WIP: MediaDrm NDK APIs

Change-Id: I3ac08a3b027135c3fd2a9e95c5e8b3fd722df019
TODO: hooking up event handler, testing

3 files changed, 1077 insertions, 0 deletions

diff --git a/include/ndk/NdkMediaDrm.h b/include/ndk/NdkMediaDrm.h
new file mode 100644
index 0000000..1322a9d
--- /dev/null
+++ b/include/ndk/NdkMediaDrm.h
@@ -0,0 +1,470 @@
+/*
+ * Copyright (C) 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * This file defines an NDK API.
+ * Do not remove methods.
+ * Do not change method signatures.
+ * Do not change the value of constants.
+ * Do not change the size of any of the classes defined in here.
+ * Do not reference types that are not part of the NDK.
+ * Do not #include files that aren't part of the NDK.
+ */
+
+#ifndef _NDK_MEDIA_DRM_H
+#define _NDK_MEDIA_DRM_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stdint.h>
+#include <stdbool.h>
+
+struct AMediaDrm;
+typedef struct AMediaDrm AMediaDrm;
+
+typedef struct {
+    const uint8_t *ptr;
+    size_t length;
+} AMediaDrmByteArray;
+
+typedef AMediaDrmByteArray AMediaDrmSessionId;
+typedef AMediaDrmByteArray AMediaDrmScope;
+typedef AMediaDrmByteArray AMediaDrmKeySetId;
+typedef AMediaDrmByteArray AMediaDrmSecureStop;
+
+#define MEDIADRM_ERROR_BASE -2000
+
+typedef enum {
+    MEDIADRM_OK = 0,
+    MEDIADRM_NOT_PROVISIONED_ERROR    = MEDIADRM_ERROR_BASE - 1,
+    MEDIADRM_RESOURCE_BUSY_ERROR      = MEDIADRM_ERROR_BASE - 2,
+    MEDIADRM_DEVICE_REVOKED_ERROR     = MEDIADRM_ERROR_BASE - 3,
+    MEDIADRM_SHORT_BUFFER             = MEDIADRM_ERROR_BASE - 4,
+    MEDIADRM_INVALID_OBJECT_ERROR     = MEDIADRM_ERROR_BASE - 5,
+    MEDIADRM_INVALID_PARAMETER_ERROR  = MEDIADRM_ERROR_BASE - 6,
+    MEDIADRM_SESSION_NOT_OPENED_ERROR = MEDIADRM_ERROR_BASE - 7,
+    MEDIADRM_TAMPER_DETECTED_ERROR    = MEDIADRM_ERROR_BASE - 8,
+    MEDIADRM_VERIFY_FAILED            = MEDIADRM_ERROR_BASE - 9,
+    MEDIADRM_NEED_KEY_ERROR           = MEDIADRM_ERROR_BASE - 10,
+    MEDIADRM_LICENSE_EXPIRED_ERROR    = MEDIADRM_ERROR_BASE - 11,
+    MEDIADRM_UNKNOWN_ERROR            = MEDIADRM_ERROR_BASE - 12,
+} mediadrm_status_t;
+
+typedef enum AMediaDrmEventType {
+    /**
+     * This event type indicates that the app needs to request a certificate from
+     * the provisioning server.  The request message data is obtained using
+     * AMediaDrm_getProvisionRequest.
+     */
+    EVENT_PROVISION_REQUIRED = 1,
+
+    /**
+     * This event type indicates that the app needs to request keys from a license
+     * server.  The request message data is obtained using AMediaDrm_getKeyRequest.
+     */
+    EVENT_KEY_REQUIRED = 2,
+
+    /**
+     * This event type indicates that the licensed usage duration for keys in a session
+     * has expired.  The keys are no longer valid.
+     */
+    EVENT_KEY_EXPIRED = 3,
+
+    /**
+     * This event may indicate some specific vendor-defined condition, see your
+     * DRM provider documentation for details
+     */
+    EVENT_VENDOR_DEFINED = 4
+} AMediaDrmEventType;
+
+typedef void (*AMediaDrmEventListener)(AMediaDrm *, const AMediaDrmSessionId &sessionId,
+        AMediaDrmEventType eventType, int extra, const uint8_t *data, size_t dataSize);
+
+
+/**
+ * Query if the given scheme identified by its UUID is supported on this device, and
+ * whether the drm plugin is able to handle the media container format specified by mimeType.
+ *
+ * uuid identifies the universal unique ID of the crypto scheme. uuid must be 16 bytes.
+ * mimeType is the MIME type of the media container, e.g. "video/mp4".  If mimeType
+ * is not known or required, it can be provided as NULL.
+ */
+bool AMediaDrm_isCryptoSchemeSupported(const uint8_t *uuid, const char *mimeType);
+
+/**
+ * Create a MediaDrm instance from a UUID
+ * uuid identifies the universal unique ID of the crypto scheme. uuid must be 16 bytes.
+ */
+AMediaDrm* AMediaDrm_createByUUID(const uint8_t *uuid);
+
+/**
+ * Release a MediaDrm object
+ */
+void AMediaDrm_release(AMediaDrm *);
+
+/**
+ * Register a callback to be invoked when an event occurs
+ *
+ * listener is the callback that will be invoked on event
+ */
+void AMediaDrm_setOnEventListener(AMediaDrm *, AMediaDrmEventListener listener);
+
+/**
+ * Open a new session with the MediaDrm object.  A session ID is returned.
+ *
+ * returns MEDIADRM_NOT_PROVISIONED_ERROR if provisioning is needed
+ * returns MEDIADRM_RESOURCE_BUSY_ERROR if required resources are in use
+ */
+mediadrm_status_t AMediaDrm_openSession(AMediaDrm *, AMediaDrmSessionId &sessionId);
+
+/**
+ * Close a session on the MediaDrm object that was previously opened
+ * with AMediaDrm_openSession.
+ */
+mediadrm_status_t AMediaDrm_closeSession(AMediaDrm *, const AMediaDrmSessionId &sessionId);
+
+typedef enum AMediaDrmKeyType {
+    /**
+     * This key request type species that the keys will be for online use, they will
+     * not be saved to the device for subsequent use when the device is not connected
+     * to a network.
+     */
+    KEY_TYPE_STREAMING = 1,
+
+    /**
+     * This key request type specifies that the keys will be for offline use, they
+     * will be saved to the device for use when the device is not connected to a network.
+     */
+    KEY_TYPE_OFFLINE = 2,
+
+    /**
+     * This key request type specifies that previously saved offline keys should be released.
+     */
+    KEY_TYPE_RELEASE = 3
+} AMediaDrmKeyType;
+
+/**
+ *  Data type containing {key, value} pair
+ */
+typedef struct AMediaDrmKeyValuePair {
+    const char *mKey;
+    const char *mValue;
+} AMediaDrmKeyValue;
+
+/**
+ * A key request/response exchange occurs between the app and a license server
+ * to obtain or release keys used to decrypt encrypted content.
+ * AMediaDrm_getKeyRequest is used to obtain an opaque key request byte array that
+ * is delivered to the license server.  The opaque key request byte array is
+ * returned in KeyRequest.data.  The recommended URL to deliver the key request to
+ * is returned in KeyRequest.defaultUrl.
+ *
+ * After the app has received the key request response from the server,
+ * it should deliver to the response to the DRM engine plugin using the method
+ * AMediaDrm_provideKeyResponse.
+ *
+ * scope may be a sessionId or a keySetId, depending on the specified keyType.
+ * When the keyType is KEY_TYPE_STREAMING or KEY_TYPE_OFFLINE, scope should be set
+ * to the sessionId the keys will be provided to.  When the keyType is
+ * KEY_TYPE_RELEASE, scope should be set to the keySetId of the keys being released.
+ * Releasing keys from a device invalidates them for all sessions.
+ *
+ * init container-specific data, its meaning is interpreted based on the mime type
+ * provided in the mimeType parameter.  It could contain, for example, the content
+ * ID, key ID or other data obtained from the content metadata that is required in
+ * generating the key request. init may be null when keyType is KEY_TYPE_RELEASE.
+ *
+ * initSize is the number of bytes of initData
+ *
+ * mimeType identifies the mime type of the content.
+ *
+ * keyType specifes the type of the request. The request may be to acquire keys for
+ *   streaming or offline content, or to release previously acquired keys, which are
+ *   identified by a keySetId.
+ *
+ * optionalParameters are included in the key request message to allow a client
+ *   application to provide additional message parameters to the server.
+ *
+ * numOptionalParameters indicates the number of optional parameters provided
+ *   by the caller
+ *
+ * On exit:
+ *   1. The keyRequest pointer will reference the opaque key request data.  It
+ *       will reside in memory owned by the AMediaDrm object, and will remain
+ *       accessible until the next call to AMediaDrm_getKeyRequest or until the
+ *       MediaDrm object is released.
+ *   2. keyRequestSize will be set to the size of the request
+ *
+ * returns MEDIADRM_NOT_PROVISIONED_ERROR if reprovisioning is needed, due to a
+ * problem with the device certificate.
+*/
+mediadrm_status_t AMediaDrm_getKeyRequest(AMediaDrm *, const AMediaDrmScope &scope,
+        const uint8_t *init, size_t initSize, const char *mimeType, AMediaDrmKeyType keyType,
+        const AMediaDrmKeyValue *optionalParameters, size_t numOptionalParameters,
+        const uint8_t *&keyRequest, size_t &keyRequestSize);
+
+/**
+ * A key response is received from the license server by the app, then it is
+ * provided to the DRM engine plugin using provideKeyResponse.  When the
+ * response is for an offline key request, a keySetId is returned that can be
+ * used to later restore the keys to a new session with AMediaDrm_restoreKeys.
+ * When the response is for a streaming or release request, a null keySetId is
+ * returned.
+ *
+ * scope may be a sessionId or keySetId depending on the type of the
+ * response.  Scope should be set to the sessionId when the response is for either
+ * streaming or offline key requests.  Scope should be set to the keySetId when
+ * the response is for a release request.
+ *
+ * response points to the opaque response from the server
+ * responseSize should be set to the size of the response in bytes
+ */
+
+mediadrm_status_t AMediaDrm_provideKeyResponse(AMediaDrm *, const AMediaDrmScope &scope,
+        const uint8_t *response, size_t responseSize, AMediaDrmKeySetId &keySetId);
+
+/**
+ * Restore persisted offline keys into a new session.  keySetId identifies the
+ * keys to load, obtained from a prior call to AMediaDrm_provideKeyResponse.
+ *
+ * sessionId is the session ID for the DRM session
+ * keySetId identifies the saved key set to restore
+ */
+mediadrm_status_t AMediaDrm_restoreKeys(AMediaDrm *, const AMediaDrmSessionId &sessionId,
+        const AMediaDrmKeySetId &keySetId);
+
+/**
+ * Remove the current keys from a session.
+ *
+ * keySetId identifies keys to remove
+ */
+mediadrm_status_t AMediaDrm_removeKeys(AMediaDrm *, const AMediaDrmSessionId &keySetId);
+
+/**
+ * Request an informative description of the key status for the session.  The status is
+ * in the form of {key, value} pairs.  Since DRM license policies vary by vendor,
+ * the specific status field names are determined by each DRM vendor.  Refer to your
+ * DRM provider documentation for definitions of the field names for a particular
+ * DRM engine plugin.
+ *
+ * On entry, numPairs should be set by the caller to the maximum number of pairs
+ * that can be returned (the size of the array).  On exit, numPairs will be set
+ * to the number of entries written to the array.  If the number of {key, value} pairs
+ * to be returned is greater than *numPairs, MEDIADRM_SHORT_BUFFER will be returned
+ * and numPairs will be set to the number of pairs available.
+ */
+mediadrm_status_t AMediaDrm_queryKeyStatus(AMediaDrm *, const AMediaDrmSessionId &sessionId,
+        AMediaDrmKeyValue *keyValuePairs, size_t &numPairs);
+
+
+/**
+ * A provision request/response exchange occurs between the app and a provisioning
+ * server to retrieve a device certificate.  If provisionining is required, the
+ * EVENT_PROVISION_REQUIRED event will be sent to the event handler.
+ * getProvisionRequest is used to obtain the opaque provision request byte array that
+ * should be delivered to the provisioning server.
+ * On exit:
+ *    1. The provision request data will be referenced by provisionRequest, in
+ *        memory owned by the AMediaDrm object.  It will remain accessible until the
+ *        next call to getProvisionRequest.
+ *    2. provisionRequestSize will be set to the size of the request data.
+ *    3. serverUrl will reference a NULL terminated string containing the URL
+ *       the provisioning request should be sent to.  It will remain accessible until
+ *       the next call to getProvisionRequest.
+ */
+mediadrm_status_t AMediaDrm_getProvisionRequest(AMediaDrm *, const uint8_t *&provisionRequest,
+        size_t &provisionRequestSize, const char *&serverUrl);
+
+
+/**
+ * After a provision response is received by the app, it is provided to the DRM
+ * engine plugin using this method.
+ *
+ * response is the opaque provisioning response byte array to provide to the
+ *   DRM engine plugin.
+ * responseSize is the length of the provisioning response in bytes.
+ *
+ * returns MEDIADRM_DEVICE_REVOKED_ERROR if the response indicates that the
+ * server rejected the request
+ */
+mediadrm_status_t AMediaDrm_provideProvisionResponse(AMediaDrm *,
+        const uint8_t *response, size_t responseSize);
+
+
+/**
+ * A means of enforcing limits on the number of concurrent streams per subscriber
+ * across devices is provided via SecureStop. This is achieved by securely
+ * monitoring the lifetime of sessions.
+ *
+ * Information from the server related to the current playback session is written
+ * to persistent storage on the device when each MediaCrypto object is created.
+ *
+ * In the normal case, playback will be completed, the session destroyed and the
+ * Secure Stops will be queried. The app queries secure stops and forwards the
+ * secure stop message to the server which verifies the signature and notifies the
+ * server side database that the session destruction has been confirmed. The persisted
+ * record on the client is only removed after positive confirmation that the server
+ * received the message using releaseSecureStops().
+ *
+ * numSecureStops is set by the caller to the maximum number of secure stops to
+ * return.  On exit, *numSecureStops will be set to the number actually returned.
+ * If *numSecureStops is too small for the number of secure stops available,
+ * MEDIADRM_SHORT_BUFFER will be returned and *numSecureStops will be set to the
+ * number required.
+ */
+mediadrm_status_t AMediaDrm_getSecureStops(AMediaDrm *,
+        AMediaDrmSecureStop *secureStops, size_t &numSecureStops);
+
+/**
+ * Process the SecureStop server response message ssRelease.  After authenticating
+ * the message, remove the SecureStops identified in the response.
+ *
+ * ssRelease is the server response indicating which secure stops to release
+ */
+mediadrm_status_t AMediaDrm_releaseSecureStops(AMediaDrm *,
+        const AMediaDrmSecureStop &ssRelease);
+
+/**
+ * String property name: identifies the maker of the DRM engine plugin
+ */
+const char *PROPERTY_VENDOR = "vendor";
+
+/**
+ * String property name: identifies the version of the DRM engine plugin
+ */
+const char *PROPERTY_VERSION = "version";
+
+/**
+ * String property name: describes the DRM engine plugin
+ */
+const char *PROPERTY_DESCRIPTION = "description";
+
+/**
+ * String property name: a comma-separated list of cipher and mac algorithms
+ * supported by CryptoSession.  The list may be empty if the DRM engine
+ * plugin does not support CryptoSession operations.
+ */
+const char *PROPERTY_ALGORITHMS = "algorithms";
+
+/**
+ * Read a DRM engine plugin String property value, given the property name string.
+ *
+ * propertyName identifies the property to query
+ * On return, propertyValue will be set to point to the property value.  The
+ * memory that the value resides in is owned by the NDK MediaDrm API and
+ * will remain valid until the next call to AMediaDrm_getPropertyString.
+ */
+mediadrm_status_t AMediaDrm_getPropertyString(AMediaDrm *, const char *propertyName,
+        const char *&propertyValue);
+
+/**
+ * Byte array property name: the device unique identifier is established during
+ * device provisioning and provides a means of uniquely identifying each device.
+ */
+const char *PROPERTY_DEVICE_UNIQUE_ID = "deviceUniqueId";
+
+/**
+ * Read a DRM engine plugin byte array property value, given the property name string.
+ * On return, *propertyValue will be set to point to the property value.  The
+ * memory that the value resides in is owned by the NDK MediaDrm API and
+ * will remain valid until the next call to AMediaDrm_getPropertyByteArray.
+ */
+mediadrm_status_t AMediaDrm_getPropertyByteArray(AMediaDrm *, const char *propertyName,
+        AMediaDrmByteArray &propertyValue);
+
+/**
+ * Set a DRM engine plugin String property value.
+ */
+mediadrm_status_t AMediaDrm_setPropertyString(AMediaDrm *, const char *propertyName,
+        const char *value);
+
+/**
+ * Set a DRM engine plugin byte array property value.
+ */
+mediadrm_status_t AMediaDrm_setPropertyByteArray(AMediaDrm *, const char *propertyName,
+        const uint8_t *value, size_t valueSize);
+
+/**
+ * In addition to supporting decryption of DASH Common Encrypted Media, the
+ * MediaDrm APIs provide the ability to securely deliver session keys from
+ * an operator's session key server to a client device, based on the factory-installed
+ * root of trust, and then perform encrypt, decrypt, sign and verify operations
+ * with the session key on arbitrary user data.
+ *
+ * Operators create session key servers that receive session key requests and provide
+ * encrypted session keys which can be used for general purpose crypto operations.
+ *
+ * Generic encrypt/decrypt/sign/verify methods are based on the established session
+ * keys.  These keys are exchanged using the getKeyRequest/provideKeyResponse methods.
+ *
+ * Applications of this capability include securing various types of purchased or
+ * private content, such as applications, books and other media, photos or media
+ * delivery protocols.
+ */
+
+/*
+ * Encrypt the data referenced by input of length dataSize using algorithm specified
+ * by cipherAlgorithm, and write the encrypted result into output.  The caller must
+ * ensure that the output buffer is large enough to accept dataSize bytes. The key
+ * to use is identified by the 16 byte keyId.  The key must have been loaded into
+ * the session using provideKeyResponse.
+ */
+mediadrm_status_t AMediaDrm_encrypt(AMediaDrm *, const AMediaDrmSessionId &sessionId,
+        const char *cipherAlgorithm, uint8_t *keyId, uint8_t *iv,
+        const uint8_t *input, uint8_t *output, size_t dataSize);
+
+/*
+ * Decrypt the data referenced by input of length dataSize using algorithm specified
+ * by cipherAlgorithm, and write the decrypted result into output.  The caller must
+ * ensure that the output buffer is large enough to accept dataSize bytes.  The key
+ * to use is identified by the 16 byte keyId.  The key must have been loaded into
+ * the session using provideKeyResponse.
+ */
+mediadrm_status_t AMediaDrm_decrypt(AMediaDrm *, const AMediaDrmSessionId &sessionId,
+        const char *cipherAlgorithm, uint8_t *keyId, uint8_t *iv,
+        const uint8_t *input, uint8_t *output, size_t dataSize);
+
+/*
+ * Generate a signature using the specified macAlgorithm over the message data
+ * referenced by message of size messageSize and store the signature in the
+ * buffer referenced signature of max size *signatureSize.  If the buffer is not
+ * large enough to hold the signature, MEDIADRM_SHORT_BUFFER is returned and
+ * *signatureSize is set to the buffer size required.  The key to use is identified
+ * by the 16 byte keyId.  The key must have been loaded into the session using
+ * provideKeyResponse.
+ */
+mediadrm_status_t AMediaDrm_sign(AMediaDrm *, const AMediaDrmSessionId &sessionId,
+        const char *macAlgorithm, uint8_t *keyId, uint8_t *message, size_t messageSize,
+        uint8_t *signature, size_t *signatureSize);
+
+/*
+ * Perform a signature verification using the specified macAlgorithm over the message
+ * data referenced by the message parameter of size messageSize. Returns MEDIADRM_OK
+ * if the signature matches, otherwise MEDAIDRM_VERIFY_FAILED is returned. The key to
+ * use is identified by the 16 byte keyId.  The key must have been loaded into the
+ * session using provideKeyResponse.
+ */
+mediadrm_status_t AMediaDrm_verify(AMediaDrm *, const AMediaDrmSessionId &sessionId,
+        const char *macAlgorithm, uint8_t *keyId, const uint8_t *message, size_t messageSize,
+        const uint8_t *signature, size_t signatureSize);
+
+#ifdef __cplusplus
+} // extern "C"
+#endif
+
+#endif //_NDK_MEDIA_DRM_H
diff --git a/media/ndk/Android.mk b/media/ndk/Android.mk
index 03f26a0..1f155f3 100644
--- a/media/ndk/Android.mk
+++ b/media/ndk/Android.mk
@@ -26,6 +26,7 @@ LOCAL_SRC_FILES:=                                       \
                   NdkMediaExtractor.cpp                 \
                   NdkMediaFormat.cpp                    \
                   NdkMediaMuxer.cpp                     \
+                  NdkMediaDrm.cpp                       \
 
 LOCAL_MODULE:= libmediandk
 
@@ -42,6 +43,7 @@ LOCAL_SHARED_LIBRARIES := \
     liblog \
     libutils \
     libandroid_runtime \
+    libbinder \
 
 include $(BUILD_SHARED_LIBRARY)
 
diff --git a/media/ndk/NdkMediaDrm.cpp b/media/ndk/NdkMediaDrm.cpp
new file mode 100644
index 0000000..c55cba2
--- /dev/null
+++ b/media/ndk/NdkMediaDrm.cpp
@@ -0,0 +1,605 @@
+/*
+ * Copyright (C) 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_NDEBUG 0
+#define LOG_TAG "NdkMediaDrm"
+
+#include "NdkMediaDrm.h"
+
+#include <utils/Log.h>
+#include <utils/StrongPointer.h>
+#include <gui/Surface.h>
+
+#include <media/IDrm.h>
+#include <media/IDrmClient.h>
+#include <media/stagefright/MediaErrors.h>
+#include <binder/IServiceManager.h>
+#include <media/IMediaPlayerService.h>
+#include <ndk/NdkMediaCrypto.h>
+
+
+using namespace android;
+
+typedef Vector<uint8_t> idvec_t;
+
+struct AMediaDrm {
+    sp<IDrm> mDrm;
+    sp<IDrmClient> mDrmClient;
+    AMediaDrmEventListener mListener;
+    List<idvec_t> mIds;
+    KeyedVector<String8, String8> mQueryResults;
+    Vector<uint8_t> mKeyRequest;
+    Vector<uint8_t> mProvisionRequest;
+    String8 mProvisionUrl;
+    String8 mPropertyString;
+    Vector<uint8_t> mPropertyByteArray;
+    List<Vector<uint8_t> > mSecureStops;
+};
+
+extern "C" {
+
+static mediadrm_status_t translateStatus(status_t status) {
+    mediadrm_status_t result = MEDIADRM_UNKNOWN_ERROR;
+    switch (status) {
+        case OK:
+            result = MEDIADRM_OK;
+            break;
+        case android::ERROR_DRM_NOT_PROVISIONED:
+            result = MEDIADRM_NOT_PROVISIONED_ERROR;
+            break;
+        case android::ERROR_DRM_RESOURCE_BUSY:
+            result = MEDIADRM_RESOURCE_BUSY_ERROR;
+            break;
+        case android::ERROR_DRM_DEVICE_REVOKED:
+            result = MEDIADRM_DEVICE_REVOKED_ERROR;
+            break;
+        case android::ERROR_DRM_CANNOT_HANDLE:
+            result = MEDIADRM_INVALID_PARAMETER_ERROR;
+            break;
+        case android::ERROR_DRM_TAMPER_DETECTED:
+            result = MEDIADRM_TAMPER_DETECTED_ERROR;
+            break;
+        case android::ERROR_DRM_SESSION_NOT_OPENED:
+            result = MEDIADRM_SESSION_NOT_OPENED_ERROR;
+            break;
+        case android::ERROR_DRM_NO_LICENSE:
+            result = MEDIADRM_NEED_KEY_ERROR;
+            break;
+        case android::ERROR_DRM_LICENSE_EXPIRED:
+            result = MEDIADRM_LICENSE_EXPIRED_ERROR;
+            break;
+        default:
+            result = MEDIADRM_UNKNOWN_ERROR;
+            break;
+    }
+    return result;
+}
+
+static sp<IDrm> CreateDrm() {
+    sp<IServiceManager> sm = defaultServiceManager();
+
+    sp<IBinder> binder =
+        sm->getService(String16("media.player"));
+
+    sp<IMediaPlayerService> service =
+        interface_cast<IMediaPlayerService>(binder);
+
+    if (service == NULL) {
+        return NULL;
+    }
+
+    sp<IDrm> drm = service->makeDrm();
+
+    if (drm == NULL || (drm->initCheck() != OK && drm->initCheck() != NO_INIT)) {
+        return NULL;
+    }
+
+    return drm;
+}
+
+
+static sp<IDrm> CreateDrmFromUUID(const AMediaUUID uuid) {
+    sp<IDrm> drm = CreateDrm();
+
+    if (drm == NULL) {
+        return NULL;
+    }
+
+    status_t err = drm->createPlugin(uuid);
+
+    if (err != OK) {
+        return NULL;
+    }
+
+    return drm;
+}
+
+bool AMediaDrm_isCryptoSchemeSupported(const AMediaUUID uuid, const char *mimeType) {
+    sp<IDrm> drm = CreateDrm();
+
+    if (drm == NULL) {
+        return false;
+    }
+
+    String8 mimeStr = mimeType ? String8(mimeType) : String8("");
+    return drm->isCryptoSchemeSupported(uuid, mimeStr);
+}
+
+AMediaDrm* AMediaDrm_createByUUID(const AMediaUUID uuid) {
+    AMediaDrm *mObj = new AMediaDrm();
+    mObj->mDrm = CreateDrmFromUUID(uuid);
+    return mObj;
+}
+
+void AMediaDrm_release(AMediaDrm *mObj) {
+    if (mObj->mDrm != NULL) {
+        mObj->mDrm->setListener(NULL);
+        mObj->mDrm->destroyPlugin();
+        mObj->mDrm.clear();
+    }
+    delete mObj;
+}
+
+#if 0
+void AMediaDrm_setOnEventListener(AMediaDrm *mObj, AMediaDrmEventListener listener) {
+    mObj->mListener = listener;
+}
+#endif
+
+
+static bool findId(AMediaDrm *mObj, const AMediaDrmByteArray &id, List<idvec_t>::iterator &iter) {
+    iter = mObj->mIds.begin();
+    while (iter != mObj->mIds.end()) {
+        if (iter->array() == id.ptr && iter->size() == id.length) {
+            return true;
+        }
+    }
+    return false;
+}
+
+mediadrm_status_t AMediaDrm_openSession(AMediaDrm *mObj, AMediaDrmSessionId &sessionId) {
+    if (!mObj || mObj->mDrm == NULL) {
+        return MEDIADRM_INVALID_OBJECT_ERROR;
+    }
+    Vector<uint8_t> session;
+    status_t status = mObj->mDrm->openSession(session);
+    if (status == OK) {
+        mObj->mIds.push_front(session);
+        List<idvec_t>::iterator iter = mObj->mIds.begin();
+        sessionId.ptr = iter->array();
+        sessionId.length = iter->size();
+    }
+    return MEDIADRM_OK;
+}
+
+mediadrm_status_t AMediaDrm_closeSession(AMediaDrm *mObj, const AMediaDrmSessionId &sessionId) {
+    if (!mObj || mObj->mDrm == NULL) {
+        return MEDIADRM_INVALID_OBJECT_ERROR;
+    }
+
+    List<idvec_t>::iterator iter;
+    if (!findId(mObj, sessionId, iter)) {
+        return MEDIADRM_SESSION_NOT_OPENED_ERROR;
+    }
+    mObj->mDrm->closeSession(*iter);
+    mObj->mIds.erase(iter);
+    return MEDIADRM_OK;
+}
+
+mediadrm_status_t AMediaDrm_getKeyRequest(AMediaDrm *mObj, const AMediaDrmScope &scope,
+        const uint8_t *init, size_t initSize, const char *mimeType, AMediaDrmKeyType keyType,
+        const AMediaDrmKeyValue *optionalParameters, size_t numOptionalParameters,
+        const uint8_t *&keyRequest, size_t &keyRequestSize) {
+
+    if (!mObj || mObj->mDrm == NULL) {
+        return MEDIADRM_INVALID_OBJECT_ERROR;
+    }
+    if (!mimeType) {
+        return MEDIADRM_INVALID_PARAMETER_ERROR;
+    }
+
+    List<idvec_t>::iterator iter;
+    if (!findId(mObj, scope, iter)) {
+        return MEDIADRM_SESSION_NOT_OPENED_ERROR;
+    }
+
+    Vector<uint8_t> mdInit;
+    mdInit.appendArray(init, initSize);
+    DrmPlugin::KeyType mdKeyType;
+    switch (keyType) {
+        case KEY_TYPE_STREAMING:
+            mdKeyType = DrmPlugin::kKeyType_Streaming;
+            break;
+        case KEY_TYPE_OFFLINE:
+            mdKeyType = DrmPlugin::kKeyType_Offline;
+            break;
+        case KEY_TYPE_RELEASE:
+            mdKeyType = DrmPlugin::kKeyType_Release;
+            break;
+        default:
+            return MEDIADRM_INVALID_PARAMETER_ERROR;
+    }
+    KeyedVector<String8, String8> mdOptionalParameters;
+    for (size_t i = 0; i < numOptionalParameters; i++) {
+        mdOptionalParameters.add(String8(optionalParameters[i].mKey),
+                String8(optionalParameters[i].mValue));
+    }
+    String8 defaultUrl;
+    status_t status = mObj->mDrm->getKeyRequest(*iter, mdInit, String8(mimeType),
+            mdKeyType, mdOptionalParameters, mObj->mKeyRequest, defaultUrl);
+    if (status != OK) {
+        return translateStatus(status);
+    } else {
+        keyRequest = mObj->mKeyRequest.array();
+        keyRequestSize = mObj->mKeyRequest.size();
+    }
+    return MEDIADRM_OK;
+}
+
+mediadrm_status_t AMediaDrm_provideKeyResponse(AMediaDrm *mObj, const AMediaDrmScope &scope,
+        const uint8_t *response, size_t responseSize, AMediaDrmKeySetId &keySetId) {
+
+    if (!mObj || mObj->mDrm == NULL) {
+        return MEDIADRM_INVALID_OBJECT_ERROR;
+    }
+    if (!response || !responseSize) {
+        return MEDIADRM_INVALID_PARAMETER_ERROR;
+    }
+
+    List<idvec_t>::iterator iter;
+    if (!findId(mObj, scope, iter)) {
+        return MEDIADRM_SESSION_NOT_OPENED_ERROR;
+    }
+    Vector<uint8_t> mdResponse;
+    mdResponse.appendArray(response, responseSize);
+
+    Vector<uint8_t> mdKeySetId;
+    status_t status = mObj->mDrm->provideKeyResponse(*iter, mdResponse, mdKeySetId);
+    if (status == OK) {
+        mObj->mIds.push_front(mdKeySetId);
+        List<idvec_t>::iterator iter = mObj->mIds.begin();
+        keySetId.ptr = iter->array();
+        keySetId.length = iter->size();
+    } else {
+        keySetId.ptr = NULL;
+        keySetId.length = 0;
+    }
+    return MEDIADRM_OK;
+}
+
+mediadrm_status_t AMediaDrm_restoreKeys(AMediaDrm *mObj, const AMediaDrmSessionId &sessionId,
+        const AMediaDrmKeySetId &keySetId) {
+
+    if (!mObj || mObj->mDrm == NULL) {
+        return MEDIADRM_INVALID_OBJECT_ERROR;
+    }
+    List<idvec_t>::iterator iter;
+    if (!findId(mObj, sessionId, iter)) {
+        return MEDIADRM_SESSION_NOT_OPENED_ERROR;
+    }
+    Vector<uint8_t> keySet;
+    keySet.appendArray(keySetId.ptr, keySetId.length);
+    return translateStatus(mObj->mDrm->restoreKeys(*iter, keySet));
+}
+
+mediadrm_status_t AMediaDrm_removeKeys(AMediaDrm *mObj, const AMediaDrmSessionId &keySetId) {
+    if (!mObj || mObj->mDrm == NULL) {
+        return MEDIADRM_INVALID_OBJECT_ERROR;
+    }
+    List<idvec_t>::iterator iter;
+    status_t status;
+    if (!findId(mObj, keySetId, iter)) {
+        Vector<uint8_t> keySet;
+        keySet.appendArray(keySetId.ptr, keySetId.length);
+        status = mObj->mDrm->removeKeys(keySet);
+    } else {
+        status = mObj->mDrm->removeKeys(*iter);
+        mObj->mIds.erase(iter);
+    }
+    return translateStatus(status);
+}
+
+mediadrm_status_t AMediaDrm_queryKeyStatus(AMediaDrm *mObj, const AMediaDrmSessionId &sessionId,
+        AMediaDrmKeyValue *keyValuePairs, size_t &numPairs) {
+
+    if (!mObj || mObj->mDrm == NULL) {
+        return MEDIADRM_INVALID_OBJECT_ERROR;
+    }
+    List<idvec_t>::iterator iter;
+    if (!findId(mObj, sessionId, iter)) {
+        return MEDIADRM_SESSION_NOT_OPENED_ERROR;
+    }
+
+    status_t status = mObj->mDrm->queryKeyStatus(*iter, mObj->mQueryResults);
+    if (status != OK) {
+        numPairs = 0;
+        return translateStatus(status);
+    }
+
+    if (mObj->mQueryResults.size() > numPairs) {
+        numPairs = mObj->mQueryResults.size();
+        return MEDIADRM_SHORT_BUFFER;
+    }
+
+    for (size_t i = 0; i < mObj->mQueryResults.size(); i++) {
+        keyValuePairs[i].mKey = mObj->mQueryResults.keyAt(i).string();
+        keyValuePairs[i].mValue = mObj->mQueryResults.keyAt(i).string();
+    }
+    numPairs = mObj->mQueryResults.size();
+    return MEDIADRM_OK;
+}
+
+mediadrm_status_t AMediaDrm_getProvisionRequest(AMediaDrm *mObj, const uint8_t *&provisionRequest,
+        size_t &provisionRequestSize, const char *&serverUrl) {
+    if (!mObj || mObj->mDrm == NULL) {
+        return MEDIADRM_INVALID_OBJECT_ERROR;
+    }
+    if (!provisionRequestSize || !serverUrl) {
+        return MEDIADRM_INVALID_PARAMETER_ERROR;
+    }
+
+    status_t status = mObj->mDrm->getProvisionRequest(String8(""), String8(""),
+            mObj->mProvisionRequest, mObj->mProvisionUrl);
+    if (status != OK) {
+        return translateStatus(status);
+    } else {
+        provisionRequest = mObj->mProvisionRequest.array();
+        provisionRequestSize = mObj->mProvisionRequest.size();
+        serverUrl = mObj->mProvisionUrl.string();
+    }
+    return MEDIADRM_OK;
+}
+
+mediadrm_status_t AMediaDrm_provideProvisionResponse(AMediaDrm *mObj,
+        const uint8_t *response, size_t responseSize) {
+    if (!mObj || mObj->mDrm == NULL) {
+        return MEDIADRM_INVALID_OBJECT_ERROR;
+    }
+    if (!response || !responseSize) {
+        return MEDIADRM_INVALID_PARAMETER_ERROR;
+    }
+
+    Vector<uint8_t> mdResponse;
+    mdResponse.appendArray(response, responseSize);
+
+    Vector<uint8_t> unused;
+    return translateStatus(mObj->mDrm->provideProvisionResponse(mdResponse, unused, unused));
+}
+
+mediadrm_status_t AMediaDrm_getSecureStops(AMediaDrm *mObj,
+        AMediaDrmSecureStop *secureStops, size_t &numSecureStops) {
+
+    if (!mObj || mObj->mDrm == NULL) {
+        return MEDIADRM_INVALID_OBJECT_ERROR;
+    }
+    status_t status = mObj->mDrm->getSecureStops(mObj->mSecureStops);
+    if (status != OK) {
+        numSecureStops = 0;
+        return translateStatus(status);
+    }
+    if (numSecureStops < mObj->mSecureStops.size()) {
+        return MEDIADRM_SHORT_BUFFER;
+    }
+    List<Vector<uint8_t> >::iterator iter = mObj->mSecureStops.begin();
+    size_t i = 0;
+    while (iter != mObj->mSecureStops.end()) {
+        secureStops[i].ptr = iter->array();
+        secureStops[i].length = iter->size();
+        ++iter;
+        ++i;
+    }
+    numSecureStops = mObj->mSecureStops.size();
+    return MEDIADRM_OK;
+}
+
+mediadrm_status_t AMediaDrm_releaseSecureStops(AMediaDrm *mObj,
+        const AMediaDrmSecureStop &ssRelease) {
+
+    if (!mObj || mObj->mDrm == NULL) {
+        return MEDIADRM_INVALID_OBJECT_ERROR;
+    }
+
+    Vector<uint8_t> release;
+    release.appendArray(ssRelease.ptr, ssRelease.length);
+    return translateStatus(mObj->mDrm->releaseSecureStops(release));
+}
+
+
+mediadrm_status_t AMediaDrm_getPropertyString(AMediaDrm *mObj, const char *propertyName,
+        const char *&propertyValue) {
+
+    if (!mObj || mObj->mDrm == NULL) {
+        return MEDIADRM_INVALID_OBJECT_ERROR;
+    }
+
+    status_t status = mObj->mDrm->getPropertyString(String8(propertyName),
+            mObj->mPropertyString);
+
+    if (status == OK) {
+        propertyValue = mObj->mPropertyString.string();
+    } else {
+        propertyValue = NULL;
+    }
+    return translateStatus(status);
+}
+
+mediadrm_status_t AMediaDrm_getPropertyByteArray(AMediaDrm *mObj,
+        const char *propertyName, AMediaDrmByteArray &propertyValue) {
+    if (!mObj || mObj->mDrm == NULL) {
+        return MEDIADRM_INVALID_OBJECT_ERROR;
+    }
+
+    status_t status = mObj->mDrm->getPropertyByteArray(String8(propertyName),
+            mObj->mPropertyByteArray);
+
+    if (status == OK) {
+        propertyValue.ptr = mObj->mPropertyByteArray.array();
+        propertyValue.length = mObj->mPropertyByteArray.size();
+    } else {
+        propertyValue.ptr = NULL;
+        propertyValue.length = 0;
+    }
+    return translateStatus(status);
+}
+
+mediadrm_status_t AMediaDrm_setPropertyString(AMediaDrm *mObj,
+        const char *propertyName, const char *value) {
+    if (!mObj || mObj->mDrm == NULL) {
+        return MEDIADRM_INVALID_OBJECT_ERROR;
+    }
+
+    return translateStatus(mObj->mDrm->setPropertyString(String8(propertyName),
+                    String8(value)));
+}
+
+mediadrm_status_t AMediaDrm_setPropertyByteArray(AMediaDrm *mObj,
+        const char *propertyName, const uint8_t *value, size_t valueSize) {
+
+    Vector<uint8_t> byteArray;
+    byteArray.appendArray(value, valueSize);
+
+    return translateStatus(mObj->mDrm->getPropertyByteArray(String8(propertyName),
+                    byteArray));
+}
+
+
+static mediadrm_status_t encrypt_decrypt_common(AMediaDrm *mObj,
+        const AMediaDrmSessionId &sessionId,
+        const char *cipherAlgorithm, uint8_t *keyId, uint8_t *iv,
+        const uint8_t *input, uint8_t *output, size_t dataSize, bool encrypt) {
+
+    if (!mObj || mObj->mDrm == NULL) {
+        return MEDIADRM_INVALID_OBJECT_ERROR;
+    }
+    List<idvec_t>::iterator iter;
+    if (!findId(mObj, sessionId, iter)) {
+        return MEDIADRM_SESSION_NOT_OPENED_ERROR;
+    }
+
+    status_t status = mObj->mDrm->setCipherAlgorithm(*iter, String8(cipherAlgorithm));
+    if (status != OK) {
+        return translateStatus(status);
+    }
+
+    Vector<uint8_t> keyIdVec;
+    const size_t kKeyIdSize = 16;
+    keyIdVec.appendArray(keyId, kKeyIdSize);
+
+    Vector<uint8_t> inputVec;
+    inputVec.appendArray(input, dataSize);
+
+    Vector<uint8_t> ivVec;
+    const size_t kIvSize = 16;
+    ivVec.appendArray(iv, kIvSize);
+
+    Vector<uint8_t> outputVec;
+    if (encrypt) {
+        status_t status = mObj->mDrm->encrypt(*iter, keyIdVec, inputVec, ivVec, outputVec);
+    } else {
+        status_t status = mObj->mDrm->decrypt(*iter, keyIdVec, inputVec, ivVec, outputVec);
+    }
+    if (status == OK) {
+        memcpy(output, outputVec.array(), outputVec.size());
+    }
+    return translateStatus(status);
+}
+
+mediadrm_status_t AMediaDrm_encrypt(AMediaDrm *mObj, const AMediaDrmSessionId &sessionId,
+        const char *cipherAlgorithm, uint8_t *keyId, uint8_t *iv,
+        const uint8_t *input, uint8_t *output, size_t dataSize) {
+    return encrypt_decrypt_common(mObj, sessionId, cipherAlgorithm, keyId, iv,
+            input, output, dataSize, true);
+}
+
+mediadrm_status_t AMediaDrm_decrypt(AMediaDrm *mObj, const AMediaDrmSessionId &sessionId,
+        const char *cipherAlgorithm, uint8_t *keyId, uint8_t *iv,
+        const uint8_t *input, uint8_t *output, size_t dataSize) {
+    return encrypt_decrypt_common(mObj, sessionId, cipherAlgorithm, keyId, iv,
+            input, output, dataSize, false);
+}
+
+mediadrm_status_t AMediaDrm_sign(AMediaDrm *mObj, const AMediaDrmSessionId &sessionId,
+        const char *macAlgorithm, uint8_t *keyId, uint8_t *message, size_t messageSize,
+        uint8_t *signature, size_t *signatureSize) {
+
+    if (!mObj || mObj->mDrm == NULL) {
+        return MEDIADRM_INVALID_OBJECT_ERROR;
+    }
+    List<idvec_t>::iterator iter;
+    if (!findId(mObj, sessionId, iter)) {
+        return MEDIADRM_SESSION_NOT_OPENED_ERROR;
+    }
+
+    status_t status = mObj->mDrm->setMacAlgorithm(*iter, String8(macAlgorithm));
+    if (status != OK) {
+        return translateStatus(status);
+    }
+
+    Vector<uint8_t> keyIdVec;
+    const size_t kKeyIdSize = 16;
+    keyIdVec.appendArray(keyId, kKeyIdSize);
+
+    Vector<uint8_t> messageVec;
+    messageVec.appendArray(message, messageSize);
+
+    Vector<uint8_t> signatureVec;
+    status = mObj->mDrm->sign(*iter, keyIdVec, messageVec, signatureVec);
+    if (signatureVec.size() > *signatureSize) {
+        return MEDIADRM_SHORT_BUFFER;
+    }
+    if (status == OK) {
+        memcpy(signature, signatureVec.array(), signatureVec.size());
+    }
+    return translateStatus(status);
+}
+
+mediadrm_status_t AMediaDrm_verify(AMediaDrm *mObj, const AMediaDrmSessionId &sessionId,
+        const char *macAlgorithm, uint8_t *keyId, const uint8_t *message, size_t messageSize,
+        const uint8_t *signature, size_t signatureSize) {
+
+    if (!mObj || mObj->mDrm == NULL) {
+        return MEDIADRM_INVALID_OBJECT_ERROR;
+    }
+    List<idvec_t>::iterator iter;
+    if (!findId(mObj, sessionId, iter)) {
+        return MEDIADRM_SESSION_NOT_OPENED_ERROR;
+    }
+
+    status_t status = mObj->mDrm->setMacAlgorithm(*iter, String8(macAlgorithm));
+    if (status != OK) {
+        return translateStatus(status);
+    }
+
+    Vector<uint8_t> keyIdVec;
+    const size_t kKeyIdSize = 16;
+    keyIdVec.appendArray(keyId, kKeyIdSize);
+
+    Vector<uint8_t> messageVec;
+    messageVec.appendArray(message, messageSize);
+
+    Vector<uint8_t> signatureVec;
+    signatureVec.appendArray(signature, signatureSize);
+
+    bool match;
+    status = mObj->mDrm->verify(*iter, keyIdVec, messageVec, signatureVec, match);
+    if (status == OK) {
+        return match ? MEDIADRM_OK : MEDIADRM_VERIFY_FAILED;
+    }
+    return translateStatus(status);
+}
+
+} // extern "C"
+