Shaka Packager SDK
 All Classes Namespaces Functions Variables Typedefs Enumerations Enumerator Friends
widevine_encryption_flags.cc
1 // Copyright 2014 Google Inc. All rights reserved.
2 //
3 // Use of this source code is governed by a BSD-style
4 // license that can be found in the LICENSE file or at
5 // https://developers.google.com/open-source/licenses/bsd
6 //
7 // Defines command line flags for widevine_encryption.
8 
9 #include "packager/app/widevine_encryption_flags.h"
10 
11 #include "packager/app/validate_flag.h"
12 #include "packager/base/logging.h"
13 #include "packager/base/strings/string_piece.h"
14 #include "packager/base/strings/string_util.h"
15 
16 DEFINE_bool(enable_widevine_encryption,
17  false,
18  "Enable encryption with Widevine key server. User should provide "
19  "either AES signing key (--aes_signing_key, --aes_signing_iv) or "
20  "RSA signing key (--rsa_signing_key_path).");
21 DEFINE_bool(enable_widevine_decryption,
22  false,
23  "Enable decryption with Widevine license server/proxy. User should "
24  "provide either AES signing key (--aes_signing_key, "
25  "--aes_signing_iv) or RSA signing key (--rsa_signing_key_path).");
26 DEFINE_bool(include_common_pssh,
27  false,
28  "When using Widevine encryption, include an additional v1 PSSH box "
29  "for the common system ID that includes the key IDs. See: "
30  "https://goo.gl/s8RIhr");
31 DEFINE_string(key_server_url, "", "Key server url. Required for encryption and "
32  "decryption");
33 DEFINE_hex_bytes(content_id, "", "Content Id (hex).");
34 DEFINE_string(policy,
35  "",
36  "The name of a stored policy, which specifies DRM content "
37  "rights.");
38 DEFINE_int32(max_sd_pixels,
39  768 * 576,
40  "The video track is considered SD if its max pixels per frame is "
41  "no higher than max_sd_pixels. Default: 442368 (768 x 576).");
42 DEFINE_int32(max_hd_pixels,
43  1920 * 1080,
44  "The video track is considered HD if its max pixels per frame is "
45  "higher than max_sd_pixels, but no higher than max_hd_pixels. "
46  "Default: 2073600 (1920 x 1080).");
47 DEFINE_int32(max_uhd1_pixels,
48  4096 * 2160,
49  "The video track is considered UHD1 if its max pixels per frame "
50  "is higher than max_hd_pixels, but no higher than max_uhd1_pixels."
51  " Otherwise it is UHD2. Default: 8847360 (4096 x 2160).");
52 DEFINE_string(signer, "", "The name of the signer.");
53 DEFINE_hex_bytes(aes_signing_key,
54  "",
55  "AES signing key in hex string. --aes_signing_iv is required. "
56  "Exclusive with --rsa_signing_key_path.");
57 DEFINE_hex_bytes(aes_signing_iv, "", "AES signing iv in hex string.");
58 DEFINE_string(rsa_signing_key_path,
59  "",
60  "Stores PKCS#1 RSA private key for request signing. Exclusive "
61  "with --aes_signing_key.");
62 DEFINE_int32(crypto_period_duration,
63  0,
64  "Crypto period duration in seconds. If it is non-zero, key "
65  "rotation is enabled.");
66 DEFINE_hex_bytes(group_id, "", "Identifier for a group of licenses (hex).");
67 
68 namespace shaka {
69 namespace {
70 const bool kOptional = true;
71 } // namespace
72 
74  bool success = true;
75 
76  const bool widevine_crypto =
77  FLAGS_enable_widevine_encryption || FLAGS_enable_widevine_decryption;
78  const char widevine_crypto_label[] =
79  "--enable_widevine_encryption/decryption";
80  // key_server_url and signer (optional) are associated with
81  // enable_widevine_encryption and enable_widevine_descryption.
82  if (!ValidateFlag("key_server_url",
83  FLAGS_key_server_url,
84  widevine_crypto,
85  !kOptional,
86  widevine_crypto_label)) {
87  success = false;
88  }
89  if (!ValidateFlag("signer",
90  FLAGS_signer,
91  widevine_crypto,
92  kOptional,
93  widevine_crypto_label)) {
94  success = false;
95  }
96  if (widevine_crypto && FLAGS_signer.empty() &&
97  base::StartsWith(base::StringPiece(FLAGS_key_server_url), "http",
98  base::CompareCase::INSENSITIVE_ASCII)) {
99  LOG(WARNING) << "--signer is likely required with "
100  "--enable_widevine_encryption/decryption.";
101  }
102 
103  const char widevine_encryption_label[] = "--enable_widevine_encryption";
104  // content_id and policy (optional) are associated with
105  // enable_widevine_encryption.
106  if (!ValidateFlag("content_id",
107  FLAGS_content_id_bytes,
108  FLAGS_enable_widevine_encryption,
109  !kOptional,
110  widevine_encryption_label)) {
111  success = false;
112  }
113  if (!ValidateFlag("policy",
114  FLAGS_policy,
115  FLAGS_enable_widevine_encryption,
116  kOptional,
117  widevine_encryption_label)) {
118  success = false;
119  }
120  if (FLAGS_include_common_pssh && !FLAGS_enable_widevine_encryption) {
121  PrintError("--include_common_pssh is only valid with "
122  "--enable_widevine_encryption");
123  success = false;
124  }
125 
126  if (FLAGS_max_sd_pixels <= 0) {
127  PrintError("--max_sd_pixels must be positive.");
128  success = false;
129  }
130  if (FLAGS_max_hd_pixels <= 0) {
131  PrintError("--max_hd_pixels must be positive.");
132  success = false;
133  }
134  if (FLAGS_max_uhd1_pixels <= 0) {
135  PrintError("--max_uhd1_pixels must be positive.");
136  success = false;
137  }
138  if (FLAGS_max_hd_pixels <= FLAGS_max_sd_pixels) {
139  PrintError("--max_hd_pixels must be greater than --max_sd_pixels.");
140  success = false;
141  }
142  if (FLAGS_max_uhd1_pixels <= FLAGS_max_hd_pixels) {
143  PrintError("--max_uhd1_pixels must be greater than --max_hd_pixels.");
144  success = false;
145  }
146 
147  const bool aes = !FLAGS_aes_signing_key_bytes.empty() ||
148  !FLAGS_aes_signing_iv_bytes.empty();
149  if (aes && (FLAGS_aes_signing_key_bytes.empty() ||
150  FLAGS_aes_signing_iv_bytes.empty())) {
151  PrintError("--aes_signing_key/iv is required if using aes signing.");
152  success = false;
153  }
154 
155  const bool rsa = !FLAGS_rsa_signing_key_path.empty();
156 
157  if (FLAGS_signer.empty() && (aes || rsa)) {
158  PrintError("--signer is required if using aes/rsa signing.");
159  success = false;
160  }
161  if (!FLAGS_signer.empty() && !aes && !rsa) {
162  PrintError(
163  "--aes_signing_key/iv or --rsa_signing_key_path is required with "
164  "--signer.");
165  success = false;
166  }
167  if (aes && rsa) {
168  PrintError(
169  "Only one of --aes_signing_key/iv and --rsa_signing_key_path should be "
170  "specified.");
171  success = false;
172  }
173 
174  if (FLAGS_crypto_period_duration < 0) {
175  PrintError("--crypto_period_duration should not be negative.");
176  success = false;
177  }
178  return success;
179 }
180 
181 } // namespace shaka
void PrintError(const std::string &error_message)
bool ValidateFlag(const char *flag_name, const FlagType &flag_value, bool condition, bool optional, const char *label)
Definition: validate_flag.h:33
bool ValidateWidevineCryptoFlags()