media/lib/signer/java/com/android/mediadrm/signer/MediaDrmSigner.java - platform/frameworks/base - Git at Google

 /*
  * Copyright (C) 2013 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package com.android.mediadrm.signer;

 import android.media.MediaDrm;
 import android.media.DeniedByServerException;

 /**
  * Provides certificate request generation, response handling and
  * signing APIs
  */
 public final class MediaDrmSigner {
     private MediaDrmSigner() {}

     /**
      * Specify X.509 certificate type
      */
     public static final int CERTIFICATE_TYPE_X509 = MediaDrm.CERTIFICATE_TYPE_X509;

     /**
      * Contains the opaque data an app uses to request a certificate from a provisioning
      * server
      */
     public final static class CertificateRequest {
         private final MediaDrm.CertificateRequest mCertRequest;

         CertificateRequest(MediaDrm.CertificateRequest certRequest) {
             mCertRequest = certRequest;
         }

         /**
          * Get the opaque message data
          */
         public byte[] getData() {
             return mCertRequest.getData();
         }

         /**
          * Get the default URL to use when sending the certificate request
          * message to a server, if known. The app may prefer to use a different
          * certificate server URL obtained from other sources.
          */
         public String getDefaultUrl() {
             return mCertRequest.getDefaultUrl();
         }
     }

     /**
      * Contains the wrapped private key and public certificate data associated
      * with a certificate.
      */
     public final static class Certificate {
         private final MediaDrm.Certificate mCertificate;

         Certificate(MediaDrm.Certificate certificate) {
             mCertificate = certificate;
         }

         /**
          * Get the wrapped private key data
          */
         public byte[] getWrappedPrivateKey() {
             return mCertificate.getWrappedPrivateKey();
         }

         /**
          * Get the PEM-encoded public certificate chain
          */
         public byte[] getContent() {
             return mCertificate.getContent();
         }
     }

     /**
      * Generate a certificate request, specifying the certificate type
      * and authority. The response received should be passed to
      * provideCertificateResponse.
      *
      * @param drm the MediaDrm object
      * @param certType Specifies the certificate type.
      * @param certAuthority is passed to the certificate server to specify
      * the chain of authority.
      */
     public static CertificateRequest getCertificateRequest(MediaDrm drm, int certType,
             String certAuthority) {
         return new CertificateRequest(drm.getCertificateRequest(certType, certAuthority));
     }

     /**
      * Process a response from the provisioning server.  The response
      * is obtained from an HTTP Post to the url provided by getCertificateRequest.
      *
      * The public X509 certificate chain and wrapped private key are returned
      * in the returned Certificate objec.  The certificate chain is in BIO serialized
      * PEM format.  The wrapped private key should be stored in application private
      * storage, and used when invoking the signRSA method.
      *
      * @param drm the MediaDrm object
      * @param response the opaque certificate response byte array to provide to the
      * DRM engine plugin.
      * @throws android.media.DeniedByServerException if the response indicates that the
      * server rejected the request
      */
     public static Certificate provideCertificateResponse(MediaDrm drm, byte[] response)
             throws DeniedByServerException {
         return new Certificate(drm.provideCertificateResponse(response));
     }

     /**
      * Sign data using an RSA key
      *
      * @param drm the MediaDrm object
      * @param sessionId a sessionId obtained from openSession on the MediaDrm object
      * @param algorithm the signing algorithm to use, e.g. "PKCS1-BlockType1"
      * @param wrappedKey - the wrapped (encrypted) RSA private key obtained
      * from provideCertificateResponse
      * @param message the data for which a signature is to be computed
      */
     public static byte[] signRSA(MediaDrm drm, byte[] sessionId,
             String algorithm, byte[] wrappedKey, byte[] message) {
         return drm.signRSA(sessionId, algorithm, wrappedKey, message);
     }
 }
	/*
	* Copyright (C) 2013 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package com.android.mediadrm.signer;

	import android.media.MediaDrm;
	import android.media.DeniedByServerException;

	/**
	* Provides certificate request generation, response handling and
	* signing APIs
	*/
	public final class MediaDrmSigner {
	private MediaDrmSigner() {}

	/**
	* Specify X.509 certificate type
	*/
	public static final int CERTIFICATE_TYPE_X509 = MediaDrm.CERTIFICATE_TYPE_X509;

	/**
	* Contains the opaque data an app uses to request a certificate from a provisioning
	* server
	*/
	public final static class CertificateRequest {
	private final MediaDrm.CertificateRequest mCertRequest;

	CertificateRequest(MediaDrm.CertificateRequest certRequest) {
	mCertRequest = certRequest;
	}

	/**
	* Get the opaque message data
	*/
	public byte[] getData() {
	return mCertRequest.getData();
	}

	/**
	* Get the default URL to use when sending the certificate request
	* message to a server, if known. The app may prefer to use a different
	* certificate server URL obtained from other sources.
	*/
	public String getDefaultUrl() {
	return mCertRequest.getDefaultUrl();
	}
	}

	/**
	* Contains the wrapped private key and public certificate data associated
	* with a certificate.
	*/
	public final static class Certificate {
	private final MediaDrm.Certificate mCertificate;

	Certificate(MediaDrm.Certificate certificate) {
	mCertificate = certificate;
	}

	/**
	* Get the wrapped private key data
	*/
	public byte[] getWrappedPrivateKey() {
	return mCertificate.getWrappedPrivateKey();
	}

	/**
	* Get the PEM-encoded public certificate chain
	*/
	public byte[] getContent() {
	return mCertificate.getContent();
	}
	}

	/**
	* Generate a certificate request, specifying the certificate type
	* and authority. The response received should be passed to
	* provideCertificateResponse.
	*
	* @param drm the MediaDrm object
	* @param certType Specifies the certificate type.
	* @param certAuthority is passed to the certificate server to specify
	* the chain of authority.
	*/
	public static CertificateRequest getCertificateRequest(MediaDrm drm, int certType,
	String certAuthority) {
	return new CertificateRequest(drm.getCertificateRequest(certType, certAuthority));
	}

	/**
	* Process a response from the provisioning server. The response
	* is obtained from an HTTP Post to the url provided by getCertificateRequest.
	*
	* The public X509 certificate chain and wrapped private key are returned
	* in the returned Certificate objec. The certificate chain is in BIO serialized
	* PEM format. The wrapped private key should be stored in application private
	* storage, and used when invoking the signRSA method.
	*
	* @param drm the MediaDrm object
	* @param response the opaque certificate response byte array to provide to the
	* DRM engine plugin.
	* @throws android.media.DeniedByServerException if the response indicates that the
	* server rejected the request
	*/
	public static Certificate provideCertificateResponse(MediaDrm drm, byte[] response)
	throws DeniedByServerException {
	return new Certificate(drm.provideCertificateResponse(response));
	}

	/**
	* Sign data using an RSA key
	*
	* @param drm the MediaDrm object
	* @param sessionId a sessionId obtained from openSession on the MediaDrm object
	* @param algorithm the signing algorithm to use, e.g. "PKCS1-BlockType1"
	* @param wrappedKey - the wrapped (encrypted) RSA private key obtained
	* from provideCertificateResponse
	* @param message the data for which a signature is to be computed
	*/
	public static byte[] signRSA(MediaDrm drm, byte[] sessionId,
	String algorithm, byte[] wrappedKey, byte[] message) {
	return drm.signRSA(sessionId, algorithm, wrappedKey, message);
	}
	}