// Copyright 2017 Google LLC. All rights reserved. #ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_ENVIRONMENT_H_ #define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_ENVIRONMENT_H_ #include #include #include "absl/synchronization/mutex.h" #include "sdk/external/cpp/wvpl/common/wvpl_types.h" #include "protos/public/client_identification.pb.h" #include "protos/public/device_security_profile_list.pb.h" #include "protos/public/provider_key.pb.h" #include "protos/public/security_profile.pb.h" namespace video_widevine { class DeviceCertificateStatusList; class DrmRootCertificate; class DrmCertificate; class ProvisionedDeviceInfo; class SecurityProfileList; } // namespace video_widevine namespace video_widevine_server { namespace wv_pl_sdk { // These fields show the configuration options that can be initialized via // the implementation classes (WvPLEnvironment and WvPLProxyEnvironment). extern const char kDeviceCertificateExpiration[]; extern const char kAllowUnknownDevice[]; extern const char kProvider[]; extern const char kProviderIv[]; extern const char kProviderKey[]; extern const char kApiVerInKcb[]; extern const char kLimitUsageStatsToErrorsOnly[]; // Valid values are 'test' and 'prod'. extern const char kDrmCertificateType[]; /** * Parent class of SDK environment. This class is not be instantiated directly, * but its API can be accessed via the derived environment classes. */ class WvPLSDKEnvironment { public: WvPLSDKEnvironment(); virtual ~WvPLSDKEnvironment(); // TODO(b/193920474): This function will be non-static function since end-Q3 // 2021 release. // Generates a license response containing a message generated in response to // an error condition. |create_session_status| is a previous error status // returned by the CreateSession(). |license_response| points to a std::string to // contain the license response and may not be NULL. This method returns true // if there is an error license to be sent to the client, or false // otherwise. static bool GenerateErrorResponse(const WvPLStatus& create_session_status, std::string* license_response); /** * Add a service certificate system-wide at the sdk. |service_certificate| * is a Google-generated certificate used to authenticate the service * provider. |service_private_key| is the encrypted PKCS#8 private RSA key * corresponding to the service certificate. |service_private_key_passphrase| * is the password required to decrypt |service_private_key|. This is a * thread-safe call. * * @param service_certificate * @param service_private_key * @param service_private_key_passphrase * * @return WvPLStatus enumeration */ virtual WvPLStatus SetDrmServiceCertificate( const std::string& service_certificate, const std::string& service_private_key, const std::string& service_private_key_passphrase); // TODO(b/193920758): this function will be non private function since end-Q3 // 2021 release. // Returns the DRM root certificate configured for this environment. const video_widevine::DrmRootCertificate* drm_root_certificate() const { return drm_root_certificate_.get(); } /** * Set the device certificate status list from a call to the Widevine * Certificate Provisioning Service. */ virtual WvPLStatus SetDeviceCertificateStatusList( const std::string& device_certificate_status_list); /** * Set the custom device security profile list from a call to the Widevine * PublishedDevicesService. */ virtual WvPLStatus SetCustomDeviceSecurityProfiles( const std::string& serialized_signed_device_security_profiles) const; /** * Return a list of the default profile names. */ virtual WvPLStatus GetDefaultDeviceSecurityProfileNames( std::vector* profile_names) const; /** * Return the default profile associated with |profile_name|. */ virtual WvPLStatus GetDefaultDeviceSecurityProfile( const std::string& profile_name, WvPLSecurityProfile* device_security_profile) const; /** * Obtain the owner list for custom profiles. */ virtual WvPLStatus GetCustomDeviceSecurityProfileOwners( std::vector* custom_profile_owners) const; /** * Return a list of custom profile names associated with |owner_name|. */ virtual WvPLStatus GetCustomDeviceSecurityProfileNames( const std::string& owner_name, std::vector* profile_names) const; /** * Return the custom profiles associated with |owner_name|. */ virtual WvPLStatus GetCustomDeviceSecurityProfiles( const std::string& owner_name, std::vector* custom_device_security_profiles) const; // Enable delivery of licenses to revoked client devices. |system_id_list| is // a comma separated list of systems Ids to allow even if revoked. virtual void AllowRevokedDevices(const std::string& system_id_list); // Returns true if the system ID is allowed even if revoked. virtual bool IsRevokedDeviceAllowed(uint32_t system_id) const; /** * Translates the license request from the CDM to a human-readable message, * useful for debugging. This translated request is placed in |request_out|. * Returns OK in parsing the |request| successfully, else an error status */ virtual WvPLStatus GetRequestAsString(const std::string& request, std::string* request_out) const; /** * Generate a signed request to be sent to Widevine Certificate Provisioning * Server to retrieve 'DeviceCertificateStatusList'. */ virtual WvPLStatus GenerateDeviceStatusListRequest( std::string* signed_device_certificate_status_list_request) = 0; /** * Returns WvPLDeviceInfo for specific system_id. */ static WvPLDeviceInfo GetDeviceInfo(uint32_t system_id); /** * Set the provider key used for L3 CDM. * |provider_key_config_bytes| is a serialized ProviderKeyConfig proto * message. Returns OK if parsing is successful, otherwise an error is * returned. */ virtual WvPLStatus SetProviderKeyConfig( const std::string& provider_key_config_bytes); /** * Returns the provider key config used for L3 CDM. */ const video_widevine::ProviderKeyConfig& GetProviderKeyConfig() const { return provider_key_config_; } protected: // Return the signature for the provider specified in the |config_values| // parameter in the constructor. |signature| is owned by the caller. static WvPLStatus GenerateSignature(const std::string& plain_text, std::string* signature); /** * Insert or update provisionedDeviceInfoMap with device info in * certificate_status_list. */ static WvPLStatus UpdateProvisionedDeviceInfoMap( const video_widevine::DeviceCertificateStatusList& certificate_status_list); const video_widevine::SecurityProfileList* device_security_profile_list() const { absl::ReaderMutexLock lock(&profile_mutex_); return device_security_profile_list_.get(); } // Number of seconds until the certificate status list expires after its // creation time. Default value is 604800 seconds. uint32_t device_certificate_expiration_seconds_ = 604800; // "config_values" setting for "kDrmCertificateType". // Supported values are "test" and "prod". Default value is "prod". std::string drm_certificate_type_ = "prod"; // name of the provider hosting this service. std::string provider_; // value of the "iv" specified for the provider. std::string provider_iv_; // value of the "key" specified for the provider. std::string provider_key_; // is_service_certificate_loaded_ is not thread safe. bool is_service_certificate_loaded_ = false; // is_device_certificate_status_list_loaded is not thread safe. bool is_device_certificate_status_list_loaded_ = false; // If true, allow devices not in the certificate status list. bool allow_unknown_device_ = false; // DRM root certificate used for verifying all other DRM certificates. std::unique_ptr drm_root_certificate_; // Mutex guarding the revoked devices list. mutable absl::Mutex allowed_revoked_devices_mutex_; // List of device system Ids to succeed even if the device is revoked. std::vector allowed_revoked_devices_ ABSL_GUARDED_BY(allowed_revoked_devices_mutex_); // Provider key config used with L3 CDM. video_widevine::ProviderKeyConfig provider_key_config_; private: // Get the expected service type for drm service certificate. virtual int GetExpectedServiceCertificateType(); // Check the type of |service_certificate|. Returns "OK" if the cert can be // used for the current SDK, else an error status. virtual WvPLStatus CheckServiceCertificateType( const std::string& service_certificate); /** * Retrieves sdk use widevine certificate or not. */ virtual bool is_widevine_certificate() { return is_widevine_certificate_; } /** * Return provisioned_device_info if the device_info_map_ contains system_id. * * @return WvPLStatus - Status::OK if success, else error. */ static WvPLStatus LookupDeviceInfo( uint32_t system_id, video_widevine::ProvisionedDeviceInfo* provisioned_device_info); /** * Add a device to the current environment/session. */ static void AddDeviceInfo( const video_widevine::ProvisionedDeviceInfo& provisioned_device_info); // Security Profile list to allow for access to Security Profile Level and // DRM information. mutable absl::Mutex profile_mutex_; std::unique_ptr device_security_profile_list_ ABSL_GUARDED_BY(profile_mutex_); // Only for internal content providers. Default value is false. bool is_widevine_certificate_ = false; friend class WvPLProxyEnvironmentTest; friend class WvPLSDKSession; friend class WvPLProxySession; friend class WvPLProxySessionTest; friend class WvPLSessionTest; }; } // namespace wv_pl_sdk } // namespace video_widevine_server #endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_ENVIRONMENT_H_