summaryrefslogtreecommitdiffstats
path: root/media/lib
diff options
context:
space:
mode:
authorJeff Tinker <jtinker@google.com>2014-04-01 22:23:21 +0000
committerAndroid Git Automerger <android-git-automerger@android.com>2014-04-01 22:23:21 +0000
commit53c90cf916ddd1151f042a61a569ea75a220b26e (patch)
tree1ee36092a3872180a55a2c75bd177d942e2ae8fb /media/lib
parent74ee938dcc5e1ab0309dd87278e26f604c756b26 (diff)
parent6dc8063d2a06017f249181b4b5b07c54ce645943 (diff)
downloadframeworks_base-53c90cf916ddd1151f042a61a569ea75a220b26e.zip
frameworks_base-53c90cf916ddd1151f042a61a569ea75a220b26e.tar.gz
frameworks_base-53c90cf916ddd1151f042a61a569ea75a220b26e.tar.bz2
am 6dc8063d: am 433a0633: Merge "Support CAST V2 Authentication in MediaDrm" into klp-modular-dev
* commit '6dc8063d2a06017f249181b4b5b07c54ce645943': Support CAST V2 Authentication in MediaDrm
Diffstat (limited to 'media/lib')
-rw-r--r--media/lib/remotedisplay/Android.mk (renamed from media/lib/Android.mk)4
-rw-r--r--media/lib/remotedisplay/README.txt (renamed from media/lib/README.txt)1
-rw-r--r--media/lib/remotedisplay/com.android.media.remotedisplay.xml (renamed from media/lib/com.android.media.remotedisplay.xml)0
-rw-r--r--media/lib/remotedisplay/java/com/android/media/remotedisplay/RemoteDisplay.java (renamed from media/lib/java/com/android/media/remotedisplay/RemoteDisplay.java)0
-rw-r--r--media/lib/remotedisplay/java/com/android/media/remotedisplay/RemoteDisplayProvider.java (renamed from media/lib/java/com/android/media/remotedisplay/RemoteDisplayProvider.java)0
-rw-r--r--media/lib/signer/Android.mk45
-rw-r--r--media/lib/signer/README.txt28
-rw-r--r--media/lib/signer/com.android.mediadrm.signer.xml20
-rw-r--r--media/lib/signer/java/com/android/mediadrm/signer/MediaDrmSigner.java139
9 files changed, 234 insertions, 3 deletions
diff --git a/media/lib/Android.mk b/media/lib/remotedisplay/Android.mk
index 50799a6..ea1ac2b 100644
--- a/media/lib/Android.mk
+++ b/media/lib/remotedisplay/Android.mk
@@ -15,7 +15,7 @@
#
LOCAL_PATH := $(call my-dir)
-# the library
+# the remotedisplay library
# ============================================================
include $(CLEAR_VARS)
@@ -23,7 +23,7 @@ LOCAL_MODULE:= com.android.media.remotedisplay
LOCAL_MODULE_TAGS := optional
LOCAL_SRC_FILES := \
- $(call all-subdir-java-files) \
+ $(call all-java-files-under, java) \
$(call all-aidl-files-under, java)
include $(BUILD_JAVA_LIBRARY)
diff --git a/media/lib/README.txt b/media/lib/remotedisplay/README.txt
index cade3df..5738dbe 100644
--- a/media/lib/README.txt
+++ b/media/lib/remotedisplay/README.txt
@@ -25,4 +25,3 @@ with the framework in a new API. That API isn't ready yet so this
library is a compromise to make new capabilities available to the system
without exposing the full surface area of the support library media
route provider protocol.
-
diff --git a/media/lib/com.android.media.remotedisplay.xml b/media/lib/remotedisplay/com.android.media.remotedisplay.xml
index 77a91d2..77a91d2 100644
--- a/media/lib/com.android.media.remotedisplay.xml
+++ b/media/lib/remotedisplay/com.android.media.remotedisplay.xml
diff --git a/media/lib/java/com/android/media/remotedisplay/RemoteDisplay.java b/media/lib/remotedisplay/java/com/android/media/remotedisplay/RemoteDisplay.java
index dc9dd79..dc9dd79 100644
--- a/media/lib/java/com/android/media/remotedisplay/RemoteDisplay.java
+++ b/media/lib/remotedisplay/java/com/android/media/remotedisplay/RemoteDisplay.java
diff --git a/media/lib/java/com/android/media/remotedisplay/RemoteDisplayProvider.java b/media/lib/remotedisplay/java/com/android/media/remotedisplay/RemoteDisplayProvider.java
index e2df77c..e2df77c 100644
--- a/media/lib/java/com/android/media/remotedisplay/RemoteDisplayProvider.java
+++ b/media/lib/remotedisplay/java/com/android/media/remotedisplay/RemoteDisplayProvider.java
diff --git a/media/lib/signer/Android.mk b/media/lib/signer/Android.mk
new file mode 100644
index 0000000..4c3772f
--- /dev/null
+++ b/media/lib/signer/Android.mk
@@ -0,0 +1,45 @@
+#
+# Copyright (C) 2013 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+LOCAL_PATH := $(call my-dir)
+
+# the mediadrm signer library
+# ============================================================
+include $(CLEAR_VARS)
+
+LOCAL_MODULE:= com.android.mediadrm.signer
+LOCAL_MODULE_TAGS := optional
+
+LOCAL_SRC_FILES := \
+ $(call all-java-files-under, java)
+
+include $(BUILD_STATIC_JAVA_LIBRARY)
+
+
+# ==== com.android.mediadrm.signer.xml lib def ========================
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := com.android.mediadrm.signer.xml
+LOCAL_MODULE_TAGS := optional
+
+LOCAL_MODULE_CLASS := ETC
+
+# This will install the file in /system/etc/permissions
+#
+LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/permissions
+
+LOCAL_SRC_FILES := $(LOCAL_MODULE)
+
+include $(BUILD_PREBUILT)
diff --git a/media/lib/signer/README.txt b/media/lib/signer/README.txt
new file mode 100644
index 0000000..362ab8e
--- /dev/null
+++ b/media/lib/signer/README.txt
@@ -0,0 +1,28 @@
+This library (com.android.mediadrm.signer.jar) is a shared java library
+containing classes required by unbundled apps running on devices that use
+the certficate provisioning and private key signing capabilities provided
+by the MediaDrm API.
+
+--- Rules of this library ---
+o This library is effectively a PUBLIC API for unbundled CAST receivers
+ that may be distributed outside the system image. So it MUST BE API STABLE.
+ You can add but not remove. The rules are the same as for the
+ public platform SDK API.
+o This library can see and instantiate internal platform classes, but it must not
+ expose them in any public method (or by extending them via inheritance). This would
+ break clients of the library because they cannot see the internal platform classes.
+
+This library is distributed in the system image, and loaded as
+a shared library. So you can change the implementation, but not
+the interface. In this way it is like framework.jar.
+
+--- Why does this library exist? ---
+
+Unbundled apps cannot use internal platform classes.
+
+This library will eventually be replaced when the provisioned certificate-
+based signing infrastructure that is currently defined in the support library
+is reintegrated with the framework in a new API. That API isn't ready yet so
+this library is a compromise to make new capabilities available to the system
+without exposing the full surface area of the support library.
+
diff --git a/media/lib/signer/com.android.mediadrm.signer.xml b/media/lib/signer/com.android.mediadrm.signer.xml
new file mode 100644
index 0000000..b5b1f09
--- /dev/null
+++ b/media/lib/signer/com.android.mediadrm.signer.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2013 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<permissions>
+ <library name="com.android.media.drm.signer"
+ file="/system/framework/com.android.media.drm.signer.jar" />
+</permissions>
diff --git a/media/lib/signer/java/com/android/mediadrm/signer/MediaDrmSigner.java b/media/lib/signer/java/com/android/mediadrm/signer/MediaDrmSigner.java
new file mode 100644
index 0000000..d971afb
--- /dev/null
+++ b/media/lib/signer/java/com/android/mediadrm/signer/MediaDrmSigner.java
@@ -0,0 +1,139 @@
+/*
+ * Copyright (C) 2013 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.mediadrm.signer;
+
+import android.content.Context;
+import android.media.MediaDrm;
+import android.media.DeniedByServerException;
+
+/**
+ * Provides certificate request generation, response handling and
+ * signing APIs
+ */
+public final class MediaDrmSigner {
+ private MediaDrmSigner() {}
+
+ /**
+ * Specify X.509 certificate type
+ */
+ public static final int CERTIFICATE_TYPE_X509 = MediaDrm.CERTIFICATE_TYPE_X509;
+
+ /**
+ * Contains the opaque data an app uses to request a certificate from a provisioning
+ * server
+ */
+ public final static class CertificateRequest {
+ private MediaDrm.CertificateRequest mCertRequest;
+
+ CertificateRequest(MediaDrm.CertificateRequest certRequest) {
+ mCertRequest = certRequest;
+ }
+
+ /**
+ * Get the opaque message data
+ */
+ public byte[] getData() {
+ return mCertRequest.getData();
+ }
+
+ /**
+ * Get the default URL to use when sending the certificate request
+ * message to a server, if known. The app may prefer to use a different
+ * certificate server URL obtained from other sources.
+ */
+ public String getDefaultUrl() {
+ return mCertRequest.getDefaultUrl();
+ }
+ }
+
+ /**
+ * Contains the wrapped private key and public certificate data associated
+ * with a certificate.
+ */
+ public final static class Certificate {
+ private MediaDrm.Certificate mCertificate;
+
+ Certificate(MediaDrm.Certificate certificate) {
+ mCertificate = certificate;
+ }
+
+ /**
+ * Get the wrapped private key data
+ */
+ public byte[] getWrappedPrivateKey() {
+ return mCertificate.getWrappedPrivateKey();
+ }
+
+ /**
+ * Get the PEM-encoded public certificate chain
+ */
+ public byte[] getContent() {
+ return mCertificate.getContent();
+ }
+ }
+
+ /**
+ * Generate a certificate request, specifying the certificate type
+ * and authority. The response received should be passed to
+ * provideCertificateResponse.
+ *
+ * @param drm the MediaDrm object
+ * @param certType Specifies the certificate type.
+ * @param certAuthority is passed to the certificate server to specify
+ * the chain of authority.
+ */
+ public static CertificateRequest getCertificateRequest(MediaDrm drm, int certType,
+ String certAuthority) {
+ return new CertificateRequest(drm.getCertificateRequest(certType, certAuthority));
+ }
+
+ /**
+ * Process a response from the provisioning server. The response
+ * is obtained from an HTTP Post to the url provided by getCertificateRequest.
+ *
+ * The public X509 certificate chain and wrapped private key are returned
+ * in the returned Certificate objec. The certificate chain is in BIO serialized
+ * PEM format. The wrapped private key should be stored in application private
+ * storage, and used when invoking the signRSA method.
+ *
+ * @param drm the MediaDrm object
+ * @param response the opaque certificate response byte array to provide to the
+ * DRM engine plugin.
+ * @throws android.media.DeniedByServerException if the response indicates that the
+ * server rejected the request
+ */
+ public static Certificate provideCertificateResponse(MediaDrm drm, byte[] response)
+ throws DeniedByServerException {
+ return new Certificate(drm.provideCertificateResponse(response));
+ }
+
+ /**
+ * Sign data using an RSA key
+ *
+ * @param context the App context
+ * @param drm the MediaDrm object
+ * @param sessionId a sessionId obtained from openSession on the MediaDrm object
+ * @param algorithm the signing algorithm to use, e.g. "PKCS1-BlockType1"
+ * @param wrappedKey - the wrapped (encrypted) RSA private key obtained
+ * from provideCertificateResponse
+ * @param message the data for which a signature is to be computed
+ */
+ public static byte[] signRSA(Context context, MediaDrm drm, byte[] sessionId,
+ String algorithm, byte[] wrappedKey, byte[] message) {
+ return drm.signRSA(context, sessionId, algorithm, wrappedKey, message);
+ }
+}