There's no need for the user to get back the verified DrmCertificate as they could easily get it themselves. Instead return the provider ID which may be more useful to get.
This is to signal what the Cdm really uses. Asking for a PSSH may sound like it uses a full PSSH when in reality all it cares for is the underlying init data (Widevine Cenc Header/WidevinePsshData).
The Cdm no longer requires you to specify if it's raw or not thanks to changes in PSSH.get_as_box() now supporting both dynamically.
It will parse the data and if its not a box, it will use the provided data in a newly crafted box.
This improves Cdm security and prevents a trivial exploit on Privacy Mode allowing an attacker to bypass Privacy Mode by controlling their own Public/Private Key Pair on Service Certificates.
The attack is simple in which you create your own RSA-2048 key pair, replace the public key of a service certificate with your own, and now you have the corresponding private key to be able to decrypt Encrypted Client IDs. This trivial attack is often used on CDM re-implementations, proxies, and APIs to obtain sensitive Device Client ID information.
With this commit this attack is prevented on this Cdm implementation, making it more secure from attacks. A signed DRM Certificate must be provided now as the ability to provide a direct DrmCertificate has been removed.
The root certificate added alongside this commit has no private key and cannot be used to re-sign an altered DrmCertificate.
Some service's might provide the Service Certificate as a SignedDrmCertificate instead of a SignedMessage so I added support for supplying such format certificates. I also added support for supplying a DrmCertificate directly, though it's unlikely for a service to provide it raw without a signature like that.
The Service Certificate is now also stored as just the DrmCertificate internally, as it will not be using the signature.
This flag was technically used before this project and to ensure it will be unused and ready for safe use in this project and on v3 (if/when), we should blank the flags.
Also now more effectively migrates using the v1 Structure data.
Also fixes the migration error of possibly leaving behind VMP data. Will warn you if VMP data is already in the Client ID (if its different).
It even adds VMP data to the Client ID blob directly (instead of storing possibly duplicated). It will warn you if the Client ID already had VMP data there.
The filename is generated from client id information and has a crc32 checksum to help avoid with conflicts.
The output directory is the current working directory. You can set the directory with -o/--output.
Sessions are technically implemented in a non-singleton approach, and the issue that provoked this comment has since been fixed (context data <-> license mismatch).
rlaphoenix