+// Once a Widevine environment  object is successfully initialized, generate a
+// Widevine session object for each license request.  CreateSession() parses
+// the request and validates the request by verifying the signature.  If
+// successful, a session object is created and OK is returned.
+// Once a Widevine session object is successfully created, setup the session
+// object with the policy and keys.  Call AddKey() multiple times for each key.
+
+class WvPLSession : public WvPLSDKSession {
+ public:
+  WvPLSession();
+  ~WvPLSession() override;
+
+  // Generates the license for sending back to the Widevine client. Caller owns
+  // |license|.
+  virtual WvPLStatus GenerateLicense(std::string* license);
+
+  // Set the session state.
+  virtual void set_session_state(const WvPLSessionState& wvpl_session_state) {
+    wvpl_session_state_ = wvpl_session_state;
+    has_session_state_ = true;
+  }
+
+  // Get the session state.
+  virtual const WvPLSessionState& session_state() const {
+    return wvpl_session_state_;
+  }
+
+  bool has_sdk_session() { return !(sdk_session_ == nullptr); }
+
+  PlatformVerificationStatus VerifyPlatform() override;
+
+  // Returns a std::string containing the WVPL version in the form:
+  // <major_version>.<minor_version>.<release>
+  static std::string GetVersionString();
+
+  // TODO(b/193921795): this API will be deprecated since end-Q3 2021 release.
+  // Please use GetDeviceInfo() instead.
+  // Returns true if a provisioned device info exists.  Populates the specified
+  // |device_info| structure.
+  virtual bool GetProvisionedDeviceInfo(WvPLDeviceInfo* device_info) const;
+
+  // Populates the specified |device_info| structure.  This API works only for
+  // * NEW license requests.
+  // * RENEWAL/RELEASE requests that include a Client Identification.
+  WvPLStatus GetDeviceInfo(WvPLDeviceInfo* device_info) const override;
+
+ protected:
+  // This class takes ownership of |sdk_session|.  This class keeps a pointer
+  // to |license_counter| but the caller maintains ownership of
+  // |license_counter|.  Both arguments must not be NULL.
+  WvPLSession(
+      const video_widevine::DrmRootCertificate* drm_root_certificate,
+      video_widevine::Session* sdk_session, WvPLLicenseCounter* license_counter,
+      const video_widevine::SecurityProfileList* device_security_profile_list);
+
+  video_widevine::Session* sdk_session() { return sdk_session_; }
+
+  void set_sdk_session(video_widevine::Session* sdk_session) {
+    sdk_session_ = sdk_session;
+  }
+
+  // Sets the license counter to use. The caller maintains ownership of
+  // |license_counter| but this class keeps a pointer to |license_counter|.
+  void set_license_counter(WvPLLicenseCounter* license_counter) {
+    license_counter_ = license_counter;
+  }
+
+  void CopyOemKey(const WvPLKey& wvpl_key,
+                  video_widevine::OemKeyContainer* oem_key_container);
+
+ private:
+  friend class WvPLEnvironment;
+  friend class WvPLEnvironmentTest;
+  friend class WvPLSessionTest;
+
+  video_widevine::Session* sdk_session_ = nullptr;
+  WvPLLicenseCounter* license_counter_ = nullptr;
+  WvPLSessionState wvpl_session_state_;
+  video_widevine::SessionState session_state_;
+};
+
+}  // namespace wv_pl_sdk
+}  // namespace video_widevine_server
+
+#endif  // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_LICENSE_SERVER_SDK_WVPL_SESSION_H_