#include "config.h"
#include "CDMClearKey.h"
#if ENABLE(ENCRYPTED_MEDIA)
#include "CDMKeySystemConfiguration.h"
#include "CDMRestrictions.h"
#include "CDMSessionType.h"
#include "SharedBuffer.h"
#include <wtf/JSONValues.h>
#include <wtf/MainThread.h>
#include <wtf/NeverDestroyed.h>
#include <wtf/text/Base64.h>
namespace WebCore {
const uint8_t clearKeyCencSystemId[] = { 0x10, 0x77, 0xef, 0xec, 0xc0, 0xb2, 0x4d, 0x02, 0xac, 0xe3, 0x3c, 0x1e, 0x52, 0xe2, 0xfb, 0x4b };
const unsigned clearKeyCencSystemIdSize = sizeof(clearKeyCencSystemId);
const unsigned keyIdSize = 16;
class ClearKeyState {
using KeyStore = HashMap<String, Vector<CDMInstanceClearKey::Key>>;
public:
static ClearKeyState& singleton();
KeyStore& keys() { return m_keys; }
private:
friend class NeverDestroyed<ClearKeyState>;
ClearKeyState();
KeyStore m_keys;
};
ClearKeyState& ClearKeyState::singleton()
{
static NeverDestroyed<ClearKeyState> s_state;
return s_state;
}
ClearKeyState::ClearKeyState() = default;
static RefPtr<JSON::Object> parseJSONObject(const SharedBuffer& buffer)
{
size_t size = buffer.size();
if (size > std::numeric_limits<unsigned>::max())
return nullptr;
String json { buffer.data(), static_cast<unsigned>(size) };
RefPtr<JSON::Value> value;
RefPtr<JSON::Object> object;
if (!JSON::Value::parseJSON(json, value) || !value->asObject(object))
return nullptr;
return object;
}
static std::optional<Vector<CDMInstanceClearKey::Key>> parseLicenseFormat(const JSON::Object& root)
{
auto it = root.find("keys");
if (it == root.end())
return std::nullopt;
RefPtr<JSON::Array> keysArray;
if (!it->value->asArray(keysArray))
return std::nullopt;
Vector<CDMInstanceClearKey::Key> decodedKeys;
bool validFormat = std::all_of(keysArray->begin(), keysArray->end(),
[&decodedKeys] (const auto& value) {
RefPtr<JSON::Object> keyObject;
if (!value->asObject(keyObject))
return false;
String keyType;
if (!keyObject->getString("kty", keyType) || !equalLettersIgnoringASCIICase(keyType, "oct"))
return false;
String keyID, keyValue;
if (!keyObject->getString("kid", keyID) || !keyObject->getString("k", keyValue))
return false;
Vector<char> keyIDData, keyValueData;
if (!WTF::base64URLDecode(keyID, { keyIDData }) || !WTF::base64URLDecode(keyValue, { keyValueData }))
return false;
decodedKeys.append({ CDMInstanceClearKey::KeyStatus::Usable, SharedBuffer::create(WTFMove(keyIDData)), SharedBuffer::create(WTFMove(keyValueData)) });
return true;
});
if (!validFormat)
return std::nullopt;
return decodedKeys;
}
static bool parseLicenseReleaseAcknowledgementFormat(const JSON::Object& root)
{
auto it = root.find("kids");
if (it == root.end())
return false;
RefPtr<JSON::Array> kidsArray;
if (!it->value->asArray(kidsArray))
return false;
return true;
}
static std::pair<unsigned, unsigned> extractKeyidsLocationFromCencInitData(const SharedBuffer& initData)
{
std::pair<unsigned, unsigned> keyIdsMap(0, 0);
if (initData.isEmpty() || initData.size() > std::numeric_limits<unsigned>::max())
return keyIdsMap;
const char* data = initData.data();
unsigned initDataSize = initData.size();
unsigned index = 0;
unsigned psshSize = 0;
bool foundPssh = false;
while (true) {
if (index + 12 + clearKeyCencSystemIdSize >= initDataSize)
return keyIdsMap;
psshSize = data[index + 2] * 256 + data[index + 3];
if (!psshSize)
return keyIdsMap;
if (!memcmp(&data[index + 12], clearKeyCencSystemId, clearKeyCencSystemIdSize)) {
foundPssh = true;
break;
}
index += psshSize;
}
if (!foundPssh)
return keyIdsMap;
index += (12 + clearKeyCencSystemIdSize);
if (index + 3 >= initDataSize)
return keyIdsMap;
keyIdsMap.first = data[index + 3]; index += 4;
if ((index + (keyIdsMap.first * keyIdSize)) >= initDataSize)
return keyIdsMap;
keyIdsMap.second = index;
return keyIdsMap;
}
static bool isCencInitData(const SharedBuffer& initData)
{
std::pair<unsigned, unsigned> keyIdsMap = extractKeyidsLocationFromCencInitData(initData);
return ((keyIdsMap.first) && (keyIdsMap.second));
}
static Ref<SharedBuffer> extractKeyidsFromCencInitData(const SharedBuffer& initData)
{
Ref<SharedBuffer> keyIds = SharedBuffer::create();
std::pair<unsigned, unsigned> keyIdsMap = extractKeyidsLocationFromCencInitData(initData);
unsigned keyIdCount = keyIdsMap.first;
unsigned index = keyIdsMap.second;
if (!keyIdCount || !index)
return keyIds;
const char* data = initData.data();
auto object = JSON::Object::create();
auto keyIdsArray = JSON::Array::create();
for (unsigned i = 0; i < keyIdCount; i++) {
String keyId = WTF::base64URLEncode(&data[index], keyIdSize);
keyIdsArray->pushString(keyId);
index += keyIdSize;
}
object->setArray("kids", WTFMove(keyIdsArray));
CString jsonData = object->toJSONString().utf8();
keyIds->append(jsonData.data(), jsonData.length());
return keyIds;
}
CDMFactoryClearKey& CDMFactoryClearKey::singleton()
{
static NeverDestroyed<CDMFactoryClearKey> s_factory;
return s_factory;
}
CDMFactoryClearKey::CDMFactoryClearKey() = default;
CDMFactoryClearKey::~CDMFactoryClearKey() = default;
std::unique_ptr<CDMPrivate> CDMFactoryClearKey::createCDM(const String& keySystem)
{
#ifdef NDEBUG
UNUSED_PARAM(keySystem);
#else
ASSERT(supportsKeySystem(keySystem));
#endif
return std::make_unique<CDMPrivateClearKey>();
}
bool CDMFactoryClearKey::supportsKeySystem(const String& keySystem)
{
return equalLettersIgnoringASCIICase(keySystem, "org.w3.clearkey");
}
CDMPrivateClearKey::CDMPrivateClearKey() = default;
CDMPrivateClearKey::~CDMPrivateClearKey() = default;
bool CDMPrivateClearKey::supportsInitDataType(const AtomicString& initDataType) const
{
return (equalLettersIgnoringASCIICase(initDataType, "keyids") || equalLettersIgnoringASCIICase(initDataType, "cenc"));
}
static bool containsPersistentLicenseType(const Vector<CDMSessionType>& types)
{
return std::any_of(types.begin(), types.end(),
[] (auto& sessionType) { return sessionType == CDMSessionType::PersistentLicense; });
}
bool CDMPrivateClearKey::supportsConfiguration(const CDMKeySystemConfiguration& configuration) const
{
if (configuration.distinctiveIdentifier == CDMRequirement::Required)
return false;
if (configuration.persistentState == CDMRequirement::Required && !containsPersistentLicenseType(configuration.sessionTypes))
return false;
return true;
}
bool CDMPrivateClearKey::supportsConfigurationWithRestrictions(const CDMKeySystemConfiguration& configuration, const CDMRestrictions& restrictions) const
{
if ((configuration.distinctiveIdentifier == CDMRequirement::Optional && restrictions.distinctiveIdentifierDenied)
|| configuration.distinctiveIdentifier == CDMRequirement::Required)
return false;
if (configuration.persistentState == CDMRequirement::Optional && restrictions.persistentStateDenied)
return false;
if (configuration.persistentState == CDMRequirement::Required && !containsPersistentLicenseType(configuration.sessionTypes))
return false;
return true;
}
bool CDMPrivateClearKey::supportsSessionTypeWithConfiguration(CDMSessionType& sessionType, const CDMKeySystemConfiguration& configuration) const
{
if (sessionType != CDMSessionType::Temporary && sessionType != CDMSessionType::PersistentLicense)
return false;
return supportsConfiguration(configuration);
}
bool CDMPrivateClearKey::supportsRobustness(const String& robustness) const
{
return robustness.isEmpty();
}
CDMRequirement CDMPrivateClearKey::distinctiveIdentifiersRequirement(const CDMKeySystemConfiguration&, const CDMRestrictions& restrictions) const
{
if (restrictions.distinctiveIdentifierDenied)
return CDMRequirement::NotAllowed;
return CDMRequirement::Optional;
}
CDMRequirement CDMPrivateClearKey::persistentStateRequirement(const CDMKeySystemConfiguration&, const CDMRestrictions& restrictions) const
{
if (restrictions.persistentStateDenied)
return CDMRequirement::NotAllowed;
return CDMRequirement::Optional;
}
bool CDMPrivateClearKey::distinctiveIdentifiersAreUniquePerOriginAndClearable(const CDMKeySystemConfiguration&) const
{
return false;
}
RefPtr<CDMInstance> CDMPrivateClearKey::createInstance()
{
return adoptRef(new CDMInstanceClearKey);
}
void CDMPrivateClearKey::loadAndInitialize()
{
}
bool CDMPrivateClearKey::supportsServerCertificates() const
{
return false;
}
bool CDMPrivateClearKey::supportsSessions() const
{
return true;
}
bool CDMPrivateClearKey::supportsInitData(const AtomicString& initDataType, const SharedBuffer& initData) const
{
if (equalLettersIgnoringASCIICase(initDataType, "keyids") && parseJSONObject(initData))
return true;
if (equalLettersIgnoringASCIICase(initDataType, "cenc") && isCencInitData(initData))
return true;
return false;
}
RefPtr<SharedBuffer> CDMPrivateClearKey::sanitizeResponse(const SharedBuffer& response) const
{
if (!parseJSONObject(response))
return nullptr;
return response.copy();
}
std::optional<String> CDMPrivateClearKey::sanitizeSessionId(const String& sessionId) const
{
bool ok;
sessionId.toUIntStrict(&ok);
if (!ok)
return std::nullopt;
return sessionId;
}
CDMInstanceClearKey::CDMInstanceClearKey()
{
}
CDMInstanceClearKey::~CDMInstanceClearKey() = default;
CDMInstance::SuccessValue CDMInstanceClearKey::initializeWithConfiguration(const CDMKeySystemConfiguration&)
{
return Succeeded;
}
CDMInstance::SuccessValue CDMInstanceClearKey::setDistinctiveIdentifiersAllowed(bool allowed)
{
return !allowed ? Succeeded : Failed;
}
CDMInstance::SuccessValue CDMInstanceClearKey::setPersistentStateAllowed(bool allowed)
{
return !allowed ? Succeeded : Failed;
}
CDMInstance::SuccessValue CDMInstanceClearKey::setServerCertificate(Ref<SharedBuffer>&&)
{
return Failed;
}
CDMInstance::SuccessValue CDMInstanceClearKey::setStorageDirectory(const String& storageDirectory)
{
return storageDirectory.isEmpty() ? Succeeded : Failed;
}
void CDMInstanceClearKey::requestLicense(LicenseType, const AtomicString& initDataType, Ref<SharedBuffer>&& initData, LicenseCallback callback)
{
static uint32_t s_sessionIdValue = 0;
++s_sessionIdValue;
if (equalLettersIgnoringASCIICase(initDataType, "cenc"))
initData = extractKeyidsFromCencInitData(initData.get());
callOnMainThread(
[weakThis = makeWeakPtr(*this), callback = WTFMove(callback), initData = WTFMove(initData), sessionIdValue = s_sessionIdValue]() mutable {
if (!weakThis)
return;
callback(WTFMove(initData), String::number(sessionIdValue), false, Succeeded);
});
}
const Vector<CDMInstanceClearKey::Key> CDMInstanceClearKey::keys() const
{
Vector<CDMInstanceClearKey::Key> allKeys { };
for (auto& key : ClearKeyState::singleton().keys().values())
allKeys.appendVector(key);
return allKeys;
}
void CDMInstanceClearKey::updateLicense(const String& sessionId, LicenseType, const SharedBuffer& response, LicenseUpdateCallback callback)
{
auto dispatchCallback =
[this, &callback](bool sessionWasClosed, std::optional<KeyStatusVector>&& changedKeys, SuccessValue succeeded) {
callOnMainThread(
[weakThis = makeWeakPtr(*this), callback = WTFMove(callback), sessionWasClosed, changedKeys = WTFMove(changedKeys), succeeded] () mutable {
if (!weakThis)
return;
callback(sessionWasClosed, WTFMove(changedKeys), std::nullopt, std::nullopt, succeeded);
});
};
RefPtr<JSON::Object> root = parseJSONObject(response);
if (!root) {
dispatchCallback(false, std::nullopt, SuccessValue::Failed);
return;
}
if (auto decodedKeys = parseLicenseFormat(*root)) {
auto& keyVector = ClearKeyState::singleton().keys().ensure(sessionId, [] { return Vector<Key> { }; }).iterator->value;
bool keysChanged = false;
for (auto& key : *decodedKeys) {
auto it = std::find_if(keyVector.begin(), keyVector.end(),
[&key] (const Key& containedKey) {
return containedKey.keyIDData->size() == key.keyIDData->size()
&& !std::memcmp(containedKey.keyIDData->data(), key.keyIDData->data(), containedKey.keyIDData->size());
});
if (it != keyVector.end()) {
auto& existingKey = it->keyValueData;
auto& proposedKey = key.keyValueData;
if (existingKey->size() != proposedKey->size() || std::memcmp(existingKey->data(), proposedKey->data(), existingKey->size())) {
*it = WTFMove(key);
keysChanged = true;
}
} else {
keyVector.append(WTFMove(key));
keysChanged = true;
}
}
std::optional<KeyStatusVector> changedKeys;
if (keysChanged) {
Vector<std::pair<RefPtr<SharedBuffer>, KeyStatus>> keys;
keys.reserveInitialCapacity(keyVector.size());
for (auto& it : keyVector)
keys.uncheckedAppend(std::pair<RefPtr<SharedBuffer>, KeyStatus> { it.keyIDData, it.status });
std::sort(keys.begin(), keys.end(),
[] (const auto& a, const auto& b) {
if (a.first->size() != b.first->size())
return a.first->size() < b.first->size();
return std::memcmp(a.first->data(), b.first->data(), a.first->size()) < 0;
});
KeyStatusVector keyStatusVector;
keyStatusVector.reserveInitialCapacity(keys.size());
for (auto& it : keys)
keyStatusVector.uncheckedAppend(std::pair<Ref<SharedBuffer>, KeyStatus> { *it.first, it.second });
changedKeys = WTFMove(keyStatusVector);
}
dispatchCallback(false, WTFMove(changedKeys), SuccessValue::Succeeded);
return;
}
if (parseLicenseReleaseAcknowledgementFormat(*root)) {
ClearKeyState::singleton().keys().remove(sessionId);
dispatchCallback(true, std::nullopt, SuccessValue::Succeeded);
return;
}
dispatchCallback(false, std::nullopt, SuccessValue::Failed);
}
void CDMInstanceClearKey::loadSession(LicenseType, const String& sessionId, const String&, LoadSessionCallback callback)
{
auto dispatchCallback =
[this, &callback](std::optional<KeyStatusVector>&& existingKeys, SuccessValue success, SessionLoadFailure loadFailure) {
callOnMainThread(
[weakThis = makeWeakPtr(*this), callback = WTFMove(callback), existingKeys = WTFMove(existingKeys), success, loadFailure]() mutable {
if (!weakThis)
return;
callback(WTFMove(existingKeys), std::nullopt, std::nullopt, success, loadFailure);
});
};
KeyStatusVector keyStatusVector;
{
auto& keys = ClearKeyState::singleton().keys();
auto it = keys.find(sessionId);
if (it == keys.end()) {
dispatchCallback(std::nullopt, Failed, SessionLoadFailure::NoSessionData);
return;
}
auto& keyVector = it->value;
keyStatusVector.reserveInitialCapacity(keyVector.size());
for (auto& key : keyVector)
keyStatusVector.uncheckedAppend(std::pair<Ref<SharedBuffer>, KeyStatus> { *key.keyIDData, key.status });
}
dispatchCallback(WTFMove(keyStatusVector), Succeeded, SessionLoadFailure::None);
}
void CDMInstanceClearKey::closeSession(const String&, CloseSessionCallback callback)
{
callOnMainThread(
[weakThis = makeWeakPtr(*this), callback = WTFMove(callback)] {
if (!weakThis)
return;
callback();
});
}
void CDMInstanceClearKey::removeSessionData(const String& sessionId, LicenseType, RemoveSessionDataCallback callback)
{
auto dispatchCallback =
[this, &callback](KeyStatusVector&& keyStatusVector, std::optional<Ref<SharedBuffer>>&& message, SuccessValue success) {
callOnMainThread(
[weakThis = makeWeakPtr(*this), callback = WTFMove(callback), keyStatusVector = WTFMove(keyStatusVector), message = WTFMove(message), success]() mutable {
if (!weakThis)
return;
callback(WTFMove(keyStatusVector), WTFMove(message), success);
});
};
KeyStatusVector keyStatusVector;
RefPtr<SharedBuffer> message;
{
auto& keys = ClearKeyState::singleton().keys();
auto it = keys.find(sessionId);
if (it == keys.end()) {
dispatchCallback(KeyStatusVector { }, std::nullopt, SuccessValue::Failed);
return;
}
auto keyVector = WTFMove(it->value);
keys.remove(it);
keyStatusVector.reserveInitialCapacity(keyVector.size());
for (auto& key : keyVector)
keyStatusVector.uncheckedAppend(std::pair<Ref<SharedBuffer>, KeyStatus> { *key.keyIDData, KeyStatus::Released });
auto rootObject = JSON::Object::create();
{
auto array = JSON::Array::create();
for (auto& key : keyVector) {
ASSERT(key.keyIDData->size() <= std::numeric_limits<unsigned>::max());
array->pushString(WTF::base64URLEncode(key.keyIDData->data(), static_cast<unsigned>(key.keyIDData->size())));
}
rootObject->setArray("kids", WTFMove(array));
}
String messageString = rootObject->toJSONString();
CString messageCString = messageString.utf8();
message = SharedBuffer::create(messageCString.data(), messageCString.length());
}
dispatchCallback(WTFMove(keyStatusVector), Ref<SharedBuffer>(*message), SuccessValue::Succeeded);
}
void CDMInstanceClearKey::storeRecordOfKeyUsage(const String&)
{
}
const String& CDMInstanceClearKey::keySystem() const
{
static const NeverDestroyed<String> s_keySystem = MAKE_STATIC_STRING_IMPL("org.w3.clearkey");
return s_keySystem;
}
}
#endif // ENABLE(ENCRYPTED_MEDIA)