7 #include "packager/media/base/widevine_key_source.h"
11 #include "packager/base/base64.h"
12 #include "packager/base/bind.h"
13 #include "packager/base/json/json_reader.h"
14 #include "packager/base/json/json_writer.h"
15 #include "packager/base/memory/ref_counted.h"
16 #include "packager/base/stl_util.h"
17 #include "packager/media/base/fixed_key_source.h"
18 #include "packager/media/base/http_key_fetcher.h"
19 #include "packager/media/base/producer_consumer_queue.h"
20 #include "packager/media/base/protection_system_specific_info.h"
21 #include "packager/media/base/rcheck.h"
22 #include "packager/media/base/request_signer.h"
23 #include "packager/media/base/widevine_pssh_data.pb.h"
28 const bool kEnableKeyRotation =
true;
30 const char kLicenseStatusOK[] =
"OK";
33 const char kLicenseStatusTransientError[] =
"INTERNAL_ERROR";
37 const int kNumTransientErrorRetries = 5;
38 const int kFirstRetryDelayMilliseconds = 1000;
42 const int kDefaultCryptoPeriodCount = 10;
43 const int kGetKeyTimeoutInSeconds = 5 * 60;
44 const int kKeyFetchTimeoutInSeconds = 60;
46 const uint8_t kWidevineSystemId[] = {0xed, 0xef, 0x8b, 0xa9, 0x79, 0xd6,
47 0x4a, 0xce, 0xa3, 0xc8, 0x27, 0xdc,
48 0xd5, 0x1d, 0x21, 0xed};
50 bool Base64StringToBytes(
const std::string& base64_string,
51 std::vector<uint8_t>* bytes) {
54 if (!base::Base64Decode(base64_string, &str))
56 bytes->assign(str.begin(), str.end());
60 void BytesToBase64String(
const std::vector<uint8_t>& bytes,
61 std::string* base64_string) {
62 DCHECK(base64_string);
63 base::Base64Encode(base::StringPiece(reinterpret_cast<const char*>
64 (bytes.data()), bytes.size()),
68 bool GetKeyFromTrack(
const base::DictionaryValue& track_dict,
69 std::vector<uint8_t>* key) {
71 std::string key_base64_string;
72 RCHECK(track_dict.GetString(
"key", &key_base64_string));
73 VLOG(2) <<
"Key:" << key_base64_string;
74 RCHECK(Base64StringToBytes(key_base64_string, key));
78 bool GetKeyIdFromTrack(
const base::DictionaryValue& track_dict,
79 std::vector<uint8_t>* key_id) {
81 std::string key_id_base64_string;
82 RCHECK(track_dict.GetString(
"key_id", &key_id_base64_string));
83 VLOG(2) <<
"Keyid:" << key_id_base64_string;
84 RCHECK(Base64StringToBytes(key_id_base64_string, key_id));
88 bool GetPsshDataFromTrack(
const base::DictionaryValue& track_dict,
89 std::vector<uint8_t>* pssh_data) {
92 const base::ListValue* pssh_list;
93 RCHECK(track_dict.GetList(
"pssh", &pssh_list));
96 DCHECK_EQ(1u, pssh_list->GetSize());
98 const base::DictionaryValue* pssh_dict;
99 RCHECK(pssh_list->GetDictionary(0, &pssh_dict));
100 std::string drm_type;
101 RCHECK(pssh_dict->GetString(
"drm_type", &drm_type));
102 if (drm_type !=
"WIDEVINE") {
103 LOG(ERROR) <<
"Expecting drm_type 'WIDEVINE', get '" << drm_type <<
"'.";
106 std::string pssh_data_base64_string;
107 RCHECK(pssh_dict->GetString(
"data", &pssh_data_base64_string));
109 VLOG(2) <<
"Pssh Data:" << pssh_data_base64_string;
110 RCHECK(Base64StringToBytes(pssh_data_base64_string, pssh_data));
119 class WidevineKeySource::RefCountedEncryptionKeyMap
120 :
public base::RefCountedThreadSafe<RefCountedEncryptionKeyMap> {
122 explicit RefCountedEncryptionKeyMap(EncryptionKeyMap* encryption_key_map) {
123 DCHECK(encryption_key_map);
124 encryption_key_map_.swap(*encryption_key_map);
127 std::map<KeySource::TrackType, EncryptionKey*>& map() {
128 return encryption_key_map_;
132 friend class base::RefCountedThreadSafe<RefCountedEncryptionKeyMap>;
134 ~RefCountedEncryptionKeyMap() { STLDeleteValues(&encryption_key_map_); }
136 EncryptionKeyMap encryption_key_map_;
138 DISALLOW_COPY_AND_ASSIGN(RefCountedEncryptionKeyMap);
142 bool add_common_pssh)
143 : key_production_thread_(
"KeyProductionThread",
145 base::Unretained(this))),
147 server_url_(server_url),
148 crypto_period_count_(kDefaultCryptoPeriodCount),
149 add_common_pssh_(add_common_pssh),
150 key_production_started_(false),
151 start_key_production_(false, false),
152 first_crypto_period_index_(0) {
153 key_production_thread_.Start();
156 WidevineKeySource::~WidevineKeySource() {
159 if (key_production_thread_.HasBeenStarted()) {
162 start_key_production_.Signal();
163 key_production_thread_.Join();
165 STLDeleteValues(&encryption_key_map_);
169 const std::string& policy) {
170 base::AutoLock scoped_lock(lock_);
171 request_dict_.Clear();
172 std::string content_id_base64_string;
173 BytesToBase64String(content_id, &content_id_base64_string);
174 request_dict_.SetString(
"content_id", content_id_base64_string);
175 request_dict_.SetString(
"policy", policy);
176 return FetchKeysInternal(!kEnableKeyRotation, 0,
false);
180 const std::vector<uint8_t> widevine_system_id(
181 kWidevineSystemId, kWidevineSystemId + arraysize(kWidevineSystemId));
184 if (!info.
Parse(pssh_box.data(), pssh_box.size()))
185 return Status(error::PARSER_FAILURE,
"Error parsing the PSSH box.");
187 if (info.system_id() == widevine_system_id) {
188 base::AutoLock scoped_lock(lock_);
189 request_dict_.Clear();
190 std::string pssh_data_base64_string;
192 BytesToBase64String(info.pssh_data(), &pssh_data_base64_string);
193 request_dict_.SetString(
"pssh_data", pssh_data_base64_string);
194 return FetchKeysInternal(!kEnableKeyRotation, 0,
false);
195 }
else if (!info.key_ids().empty()) {
202 return Status(error::NOT_FOUND,
"No key IDs given in PSSH box.");
207 const std::vector<std::vector<uint8_t>>& key_ids) {
208 base::AutoLock scoped_lock(lock_);
209 request_dict_.Clear();
210 std::string pssh_data_base64_string;
213 WidevinePsshData widevine_pssh_data;
214 for (
size_t i = 0; i < key_ids.size(); i++) {
215 widevine_pssh_data.add_key_id(key_ids[i].data(), key_ids[i].size());
218 const std::string serialized_string = widevine_pssh_data.SerializeAsString();
219 std::vector<uint8_t> pssh_data(serialized_string.begin(),
220 serialized_string.end());
222 BytesToBase64String(pssh_data, &pssh_data_base64_string);
223 request_dict_.SetString(
"pssh_data", pssh_data_base64_string);
224 return FetchKeysInternal(!kEnableKeyRotation, 0,
false);
228 base::AutoLock scoped_lock(lock_);
229 request_dict_.Clear();
232 request_dict_.SetDouble(
"asset_id", asset_id);
233 return FetchKeysInternal(!kEnableKeyRotation, 0,
true);
238 if (encryption_key_map_.find(track_type) == encryption_key_map_.end()) {
239 return Status(error::INTERNAL_ERROR,
242 *key = *encryption_key_map_[track_type];
249 for (std::map<TrackType, EncryptionKey*>::iterator iter =
250 encryption_key_map_.begin();
251 iter != encryption_key_map_.end();
253 if (iter->second->key_id == key_id) {
254 *key = *iter->second;
258 return Status(error::INTERNAL_ERROR,
259 "Cannot find key with specified key ID");
263 TrackType track_type,
265 DCHECK(key_production_thread_.HasBeenStarted());
268 base::AutoLock scoped_lock(lock_);
269 if (!key_production_started_) {
272 first_crypto_period_index_ =
273 crypto_period_index ? crypto_period_index - 1 : 0;
276 first_crypto_period_index_));
277 start_key_production_.Signal();
278 key_production_started_ =
true;
281 return GetKeyInternal(crypto_period_index, track_type, key);
285 signer_ = signer.Pass();
289 key_fetcher_ = key_fetcher.Pass();
292 Status WidevineKeySource::GetKeyInternal(uint32_t crypto_period_index,
293 TrackType track_type,
297 DCHECK_LE(track_type, NUM_VALID_TRACK_TYPES);
298 DCHECK_NE(track_type, TRACK_TYPE_UNKNOWN);
300 scoped_refptr<RefCountedEncryptionKeyMap> ref_counted_encryption_key_map;
302 key_pool_->Peek(crypto_period_index, &ref_counted_encryption_key_map,
303 kGetKeyTimeoutInSeconds * 1000);
305 if (status.error_code() == error::STOPPED) {
306 CHECK(!common_encryption_request_status_.ok());
307 return common_encryption_request_status_;
312 EncryptionKeyMap& encryption_key_map = ref_counted_encryption_key_map->map();
313 if (encryption_key_map.find(track_type) == encryption_key_map.end()) {
314 return Status(error::INTERNAL_ERROR,
317 *key = *encryption_key_map[track_type];
321 void WidevineKeySource::FetchKeysTask() {
323 start_key_production_.Wait();
324 if (!key_pool_ || key_pool_->Stopped())
327 Status status = FetchKeysInternal(kEnableKeyRotation,
328 first_crypto_period_index_,
330 while (status.ok()) {
331 first_crypto_period_index_ += crypto_period_count_;
332 status = FetchKeysInternal(kEnableKeyRotation,
333 first_crypto_period_index_,
336 common_encryption_request_status_ = status;
340 Status WidevineKeySource::FetchKeysInternal(
bool enable_key_rotation,
341 uint32_t first_crypto_period_index,
342 bool widevine_classic) {
344 FillRequest(enable_key_rotation,
345 first_crypto_period_index,
349 Status status = GenerateKeyMessage(request, &message);
352 VLOG(1) <<
"Message: " << message;
354 std::string raw_response;
355 int64_t sleep_duration = kFirstRetryDelayMilliseconds;
359 for (
int i = 0; i < kNumTransientErrorRetries; ++i) {
360 status = key_fetcher_->FetchKeys(server_url_, message, &raw_response);
362 VLOG(1) <<
"Retry [" << i <<
"] Response:" << raw_response;
364 std::string response;
365 if (!DecodeResponse(raw_response, &response)) {
366 return Status(error::SERVER_ERROR,
367 "Failed to decode response '" + raw_response +
"'.");
370 bool transient_error =
false;
371 if (ExtractEncryptionKey(enable_key_rotation,
377 if (!transient_error) {
380 "Failed to extract encryption key from '" + response +
"'.");
382 }
else if (status.error_code() != error::TIME_OUT) {
387 if (i != kNumTransientErrorRetries - 1) {
388 base::PlatformThread::Sleep(
389 base::TimeDelta::FromMilliseconds(sleep_duration));
393 return Status(error::SERVER_ERROR,
394 "Failed to recover from server internal error.");
397 void WidevineKeySource::FillRequest(
bool enable_key_rotation,
398 uint32_t first_crypto_period_index,
399 std::string* request) {
401 DCHECK(!request_dict_.empty());
404 base::ListValue* tracks =
new base::ListValue();
406 base::DictionaryValue* track_sd =
new base::DictionaryValue();
407 track_sd->SetString(
"type",
"SD");
408 tracks->Append(track_sd);
409 base::DictionaryValue* track_hd =
new base::DictionaryValue();
410 track_hd->SetString(
"type",
"HD");
411 tracks->Append(track_hd);
412 base::DictionaryValue* track_audio =
new base::DictionaryValue();
413 track_audio->SetString(
"type",
"AUDIO");
414 tracks->Append(track_audio);
416 request_dict_.Set(
"tracks", tracks);
419 base::ListValue* drm_types =
new base::ListValue();
420 drm_types->AppendString(
"WIDEVINE");
421 request_dict_.Set(
"drm_types", drm_types);
424 if (enable_key_rotation) {
427 request_dict_.SetDouble(
"first_crypto_period_index",
428 first_crypto_period_index);
429 request_dict_.SetInteger(
"crypto_period_count", crypto_period_count_);
432 base::JSONWriter::WriteWithOptions(
436 base::JSONWriter::OPTIONS_OMIT_DOUBLE_TYPE_PRESERVATION, request);
439 Status WidevineKeySource::GenerateKeyMessage(
const std::string& request,
440 std::string* message) {
443 std::string request_base64_string;
444 base::Base64Encode(request, &request_base64_string);
446 base::DictionaryValue request_dict;
447 request_dict.SetString(
"request", request_base64_string);
451 std::string signature;
452 if (!signer_->GenerateSignature(request, &signature))
453 return Status(error::INTERNAL_ERROR,
"Signature generation failed.");
455 std::string signature_base64_string;
456 base::Base64Encode(signature, &signature_base64_string);
458 request_dict.SetString(
"signature", signature_base64_string);
459 request_dict.SetString(
"signer", signer_->signer_name());
462 base::JSONWriter::Write(request_dict, message);
466 bool WidevineKeySource::DecodeResponse(
467 const std::string& raw_response,
468 std::string* response) {
472 scoped_ptr<base::Value> root(base::JSONReader::Read(raw_response));
474 LOG(ERROR) <<
"'" << raw_response <<
"' is not in JSON format.";
477 const base::DictionaryValue* response_dict = NULL;
478 RCHECK(root->GetAsDictionary(&response_dict));
480 std::string response_base64_string;
481 RCHECK(response_dict->GetString(
"response", &response_base64_string));
482 RCHECK(base::Base64Decode(response_base64_string, response));
486 bool WidevineKeySource::ExtractEncryptionKey(
487 bool enable_key_rotation,
488 bool widevine_classic,
489 const std::string& response,
490 bool* transient_error) {
491 DCHECK(transient_error);
492 *transient_error =
false;
494 scoped_ptr<base::Value> root(base::JSONReader::Read(response));
496 LOG(ERROR) <<
"'" << response <<
"' is not in JSON format.";
500 const base::DictionaryValue* license_dict = NULL;
501 RCHECK(root->GetAsDictionary(&license_dict));
503 std::string license_status;
504 RCHECK(license_dict->GetString(
"status", &license_status));
505 if (license_status != kLicenseStatusOK) {
506 LOG(ERROR) <<
"Received non-OK license response: " << response;
507 *transient_error = (license_status == kLicenseStatusTransientError);
511 const base::ListValue* tracks;
512 RCHECK(license_dict->GetList(
"tracks", &tracks));
514 RCHECK(enable_key_rotation ? tracks->GetSize() >= 1 * crypto_period_count_
515 : tracks->GetSize() >= 1);
517 int current_crypto_period_index = first_crypto_period_index_;
519 EncryptionKeyMap encryption_key_map;
520 for (
size_t i = 0; i < tracks->GetSize(); ++i) {
521 const base::DictionaryValue* track_dict;
522 RCHECK(tracks->GetDictionary(i, &track_dict));
524 if (enable_key_rotation) {
525 int crypto_period_index;
527 track_dict->GetInteger(
"crypto_period_index", &crypto_period_index));
528 if (crypto_period_index != current_crypto_period_index) {
529 if (crypto_period_index != current_crypto_period_index + 1) {
530 LOG(ERROR) <<
"Expecting crypto period index "
531 << current_crypto_period_index <<
" or "
532 << current_crypto_period_index + 1 <<
"; Seen "
533 << crypto_period_index <<
" at track " << i;
536 if (!PushToKeyPool(&encryption_key_map))
538 ++current_crypto_period_index;
542 std::string track_type_str;
543 RCHECK(track_dict->GetString(
"type", &track_type_str));
545 DCHECK_NE(TRACK_TYPE_UNKNOWN, track_type);
546 RCHECK(encryption_key_map.find(track_type) == encryption_key_map.end());
548 scoped_ptr<EncryptionKey> encryption_key(
new EncryptionKey());
550 if (!GetKeyFromTrack(*track_dict, &encryption_key->key))
554 if (!widevine_classic) {
555 if (!GetKeyIdFromTrack(*track_dict, &encryption_key->key_id))
558 ProtectionSystemSpecificInfo info;
559 info.add_key_id(encryption_key->key_id);
560 info.set_system_id(kWidevineSystemId, arraysize(kWidevineSystemId));
561 info.set_pssh_box_version(0);
563 std::vector<uint8_t> pssh_data;
564 if (!GetPsshDataFromTrack(*track_dict, &pssh_data))
566 info.set_pssh_data(pssh_data);
568 encryption_key->key_system_info.push_back(info);
570 encryption_key_map[track_type] = encryption_key.release();
575 if (add_common_pssh_ && !widevine_classic) {
576 std::set<std::vector<uint8_t>> key_ids;
577 for (
const EncryptionKeyMap::value_type& pair : encryption_key_map) {
578 key_ids.insert(pair.second->key_id);
582 ProtectionSystemSpecificInfo info;
583 info.set_system_id(kCommonSystemId, arraysize(kCommonSystemId));
584 info.set_pssh_box_version(1);
585 for (
const std::vector<uint8_t>& key_id : key_ids) {
586 info.add_key_id(key_id);
589 for (
const EncryptionKeyMap::value_type& pair : encryption_key_map) {
590 pair.second->key_system_info.push_back(info);
594 DCHECK(!encryption_key_map.empty());
595 if (!enable_key_rotation) {
596 encryption_key_map_ = encryption_key_map;
599 return PushToKeyPool(&encryption_key_map);
602 bool WidevineKeySource::PushToKeyPool(
603 EncryptionKeyMap* encryption_key_map) {
605 DCHECK(encryption_key_map);
607 key_pool_->Push(scoped_refptr<RefCountedEncryptionKeyMap>(
608 new RefCountedEncryptionKeyMap(encryption_key_map)),
610 encryption_key_map->clear();
612 DCHECK_EQ(error::STOPPED, status.error_code());