[Playready] Allow unencrypted client cert private key
Change-Id: I3244b428f8e3e32787520d9dd0f015e6d9301fe0
This commit is contained in:
KongQun Yang
parent
e2bb22c633
commit
c9cc68ba82
|
|
@ -55,11 +55,11 @@ std::unique_ptr<KeySource> CreateEncryptionKeySource(
|
||||||
const WidevineEncryptionParams& widevine = encryption_params.widevine;
|
const WidevineEncryptionParams& widevine = encryption_params.widevine;
|
||||||
if (widevine.key_server_url.empty()) {
|
if (widevine.key_server_url.empty()) {
|
||||||
LOG(ERROR) << "'key_server_url' should not be empty.";
|
LOG(ERROR) << "'key_server_url' should not be empty.";
|
||||||
return std::unique_ptr<KeySource>();
|
return nullptr;
|
||||||
}
|
}
|
||||||
if (widevine.content_id.empty()) {
|
if (widevine.content_id.empty()) {
|
||||||
LOG(ERROR) << "'content_id' should not be empty.";
|
LOG(ERROR) << "'content_id' should not be empty.";
|
||||||
return std::unique_ptr<KeySource>();
|
return nullptr;
|
||||||
}
|
}
|
||||||
std::unique_ptr<WidevineKeySource> widevine_key_source(
|
std::unique_ptr<WidevineKeySource> widevine_key_source(
|
||||||
new WidevineKeySource(widevine.key_server_url,
|
new WidevineKeySource(widevine.key_server_url,
|
||||||
|
|
@ -69,7 +69,7 @@ std::unique_ptr<KeySource> CreateEncryptionKeySource(
|
||||||
std::unique_ptr<RequestSigner> request_signer(
|
std::unique_ptr<RequestSigner> request_signer(
|
||||||
CreateSigner(widevine.signer));
|
CreateSigner(widevine.signer));
|
||||||
if (!request_signer)
|
if (!request_signer)
|
||||||
return std::unique_ptr<KeySource>();
|
return nullptr;
|
||||||
widevine_key_source->set_signer(std::move(request_signer));
|
widevine_key_source->set_signer(std::move(request_signer));
|
||||||
}
|
}
|
||||||
widevine_key_source->set_group_id(widevine.group_id);
|
widevine_key_source->set_group_id(widevine.group_id);
|
||||||
|
|
@ -79,7 +79,7 @@ std::unique_ptr<KeySource> CreateEncryptionKeySource(
|
||||||
if (!status.ok()) {
|
if (!status.ok()) {
|
||||||
LOG(ERROR) << "Widevine encryption key source failed to fetch keys: "
|
LOG(ERROR) << "Widevine encryption key source failed to fetch keys: "
|
||||||
<< status.ToString();
|
<< status.ToString();
|
||||||
return std::unique_ptr<KeySource>();
|
return nullptr;
|
||||||
}
|
}
|
||||||
encryption_key_source = std::move(widevine_key_source);
|
encryption_key_source = std::move(widevine_key_source);
|
||||||
break;
|
break;
|
||||||
|
|
@ -95,15 +95,31 @@ std::unique_ptr<KeySource> CreateEncryptionKeySource(
|
||||||
}
|
}
|
||||||
case KeyProvider::kPlayready: {
|
case KeyProvider::kPlayready: {
|
||||||
const PlayreadyEncryptionParams& playready = encryption_params.playready;
|
const PlayreadyEncryptionParams& playready = encryption_params.playready;
|
||||||
if (!playready.key_id.empty() && !playready.key.empty()) {
|
if (!playready.key_id.empty() || !playready.key.empty()) {
|
||||||
|
if (playready.key_id.empty() || playready.key.empty()) {
|
||||||
|
LOG(ERROR) << "Either playready key_id or key is not set.";
|
||||||
|
return nullptr;
|
||||||
|
}
|
||||||
encryption_key_source = PlayReadyKeySource::CreateFromKeyAndKeyId(
|
encryption_key_source = PlayReadyKeySource::CreateFromKeyAndKeyId(
|
||||||
playready.key_id, playready.key);
|
playready.key_id, playready.key);
|
||||||
} else if (!playready.key_server_url.empty() &&
|
} else if (!playready.key_server_url.empty() ||
|
||||||
!playready.program_identifier.empty()) {
|
!playready.program_identifier.empty()) {
|
||||||
|
if (playready.key_server_url.empty() ||
|
||||||
|
playready.program_identifier.empty()) {
|
||||||
|
LOG(ERROR) << "Either playready key_server_url or program_identifier "
|
||||||
|
"is not set.";
|
||||||
|
return nullptr;
|
||||||
|
}
|
||||||
std::unique_ptr<PlayReadyKeySource> playready_key_source;
|
std::unique_ptr<PlayReadyKeySource> playready_key_source;
|
||||||
if (!playready.client_cert_file.empty() &&
|
// private_key_password is allowed to be empty for unencrypted key.
|
||||||
!playready.client_cert_private_key_file.empty() &&
|
if (!playready.client_cert_file.empty() ||
|
||||||
!playready.client_cert_private_key_password.empty()) {
|
!playready.client_cert_private_key_file.empty()) {
|
||||||
|
if (playready.client_cert_file.empty() ||
|
||||||
|
playready.client_cert_private_key_file.empty()) {
|
||||||
|
LOG(ERROR) << "Either playready client_cert_file or "
|
||||||
|
"client_cert_private_key_file is not set.";
|
||||||
|
return nullptr;
|
||||||
|
}
|
||||||
playready_key_source.reset(new PlayReadyKeySource(
|
playready_key_source.reset(new PlayReadyKeySource(
|
||||||
playready.key_server_url, playready.client_cert_file,
|
playready.key_server_url, playready.client_cert_file,
|
||||||
playready.client_cert_private_key_file,
|
playready.client_cert_private_key_file,
|
||||||
|
|
@ -120,7 +136,7 @@ std::unique_ptr<KeySource> CreateEncryptionKeySource(
|
||||||
encryption_key_source = std::move(playready_key_source);
|
encryption_key_source = std::move(playready_key_source);
|
||||||
} else {
|
} else {
|
||||||
LOG(ERROR) << "Error creating PlayReady key source.";
|
LOG(ERROR) << "Error creating PlayReady key source.";
|
||||||
return std::unique_ptr<KeySource>();
|
return nullptr;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -120,15 +120,15 @@ Status HttpKeyFetcher::FetchInternal(HttpMethod method,
|
||||||
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, AppendToString);
|
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, AppendToString);
|
||||||
curl_easy_setopt(curl, CURLOPT_WRITEDATA, response);
|
curl_easy_setopt(curl, CURLOPT_WRITEDATA, response);
|
||||||
|
|
||||||
if (!client_cert_private_key_file_.empty() &&
|
if (!client_cert_private_key_file_.empty() && !client_cert_file_.empty()) {
|
||||||
!client_cert_private_key_password_.empty() &&
|
|
||||||
!client_cert_file_.empty()) {
|
|
||||||
// Some PlayReady packaging servers only allow connects via HTTPS with
|
// Some PlayReady packaging servers only allow connects via HTTPS with
|
||||||
// client certificates.
|
// client certificates.
|
||||||
curl_easy_setopt(curl, CURLOPT_SSLKEY,
|
curl_easy_setopt(curl, CURLOPT_SSLKEY,
|
||||||
client_cert_private_key_file_.data());
|
client_cert_private_key_file_.data());
|
||||||
|
if (!client_cert_private_key_password_.empty()) {
|
||||||
curl_easy_setopt(curl, CURLOPT_KEYPASSWD,
|
curl_easy_setopt(curl, CURLOPT_KEYPASSWD,
|
||||||
client_cert_private_key_password_.data());
|
client_cert_private_key_password_.data());
|
||||||
|
}
|
||||||
curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM");
|
curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM");
|
||||||
curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");
|
curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");
|
||||||
curl_easy_setopt(curl, CURLOPT_SSLCERT, client_cert_file_.data());
|
curl_easy_setopt(curl, CURLOPT_SSLCERT, client_cert_file_.data());
|
||||||
|
|
|
||||||
|
|
@ -279,8 +279,7 @@ Status PlayReadyKeySource::FetchKeysWithProgramIdentifier(
|
||||||
const std::string& program_identifier) {
|
const std::string& program_identifier) {
|
||||||
std::unique_ptr<EncryptionKey> encryption_key(new EncryptionKey);
|
std::unique_ptr<EncryptionKey> encryption_key(new EncryptionKey);
|
||||||
HttpKeyFetcher key_fetcher(kHttpFetchTimeout);
|
HttpKeyFetcher key_fetcher(kHttpFetchTimeout);
|
||||||
if (!client_cert_file_.empty() && !client_cert_private_key_file_.empty() &&
|
if (!client_cert_file_.empty() && !client_cert_private_key_file_.empty()) {
|
||||||
!client_cert_private_key_password_.empty()) {
|
|
||||||
key_fetcher.SetClientCertInfo(client_cert_file_,
|
key_fetcher.SetClientCertInfo(client_cert_file_,
|
||||||
client_cert_private_key_file_,
|
client_cert_private_key_file_,
|
||||||
client_cert_private_key_password_);
|
client_cert_private_key_password_);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue