[Playready] Allow unencrypted client cert private key

Change-Id: I3244b428f8e3e32787520d9dd0f015e6d9301fe0
This commit is contained in:
KongQun Yang 2017-10-11 14:34:04 -07:00
parent e2bb22c633
commit c9cc68ba82
3 changed files with 32 additions and 17 deletions

View File

@ -55,11 +55,11 @@ std::unique_ptr<KeySource> CreateEncryptionKeySource(
const WidevineEncryptionParams& widevine = encryption_params.widevine; const WidevineEncryptionParams& widevine = encryption_params.widevine;
if (widevine.key_server_url.empty()) { if (widevine.key_server_url.empty()) {
LOG(ERROR) << "'key_server_url' should not be empty."; LOG(ERROR) << "'key_server_url' should not be empty.";
return std::unique_ptr<KeySource>(); return nullptr;
} }
if (widevine.content_id.empty()) { if (widevine.content_id.empty()) {
LOG(ERROR) << "'content_id' should not be empty."; LOG(ERROR) << "'content_id' should not be empty.";
return std::unique_ptr<KeySource>(); return nullptr;
} }
std::unique_ptr<WidevineKeySource> widevine_key_source( std::unique_ptr<WidevineKeySource> widevine_key_source(
new WidevineKeySource(widevine.key_server_url, new WidevineKeySource(widevine.key_server_url,
@ -69,7 +69,7 @@ std::unique_ptr<KeySource> CreateEncryptionKeySource(
std::unique_ptr<RequestSigner> request_signer( std::unique_ptr<RequestSigner> request_signer(
CreateSigner(widevine.signer)); CreateSigner(widevine.signer));
if (!request_signer) if (!request_signer)
return std::unique_ptr<KeySource>(); return nullptr;
widevine_key_source->set_signer(std::move(request_signer)); widevine_key_source->set_signer(std::move(request_signer));
} }
widevine_key_source->set_group_id(widevine.group_id); widevine_key_source->set_group_id(widevine.group_id);
@ -79,7 +79,7 @@ std::unique_ptr<KeySource> CreateEncryptionKeySource(
if (!status.ok()) { if (!status.ok()) {
LOG(ERROR) << "Widevine encryption key source failed to fetch keys: " LOG(ERROR) << "Widevine encryption key source failed to fetch keys: "
<< status.ToString(); << status.ToString();
return std::unique_ptr<KeySource>(); return nullptr;
} }
encryption_key_source = std::move(widevine_key_source); encryption_key_source = std::move(widevine_key_source);
break; break;
@ -95,15 +95,31 @@ std::unique_ptr<KeySource> CreateEncryptionKeySource(
} }
case KeyProvider::kPlayready: { case KeyProvider::kPlayready: {
const PlayreadyEncryptionParams& playready = encryption_params.playready; const PlayreadyEncryptionParams& playready = encryption_params.playready;
if (!playready.key_id.empty() && !playready.key.empty()) { if (!playready.key_id.empty() || !playready.key.empty()) {
if (playready.key_id.empty() || playready.key.empty()) {
LOG(ERROR) << "Either playready key_id or key is not set.";
return nullptr;
}
encryption_key_source = PlayReadyKeySource::CreateFromKeyAndKeyId( encryption_key_source = PlayReadyKeySource::CreateFromKeyAndKeyId(
playready.key_id, playready.key); playready.key_id, playready.key);
} else if (!playready.key_server_url.empty() && } else if (!playready.key_server_url.empty() ||
!playready.program_identifier.empty()) { !playready.program_identifier.empty()) {
if (playready.key_server_url.empty() ||
playready.program_identifier.empty()) {
LOG(ERROR) << "Either playready key_server_url or program_identifier "
"is not set.";
return nullptr;
}
std::unique_ptr<PlayReadyKeySource> playready_key_source; std::unique_ptr<PlayReadyKeySource> playready_key_source;
if (!playready.client_cert_file.empty() && // private_key_password is allowed to be empty for unencrypted key.
!playready.client_cert_private_key_file.empty() && if (!playready.client_cert_file.empty() ||
!playready.client_cert_private_key_password.empty()) { !playready.client_cert_private_key_file.empty()) {
if (playready.client_cert_file.empty() ||
playready.client_cert_private_key_file.empty()) {
LOG(ERROR) << "Either playready client_cert_file or "
"client_cert_private_key_file is not set.";
return nullptr;
}
playready_key_source.reset(new PlayReadyKeySource( playready_key_source.reset(new PlayReadyKeySource(
playready.key_server_url, playready.client_cert_file, playready.key_server_url, playready.client_cert_file,
playready.client_cert_private_key_file, playready.client_cert_private_key_file,
@ -120,7 +136,7 @@ std::unique_ptr<KeySource> CreateEncryptionKeySource(
encryption_key_source = std::move(playready_key_source); encryption_key_source = std::move(playready_key_source);
} else { } else {
LOG(ERROR) << "Error creating PlayReady key source."; LOG(ERROR) << "Error creating PlayReady key source.";
return std::unique_ptr<KeySource>(); return nullptr;
} }
break; break;
} }

View File

@ -120,15 +120,15 @@ Status HttpKeyFetcher::FetchInternal(HttpMethod method,
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, AppendToString); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, AppendToString);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, response); curl_easy_setopt(curl, CURLOPT_WRITEDATA, response);
if (!client_cert_private_key_file_.empty() && if (!client_cert_private_key_file_.empty() && !client_cert_file_.empty()) {
!client_cert_private_key_password_.empty() &&
!client_cert_file_.empty()) {
// Some PlayReady packaging servers only allow connects via HTTPS with // Some PlayReady packaging servers only allow connects via HTTPS with
// client certificates. // client certificates.
curl_easy_setopt(curl, CURLOPT_SSLKEY, curl_easy_setopt(curl, CURLOPT_SSLKEY,
client_cert_private_key_file_.data()); client_cert_private_key_file_.data());
curl_easy_setopt(curl, CURLOPT_KEYPASSWD, if (!client_cert_private_key_password_.empty()) {
client_cert_private_key_password_.data()); curl_easy_setopt(curl, CURLOPT_KEYPASSWD,
client_cert_private_key_password_.data());
}
curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM"); curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM");
curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM"); curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");
curl_easy_setopt(curl, CURLOPT_SSLCERT, client_cert_file_.data()); curl_easy_setopt(curl, CURLOPT_SSLCERT, client_cert_file_.data());

View File

@ -279,8 +279,7 @@ Status PlayReadyKeySource::FetchKeysWithProgramIdentifier(
const std::string& program_identifier) { const std::string& program_identifier) {
std::unique_ptr<EncryptionKey> encryption_key(new EncryptionKey); std::unique_ptr<EncryptionKey> encryption_key(new EncryptionKey);
HttpKeyFetcher key_fetcher(kHttpFetchTimeout); HttpKeyFetcher key_fetcher(kHttpFetchTimeout);
if (!client_cert_file_.empty() && !client_cert_private_key_file_.empty() && if (!client_cert_file_.empty() && !client_cert_private_key_file_.empty()) {
!client_cert_private_key_password_.empty()) {
key_fetcher.SetClientCertInfo(client_cert_file_, key_fetcher.SetClientCertInfo(client_cert_file_,
client_cert_private_key_file_, client_cert_private_key_file_,
client_cert_private_key_password_); client_cert_private_key_password_);