| /* |
| * Copyright (C) 2013 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package com.android.mediadrm.signer; |
| |
| import android.media.MediaDrm; |
| import android.media.DeniedByServerException; |
| |
| /** |
| * Provides certificate request generation, response handling and |
| * signing APIs |
| */ |
| public final class MediaDrmSigner { |
| private MediaDrmSigner() {} |
| |
| /** |
| * Specify X.509 certificate type |
| */ |
| public static final int CERTIFICATE_TYPE_X509 = MediaDrm.CERTIFICATE_TYPE_X509; |
| |
| /** |
| * Contains the opaque data an app uses to request a certificate from a provisioning |
| * server |
| */ |
| public final static class CertificateRequest { |
| private final MediaDrm.CertificateRequest mCertRequest; |
| |
| CertificateRequest(MediaDrm.CertificateRequest certRequest) { |
| mCertRequest = certRequest; |
| } |
| |
| /** |
| * Get the opaque message data |
| */ |
| public byte[] getData() { |
| return mCertRequest.getData(); |
| } |
| |
| /** |
| * Get the default URL to use when sending the certificate request |
| * message to a server, if known. The app may prefer to use a different |
| * certificate server URL obtained from other sources. |
| */ |
| public String getDefaultUrl() { |
| return mCertRequest.getDefaultUrl(); |
| } |
| } |
| |
| /** |
| * Contains the wrapped private key and public certificate data associated |
| * with a certificate. |
| */ |
| public final static class Certificate { |
| private final MediaDrm.Certificate mCertificate; |
| |
| Certificate(MediaDrm.Certificate certificate) { |
| mCertificate = certificate; |
| } |
| |
| /** |
| * Get the wrapped private key data |
| */ |
| public byte[] getWrappedPrivateKey() { |
| return mCertificate.getWrappedPrivateKey(); |
| } |
| |
| /** |
| * Get the PEM-encoded public certificate chain |
| */ |
| public byte[] getContent() { |
| return mCertificate.getContent(); |
| } |
| } |
| |
| /** |
| * Generate a certificate request, specifying the certificate type |
| * and authority. The response received should be passed to |
| * provideCertificateResponse. |
| * |
| * @param drm the MediaDrm object |
| * @param certType Specifies the certificate type. |
| * @param certAuthority is passed to the certificate server to specify |
| * the chain of authority. |
| */ |
| public static CertificateRequest getCertificateRequest(MediaDrm drm, int certType, |
| String certAuthority) { |
| return new CertificateRequest(drm.getCertificateRequest(certType, certAuthority)); |
| } |
| |
| /** |
| * Process a response from the provisioning server. The response |
| * is obtained from an HTTP Post to the url provided by getCertificateRequest. |
| * |
| * The public X509 certificate chain and wrapped private key are returned |
| * in the returned Certificate objec. The certificate chain is in BIO serialized |
| * PEM format. The wrapped private key should be stored in application private |
| * storage, and used when invoking the signRSA method. |
| * |
| * @param drm the MediaDrm object |
| * @param response the opaque certificate response byte array to provide to the |
| * DRM engine plugin. |
| * @throws android.media.DeniedByServerException if the response indicates that the |
| * server rejected the request |
| */ |
| public static Certificate provideCertificateResponse(MediaDrm drm, byte[] response) |
| throws DeniedByServerException { |
| return new Certificate(drm.provideCertificateResponse(response)); |
| } |
| |
| /** |
| * Sign data using an RSA key |
| * |
| * @param drm the MediaDrm object |
| * @param sessionId a sessionId obtained from openSession on the MediaDrm object |
| * @param algorithm the signing algorithm to use, e.g. "PKCS1-BlockType1" |
| * @param wrappedKey - the wrapped (encrypted) RSA private key obtained |
| * from provideCertificateResponse |
| * @param message the data for which a signature is to be computed |
| */ |
| public static byte[] signRSA(MediaDrm drm, byte[] sessionId, |
| String algorithm, byte[] wrappedKey, byte[] message) { |
| return drm.signRSA(sessionId, algorithm, wrappedKey, message); |
| } |
| } |