Implement MediaKeySession.load()

Source/modules/encryptedmedia/MediaKeySession.cpp

 /*
  * Copyright (C) 2013 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 29 matching lines @@
 #include "platform/ContentDecryptionModuleResult.h"
 #include "platform/ContentType.h"
 #include "platform/Logging.h"
 #include "platform/MIMETypeRegistry.h"
 #include "platform/Timer.h"
 #include "public/platform/WebContentDecryptionModule.h"
 #include "public/platform/WebContentDecryptionModuleException.h"
 #include "public/platform/WebContentDecryptionModuleSession.h"
 #include "public/platform/WebString.h"
 #include "public/platform/WebURL.h"
+#include "wtf/ASCIICType.h"
 #include "wtf/ArrayBuffer.h"
 #include "wtf/ArrayBufferView.h"
 
+namespace {
+
+const char* kPersistent = "persistent";

[ddorwin, 2014/10/08 21:48:26]

Do we have this in two locations now?
Should we just add an enum to MKS.h.

[jrummell, 2014/10/08 22:57:00]

The string is currently passed to Chromium (so we would still need to do 2
conversions -- one in MK when creating the session, a second down below when
calling Chromium). Changed MK to use a static method to verify the session type,
so the strings are only declared here.

[ddorwin, 2014/10/08 23:08:48]

Okay. Even more reason to change to enums! :)

+
+// Minimum and maximum length for session ids.
+enum {
+    MinSessionIdLength = 1,
+    MaxSessionIdLength = 512
+};
+
+} // namespace
+
 namespace blink {
 
 static bool isKeySystemSupportedWithInitDataType(const String& keySystem, const String& initDataType)
 {
     ASSERT(!keySystem.isEmpty());
 
     // FIXME: initDataType != contentType. Implement this properly.
     // http://crbug.com/385874.
     String contentType = initDataType;
     if (initDataType == "webm") {
         contentType = "video/webm";
     } else if (initDataType == "cenc") {
         contentType = "video/mp4";
     }
 
     ContentType type(contentType);
     return MIMETypeRegistry::isSupportedEncryptedMediaMIMEType(keySystem, type.type(), type.parameter("codecs"));
 }
 
+// Checks that |sessionId| looks correct. Returns true if all tests pass,

[ddorwin, 2014/10/08 21:48:26]

Returns whether...

[jrummell, 2014/10/08 22:57:00]

Done.

+// false otherwise.
+static bool isValidSessionId(const String& sessionId)
+{
+    if ((sessionId.length() < MinSessionIdLength) || (sessionId.length() > MaxSessionIdLength))
+        return false;
+
+    if (!sessionId.containsOnlyASCII())
+        return false;
+
+    // Check that the sessionId only contains alphanumeric characters.
+    for (unsigned i = 0; i < sessionId.length(); ++i) {
+        if (!isASCIIAlphanumeric(sessionId[i]))
+            return false;
+    }
+
+    return true;
+}
+
 // A class holding a pending action.
 class MediaKeySession::PendingAction : public GarbageCollectedFinalized<MediaKeySession::PendingAction> {
 public:
     enum Type {
         GenerateRequest,
+        Load,
         Update,
         Release
     };
 
     Type type() const { return m_type; }
 
     const Persistent<ContentDecryptionModuleResult> result() const
     {
         return m_result;
     }
 
     const RefPtr<ArrayBuffer> data() const
     {
         ASSERT(m_type == GenerateRequest || m_type == Update);
         return m_data;
     }
 
     const String& initDataType() const
     {
         ASSERT(m_type == GenerateRequest);
         return m_initDataType;
     }
 
+    const String& sessionId() const
+    {
+        ASSERT(m_type == Load);
+        return m_initDataType;

[ddorwin, 2014/10/08 21:48:26]

C&P error

[jrummell, 2014/10/08 22:57:01]

Not really. m_initDataType used for both values. Renamed to make it clearer.

+    }
+
     static PendingAction* CreatePendingGenerateRequest(ContentDecryptionModuleResult* result, const String& initDataType, PassRefPtr<ArrayBuffer> initData)
     {
         ASSERT(result);
         ASSERT(initData);
         return new PendingAction(GenerateRequest, result, initDataType, initData);
     }
 
+    static PendingAction* CreatePendingLoadRequest(ContentDecryptionModuleResult* result, const String& sessionId)
+    {
+        ASSERT(result);
+        return new PendingAction(Load, result, sessionId, PassRefPtr<ArrayBuffer>());
+    }
+
     static PendingAction* CreatePendingUpdate(ContentDecryptionModuleResult* result, PassRefPtr<ArrayBuffer> data)
     {
         ASSERT(result);
         ASSERT(data);
         return new PendingAction(Update, result, String(), data);
     }
 
     static PendingAction* CreatePendingRelease(ContentDecryptionModuleResult* result)
     {
         ASSERT(result);
@@ skipping 81 matching lines @@
     void completeWithDOMException(ExceptionCode code, const String& errorMessage)
     {
         m_resolver->reject(DOMException::create(code, errorMessage));
         m_resolver.clear();
     }
 
     RefPtr<ScriptPromiseResolver> m_resolver;
     Member<MediaKeySession> m_session;
 };
 
+// This class wraps the promise resolver used when loading a session
+// and is passed to Chromium to fullfill the promise. This implementation of
+// completeWithSession() will resolve the promise with true/false, while
+// completeWithError() will reject the promise with an exception. complete()
+// is not expected to be called, and will reject the promise.
+class LoadSessionResult : public ContentDecryptionModuleResult {
+public:
+    LoadSessionResult(ScriptState* scriptState, MediaKeySession* session)
+        : m_resolver(ScriptPromiseResolver::create(scriptState))
+        , m_session(session)
+    {
+        WTF_LOG(Media, "LoadSessionResult(%p)", this);
+    }
+
+    virtual ~LoadSessionResult()
+    {
+        WTF_LOG(Media, "~LoadSessionResult(%p)", this);
+    }
+
+    // ContentDecryptionModuleResult implementation.
+    virtual void complete() OVERRIDE
+    {
+        ASSERT_NOT_REACHED();
+        completeWithDOMException(InvalidStateError, "Unexpected completion.");
+    }
+
+    virtual void completeWithSession(WebContentDecryptionModuleResult::SessionStatus status) OVERRIDE
+    {
+        bool result;

[ddorwin, 2014/10/08 21:48:26]

Uninitialized, though I guess that was allowed (and even preferred) in WebKit.

[jrummell, 2014/10/08 22:57:01]

Acknowledged.

+        switch (status) {
+        case WebContentDecryptionModuleResult::NewSession:
+            result = true;
+            break;
+
+        case WebContentDecryptionModuleResult::SessionNotFound:
+            result = false;
+            break;
+
+        case WebContentDecryptionModuleResult::SessionAlreadyExists:
+            ASSERT_NOT_REACHED();
+            completeWithDOMException(InvalidStateError, "Unexpected completion.");
+            return;
+        }
+
+        m_session->finishLoad();
+        m_resolver->resolve(result);
+        m_resolver.clear();
+    }
+
+    virtual void completeWithError(WebContentDecryptionModuleException exceptionCode, unsigned long systemCode, const WebString& errorMessage) OVERRIDE
+    {
+        completeWithDOMException(WebCdmExceptionToExceptionCode(exceptionCode), errorMessage);
+    }
+
+    // It is only valid to call this before completion.
+    ScriptPromise promise() { return m_resolver->promise(); }
+
+    void trace(Visitor* visitor)
+    {
+        visitor->trace(m_session);
+        ContentDecryptionModuleResult::trace(visitor);
+    }
+
+private:
+    // Reject the promise with a DOMException.
+    void completeWithDOMException(ExceptionCode code, const String& errorMessage)
+    {
+        m_resolver->reject(DOMException::create(code, errorMessage));
+        m_resolver.clear();
+    }
+
+    RefPtr<ScriptPromiseResolver> m_resolver;
+    Member<MediaKeySession> m_session;
+};
+
 MediaKeySession* MediaKeySession::create(ScriptState* scriptState, MediaKeys* mediaKeys, const String& sessionType)
 {
     RefPtrWillBeRawPtr<MediaKeySession> session = adoptRefCountedGarbageCollectedWillBeNoop(new MediaKeySession(scriptState, mediaKeys, sessionType));
     session->suspendIfNeeded();
     return session.get();
 }
 
 MediaKeySession::MediaKeySession(ScriptState* scriptState, MediaKeys* mediaKeys, const String& sessionType)
     : ActiveDOMObject(scriptState->executionContext())
     , m_keySystem(mediaKeys->keySystem())
@@ skipping 131 matching lines @@
     // 10. Run the following steps asynchronously (documented in
     //     actionTimerFired())
     m_pendingActions.append(PendingAction::CreatePendingGenerateRequest(result, initDataType, initData));
     ASSERT(!m_actionTimer.isActive());
     m_actionTimer.startOneShot(0, FROM_HERE);
 
     // 11. Return promise.
     return promise;
 }
 
+ScriptPromise MediaKeySession::load(ScriptState* scriptState, const String& sessionId)
+{
+    WTF_LOG(Media, "MediaKeySession(%p)::load %s", this, sessionId.ascii().data());
+
+    // From https://dvcs.w3.org/hg/html-media/raw-file/default/encrypted-media/encrypted-media.html#dom-load:
+    // The load(sessionId) method loads the data stored for the sessionId into
+    // the session represented by the object. It must run the following steps:
+
+    // 1. If this object's uninitialized value is false, return a promise
+    //    rejected with a new DOMException whose name is "InvalidStateError".
+    if (!m_isUninitialized) {
+        return ScriptPromise::rejectWithDOMException(
+            scriptState, DOMException::create(InvalidStateError, "The session is already initialized."));
+    }
+
+    // 2. Let this object's uninitialized be false.
+    m_isUninitialized = false;
+
+    // 3. If sessionId is an empty string, return a promise rejected with a
+    //    new DOMException whose name is "InvalidAccessError".
+    if (sessionId.isEmpty()) {
+        return ScriptPromise::rejectWithDOMException(
+            scriptState, DOMException::create(InvalidAccessError, "The sessionId parameter is empty."));
+    }
+
+    // 4. If this object's session type is not "persistent", return a promise
+    //    rejected with a new DOMException whose name is "InvalidAccessError".
+    if (m_sessionType != kPersistent) {
+        return ScriptPromise::rejectWithDOMException(
+            scriptState, DOMException::create(InvalidAccessError, "The session type is not \"persistent\"."));

[ddorwin, 2014/10/08 21:48:27]

You could just use single quotes too.

[jrummell, 2014/10/08 22:57:00]

Done.

+    }
+
+    // 5. Let media keys be the MediaKeys object that created this object.
+    //    (Done in constructor.)
+    ASSERT(m_mediaKeys);
+
+    // 6. If the content decryption module corresponding to media keys's
+    //    keySystem attribute does not support loading previous sessions,
+    //    return a promise rejected with a new DOMException whose name is
+    //    "NotSupportedError".
+    //    (Done by CDM.)
+
+    // 7. Let promise be a new promise.
+    LoadSessionResult* result = new LoadSessionResult(scriptState, this);
+    ScriptPromise promise = result->promise();
+
+    // 8. Run the following steps asynchronously (documented in
+    //    actionTimerFired())
+    m_pendingActions.append(PendingAction::CreatePendingLoadRequest(result, sessionId));
+    ASSERT(!m_actionTimer.isActive());
+    m_actionTimer.startOneShot(0, FROM_HERE);
+
+    // 9. Return promise.
+    return promise;
+}
+
 ScriptPromise MediaKeySession::update(ScriptState* scriptState, ArrayBuffer* response)
 {
     RefPtr<ArrayBuffer> responseCopy = ArrayBuffer::create(response->data(), response->byteLength());
     return updateInternal(scriptState, responseCopy.release());
 }
 
 ScriptPromise MediaKeySession::update(ScriptState* scriptState, ArrayBufferView* response)
 {
     RefPtr<ArrayBuffer> responseCopy = ArrayBuffer::create(response->baseAddress(), response->byteLength());
     return updateInternal(scriptState, responseCopy.release());
@@ skipping 95 matching lines @@
             //        "NotSupportedError".
             // 10.3.3 Let request be a request (e.g. a license request)
             //        generated based on the init data, which is interpreted
             //        per initDataType, and session type.
             m_session->initializeNewSession(action->initDataType(), static_cast<unsigned char*>(action->data()->data()), action->data()->byteLength(), m_sessionType, action->result()->result());
 
             // Remainder of steps executed in finishGenerateRequest(), called
             // when |result| is resolved.
             break;
 
+        case PendingAction::Load:
+            // NOTE: Continue step 8 of MediaKeySession::load().
+
+            // 8.1 Let sanitized session ID be a validated and/or sanitized
+            //     version of sessionId. The user agent should thoroughly
+            //     validate the sessionId value before passing it to the CDM.
+            //     At a minimum, this should include checking that the length
+            //     and value (e.g. alphanumeric) are reasonable.
+            // 8.2 If the previous step failed, reject promise with a new
+            //     DOMException whose name is "InvalidAccessError".
+            if (!isValidSessionId(action->sessionId())) {
+                action->result()->completeWithError(WebContentDecryptionModuleExceptionInvalidAccessError, 0, "Invalid sessionId");
+                return;
+            }
+
+            // 8.3 Let expiration time be NaN.
+            // FIXME: Implement expiration attribute.
+
+            // 8.4 Let message be null.
+            // 8.5 Let message type be null.
+            //     (Will be provided by the CDM if needed.)
+
+            // 8.6 Let origin be the origin of this object's Document.
+            //     (Obtained previously when CDM created.)
+
+            // 8.7 Let cdm be the CDM loaded during the initialization of media
+            //     keys.
+            // 8.8 Use the cdm to execute the following steps:
+            // 8.8.1 If there is no data stored for the sanitized session ID in
+            //       the origin, resolve promise with false.
+            // 8.8.2 Let session data be the data stored for the sanitized
+            //       session ID in the origin. This must not include data from
+            //       other origin(s) or that is not associated with an origin.
+            // 8.8.3 If there is an unclosed "persistent" session in any
+            //       Document representing the session data, reject promise
+            //       with a new DOMException whose name is "QuotaExceededError".
+            // 8.8.4 In other words, do not create a session if a non-closed
+            //       persistent session already exists for this sanitized
+            //       session ID in any browsing context.
+            // 8.8.5 Load the session data.
+            // 8.8.6 If the session data indicates an expiration time for the
+            //       session, let expiration time be the expiration time
+            //       in milliseconds since 01 January 1970 UTC.
+            // 8.8.6 If the CDM needs to send a message:
+            // 8.8.6.1 Let message be a message generated by the CDM based on
+            //         the session data.
+            // 8.8.6.2 Let message type be the appropriate MediaKeyMessageType
+            //         for the message.
+            // 8.9 If any of the preceding steps failed, reject promise with a
+            //     new DOMException whose name is the appropriate error name.
+            m_session->load(action->sessionId(), action->result()->result());
+
+            // Remainder of steps executed in finishLoad(), called
+            // when |result| is resolved.
+            break;
+
         case PendingAction::Update:
             WTF_LOG(Media, "MediaKeySession(%p)::actionTimerFired: Update", this);
             // NOTE: Continued from step 4 of MediaKeySession::update().
             // Continue the update call by passing message to the cdm. Once
             // completed, it will resolve/reject the promise.
             m_session->update(static_cast<unsigned char*>(action->data()->data()), action->data()->byteLength(), action->result()->result());
             break;
 
         case PendingAction::Release:
             WTF_LOG(Media, "MediaKeySession(%p)::actionTimerFired: Release", this);
@@ skipping 26 matching lines @@
     // https://www.w3.org/Bugs/Public/show_bug.cgi?id=26758
 
     // 10.7 Run the Queue a "message" Event algorithm on the session,
     //      providing request and null.
     //      (Done by the CDM).
 
     // 10.8 Let this object's callable be true.
     m_isCallable = true;
 }
 
+void MediaKeySession::finishLoad()
+{
+    // 8.10 Set the sessionId attribute to sanitized session ID.
+    ASSERT(!sessionId().isEmpty());
+
+    // 8.11 Let this object's callable be true.
+    m_isCallable = true;
+
+    // 8.12 If the loaded session contains usable keys, run the Usable
+    //      Keys Changed algorithm on the session. The algorithm may
+    //      also be run later should additional processing be necessary
+    //      to determine with certainty whether one or more keys is
+    //      usable.
+    //      (Done by the CDM.)

[ddorwin, 2014/10/08 21:48:26]

Does our code ensure that the CDM does not do these things until after this
function returns?

[jrummell, 2014/10/08 22:57:01]

Yes (assuming resolving this promise and generating the events happen on the
same thread). If the CDM calls these events before resolving the promise,
cdm_adapter won't have the session registered so the event will get dropped. Saw
this in the ECK test, as the KeysChanged event was being generated before this
promise was resolved and thus got dropped.

+
+    // 8.13 Run the Update Expiration algorithm on the session,
+    //      providing expiration time.
+    //      (Done by the CDM.)
+
+    // 8.14 If message is not null, run the Queue a "message" Event
+    //      algorithm on the session, providing message type and
+    //      message.
+    //      (Done by the CDM.)
+}
+
 // Queue a task to fire a simple event named keymessage at the new object.
 void MediaKeySession::message(const unsigned char* message, size_t messageLength, const WebURL& destinationURL)
 {
     WTF_LOG(Media, "MediaKeySession(%p)::message", this);
 
     // Verify that 'message' not fired before session initialization is complete.
     ASSERT(m_isCallable);
 
     MediaKeyMessageEventInit init;
     init.bubbles = false;
@@ skipping 117 matching lines @@
 {
     visitor->trace(m_error);
     visitor->trace(m_asyncEventQueue);
     visitor->trace(m_pendingActions);
     visitor->trace(m_mediaKeys);
     visitor->trace(m_closedPromise);
     EventTargetWithInlineData::trace(visitor);
 }
 
 } // namespace blink