Add AES signing support to packager_main app
Add two new command line arguments: --aes_signing_key for AES signing key (in hex) and --aes_signing_iv for AES signing iv (in hex). Also change --signing_key_path to --rsa_signing_key_path. Bug: 13582970 Change-Id: I66ba330a1a05e0f5def7987ac41d396dc92005ae
This commit is contained in:
parent
adeb1f16ec
commit
e4a6cf4edd
|
@ -45,20 +45,36 @@ void DumpStreamInfo(const std::vector<MediaStream*>& streams) {
|
||||||
scoped_ptr<EncryptorSource> CreateEncryptorSource() {
|
scoped_ptr<EncryptorSource> CreateEncryptorSource() {
|
||||||
scoped_ptr<EncryptorSource> encryptor_source;
|
scoped_ptr<EncryptorSource> encryptor_source;
|
||||||
if (FLAGS_enable_widevine_encryption) {
|
if (FLAGS_enable_widevine_encryption) {
|
||||||
|
scoped_ptr<RequestSigner> signer;
|
||||||
|
DCHECK(!FLAGS_aes_signing_key.empty() ||
|
||||||
|
!FLAGS_rsa_signing_key_path.empty());
|
||||||
|
if (!FLAGS_aes_signing_key.empty()) {
|
||||||
|
signer.reset(
|
||||||
|
AesRequestSigner::CreateSigner(FLAGS_signer, FLAGS_aes_signing_key,
|
||||||
|
FLAGS_aes_signing_iv));
|
||||||
|
if (!signer) {
|
||||||
|
LOG(ERROR) << "Cannot create an AES signer object from '"
|
||||||
|
<< FLAGS_aes_signing_key << "':'" << FLAGS_aes_signing_iv
|
||||||
|
<< "'.";
|
||||||
|
return scoped_ptr<EncryptorSource>();
|
||||||
|
}
|
||||||
|
} else if (!FLAGS_rsa_signing_key_path.empty()) {
|
||||||
std::string rsa_private_key;
|
std::string rsa_private_key;
|
||||||
if (!File::ReadFileToString(FLAGS_signing_key_path.c_str(),
|
if (!File::ReadFileToString(FLAGS_rsa_signing_key_path.c_str(),
|
||||||
&rsa_private_key)) {
|
&rsa_private_key)) {
|
||||||
LOG(ERROR) << "Failed to read from '" << FLAGS_signing_key_path << "'.";
|
LOG(ERROR) << "Failed to read from '" << FLAGS_rsa_signing_key_path
|
||||||
|
<< "'.";
|
||||||
return scoped_ptr<EncryptorSource>();
|
return scoped_ptr<EncryptorSource>();
|
||||||
}
|
}
|
||||||
|
|
||||||
scoped_ptr<RequestSigner> signer(
|
signer.reset(
|
||||||
RsaRequestSigner::CreateSigner(FLAGS_signer, rsa_private_key));
|
RsaRequestSigner::CreateSigner(FLAGS_signer, rsa_private_key));
|
||||||
if (!signer) {
|
if (!signer) {
|
||||||
LOG(ERROR) << "Cannot create signer object from '"
|
LOG(ERROR) << "Cannot create a RSA signer object from '"
|
||||||
<< FLAGS_signing_key_path << "'.";
|
<< FLAGS_rsa_signing_key_path << "'.";
|
||||||
return scoped_ptr<EncryptorSource>();
|
return scoped_ptr<EncryptorSource>();
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
WidevineEncryptorSource::TrackType track_type =
|
WidevineEncryptorSource::TrackType track_type =
|
||||||
WidevineEncryptorSource::GetTrackTypeFromString(FLAGS_track_type);
|
WidevineEncryptorSource::GetTrackTypeFromString(FLAGS_track_type);
|
||||||
|
|
|
@ -11,22 +11,62 @@
|
||||||
|
|
||||||
#include <gflags/gflags.h>
|
#include <gflags/gflags.h>
|
||||||
|
|
||||||
|
#include "base/strings/string_number_conversions.h"
|
||||||
|
|
||||||
DEFINE_bool(enable_widevine_encryption,
|
DEFINE_bool(enable_widevine_encryption,
|
||||||
false,
|
false,
|
||||||
"Enable encryption with Widevine license server/proxy.");
|
"Enable encryption with Widevine license server/proxy. User should "
|
||||||
|
"provide either AES signing key (--aes_signing_key, "
|
||||||
|
"--aes_signing_iv) or RSA signing key (--rsa_signing_key_path).");
|
||||||
DEFINE_string(server_url, "", "License server url.");
|
DEFINE_string(server_url, "", "License server url.");
|
||||||
DEFINE_string(content_id, "", "Content Id.");
|
DEFINE_string(content_id, "", "Content Id.");
|
||||||
DEFINE_string(track_type, "SD", "Track type: HD, SD or AUDIO.");
|
DEFINE_string(track_type, "SD", "Track type: HD, SD or AUDIO.");
|
||||||
DEFINE_string(signer, "", "The name of the signer.");
|
DEFINE_string(signer, "", "The name of the signer.");
|
||||||
DEFINE_string(signing_key_path,
|
DEFINE_string(aes_signing_key,
|
||||||
"",
|
"",
|
||||||
"Stores PKCS#1 RSA private key for request signing.");
|
"AES signing key in hex string. --aes_signing_iv is required. "
|
||||||
|
"Exclusive with --rsa_signing_key_path.");
|
||||||
|
DEFINE_string(aes_signing_iv,
|
||||||
|
"",
|
||||||
|
"AES signing iv in hex string.");
|
||||||
|
DEFINE_string(rsa_signing_key_path,
|
||||||
|
"",
|
||||||
|
"Stores PKCS#1 RSA private key for request signing. Exclusive "
|
||||||
|
"with --aes_signing_key.");
|
||||||
|
|
||||||
static bool IsNotEmptyWithWidevineEncryption(const char* flag_name,
|
static bool IsNotEmptyWithWidevineEncryption(const char* flag_name,
|
||||||
const std::string& flag_value) {
|
const std::string& flag_value) {
|
||||||
return FLAGS_enable_widevine_encryption ? !flag_value.empty() : true;
|
return FLAGS_enable_widevine_encryption ? !flag_value.empty() : true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static bool VerifyAesRsaKey(const char* flag_name,
|
||||||
|
const std::string& flag_value) {
|
||||||
|
if (!FLAGS_enable_widevine_encryption)
|
||||||
|
return true;
|
||||||
|
const std::string flag_name_str = flag_name;
|
||||||
|
if (flag_name_str == "aes_signing_iv") {
|
||||||
|
if (!FLAGS_aes_signing_key.empty() && flag_value.empty()) {
|
||||||
|
fprintf(stderr,
|
||||||
|
"ERROR: --aes_signing_iv is required for --aes_signing_key.\n");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
} else if (flag_name_str == "rsa_signing_key_path") {
|
||||||
|
if (FLAGS_aes_signing_key.empty() && flag_value.empty()) {
|
||||||
|
fprintf(stderr,
|
||||||
|
"ERROR: --aes_signing_key or --rsa_signing_key_path is "
|
||||||
|
"required.\n");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
if (!FLAGS_aes_signing_key.empty() && !flag_value.empty()) {
|
||||||
|
fprintf(stderr,
|
||||||
|
"ERROR: --aes_signing_key and --rsa_signing_key_path are "
|
||||||
|
"exclusive.\n");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
static bool dummy_server_url_validator =
|
static bool dummy_server_url_validator =
|
||||||
google::RegisterFlagValidator(&FLAGS_server_url,
|
google::RegisterFlagValidator(&FLAGS_server_url,
|
||||||
&IsNotEmptyWithWidevineEncryption);
|
&IsNotEmptyWithWidevineEncryption);
|
||||||
|
@ -39,8 +79,10 @@ static bool dummy_track_type_validator =
|
||||||
static bool dummy_signer_validator =
|
static bool dummy_signer_validator =
|
||||||
google::RegisterFlagValidator(&FLAGS_signer,
|
google::RegisterFlagValidator(&FLAGS_signer,
|
||||||
&IsNotEmptyWithWidevineEncryption);
|
&IsNotEmptyWithWidevineEncryption);
|
||||||
|
static bool dummy_aes_iv_validator =
|
||||||
|
google::RegisterFlagValidator(&FLAGS_aes_signing_iv,
|
||||||
|
&VerifyAesRsaKey);
|
||||||
static bool dummy_rsa_key_file_validator =
|
static bool dummy_rsa_key_file_validator =
|
||||||
google::RegisterFlagValidator(&FLAGS_signing_key_path,
|
google::RegisterFlagValidator(&FLAGS_rsa_signing_key_path,
|
||||||
&IsNotEmptyWithWidevineEncryption);
|
&VerifyAesRsaKey);
|
||||||
|
|
||||||
#endif // APP_WIDEVINE_ENCRYPTION_FLAGS_H_
|
#endif // APP_WIDEVINE_ENCRYPTION_FLAGS_H_
|
||||||
|
|
Loading…
Reference in New Issue