Shaka Packager SDK
widevine_encryption_flags.cc
1 // Copyright 2014 Google Inc. All rights reserved.
2 //
3 // Use of this source code is governed by a BSD-style
4 // license that can be found in the LICENSE file or at
5 // https://developers.google.com/open-source/licenses/bsd
6 //
7 // Defines command line flags for widevine_encryption.
8 
9 #include "packager/app/widevine_encryption_flags.h"
10 
11 #include "packager/app/validate_flag.h"
12 #include "packager/base/logging.h"
13 #include "packager/base/strings/string_piece.h"
14 #include "packager/base/strings/string_util.h"
15 
16 DEFINE_bool(enable_widevine_encryption,
17  false,
18  "Enable encryption with Widevine key server. User should provide "
19  "either AES signing key (--aes_signing_key, --aes_signing_iv) or "
20  "RSA signing key (--rsa_signing_key_path).");
21 DEFINE_bool(enable_widevine_decryption,
22  false,
23  "Enable decryption with Widevine license server/proxy. User should "
24  "provide either AES signing key (--aes_signing_key, "
25  "--aes_signing_iv) or RSA signing key (--rsa_signing_key_path).");
26 DEFINE_string(key_server_url, "", "Key server url. Required for encryption and "
27  "decryption");
28 DEFINE_hex_bytes(content_id, "", "Content Id (hex).");
29 DEFINE_string(policy,
30  "",
31  "The name of a stored policy, which specifies DRM content "
32  "rights.");
33 DEFINE_int32(max_sd_pixels,
34  768 * 576,
35  "The video track is considered SD if its max pixels per frame is "
36  "no higher than max_sd_pixels. Default: 442368 (768 x 576).");
37 DEFINE_int32(max_hd_pixels,
38  1920 * 1080,
39  "The video track is considered HD if its max pixels per frame is "
40  "higher than max_sd_pixels, but no higher than max_hd_pixels. "
41  "Default: 2073600 (1920 x 1080).");
42 DEFINE_int32(max_uhd1_pixels,
43  4096 * 2160,
44  "The video track is considered UHD1 if its max pixels per frame "
45  "is higher than max_hd_pixels, but no higher than max_uhd1_pixels."
46  " Otherwise it is UHD2. Default: 8847360 (4096 x 2160).");
47 DEFINE_string(signer, "", "The name of the signer.");
48 DEFINE_hex_bytes(aes_signing_key,
49  "",
50  "AES signing key in hex string. --aes_signing_iv is required. "
51  "Exclusive with --rsa_signing_key_path.");
52 DEFINE_hex_bytes(aes_signing_iv, "", "AES signing iv in hex string.");
53 DEFINE_string(rsa_signing_key_path,
54  "",
55  "Stores PKCS#1 RSA private key for request signing. Exclusive "
56  "with --aes_signing_key.");
57 DEFINE_int32(crypto_period_duration,
58  0,
59  "Crypto period duration in seconds. If it is non-zero, key "
60  "rotation is enabled.");
61 DEFINE_hex_bytes(group_id, "", "Identifier for a group of licenses (hex).");
62 DEFINE_bool(enable_entitlement_license,
63  false,
64  "Enable entitlement license when using Widevine key server.");
65 
66 namespace shaka {
67 namespace {
68 const bool kOptional = true;
69 } // namespace
70 
72  bool success = true;
73 
74  const bool widevine_crypto =
75  FLAGS_enable_widevine_encryption || FLAGS_enable_widevine_decryption;
76  const char widevine_crypto_label[] =
77  "--enable_widevine_encryption/decryption";
78  // key_server_url and signer (optional) are associated with
79  // enable_widevine_encryption and enable_widevine_descryption.
80  if (!ValidateFlag("key_server_url",
81  FLAGS_key_server_url,
82  widevine_crypto,
83  !kOptional,
84  widevine_crypto_label)) {
85  success = false;
86  }
87  if (!ValidateFlag("signer",
88  FLAGS_signer,
89  widevine_crypto,
90  kOptional,
91  widevine_crypto_label)) {
92  success = false;
93  }
94  if (widevine_crypto && FLAGS_signer.empty() &&
95  base::StartsWith(base::StringPiece(FLAGS_key_server_url), "http",
96  base::CompareCase::INSENSITIVE_ASCII)) {
97  LOG(WARNING) << "--signer is likely required with "
98  "--enable_widevine_encryption/decryption.";
99  }
100 
101  const char widevine_encryption_label[] = "--enable_widevine_encryption";
102  // content_id and policy (optional) are associated with
103  // enable_widevine_encryption.
104  if (!ValidateFlag("content_id",
105  FLAGS_content_id_bytes,
106  FLAGS_enable_widevine_encryption,
107  !kOptional,
108  widevine_encryption_label)) {
109  success = false;
110  }
111  if (!ValidateFlag("policy",
112  FLAGS_policy,
113  FLAGS_enable_widevine_encryption,
114  kOptional,
115  widevine_encryption_label)) {
116  success = false;
117  }
118 
119  if (FLAGS_max_sd_pixels <= 0) {
120  PrintError("--max_sd_pixels must be positive.");
121  success = false;
122  }
123  if (FLAGS_max_hd_pixels <= 0) {
124  PrintError("--max_hd_pixels must be positive.");
125  success = false;
126  }
127  if (FLAGS_max_uhd1_pixels <= 0) {
128  PrintError("--max_uhd1_pixels must be positive.");
129  success = false;
130  }
131  if (FLAGS_max_hd_pixels <= FLAGS_max_sd_pixels) {
132  PrintError("--max_hd_pixels must be greater than --max_sd_pixels.");
133  success = false;
134  }
135  if (FLAGS_max_uhd1_pixels <= FLAGS_max_hd_pixels) {
136  PrintError("--max_uhd1_pixels must be greater than --max_hd_pixels.");
137  success = false;
138  }
139 
140  const bool aes = !FLAGS_aes_signing_key_bytes.empty() ||
141  !FLAGS_aes_signing_iv_bytes.empty();
142  if (aes && (FLAGS_aes_signing_key_bytes.empty() ||
143  FLAGS_aes_signing_iv_bytes.empty())) {
144  PrintError("--aes_signing_key/iv is required if using aes signing.");
145  success = false;
146  }
147 
148  const bool rsa = !FLAGS_rsa_signing_key_path.empty();
149 
150  if (FLAGS_signer.empty() && (aes || rsa)) {
151  PrintError("--signer is required if using aes/rsa signing.");
152  success = false;
153  }
154  if (!FLAGS_signer.empty() && !aes && !rsa) {
155  PrintError(
156  "--aes_signing_key/iv or --rsa_signing_key_path is required with "
157  "--signer.");
158  success = false;
159  }
160  if (aes && rsa) {
161  PrintError(
162  "Only one of --aes_signing_key/iv and --rsa_signing_key_path should be "
163  "specified.");
164  success = false;
165  }
166 
167  if (FLAGS_crypto_period_duration < 0) {
168  PrintError("--crypto_period_duration should not be negative.");
169  success = false;
170  }
171  return success;
172 }
173 
174 } // namespace shaka
void PrintError(const std::string &error_message)
bool ValidateFlag(const char *flag_name, const FlagType &flag_value, bool condition, bool optional, const char *label)
Definition: validate_flag.h:37
bool ValidateWidevineCryptoFlags()
All the methods that are virtual are virtual for mocking.