From c9cc68ba82ad82396579177f295dbfd551c5639b Mon Sep 17 00:00:00 2001 From: KongQun Yang Date: Wed, 11 Oct 2017 14:34:04 -0700 Subject: [PATCH] [Playready] Allow unencrypted client cert private key Change-Id: I3244b428f8e3e32787520d9dd0f015e6d9301fe0 --- packager/app/packager_util.cc | 36 +++++++++++++++------ packager/media/base/http_key_fetcher.cc | 10 +++--- packager/media/base/playready_key_source.cc | 3 +- 3 files changed, 32 insertions(+), 17 deletions(-) diff --git a/packager/app/packager_util.cc b/packager/app/packager_util.cc index bedd61da83..a17c298048 100644 --- a/packager/app/packager_util.cc +++ b/packager/app/packager_util.cc @@ -55,11 +55,11 @@ std::unique_ptr CreateEncryptionKeySource( const WidevineEncryptionParams& widevine = encryption_params.widevine; if (widevine.key_server_url.empty()) { LOG(ERROR) << "'key_server_url' should not be empty."; - return std::unique_ptr(); + return nullptr; } if (widevine.content_id.empty()) { LOG(ERROR) << "'content_id' should not be empty."; - return std::unique_ptr(); + return nullptr; } std::unique_ptr widevine_key_source( new WidevineKeySource(widevine.key_server_url, @@ -69,7 +69,7 @@ std::unique_ptr CreateEncryptionKeySource( std::unique_ptr request_signer( CreateSigner(widevine.signer)); if (!request_signer) - return std::unique_ptr(); + return nullptr; widevine_key_source->set_signer(std::move(request_signer)); } widevine_key_source->set_group_id(widevine.group_id); @@ -79,7 +79,7 @@ std::unique_ptr CreateEncryptionKeySource( if (!status.ok()) { LOG(ERROR) << "Widevine encryption key source failed to fetch keys: " << status.ToString(); - return std::unique_ptr(); + return nullptr; } encryption_key_source = std::move(widevine_key_source); break; @@ -95,15 +95,31 @@ std::unique_ptr CreateEncryptionKeySource( } case KeyProvider::kPlayready: { const PlayreadyEncryptionParams& playready = encryption_params.playready; - if (!playready.key_id.empty() && !playready.key.empty()) { + if (!playready.key_id.empty() || !playready.key.empty()) { + if (playready.key_id.empty() || playready.key.empty()) { + LOG(ERROR) << "Either playready key_id or key is not set."; + return nullptr; + } encryption_key_source = PlayReadyKeySource::CreateFromKeyAndKeyId( playready.key_id, playready.key); - } else if (!playready.key_server_url.empty() && + } else if (!playready.key_server_url.empty() || !playready.program_identifier.empty()) { + if (playready.key_server_url.empty() || + playready.program_identifier.empty()) { + LOG(ERROR) << "Either playready key_server_url or program_identifier " + "is not set."; + return nullptr; + } std::unique_ptr playready_key_source; - if (!playready.client_cert_file.empty() && - !playready.client_cert_private_key_file.empty() && - !playready.client_cert_private_key_password.empty()) { + // private_key_password is allowed to be empty for unencrypted key. + if (!playready.client_cert_file.empty() || + !playready.client_cert_private_key_file.empty()) { + if (playready.client_cert_file.empty() || + playready.client_cert_private_key_file.empty()) { + LOG(ERROR) << "Either playready client_cert_file or " + "client_cert_private_key_file is not set."; + return nullptr; + } playready_key_source.reset(new PlayReadyKeySource( playready.key_server_url, playready.client_cert_file, playready.client_cert_private_key_file, @@ -120,7 +136,7 @@ std::unique_ptr CreateEncryptionKeySource( encryption_key_source = std::move(playready_key_source); } else { LOG(ERROR) << "Error creating PlayReady key source."; - return std::unique_ptr(); + return nullptr; } break; } diff --git a/packager/media/base/http_key_fetcher.cc b/packager/media/base/http_key_fetcher.cc index 33bfe2dc31..ec4d14b424 100644 --- a/packager/media/base/http_key_fetcher.cc +++ b/packager/media/base/http_key_fetcher.cc @@ -120,15 +120,15 @@ Status HttpKeyFetcher::FetchInternal(HttpMethod method, curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, AppendToString); curl_easy_setopt(curl, CURLOPT_WRITEDATA, response); - if (!client_cert_private_key_file_.empty() && - !client_cert_private_key_password_.empty() && - !client_cert_file_.empty()) { + if (!client_cert_private_key_file_.empty() && !client_cert_file_.empty()) { // Some PlayReady packaging servers only allow connects via HTTPS with // client certificates. curl_easy_setopt(curl, CURLOPT_SSLKEY, client_cert_private_key_file_.data()); - curl_easy_setopt(curl, CURLOPT_KEYPASSWD, - client_cert_private_key_password_.data()); + if (!client_cert_private_key_password_.empty()) { + curl_easy_setopt(curl, CURLOPT_KEYPASSWD, + client_cert_private_key_password_.data()); + } curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM"); curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM"); curl_easy_setopt(curl, CURLOPT_SSLCERT, client_cert_file_.data()); diff --git a/packager/media/base/playready_key_source.cc b/packager/media/base/playready_key_source.cc index 545a1446de..053326a636 100644 --- a/packager/media/base/playready_key_source.cc +++ b/packager/media/base/playready_key_source.cc @@ -279,8 +279,7 @@ Status PlayReadyKeySource::FetchKeysWithProgramIdentifier( const std::string& program_identifier) { std::unique_ptr encryption_key(new EncryptionKey); HttpKeyFetcher key_fetcher(kHttpFetchTimeout); - if (!client_cert_file_.empty() && !client_cert_private_key_file_.empty() && - !client_cert_private_key_password_.empty()) { + if (!client_cert_file_.empty() && !client_cert_private_key_file_.empty()) { key_fetcher.SetClientCertInfo(client_cert_file_, client_cert_private_key_file_, client_cert_private_key_password_);