WvPL License SDK release: beta-16.4.5

2021-06-28 19:00:08 +00:00
parent 8fbd7ee7a1
commit 9ea1b5fb61
136 changed files with 78435 additions and 0 deletions
--- a/ubuntu/license_server_sdk/external/common/wvpl/wvpl_environment.h
+++ b/ubuntu/license_server_sdk/external/common/wvpl/wvpl_environment.h
@@ -0,0 +1,162 @@
+// Copyright 2017 Google LLC. All rights reserved.
+
+#ifndef VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_EXTERNAL_COMMON_WVPL_WVPL_ENVIRONMENT_H_
+#define VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_EXTERNAL_COMMON_WVPL_WVPL_ENVIRONMENT_H_
+
+#include <map>
+#include <memory>
+#include <string>
+
+#include "sdk/external/common/wvpl/wvpl_sdk_environment.h"
+#include "sdk/external/common/wvpl/wvpl_types.h"
+
+// TODO(yawenyu): Use generateSignature function in WvPLSDKEnvironement instead
+// of get GetSignature.
+namespace video_widevine_server {
+namespace wv_pl_sdk {
+
+class WvPLLicenseCounter;
+class WvPLSession;
+
+// Generate a Widevine environment object one time.  The WvPLEnvironment object
+// is used to create widevine sessions.  WvPLEnvironment is used to hold data
+// and spans the lifetime of a session, therefore it should be retained by
+// the caller.  Sessions will not get generated if the initial call to
+// SetDeviceCertificateStatusList() is not successful.
+//
+// Example:
+//   map<string, string> config_values;
+//   config_values.insert(std::make_pair(kAllowUnknownDevice, "true"));
+//   config_values.insert(std::make_pair(kProvider, "<Provider Name>"));
+//   config_values.insert(std::make_pair(kProviderIv, "<Provider IV>"));
+//   config_values.insert(std::make_pair(kProviderKey, "<Provider Key>"));
+//   WvPLEnvironment* wvpl_environment = new WvPLEnvironment(config_values);
+//   std::string error_str;
+//   std::string cert_status_list;
+//   std::string service_cert;
+//   WVStatus status;
+//   status = wvpl_environment->Initialize();
+//   status = wvpl_environment->SetDrmServiceCertificate(
+//                "<Provider service cert>", "<Service Private Key>",
+//                "<Service Private Key Passphrase>");
+//   -- Fetch the intermediate certificates.
+//   SomeFunctionToFetchTheCertificates(&cert_status_list);
+//   status =
+//   wvpl_environment->SetDeviceCertificateStatusList(cert_status_list);
+
+class WvPLEnvironment : public WvPLSDKEnvironment {
+ public:
+  // Copies the config_values and constructs a new WvPLEnvironment object.
+  // TODO(hali): Add all config parameters.
+  explicit WvPLEnvironment(
+      const std::map<std::string, std::string>& config_values);
+
+  virtual ~WvPLEnvironment();
+
+  // One time initialization.  Must be called once after construction.
+  virtual WvPLStatus Initialize();
+
+  // Create a new Session object. Upon success, |session| points to a new
+  // object created on the heap.  Caller retains ownership of the session.
+  // Example usage:
+  // WvPLSession* session;
+  // WvPLStatus status = wvpl_environment->CreateSession(request_from_client,
+  //                                                     &session);
+  // if (!status.ok()) {
+  //   std::string error_license;
+  //   if (wvpl_environment->GenerateErrorResponse(status, &error_license)) {
+  //     // Send error_license to the client.
+  //   } else {
+  //     // Handle error
+  //   }
+  //   return ...
+  // }
+  // // Continue with license flow, invoke GenerateLicense(), etc.
+  virtual WvPLStatus CreateSession(const std::string& request,
+                                   WvPLSession** session) const;
+
+  virtual WvPLStatus CreateSessionWithOptions(
+      const std::string& request, const WvPLSessionCreateOptions& options,
+      WvPLSession** session) const;
+  // Deletes |session|. Should be called if CreateSession() was successful and
+  // the session is no longer needed.
+  virtual void DestroySession(WvPLSession* session) const;
+
+  // Thread-safe call to set the pre-provisioning keys.  Map key is the
+  // system id, value. Value should be human-readable hex digits.
+  virtual WvPLStatus SetPreProvisioningKeys(
+      const std::map<uint32_t, std::string>& keys);
+
+  // Return the license counter data as bytes. The bytes in
+  // |signed_license_stats| are binary. The internal data is flushed
+  // if |flush_data| is true. If |flush_data| is false, license counters will
+  // accumulate.  If this call returns "Status::OK", |signed_license_stats| is
+  // populated.  |signed_license_stats| is owned by the caller.
+  virtual WvPLStatus GetStatsAsBytes(bool flush_data,
+                                     std::string* signed_license_stats);
+
+  // Return the license counter data in a human-readable format. The internal
+  // data is flushed if |flush_data| is true.  If |flush_data| is false,
+  // license counters will accumulate.  If this call returns "Status::OK",
+  // |license_stats| is populated.  |license_stats| is owned by the caller.
+  virtual WvPLStatus GetStatsAsString(bool flush_data,
+                                      std::string* license_stats);
+
+  // Deprecated.
+  // This API will be replaced by
+  // WvPLSDKEnvironment::SetDeviceCertificateStatusList(). It will be removed
+  // from this header file in the mid-Q3 2021 SDK release.
+  // In order to stay up-to-date with new devices, it is recommended to fetch
+  // new certificates on a regular basis.  The update interval should be once a
+  // day.  If UpdateWithCerftificates() fails, the existing certificates are
+  // still valid, but are subject to expiration.  The expiration is controlled
+  // by the content provider and configured as a parameter when creating
+  // WvPLEnvironment.
+  // |cert_list| is the response provided from the Widevine API
+  // that produces the certificate list. The method can handle either the new
+  // API format (the serialized PublishedDevices proto), or the legacy format (a
+  // JSON response containing the base64-encoded certificate list).
+  virtual WvPLStatus UpdateWithCertificates(const std::string& cert_list);
+
+  // Generate a signed request to be sent to Widevine Certificate Provisioning
+  // Server to retrieve 'DeviceCertificateStatusList'.
+  virtual WvPLStatus GenerateDeviceStatusListRequest(
+      std::string* signed_device_certificate_status_list_request);
+
+  // Get the expected service type for drm service certificate. The expected
+  // value is LICENSE_SERVER_SDK.
+  int GetExpectedServiceCertificateType() override;
+
+  // Enable delivery of licenses to revoked client devices. |system_id_list| is
+  // a comma separated list of systems Ids to allow even if revoked.
+  void AllowRevokedDevices(const std::string& system_id_list) override;
+
+ private:
+  // Return the signature for the provider specified in the |config_values|
+  // parameter in the constructor.  |signature| is owned by the caller.
+  virtual WvPLStatus GetSignature(const std::string& text_to_sign,
+                                  std::string* signature);
+
+  std::unique_ptr<WvPLLicenseCounter> license_counter_;
+  // list of system ids that support having the Crypto API version specified in
+  // the Key Control Block (KCB).
+  std::string system_ids_for_api_ver_in_kcb_;
+  // Comma separated list of system ids by make allowed to be TEST_ONLY.
+  std::string allow_test_only_by_make_;
+  // Comma separated list of system ids by provider allowed to be TEST_ONLY.
+  std::string allow_test_only_by_provider_;
+  // Whether all test devices should be allowed.
+  bool allow_development_clients_;
+  // Restriction on core message features. If this is an empty string, the
+  // default feature set is used. If it is an integer, that is the ODK version
+  // supported. This restricts the features that the server will support in an
+  // oemcrypto core message. For example, we may restrict the server to never
+  // send a v17 message by setting the std::string to "16". For details, please see
+  // common/oemcrypto_core_message/odk/include/core_message_features.h
+  std::string core_message_features_;
+};
+
+}  // namespace wv_pl_sdk
+}  // namespace video_widevine_server
+
+#endif  // VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_EXTERNAL_COMMON_WVPL_WVPL_ENVIRONMENT_H_
--- a/ubuntu/license_server_sdk/external/common/wvpl/wvpl_session.h
+++ b/ubuntu/license_server_sdk/external/common/wvpl/wvpl_session.h
@@ -0,0 +1,118 @@
+// Copyright 2017 Google LLC. All rights reserved.
+
+#ifndef VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_EXTERNAL_COMMON_WVPL_WVPL_SESSION_H_
+#define VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_EXTERNAL_COMMON_WVPL_WVPL_SESSION_H_
+
+#include <stdint.h>
+
+#include <string>
+#include <vector>
+
+#include "license_server_sdk/public/session.h"
+#include "sdk/external/common/wvpl/wvpl_sdk_session.h"
+#include "sdk/external/common/wvpl/wvpl_types.h"
+#include "protos/public/errors.pb.h"
+#include "protos/public/license_server_sdk.pb.h"
+#include "protos/public/oem_key_container.pb.h"
+#include "protos/public/playready.pb.h"
+#include "protos/public/widevine_pssh.pb.h"
+
+namespace video_widevine {
+class Session;
+}  // namespace video_widevine
+
+namespace video_widevine_server {
+namespace wv_pl_sdk {
+// Because we do not want to export wvpl_license_counter.h outside google3, add
+// WvPLLicenseCounter here.
+class WvPLLicenseCounter;
+
+// major version to line up with latest released OEMCryptoAPI version.
+const uint32_t kMajorVersion = 16;
+const uint32_t kMinorVersion = 4;
+const uint32_t kRelease = 5;
+
+// Once a Widevine environment  object is successfully initialized, generate a
+// Widevine session object for each license request.  CreateSession() parses
+// the request and validates the request by verifying the signature.  If
+// successful, a session object is created and OK is returned.
+// Once a Widevine session object is successfully created, setup the session
+// object with the policy and keys.  Call AddKey() multiple times for each key.
+
+class WvPLSession : public WvPLSDKSession {
+ public:
+  WvPLSession();
+  ~WvPLSession() override;
+
+  // Generates the license for sending back to the Widevine client. Caller owns
+  // |license|.
+  virtual WvPLStatus GenerateLicense(std::string* license);
+
+  // Set the session state.
+  virtual void set_session_state(const WvPLSessionState& wvpl_session_state) {
+    wvpl_session_state_ = wvpl_session_state;
+    has_session_state_ = true;
+  }
+
+  // Get the session state.
+  virtual const WvPLSessionState& session_state() const {
+    return wvpl_session_state_;
+  }
+
+  bool has_sdk_session() { return !(sdk_session_ == nullptr); }
+
+  PlatformVerificationStatus VerifyPlatform() override;
+
+  // Returns a std::string containing the WVPL version in the form:
+  // <major_version>.<minor_version>.<release>
+  static std::string GetVersionString();
+
+  // Returns true if a provisioned device info exists.  Populates the specified
+  // |device_info| structure.
+  // TODO(hali): Deprecate this API and use GetDeviceInfo() instead.
+  virtual bool GetProvisionedDeviceInfo(WvPLDeviceInfo* device_info) const;
+
+  // Populates the specified |device_info| structure.  This API works only for
+  // * NEW license requests.
+  // * RENEWAL/RELEASE requests that include a Client Identification.
+  WvPLStatus GetDeviceInfo(WvPLDeviceInfo* device_info) const override;
+
+ protected:
+  // This class takes ownership of |sdk_session|.  This class keeps a pointer
+  // to |license_counter| but the caller maintains ownership of
+  // |license_counter|.  Both arguments must not be NULL.
+  WvPLSession(
+      const video_widevine::DrmRootCertificate* drm_root_certificate,
+      video_widevine::Session* sdk_session, WvPLLicenseCounter* license_counter,
+      const video_widevine::SecurityProfileList* device_security_profile_list);
+
+  video_widevine::Session* sdk_session() { return sdk_session_; }
+
+  void set_sdk_session(video_widevine::Session* sdk_session) {
+    sdk_session_ = sdk_session;
+  }
+
+  // Sets the license counter to use. The caller maintains ownership of
+  // |license_counter| but this class keeps a pointer to |license_counter|.
+  void set_license_counter(WvPLLicenseCounter* license_counter) {
+    license_counter_ = license_counter;
+  }
+
+  void CopyOemKey(const WvPLKey& wvpl_key,
+                  video_widevine::OemKeyContainer* oem_key_container);
+
+ private:
+  friend class WvPLEnvironment;
+  friend class WvPLEnvironmentTest;
+  friend class WvPLSessionTest;
+
+  video_widevine::Session* sdk_session_ = nullptr;
+  WvPLLicenseCounter* license_counter_ = nullptr;
+  WvPLSessionState wvpl_session_state_;
+  video_widevine::SessionState session_state_;
+};
+
+}  // namespace wv_pl_sdk
+}  // namespace video_widevine_server
+
+#endif  // VIDEO_WIDEVINE_EXPORT_LICENSE_SERVER_SDK_EXTERNAL_COMMON_WVPL_WVPL_SESSION_H_