widevine-partner/wvpl_license_sdk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
743f4faefe48caac4fee784bafbfea359deb94ac
wvpl_license_sdk/ubuntu/cc_header/wvpl_sdk_environment.h
Buildbot 743f4faefe WvPL License SDK release: 17.0.1
2022-04-22 02:33:19 +00:00

267 lines
10 KiB
C++
Raw Blame History

// Copyright 2017 Google LLC. All rights reserved.
#ifndef VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_ENVIRONMENT_H_
#define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_ENVIRONMENT_H_
#include <memory>
#include <string>
#include "absl/synchronization/mutex.h"
#include "sdk/external/cpp/wvpl/common/wvpl_types.h"
#include "protos/public/client_identification.pb.h"
#include "protos/public/device_security_profile_list.pb.h"
#include "protos/public/provider_key.pb.h"
#include "protos/public/security_profile.pb.h"
namespace video_widevine {
class DeviceCertificateStatusList;
class DrmRootCertificate;
class DrmCertificate;
class ProvisionedDeviceInfo;
class SecurityProfileList;
} // namespace video_widevine
namespace video_widevine_server {
namespace wv_pl_sdk {
// These fields show the configuration options that can be initialized via
// the implementation classes (WvPLEnvironment and WvPLProxyEnvironment).
extern const char kDeviceCertificateExpiration[];
extern const char kAllowUnknownDevice[];
extern const char kProvider[];
extern const char kProviderIv[];
extern const char kProviderKey[];
extern const char kApiVerInKcb[];
extern const char kLimitUsageStatsToErrorsOnly[];
// Valid values are 'test' and 'prod'.
extern const char kDrmCertificateType[];
/**
* Parent class of SDK environment. This class is not be instantiated directly,
* but its API can be accessed via the derived environment classes.
*/
class WvPLSDKEnvironment {
public:
WvPLSDKEnvironment();
virtual ~WvPLSDKEnvironment();
// TODO(b/193920474): This function will be non-static function since end-Q3
// 2021 release.
// Generates a license response containing a message generated in response to
// an error condition. |create_session_status| is a previous error status
// returned by the CreateSession(). |license_response| points to a std::string to
// contain the license response and may not be NULL. This method returns true
// if there is an error license to be sent to the client, or false
// otherwise.
static bool GenerateErrorResponse(const WvPLStatus& create_session_status,
std::string* license_response);
/**
* Add a service certificate system-wide at the sdk. |service_certificate|
* is a Google-generated certificate used to authenticate the service
* provider. |service_private_key| is the encrypted PKCS#8 private RSA key
* corresponding to the service certificate. |service_private_key_passphrase|
* is the password required to decrypt |service_private_key|. This is a
* thread-safe call.
*
* @param service_certificate
* @param service_private_key
* @param service_private_key_passphrase
*
* @return WvPLStatus enumeration
*/
virtual WvPLStatus SetDrmServiceCertificate(
const std::string& service_certificate,
const std::string& service_private_key,
const std::string& service_private_key_passphrase);
// TODO(b/193920758): this function will be non private function since end-Q3
// 2021 release.
// Returns the DRM root certificate configured for this environment.
const video_widevine::DrmRootCertificate* drm_root_certificate() const {
return drm_root_certificate_.get();
}
/**
* Set the device certificate status list from a call to the Widevine
* Certificate Provisioning Service.
*/
virtual WvPLStatus SetDeviceCertificateStatusList(
const std::string& device_certificate_status_list);
/**
* Set the custom device security profile list from a call to the Widevine
* PublishedDevicesService.
*/
virtual WvPLStatus SetCustomDeviceSecurityProfiles(
const std::string& serialized_signed_device_security_profiles) const;
/**
* Return a list of the default profile names.
*/
virtual WvPLStatus GetDefaultDeviceSecurityProfileNames(
std::vector<std::string>* profile_names) const;
/**
* Return the default profile associated with |profile_name|.
*/
virtual WvPLStatus GetDefaultDeviceSecurityProfile(
const std::string& profile_name,
WvPLSecurityProfile* device_security_profile) const;
/**
* Obtain the owner list for custom profiles.
*/
virtual WvPLStatus GetCustomDeviceSecurityProfileOwners(
std::vector<std::string>* custom_profile_owners) const;
/**
* Return a list of custom profile names associated with |owner_name|.
*/
virtual WvPLStatus GetCustomDeviceSecurityProfileNames(
const std::string& owner_name,
std::vector<std::string>* profile_names) const;
/**
* Return the custom profiles associated with |owner_name|.
*/
virtual WvPLStatus GetCustomDeviceSecurityProfiles(
const std::string& owner_name,
std::vector<WvPLSecurityProfile>* custom_device_security_profiles) const;
// Enable delivery of licenses to revoked client devices. |system_id_list| is
// a comma separated list of systems Ids to allow even if revoked.
virtual void AllowRevokedDevices(const std::string& system_id_list);
// Returns true if the system ID is allowed even if revoked.
virtual bool IsRevokedDeviceAllowed(uint32_t system_id) const;
/**
* Translates the license request from the CDM to a human-readable message,
* useful for debugging. This translated request is placed in |request_out|.
* Returns OK in parsing the |request| successfully, else an error status
*/
virtual WvPLStatus GetRequestAsString(const std::string& request,
std::string* request_out) const;
/**
* Generate a signed request to be sent to Widevine Certificate Provisioning
* Server to retrieve 'DeviceCertificateStatusList'.
*/
virtual WvPLStatus GenerateDeviceStatusListRequest(
std::string* signed_device_certificate_status_list_request) = 0;
/**
* Returns WvPLDeviceInfo for specific system_id.
*/
static WvPLDeviceInfo GetDeviceInfo(uint32_t system_id);
/**
* Set the provider key used for L3 CDM.
* |provider_key_config_bytes| is a serialized ProviderKeyConfig proto
* message. Returns OK if parsing is successful, otherwise an error is
* returned.
*/
virtual WvPLStatus SetProviderKeyConfig(
const std::string& provider_key_config_bytes);
/**
* Returns the provider key config used for L3 CDM.
*/
const video_widevine::ProviderKeyConfig& GetProviderKeyConfig() const {
return provider_key_config_;
}
protected:
// Return the signature for the provider specified in the |config_values|
// parameter in the constructor. |signature| is owned by the caller.
static WvPLStatus GenerateSignature(const std::string& plain_text,
std::string* signature);
/**
* Insert or update provisionedDeviceInfoMap with device info in
* certificate_status_list.
*/
static WvPLStatus UpdateProvisionedDeviceInfoMap(
const video_widevine::DeviceCertificateStatusList&
certificate_status_list);
const video_widevine::SecurityProfileList* device_security_profile_list()
const {
absl::ReaderMutexLock lock(&profile_mutex_);
return device_security_profile_list_.get();
}
// Number of seconds until the certificate status list expires after its
// creation time. Default value is 604800 seconds.
uint32_t device_certificate_expiration_seconds_ = 604800;
// "config_values" setting for "kDrmCertificateType".
// Supported values are "test" and "prod". Default value is "prod".
std::string drm_certificate_type_ = "prod";
// name of the provider hosting this service.
std::string provider_;
// value of the "iv" specified for the provider.
std::string provider_iv_;
// value of the "key" specified for the provider.
std::string provider_key_;
// is_service_certificate_loaded_ is not thread safe.
bool is_service_certificate_loaded_ = false;
// is_device_certificate_status_list_loaded is not thread safe.
bool is_device_certificate_status_list_loaded_ = false;
// If true, allow devices not in the certificate status list.
bool allow_unknown_device_ = false;
// DRM root certificate used for verifying all other DRM certificates.
std::unique_ptr<video_widevine::DrmRootCertificate> drm_root_certificate_;
// Mutex guarding the revoked devices list.
mutable absl::Mutex allowed_revoked_devices_mutex_;
// List of device system Ids to succeed even if the device is revoked.
std::vector<uint32_t> allowed_revoked_devices_
ABSL_GUARDED_BY(allowed_revoked_devices_mutex_);
// Provider key config used with L3 CDM.
video_widevine::ProviderKeyConfig provider_key_config_;
private:
// Get the expected service type for drm service certificate.
virtual int GetExpectedServiceCertificateType();
// Check the type of |service_certificate|. Returns "OK" if the cert can be
// used for the current SDK, else an error status.
virtual WvPLStatus CheckServiceCertificateType(
const std::string& service_certificate);
/**
* Retrieves sdk use widevine certificate or not.
*/
virtual bool is_widevine_certificate() { return is_widevine_certificate_; }
/**
* Return provisioned_device_info if the device_info_map_ contains system_id.
*
* @return WvPLStatus - Status::OK if success, else error.
*/
static WvPLStatus LookupDeviceInfo(
uint32_t system_id,
video_widevine::ProvisionedDeviceInfo* provisioned_device_info);
/**
* Add a device to the current environment/session.
*/
static void AddDeviceInfo(
const video_widevine::ProvisionedDeviceInfo& provisioned_device_info);
// Security Profile list to allow for access to Security Profile Level and
// DRM information.
mutable absl::Mutex profile_mutex_;
std::unique_ptr<video_widevine::SecurityProfileList>
device_security_profile_list_ ABSL_GUARDED_BY(profile_mutex_);
// Only for internal content providers. Default value is false.
bool is_widevine_certificate_ = false;
friend class WvPLProxyEnvironmentTest;
friend class WvPLSDKSession;
friend class WvPLProxySession;
friend class WvPLProxySessionTest;
friend class WvPLSessionTest;
};
} // namespace wv_pl_sdk
} // namespace video_widevine_server
#endif // VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_ENVIRONMENT_H_
Reference in New Issue View Git Blame Copy Permalink