Change --additional_protection_systems to --protection_systems

Issue: #245.

Change-Id: Ib7da3b874207623e3ee0b1a942ecb2509e750669

docs/source/options/general_encryption_options.rst

@@ -14,8 +14,7 @@ General encryption options
 
     Clear lead in seconds if encryption is enabled.
 
---additional_protection_systems
+--protection_systems
 
-    Generate additional protection systems in addition to the native protection
+    Protection systems to be generated. Supported protection systems include
-    system provided by the key source. Supported protection systems include
     Widevine, PlayReady, FairPlay, and CommonSystem (https://goo.gl/s8RIhr).

docs/source/options/playready_encryption_options.rst

@@ -4,8 +4,8 @@ PlayReady encryption options
 --enable_playready_encryption
 
     Enable encryption with PlayReady key. This generates PlayReady protection
-    system. Additional protection systems can be generated with
+    system if --protection_systems is not specified. Use --protection_system to
-    --additional_protection_systems option.
+    generate multiple protection systems.
 
 --playready_server_url <url>
 

docs/source/options/raw_key_encryption_options.rst

@@ -5,9 +5,9 @@ Raw key encryption options
 
     Enable encryption with raw key (keys provided in command line)). This
     generates `Common protection system <https://goo.gl/s8RIhr>`_ if neither
-    --pssh nor --additional_protection_systems is specified. Use --pssh to
+    --pssh nor --protection_systems is specified. Use --pssh to provide custom
-    provide custom protection systems or use --additional_protection_systems to
+    protection systems or use --protection_systems to generate protection
-    generate protection systems automatically.
+    systems automatically.
 
 --enable_raw_key_decryption
 
@@ -36,5 +36,5 @@ Raw key encryption options
 --pssh <hex string>
 
     One or more concatenated PSSH boxes in hex string format. If neither this
-    flag nor --additional_protection_systems is specified, a
+    flag nor --protection_systems is specified, a
     `v1 common PSSH box <https://goo.gl/s8RIhr>`_ will be generated.

docs/source/options/widevine_encryption_options.rst

@@ -5,9 +5,9 @@ Widevine encryption options
 
     Enable encryption with Widevine key server. User should provide either
     AES signing key (--aes_signing_key, --aes_signing_iv) or RSA signing key
-    (--rsa_signing_key_path). This generates Widevine protection system by
+    (--rsa_signing_key_path). This generates Widevine protection system if
-    default. Additional protection systems can be generated with
+    --protection_systems is not specified. Use --protection_systems to generate
-    --additional_protection_systems option.
+    multiple protection systems.
 
 --enable_widevine_decryption
 

docs/source/tutorials/raw_key.rst

@@ -74,7 +74,7 @@ Widevine and PlayReady::
       in=h264_high_1080p_6000.mp4,stream=video,output=h264_1080p.mp4,drm_label=HD \
       --enable_raw_key_encryption \
       --keys label=AUDIO:key_id=f3c5e0361e6654b28f8049c778b23946:key=a4631a153a443df9eed0593043db7519,label=SD:key_id=abba271e8bcf552bbd2e86a434a9a5d9:key=69eaa802a6763af979e8d1940fb88392,label=HD:key_id=6d76f25cb17f5e16b8eaef6bbf582d8e:key=cb541084c99731aef4fff74500c12ead \
-      --additional_protection_systems Widevine,PlayReady \
+      --protection_systems Widevine,PlayReady \
       --mpd_output h264.mpd
 
 .. note::

docs/source/tutorials/widevine.rst

@@ -88,7 +88,7 @@ The examples below uses the H264 streams created in :doc:`encoding`.
       --signer widevine_test \
       --aes_signing_key 1ae8ccd0e7985cc0b6203a55855a1034afc252980e970ca90e5202689f947ab9 \
       --aes_signing_iv d58ce954203b7c9a9a9d467f59839249 \
-      --additional_protection_systems PlayReady
+      --protection_systems Widevine,PlayReady
 
 .. note::
 

packager/app/packager_main.cc

@@ -322,9 +322,8 @@ base::Optional<PackagingParams> GetPackagingParams() {
     return base::nullopt;
   }
 
-  if (!ParseProtectionSystems(
+  if (!ParseProtectionSystems(FLAGS_protection_systems,
-          FLAGS_additional_protection_systems,
+                              &encryption_params.protection_systems)) {
-          &encryption_params.additional_protection_systems)) {
     return base::nullopt;
   }
 

packager/app/packager_util.cc

@@ -72,7 +72,7 @@ std::unique_ptr<KeySource> CreateEncryptionKeySource(
     FourCC protection_scheme,
     const EncryptionParams& encryption_params) {
   int protection_systems_flags =
-      GetProtectionSystemsFlag(encryption_params.additional_protection_systems);
+      GetProtectionSystemsFlag(encryption_params.protection_systems);
 
   std::unique_ptr<KeySource> encryption_key_source;
   switch (encryption_params.key_provider) {

packager/app/protection_system_flags.cc

@@ -8,9 +8,8 @@
 
 #include "packager/app/protection_system_flags.h"
 
-DEFINE_string(additional_protection_systems,
+DEFINE_string(
-              "",
+    protection_systems,
-              "Generate additional protection systems in addition to the "
+    "",
-              "native protection system provided by the key source. Supported "
+    "Protection systems to be generated. Supported protection systems include "
-              "protection systems include Widevine, PlayReady, FairPlay, and "
+    "Widevine, PlayReady, FairPlay, and CommonSystem (https://goo.gl/s8RIhr).");
-              "CommonSystem (https://goo.gl/s8RIhr).");

packager/app/protection_system_flags.h

@@ -11,6 +11,6 @@
 
 #include <gflags/gflags.h>
 
-DECLARE_string(additional_protection_systems);
+DECLARE_string(protection_systems);
 
 #endif  // PACKAGER_APP_PROTECTION_SYSTEM_FLAGS_H_

packager/app/retired_flags.cc

@@ -35,18 +35,15 @@ DEFINE_int32(
     num_subsegments_per_sidx,
     0,
     "This flag is deprecated. Use --generate_sidx_in_media_segments instead.");
-DEFINE_bool(
+DEFINE_bool(generate_widevine_pssh,
-    generate_widevine_pssh,
+            false,
-    false,
+            "This flag is deprecated. Use --protection_systems instead.");
-    "This flag is deprecated. Use --additional_protection_systems instead.");
+DEFINE_bool(generate_playready_pssh,
-DEFINE_bool(
+            false,
-    generate_playready_pssh,
+            "This flag is deprecated. Use --protection_systems instead.");
-    false,
+DEFINE_bool(generate_common_pssh,
-    "This flag is deprecated. Use --additional_protection_systems instead.");
+            false,
-DEFINE_bool(
+            "This flag is deprecated. Use --protection_systems instead.");
-    generate_common_pssh,
-    false,
-    "This flag is deprecated. Use --additional_protection_systems instead.");
 
 // The current gflags library does not provide a way to check whether a flag is
 // set in command line. If a flag has a different value to its default value,
@@ -86,7 +83,7 @@ bool InformRetiredPsshGenerationFlag(const char* flagname, bool value) {
   if (value) {
     fprintf(stderr,
             "WARNING: %s is deprecated and ignored. Please switch to "
-            "--additional_protection_systems.\n",
+            "--protection_systems.\n",
             flagname);
   }
   return true;

packager/app/test/packager_test.py

@@ -444,8 +444,7 @@ class PackagerAppTest(unittest.TestCase):
         fairplay_key_uri = ('skd://www.license.com/'
                             'getkey?KeyId=31323334-3536-3738-3930-313233343536')
         flags += [
-            '--additional_protection_systems=FairPlay',
+            '--protection_systems=FairPlay', '--hls_key_uri=' + fairplay_key_uri
-            '--hls_key_uri=' + fairplay_key_uri
         ]
     if protection_scheme:
       flags += ['--protection_scheme', protection_scheme]

packager/media/base/playready_key_source.cc

@@ -68,6 +68,11 @@ PlayReadyKeySource::PlayReadyKeySource(const std::string& server_url,
     // PlayReady PSSH is retrived from PlayReady server response.
     : KeySource(protection_system_flags & ~PLAYREADY_PROTECTION_SYSTEM_FLAG,
                 protection_scheme),
+      generate_playready_protection_system_(
+          // Generate PlayReady protection system if there are no other
+          // protection system specified.
+          protection_system_flags == NO_PROTECTION_SYSTEM_FLAG ||
+          protection_system_flags & PLAYREADY_PROTECTION_SYSTEM_FLAG),
       encryption_key_(new EncryptionKey),
       server_url_(server_url) {}
 
@@ -113,8 +118,10 @@ Status RetrieveTextInXMLElement(const std::string& element,
   return Status::OK;
 }
 
-Status SetKeyInformationFromServerResponse(const std::string& response,
+Status SetKeyInformationFromServerResponse(
-                                           EncryptionKey* encryption_key) {
+    const std::string& response,
+    bool generate_playready_protection_system,
+    EncryptionKey* encryption_key) {
   // TODO(robinconnell): Currently all tracks are encrypted using the same
   // key_id and key.  Add the ability to retrieve multiple key_id/keys from
   // the packager response and encrypt multiple tracks using differnt
@@ -135,20 +142,23 @@ Status SetKeyInformationFromServerResponse(const std::string& response,
     return Status(error::SERVER_ERROR, "Cannot parse key.");
   }
 
-  std::string pssh_data_b64;
+  if (generate_playready_protection_system) {
-  RETURN_IF_ERROR(RetrieveTextInXMLElement("Data", response, &pssh_data_b64));
+    std::string pssh_data_b64;
-  std::vector<uint8_t> pssh_data;
+    RETURN_IF_ERROR(RetrieveTextInXMLElement("Data", response, &pssh_data_b64));
-  if (!Base64StringToBytes(pssh_data_b64, &pssh_data)) {
+    std::vector<uint8_t> pssh_data;
-    LOG(ERROR) << "Cannot parse pssh data, " << pssh_data_b64;
+    if (!Base64StringToBytes(pssh_data_b64, &pssh_data)) {
-    return Status(error::SERVER_ERROR, "Cannot parse pssh.");
+      LOG(ERROR) << "Cannot parse pssh data, " << pssh_data_b64;
-  }
+      return Status(error::SERVER_ERROR, "Cannot parse pssh.");
+    }
 
-  PsshBoxBuilder pssh_builder;
+    PsshBoxBuilder pssh_builder;
-  pssh_builder.add_key_id(encryption_key->key_id);
+    pssh_builder.add_key_id(encryption_key->key_id);
-  pssh_builder.set_system_id(kPlayReadySystemId, arraysize(kPlayReadySystemId));
+    pssh_builder.set_system_id(kPlayReadySystemId,
-  pssh_builder.set_pssh_data(pssh_data);
+                               arraysize(kPlayReadySystemId));
-  encryption_key->key_system_info.push_back(
+    pssh_builder.set_pssh_data(pssh_data);
-      {pssh_builder.system_id(), pssh_builder.CreateBox()});
+    encryption_key->key_system_info.push_back(
+        {pssh_builder.system_id(), pssh_builder.CreateBox()});
+  }
   return Status::OK;
 }
 
@@ -174,8 +184,9 @@ Status PlayReadyKeySource::FetchKeysWithProgramIdentifier(
   VLOG(1) << "Server response: " << acquire_license_response;
   RETURN_IF_ERROR(status);
 
-  RETURN_IF_ERROR(SetKeyInformationFromServerResponse(acquire_license_response,
+  RETURN_IF_ERROR(SetKeyInformationFromServerResponse(
-                                                      encryption_key.get()));
+      acquire_license_response, generate_playready_protection_system_,
+      encryption_key.get()));
 
   // PlayReady does not specify different streams.
   const char kEmptyDrmLabel[] = "";

packager/media/base/playready_key_source.h

@@ -77,6 +77,9 @@ class PlayReadyKeySource : public KeySource {
   Status GetKeyInternal();
   Status GetCryptoPeriodKeyInternal();
 
+  // Indicates whether PlayReady protection system should be generated.
+  bool generate_playready_protection_system_ = true;
+
   std::unique_ptr<EncryptionKey> encryption_key_;
   std::string server_url_;
   std::string ca_file_;

packager/media/base/widevine_key_source.cc

@@ -83,6 +83,11 @@ WidevineKeySource::WidevineKeySource(const std::string& server_url,
     // Widevine PSSH is fetched from Widevine license server.
     : KeySource(protection_system_flags & ~WIDEVINE_PROTECTION_SYSTEM_FLAG,
                 protection_scheme),
+      generate_widevine_protection_system_(
+          // Generate Widevine protection system if there are no other
+          // protection system specified.
+          protection_system_flags == NO_PROTECTION_SYSTEM_FLAG ||
+          protection_system_flags & WIDEVINE_PROTECTION_SYSTEM_FLAG),
       key_production_thread_("KeyProductionThread",
                              base::Bind(&WidevineKeySource::FetchKeysTask,
                                         base::Unretained(this))),
@@ -90,11 +95,8 @@ WidevineKeySource::WidevineKeySource(const std::string& server_url,
       server_url_(server_url),
       crypto_period_count_(kDefaultCryptoPeriodCount),
       protection_scheme_(protection_scheme),
-      key_production_started_(false),
       start_key_production_(base::WaitableEvent::ResetPolicy::AUTOMATIC,
-                            base::WaitableEvent::InitialState::NOT_SIGNALED),
+                            base::WaitableEvent::InitialState::NOT_SIGNALED) {
-      first_crypto_period_index_(0),
-      enable_entitlement_license_(false) {
   key_production_thread_.Start();
 }
 
@@ -445,13 +447,15 @@ bool WidevineKeySource::ExtractEncryptionKey(
       encryption_key->key_id.assign(track.key_id().begin(),
                                     track.key_id().end());
 
-      if (track.pssh_size() != 1) {
+      if (generate_widevine_protection_system_) {
-        LOG(ERROR) << "Expecting one and only one pssh, seeing "
+        if (track.pssh_size() != 1) {
-                   << track.pssh_size();
+          LOG(ERROR) << "Expecting one and only one pssh, seeing "
-        return false;
+                     << track.pssh_size();
+          return false;
+        }
+        encryption_key->key_system_info.push_back(
+            ProtectionSystemInfoFromPsshProto(track.pssh(0)));
       }
-      encryption_key->key_system_info.push_back(
-          ProtectionSystemInfoFromPsshProto(track.pssh(0)));
     }
     encryption_key_map[stream_label] = std::move(encryption_key);
   }

packager/media/base/widevine_key_source.h

@@ -111,6 +111,9 @@ class WidevineKeySource : public KeySource {
   // Push the keys to the key pool.
   bool PushToKeyPool(EncryptionKeyMap* encryption_key_map);
 
+  // Indicates whether Widevine protection system should be generated.
+  bool generate_widevine_protection_system_ = true;
+
   ClosureThread key_production_thread_;
   // The fetcher object used to fetch keys from the license service.
   // It is initialized to a default fetcher on class initialization.
@@ -121,13 +124,13 @@ class WidevineKeySource : public KeySource {
   std::unique_ptr<CommonEncryptionRequest> common_encryption_request_;
 
   const int crypto_period_count_;
-  FourCC protection_scheme_;
+  FourCC protection_scheme_ = FOURCC_NULL;
   base::Lock lock_;
-  bool key_production_started_;
+  bool key_production_started_ = false;
   base::WaitableEvent start_key_production_;
-  uint32_t first_crypto_period_index_;
+  uint32_t first_crypto_period_index_ = 0;
   std::vector<uint8_t> group_id_;
-  bool enable_entitlement_license_;
+  bool enable_entitlement_license_ = false;
   std::unique_ptr<EncryptionKeyQueue> key_pool_;
   EncryptionKeyMap encryption_key_map_;  // For non key rotation request.
   Status common_encryption_request_status_;

packager/media/base/widevine_key_source_unittest.cc

@@ -13,7 +13,6 @@
 #include "packager/base/strings/string_number_conversions.h"
 #include "packager/base/strings/stringprintf.h"
 #include "packager/media/base/key_fetcher.h"
-#include "packager/media/base/playready_pssh_generator.h"
 #include "packager/media/base/raw_key_pssh_generator.h"
 #include "packager/media/base/request_signer.h"
 #include "packager/media/base/widevine_key_source.h"
@@ -228,11 +227,11 @@ class WidevineKeySourceTest : public Test {
   }
 
   void CreateWidevineKeySource() {
-    int protection_system_flags = WIDEVINE_PROTECTION_SYSTEM_FLAG;
+    int protection_system_flags = NO_PROTECTION_SYSTEM_FLAG;
+    if (add_widevine_pssh_)
+      protection_system_flags |= WIDEVINE_PROTECTION_SYSTEM_FLAG;
     if (add_common_pssh_)
       protection_system_flags |= COMMON_PROTECTION_SYSTEM_FLAG;
-    if (add_playready_pssh_)
-      protection_system_flags |= PLAYREADY_PROTECTION_SYSTEM_FLAG;
     widevine_key_source_.reset(new WidevineKeySource(
         kServerUrl, protection_system_flags, protection_scheme_));
     widevine_key_source_->set_key_fetcher(std::move(mock_key_fetcher_));
@@ -246,32 +245,31 @@ class WidevineKeySourceTest : public Test {
       EXPECT_EQ(GetMockKey(stream_label), ToString(encryption_key.key));
       if (!classic) {
         size_t num_key_system_info =
-            1 + (add_common_pssh_ ? 1 : 0) + (add_playready_pssh_ ? 1 : 0);
+            (add_widevine_pssh_ && add_common_pssh_) ? 2 : 1;
         ASSERT_EQ(num_key_system_info, encryption_key.key_system_info.size());
         EXPECT_EQ(GetMockKeyId(stream_label), ToString(encryption_key.key_id));
 
-        const std::vector<uint8_t>& pssh =
+        auto key_system_info_iter = encryption_key.key_system_info.begin();
-            encryption_key.key_system_info[0].psshs;
+
-        std::unique_ptr<PsshBoxBuilder> pssh_builder =
+        // Default to Widevine if neither are set.
-            PsshBoxBuilder::ParseFromBox(pssh.data(), pssh.size());
+        if (add_widevine_pssh_ || !add_common_pssh_) {
-        ASSERT_TRUE(pssh_builder);
+          const std::vector<uint8_t> widevine_system_id(
-        EXPECT_EQ(GetMockPsshData(), ToString(pssh_builder->pssh_data()));
+              std::begin(kWidevineSystemId), std::end(kWidevineSystemId));
+          ASSERT_EQ(widevine_system_id, key_system_info_iter->system_id);
+
+          const std::vector<uint8_t>& pssh = key_system_info_iter->psshs;
+          std::unique_ptr<PsshBoxBuilder> pssh_builder =
+              PsshBoxBuilder::ParseFromBox(pssh.data(), pssh.size());
+          ASSERT_TRUE(pssh_builder);
+          EXPECT_EQ(GetMockPsshData(), ToString(pssh_builder->pssh_data()));
+
+          ++key_system_info_iter;
+        }
 
         if (add_common_pssh_) {
           const std::vector<uint8_t> common_system_id(
-              kCommonSystemId, kCommonSystemId + arraysize(kCommonSystemId));
+              std::begin(kCommonSystemId), std::end(kCommonSystemId));
-          ASSERT_EQ(common_system_id,
+          ASSERT_EQ(common_system_id, key_system_info_iter->system_id);
-                    encryption_key.key_system_info[1].system_id);
-        }
-
-        if (add_playready_pssh_) {
-          const std::vector<uint8_t> playready_system_id(
-              kPlayReadySystemId,
-              kPlayReadySystemId + arraysize(kPlayReadySystemId));
-          // PlayReady pssh index depends on if there has common pssh box.
-          const uint8_t playready_index = 1 + (add_common_pssh_ ? 1 : 0);
-          ASSERT_EQ(playready_system_id,
-                    encryption_key.key_system_info[playready_index].system_id);
         }
       }
     }
@@ -280,8 +278,8 @@ class WidevineKeySourceTest : public Test {
   std::unique_ptr<MockKeyFetcher> mock_key_fetcher_;
   std::unique_ptr<WidevineKeySource> widevine_key_source_;
   std::vector<uint8_t> content_id_;
+  bool add_widevine_pssh_ = false;
   bool add_common_pssh_ = false;
-  bool add_playready_pssh_ = false;
   FourCC protection_scheme_ = FOURCC_cenc;
 
  private:
@@ -371,8 +369,8 @@ class WidevineKeySourceParameterizedTest
       public WithParamInterface<std::tr1::tuple<bool, bool, FourCC>> {
  public:
   WidevineKeySourceParameterizedTest() {
-    add_common_pssh_ = std::tr1::get<0>(GetParam());
+    add_widevine_pssh_ = std::tr1::get<0>(GetParam());
-    add_playready_pssh_ = std::tr1::get<1>(GetParam());
+    add_common_pssh_ = std::tr1::get<1>(GetParam());
     protection_scheme_ = std::tr1::get<2>(GetParam());
   }
 };
@@ -415,10 +413,9 @@ TEST_P(WidevineKeySourceParameterizedTest, LicenseStatusCencOK) {
   VerifyKeys(false);
 }
 
-TEST_P(WidevineKeySourceParameterizedTest, LicenseStatusCencNotOK) {
+TEST_P(WidevineKeySourceParameterizedTest, LicenseStatusCencMalformedResponse) {
   std::string mock_response = base::StringPrintf(
-      kHttpResponseFormat, Base64Encode(
+      kHttpResponseFormat, Base64Encode("malformed response").c_str());
-          GenerateMockClassicLicenseResponse()).c_str());
 
   EXPECT_CALL(*mock_key_fetcher_, FetchKeys(_, _, _))
       .WillOnce(DoAll(SetArgPointee<2>(mock_response), Return(Status::OK)));
@@ -444,16 +441,15 @@ TEST_P(WidevineKeySourceParameterizedTest, LicenseStatusCencWithPsshBoxOK) {
 
   CreateWidevineKeySource();
   widevine_key_source_->set_signer(std::move(mock_request_signer_));
-  std::vector<uint8_t> pssh_box(kRequestPsshBox,
+  std::vector<uint8_t> pssh_box(std::begin(kRequestPsshBox),
-                                kRequestPsshBox + arraysize(kRequestPsshBox));
+                                std::end(kRequestPsshBox));
   ASSERT_OK(widevine_key_source_->FetchKeys(EmeInitDataType::CENC, pssh_box));
   VerifyKeys(false);
 }
 
 TEST_P(WidevineKeySourceParameterizedTest, LicenseStatusCencWithKeyIdsOK) {
-  std::string expected_pssh_data(
+  std::string expected_pssh_data(std::begin(kRequestPsshDataFromKeyIds),
-      kRequestPsshDataFromKeyIds,
+                                 std::end(kRequestPsshDataFromKeyIds));
-      kRequestPsshDataFromKeyIds + arraysize(kRequestPsshDataFromKeyIds));
   std::string expected_message =
       base::StringPrintf(kExpectedRequestMessageWithPsshFormat,
                          Base64Encode(expected_pssh_data).c_str());
@@ -468,8 +464,8 @@ TEST_P(WidevineKeySourceParameterizedTest, LicenseStatusCencWithKeyIdsOK) {
 
   CreateWidevineKeySource();
   widevine_key_source_->set_signer(std::move(mock_request_signer_));
-  std::vector<uint8_t> key_id(kRequestKeyId,
+  std::vector<uint8_t> key_id(std::begin(kRequestKeyId),
-                              kRequestKeyId + arraysize(kRequestKeyId));
+                              std::end(kRequestKeyId));
   ASSERT_OK(widevine_key_source_->FetchKeys(EmeInitDataType::WEBM, key_id));
   VerifyKeys(false);
 }

packager/media/public/crypto_params.h

@@ -122,8 +122,8 @@ struct EncryptionParams {
     kPlayReady,
     kWidevine,
   };
-  /// Additional protection systems to be generated.
+  /// Protection systems to be generated.
-  std::vector<ProtectionSystem> additional_protection_systems;
+  std::vector<ProtectionSystem> protection_systems;
 
   /// Clear lead duration in seconds.
   double clear_lead_in_seconds = 0;