Shaka Packager SDK
widevine_encryption_flags.cc
1 // Copyright 2014 Google LLC. All rights reserved.
2 //
3 // Use of this source code is governed by a BSD-style
4 // license that can be found in the LICENSE file or at
5 // https://developers.google.com/open-source/licenses/bsd
6 //
7 // Defines command line flags for widevine_encryption.
8 
9 #include <packager/app/widevine_encryption_flags.h>
10 
11 #include <string_view>
12 
13 #include <absl/flags/flag.h>
14 #include <absl/log/log.h>
15 #include <absl/strings/ascii.h>
16 #include <absl/strings/match.h>
17 
18 #include <packager/app/validate_flag.h>
19 
20 ABSL_FLAG(bool,
21  enable_widevine_encryption,
22  false,
23  "Enable encryption with Widevine key server. User should provide "
24  "either AES signing key (--aes_signing_key, --aes_signing_iv) or "
25  "RSA signing key (--rsa_signing_key_path).");
26 ABSL_FLAG(bool,
27  enable_widevine_decryption,
28  false,
29  "Enable decryption with Widevine license server/proxy. User should "
30  "provide either AES signing key (--aes_signing_key, "
31  "--aes_signing_iv) or RSA signing key (--rsa_signing_key_path).");
32 ABSL_FLAG(std::string,
33  key_server_url,
34  "",
35  "Key server url. Required for encryption and "
36  "decryption");
37 ABSL_FLAG(shaka::HexBytes, content_id, {}, "Content Id (hex).");
38 ABSL_FLAG(std::string,
39  policy,
40  "",
41  "The name of a stored policy, which specifies DRM content "
42  "rights.");
43 ABSL_FLAG(int32_t,
44  max_sd_pixels,
45  768 * 576,
46  "The video track is considered SD if its max pixels per frame is "
47  "no higher than max_sd_pixels. Default: 442368 (768 x 576).");
48 ABSL_FLAG(int32_t,
49  max_hd_pixels,
50  1920 * 1080,
51  "The video track is considered HD if its max pixels per frame is "
52  "higher than max_sd_pixels, but no higher than max_hd_pixels. "
53  "Default: 2073600 (1920 x 1080).");
54 ABSL_FLAG(int32_t,
55  max_uhd1_pixels,
56  4096 * 2160,
57  "The video track is considered UHD1 if its max pixels per frame "
58  "is higher than max_hd_pixels, but no higher than max_uhd1_pixels."
59  " Otherwise it is UHD2. Default: 8847360 (4096 x 2160).");
60 ABSL_FLAG(std::string, signer, "", "The name of the signer.");
61 ABSL_FLAG(shaka::HexBytes,
62  aes_signing_key,
63  {},
64  "AES signing key in hex string. --aes_signing_iv is required. "
65  "Exclusive with --rsa_signing_key_path.");
66 ABSL_FLAG(shaka::HexBytes, aes_signing_iv, {}, "AES signing iv in hex string.");
67 ABSL_FLAG(std::string,
68  rsa_signing_key_path,
69  "",
70  "Stores PKCS#1 RSA private key for request signing. Exclusive "
71  "with --aes_signing_key.");
72 ABSL_FLAG(int32_t,
73  crypto_period_duration,
74  0,
75  "Crypto period duration in seconds. If it is non-zero, key "
76  "rotation is enabled.");
77 ABSL_FLAG(shaka::HexBytes,
78  group_id,
79  {},
80  "Identifier for a group of licenses (hex).");
81 ABSL_FLAG(bool,
82  enable_entitlement_license,
83  false,
84  "Enable entitlement license when using Widevine key server.");
85 
86 namespace shaka {
87 namespace {
88 const bool kOptional = true;
89 } // namespace
90 
91 bool ValidateWidevineCryptoFlags() {
92  bool success = true;
93 
94  const bool widevine_crypto =
95  absl::GetFlag(FLAGS_enable_widevine_encryption) ||
96  absl::GetFlag(FLAGS_enable_widevine_decryption);
97  const char widevine_crypto_label[] =
98  "--enable_widevine_encryption/decryption";
99  // key_server_url and signer (optional) are associated with
100  // enable_widevine_encryption and enable_widevine_descryption.
101  if (!ValidateFlag("key_server_url", absl::GetFlag(FLAGS_key_server_url),
102  widevine_crypto, !kOptional, widevine_crypto_label)) {
103  success = false;
104  }
105  if (!ValidateFlag("signer", absl::GetFlag(FLAGS_signer), widevine_crypto,
106  kOptional, widevine_crypto_label)) {
107  success = false;
108  }
109  if (widevine_crypto && absl::GetFlag(FLAGS_signer).empty() &&
110  absl::StartsWith(
111  absl::AsciiStrToLower(absl::GetFlag(FLAGS_key_server_url)), "http")) {
112  LOG(WARNING) << "--signer is likely required with "
113  "--enable_widevine_encryption/decryption.";
114  }
115 
116  const char widevine_encryption_label[] = "--enable_widevine_encryption";
117  // content_id and policy (optional) are associated with
118  // enable_widevine_encryption.
119  if (!ValidateFlag("content_id", absl::GetFlag(FLAGS_content_id).bytes,
120  absl::GetFlag(FLAGS_enable_widevine_encryption), !kOptional,
121  widevine_encryption_label)) {
122  success = false;
123  }
124  if (!ValidateFlag("policy", absl::GetFlag(FLAGS_policy),
125  absl::GetFlag(FLAGS_enable_widevine_encryption), kOptional,
126  widevine_encryption_label)) {
127  success = false;
128  }
129 
130  if (absl::GetFlag(FLAGS_max_sd_pixels) <= 0) {
131  PrintError("--max_sd_pixels must be positive.");
132  success = false;
133  }
134  if (absl::GetFlag(FLAGS_max_hd_pixels) <= 0) {
135  PrintError("--max_hd_pixels must be positive.");
136  success = false;
137  }
138  if (absl::GetFlag(FLAGS_max_uhd1_pixels) <= 0) {
139  PrintError("--max_uhd1_pixels must be positive.");
140  success = false;
141  }
142  if (absl::GetFlag(FLAGS_max_hd_pixels) <=
143  absl::GetFlag(FLAGS_max_sd_pixels)) {
144  PrintError("--max_hd_pixels must be greater than --max_sd_pixels.");
145  success = false;
146  }
147  if (absl::GetFlag(FLAGS_max_uhd1_pixels) <=
148  absl::GetFlag(FLAGS_max_hd_pixels)) {
149  PrintError("--max_uhd1_pixels must be greater than --max_hd_pixels.");
150  success = false;
151  }
152 
153  const bool aes = !absl::GetFlag(FLAGS_aes_signing_key).bytes.empty() ||
154  !absl::GetFlag(FLAGS_aes_signing_iv).bytes.empty();
155  if (aes && (absl::GetFlag(FLAGS_aes_signing_key).bytes.empty() ||
156  absl::GetFlag(FLAGS_aes_signing_iv).bytes.empty())) {
157  PrintError("--aes_signing_key/iv is required if using aes signing.");
158  success = false;
159  }
160 
161  const bool rsa = !absl::GetFlag(FLAGS_rsa_signing_key_path).empty();
162 
163  if (absl::GetFlag(FLAGS_signer).empty() && (aes || rsa)) {
164  PrintError("--signer is required if using aes/rsa signing.");
165  success = false;
166  }
167  if (!absl::GetFlag(FLAGS_signer).empty() && !aes && !rsa) {
168  PrintError(
169  "--aes_signing_key/iv or --rsa_signing_key_path is required with "
170  "--signer.");
171  success = false;
172  }
173  if (aes && rsa) {
174  PrintError(
175  "Only one of --aes_signing_key/iv and --rsa_signing_key_path should be "
176  "specified.");
177  success = false;
178  }
179 
180  if (absl::GetFlag(FLAGS_crypto_period_duration) < 0) {
181  PrintError("--crypto_period_duration should not be negative.");
182  success = false;
183  }
184  return success;
185 }
186 
187 } // namespace shaka
shaka
All the methods that are virtual are virtual for mocking.
Definition: crypto_flags.cc:66
shaka::PrintError
void PrintError(const std::string &error_message)
Definition: validate_flag.cc:15
shaka::ValidateFlag
bool ValidateFlag(const char *flag_name, const FlagType &flag_value, bool condition, bool optional, const char *label)
Definition: validate_flag.h:37
shaka::ValidateWidevineCryptoFlags
bool ValidateWidevineCryptoFlags()
Definition: widevine_encryption_flags.cc:91
Generated on Mon Nov 11 2024 19:07:10 for Shaka Packager SDK by doxygen 1.9.1