Implement checks for distinctiveIdentifier and persistentState in requestMediaKeySystemAccess().

media/blink/webencryptedmediaclient_impl.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "webencryptedmediaclient_impl.h"
 
 #include "base/logging.h"
 #include "base/metrics/histogram.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "media/base/key_systems.h"
 #include "media/base/media_permission.h"
 #include "media/blink/webcontentdecryptionmodule_impl.h"
 #include "media/blink/webcontentdecryptionmoduleaccess_impl.h"
 #include "net/base/mime_util.h"
 #include "third_party/WebKit/public/platform/WebEncryptedMediaRequest.h"
 #include "third_party/WebKit/public/platform/WebMediaKeySystemConfiguration.h"
 #include "third_party/WebKit/public/platform/WebString.h"
 #include "third_party/WebKit/public/platform/WebVector.h"
 
 namespace media {
 
 // These names are used by UMA.
 const char kKeySystemSupportUMAPrefix[] =
     "Media.EME.RequestMediaKeySystemAccess.";
 
+// TODO(jrummell): Convert to an enum. http://crbug.com/418239
+const char kTemporarySessionType[] = "temporary";
+const char kPersistentLicenseSessionType[] = "persistent-license";
+const char kPersistentReleaseMessageSessionType[] =
+    "persistent-release-message";
+
 static bool IsSupportedContentType(
     const std::string& key_system,
     const std::string& mime_type,
     const std::string& codecs) {
-  // Per RFC 6838, "Both top-level type and subtype names are case-insensitive."
-  // TODO(sandersd): Check that |container| matches the capability:
-  //   - audioCapabilitys: audio/mp4 or audio/webm.
-  //   - videoCapabilitys: video/mp4 or video/webm.
-  // http://crbug.com/457384.
+  // TODO(sandersd): Move contentType parsing from Blink to here so that invalid
+  // parameters can be rejected. http://crbug.com/417561
+  // TODO(sandersd): Pass in the media type (audio or video) and check that the
+  // container type matches. http://crbug.com/457384
   std::string container = base::StringToLowerASCII(mime_type);
 
-  // Check that |codecs| are supported as specified (e.g. "mp4a.40.2").
+  // Check that |codecs| are supported by the CDM. This check does not handle
+  // extended codecs, so extended codec information is stripped.
+  // TODO(sandersd): Reject codecs that do not match the media type.
+  // http://crbug.com/457386
   std::vector<std::string> codec_vector;
+  net::ParseCodecString(codecs, &codec_vector, true);
+  if (!IsSupportedKeySystemWithMediaMimeType(container, codec_vector,
+                                             key_system)) {
+    return false;
+  }
+
+  // Check that |codecs| are supported by Chrome. This is done primarily to
+  // validate extended codecs, but it also ensures that the CDM cannot support
+  // codecs that Chrome does not (which would be bad because it would require
+  // considering the accumulated configuration, and could affect whether secure
+  // decode is required).
+  // TODO(sandersd): Reject ambiguous codecs. http://crbug.com/374751
+  codec_vector.clear();
   net::ParseCodecString(codecs, &codec_vector, false);
-  if (!net::AreSupportedMediaCodecs(codec_vector))
-    return false;
+  return net::AreSupportedMediaCodecs(codec_vector);
+}
 
-  // IsSupportedKeySystemWithMediaMimeType() only works with base codecs
-  // (e.g. "mp4a"), so reparse |codecs| to get the base only.
-  codec_vector.clear();
-  net::ParseCodecString(codecs, &codec_vector, true);
-  return IsSupportedKeySystemWithMediaMimeType(container, codec_vector,
-                                               key_system);
+static bool GetSupportedCapabilities(
+    const std::string& key_system,
+    const blink::WebVector<blink::WebMediaKeySystemMediaCapability>&
+        capabilities,
+    std::vector<blink::WebMediaKeySystemMediaCapability>*
+        media_type_capabilities) {
+  // From https://w3c.github.io/encrypted-media/#get-supported-capabilities-for-media-type
+  // 1. Let accumulated capabilities be partial configuration.
+  //    (Skipped as there are no configuration-based codec restrictions.)
+  // 2. Let media type capabilities be empty. (Done by caller.)

[ddorwin, 2015/02/19 04:23:42]

nit: You can remove the () part now that you have a check. That's the pattern
we've used.

[sandersd (OOO until July 31), 2015/02/19 21:08:35]

Done.

+  DCHECK_EQ(media_type_capabilities->size(), 0);
+  // 3. For each value in capabilities:
+  for (size_t i = 0; i < capabilities.size(); i++) {
+    // 3.1. Let contentType be the value's contentType member.
+    // 3.2. Let robustness be the value's robustness member.
+    const blink::WebMediaKeySystemMediaCapability& capability = capabilities[i];
+    // 3.3. If contentType is the empty string, return null.
+    if (capability.mimeType.isEmpty())
+      return false;
+    // 3.4-3.11. (Implemented by IsSupportedContentType().)
+    if (!base::IsStringASCII(capability.mimeType) ||
+        !base::IsStringASCII(capability.codecs) ||
+        !IsSupportedContentType(key_system,
+                                base::UTF16ToASCII(capability.mimeType),
+                                base::UTF16ToASCII(capability.codecs))) {
+      continue;
+    }
+    // 3.12. If robustness is not the empty string, run the following steps:
+    //       (Robustness is not supported.)
+    // TODO(sandersd): Implement robustness. http://crbug.com/442586
+    if (!capability.robustness.isEmpty())
+      continue;

[ddorwin, 2015/02/19 04:23:42]

Can we log a console info message here to say it's not yet supported?

[sandersd (OOO until July 31), 2015/02/19 21:08:36]

Done.

+    // 3.13. If the user agent and implementation do not support playback of
+    //       encrypted media data as specified by configuration, including all
+    //       media types, in combination with accumulated capabilities,
+    //       continue to the next iteration.
+    //       (Skipped as there are no configuration-based codec restrictions.)
+    // 3.14. Add configuration to media type capabilities.
+    media_type_capabilities->push_back(capability);
+    // 3.15. Add configuration to accumulated capabilities.
+    //       (Skipped as there are no configuration-based codec restrictions.)
+  }
+  // 4. If media type capabilities is empty, return null.
+  // 5. Return media type capabilities.
+  return !media_type_capabilities->empty();
+}
+
+static EmeFeatureRequirement ConvertRequirement(
+    blink::WebMediaKeySystemConfiguration::Requirement requirement) {
+  switch (requirement) {
+    case blink::WebMediaKeySystemConfiguration::Requirement::Required:
+      return EME_FEATURE_REQUIRED;
+    case blink::WebMediaKeySystemConfiguration::Requirement::Optional:
+      return EME_FEATURE_OPTIONAL;
+    case blink::WebMediaKeySystemConfiguration::Requirement::NotAllowed:
+      return EME_FEATURE_NOT_ALLOWED;
+  }
+
+  NOTREACHED();
+  return EME_FEATURE_NOT_ALLOWED;
 }
 
 static bool GetSupportedConfiguration(
     const std::string& key_system,
     const blink::WebMediaKeySystemConfiguration& candidate,
     const blink::WebSecurityOrigin& security_origin,
     blink::WebMediaKeySystemConfiguration* accumulated_configuration) {
+  // From https://w3c.github.io/encrypted-media/#get-supported-configuration
+  // 1. Let accumulated configuration be empty. (Done by caller.)
+  // 2. If candidate configuration's initDataTypes attribute is not empty, run
+  //    the following steps:
   if (!candidate.initDataTypes.isEmpty()) {
-    std::vector<blink::WebString> init_data_types;
+    // 2.1. Let supported types be empty.
+    std::vector<blink::WebString> supported_types;
 
+    // 2.2. For each value in candidate configuration's initDataTypes attribute:
     for (size_t i = 0; i < candidate.initDataTypes.size(); i++) {
+      // 2.2.1. Let initDataType be the value.
       const blink::WebString& init_data_type = candidate.initDataTypes[i];
+      // 2.2.2. If initDataType is the empty string, return null.
       if (init_data_type.isEmpty())
         return false;
+      // 2.2.3. If the implementation supports generating requests based on
+      //        initDataType, add initDataType to supported types. String
+      //        comparison is case-sensitive.
       if (base::IsStringASCII(init_data_type) &&
           IsSupportedKeySystemWithInitDataType(
               key_system, base::UTF16ToASCII(init_data_type))) {
-        init_data_types.push_back(init_data_type);
+        supported_types.push_back(init_data_type);
       }
     }
 
-    if (init_data_types.empty())
+    // 2.3. If supported types is empty, return null.
+    if (supported_types.empty())
       return false;
 
-    accumulated_configuration->initDataTypes = init_data_types;
+    // 2.4. Add supported types to accumulated configuration.
+    accumulated_configuration->initDataTypes = supported_types;
   }
 
-  // TODO(sandersd): Implement distinctiveIdentifier and persistentState checks.
-  if (candidate.distinctiveIdentifier !=
-      blink::WebMediaKeySystemConfiguration::Requirement::Optional ||
-      candidate.persistentState !=
-      blink::WebMediaKeySystemConfiguration::Requirement::Optional) {
+  // 3. Follow the steps for the value of candidate configuration's
+  //    distinctiveIdentifier attribute from the following list:
+  //     - "required": If the implementation does not support a persistent
+  //       Distinctive Identifier in combination with accumulated configuration,
+  //       return null.
+  //     - "optional": Continue.
+  //     - "not-allowed": If the implementation requires a Distinctive

[ddorwin, 2015/02/19 04:23:42]

Since we can't enforce this, I think we need to always reject this in M42,
right?

[sandersd (OOO until July 31), 2015/02/19 21:08:35]

That is done implicitly when CDMs declare ALWAYS_ENABLED.

[ddorwin, 2015/02/19 23:03:57]

We don't seem to be enforcing this assumption in key_systems.cc.

[sandersd (OOO until July 31), 2015/02/20 00:17:12]

KeySystems does this explicitly:

    case EME_FEATURE_ALWAYS_ENABLED:
      // TODO(sandersd): This should be NOTREACHED(). http://crbug.com/457482
      return requirement != EME_FEATURE_NOT_ALLOWED;

+  //       Identifier in combination with accumulated configuration, return
+  //       null.
+  EmeFeatureRequirement requirement;
+  requirement = ConvertRequirement(candidate.distinctiveIdentifier);

[ddorwin, 2015/02/19 04:23:42]

EmeFeatureRequirement requirement =
    ConvertRequirement(candidate.distinctiveIdentifier);

doesn't seem too ugly. And then we avoid the uninitialized variable.

[sandersd (OOO until July 31), 2015/02/19 21:08:35]

Done.

+  if (!IsDistinctiveIdentifierSupported(key_system, requirement, true))

[ddorwin, 2015/02/19 04:23:42]

There should be a comment for this "true". For example, state that we assume the
best case (that permission will be granted) here and do a final check below.

[sandersd (OOO until July 31), 2015/02/19 21:08:35]

Done.

     return false;
+
+  // 4. Add the value of the candidate configuration's distinctiveIdentifier
+  //    attribute to accumulated configuration.
+  accumulated_configuration->distinctiveIdentifier =
+      candidate.distinctiveIdentifier;
+
+  // 5. Follow the steps for the value of candidate configuration's
+  //    persistentState attribute from the following list:
+  //     - "required": If the implementation does not support persisting state
+  //       in combination with accumulated configuration, return null.
+  //     - "optional": Continue.
+  //     - "not-allowed": If the implementation requires persisting state in

[ddorwin, 2015/02/19 04:23:42]

ditto about rejecting.

[sandersd (OOO until July 31), 2015/02/19 21:08:35]

Acknowledged.

+  //       combination with accumulated configuration, return null.
+  requirement = ConvertRequirement(candidate.persistentState);
+  if (!IsPersistentStateSupported(key_system, requirement, true))

[ddorwin, 2015/02/19 04:23:42]

ditto

[sandersd (OOO until July 31), 2015/02/19 21:08:35]

Done.

+    return false;
+
+  // 6. Add the value of the candidate configuration's persistentState
+  //    attribute to accumulated configuration.
+  accumulated_configuration->persistentState = candidate.persistentState;
+
+  // 7. If candidate configuration's videoCapabilities attribute is not empty,
+  //    run the following steps:
+  if (!candidate.videoCapabilities.isEmpty()) {
+    // 7.1. Let video capabilities be the result of executing the Get Supported
+    //      Capabilities for Media Type algorithm on Video, candidate
+    //      configuration's videoCapabilities attribute, and accumulated
+    //      configuration.
+    // 7.2. If video capabilities is null, return null.
+    std::vector<blink::WebMediaKeySystemMediaCapability> video_capabilities;
+    if (!GetSupportedCapabilities(key_system, candidate.videoCapabilities,
+                                  &video_capabilities)) {
+      return false;
+    }
+
+    // 7.3. Add video capabilities to accumulated configuration.
+    accumulated_configuration->videoCapabilities = video_capabilities;
   }
 
+  // 8. If candidate configuration's audioCapabilities attribute is not empty,
+  //    run the following steps:
   if (!candidate.audioCapabilities.isEmpty()) {
+    // 8.1. Let audio capabilities be the result of executing the Get Supported
+    //      Capabilities for Media Type algorithm on Audio, candidate
+    //      configuration's audioCapabilities attribute, and accumulated
+    //      configuration.
+    // 8.2. If audio capabilities is null, return null.
     std::vector<blink::WebMediaKeySystemMediaCapability> audio_capabilities;
-
-    for (size_t i = 0; i < candidate.audioCapabilities.size(); i++) {
-      const blink::WebMediaKeySystemMediaCapability& capabilities =
-          candidate.audioCapabilities[i];
-      if (capabilities.mimeType.isEmpty())
-        return false;
-      if (!base::IsStringASCII(capabilities.mimeType) ||
-          !base::IsStringASCII(capabilities.codecs) ||
-          !IsSupportedContentType(
-              key_system, base::UTF16ToASCII(capabilities.mimeType),
-              base::UTF16ToASCII(capabilities.codecs))) {
-        continue;
-      }
-      // TODO(sandersd): Support robustness.
-      if (!capabilities.robustness.isEmpty())
-        continue;
-      audio_capabilities.push_back(capabilities);
+    if (!GetSupportedCapabilities(key_system, candidate.audioCapabilities,
+                                  &audio_capabilities)) {
+      return false;
     }
 
-    if (audio_capabilities.empty())
-      return false;
-
+    // 8.3. Add audio capabilities to accumulated configuration.
     accumulated_configuration->audioCapabilities = audio_capabilities;
   }
 
-  if (!candidate.videoCapabilities.isEmpty()) {
-    std::vector<blink::WebMediaKeySystemMediaCapability> video_capabilities;
-
-    for (size_t i = 0; i < candidate.videoCapabilities.size(); i++) {
-      const blink::WebMediaKeySystemMediaCapability& capabilities =
-          candidate.videoCapabilities[i];
-      if (capabilities.mimeType.isEmpty())
-        return false;
-      if (!base::IsStringASCII(capabilities.mimeType) ||
-          !base::IsStringASCII(capabilities.codecs) ||
-          !IsSupportedContentType(
-              key_system, base::UTF16ToASCII(capabilities.mimeType),
-              base::UTF16ToASCII(capabilities.codecs))) {
-        continue;
-      }
-      // TODO(sandersd): Support robustness.
-      if (!capabilities.robustness.isEmpty())
-        continue;
-      video_capabilities.push_back(capabilities);
+  // 9. If accumulated configuration's distinctiveIdentifier value is
+  //    "optional", follow the steps for the first matching condition from the
+  //    following list:
+  //      - If the implementation requires a Distinctive Identifier for any of
+  //        the combinations in accumulated configuration, change accumulated
+  //        configuration's distinctiveIdentifier value to "required".
+  //      - Otherwise, change accumulated configuration's distinctiveIdentifier
+  //        value to "not-allowed".
+  //    (Without robustness support, capabilities do not affect this.)
+  // TODO(sandersd): Implement robustness. http://crbug.com/442586
+  if (accumulated_configuration->distinctiveIdentifier ==
+      blink::WebMediaKeySystemConfiguration::Requirement::Optional) {
+    if (IsDistinctiveIdentifierSupported(key_system, EME_FEATURE_NOT_ALLOWED,
+                                         true)) {

[ddorwin, 2015/02/19 04:23:42]

Explain "true" here too.

[sandersd (OOO until July 31), 2015/02/19 21:08:35]

It doesn't actually make any difference, so it's hard to write a cogent
explanation.

+      accumulated_configuration->distinctiveIdentifier =
+          blink::WebMediaKeySystemConfiguration::Requirement::NotAllowed;
+    } else {
+      accumulated_configuration->distinctiveIdentifier =
+          blink::WebMediaKeySystemConfiguration::Requirement::Required;
     }
-
-    if (video_capabilities.empty())
-      return false;
-
-    accumulated_configuration->videoCapabilities = video_capabilities;
   }
 
-  // TODO(sandersd): Prompt for distinctive identifiers and/or persistent state
-  // if required. Make sure that future checks are silent.
-  // http://crbug.com/446263.
+  // 10. If accumulated configuration's persistentState value is "optional",
+  //     follow the steps for the first matching condition from the following
+  //     list:
+  //       - If the implementation requires persisting state for any of the
+  //         combinations in accumulated configuration, change accumulated
+  //         configuration's persistentState value to "required".
+  //       - Otherwise, change accumulated configuration's persistentState value
+  //         to "not-allowed".
+  if (accumulated_configuration->persistentState ==
+      blink::WebMediaKeySystemConfiguration::Requirement::Optional) {
+    if (IsPersistentStateSupported(key_system, EME_FEATURE_NOT_ALLOWED, true)) {

[ddorwin, 2015/02/19 04:23:42]

ditto

[sandersd (OOO until July 31), 2015/02/19 21:08:35]

Acknowledged.

+      accumulated_configuration->persistentState =
+          blink::WebMediaKeySystemConfiguration::Requirement::NotAllowed;
+    } else {
+      accumulated_configuration->persistentState =
+          blink::WebMediaKeySystemConfiguration::Requirement::Required;
+    }
+  }
+
+  // 11. If implementation in the configuration specified by the combination of
+  //     the values in accumulated configuration is not supported or not allowed
+  //     in the origin, return null.
+  // TODO(sandersd): Implement prompting. http://crbug.com/446263

[ddorwin, 2015/02/19 04:23:42]

// For now, pass "false" for |is_permission_granted|.

[sandersd (OOO until July 31), 2015/02/19 21:08:36]

Done.

+  requirement =
+      ConvertRequirement(accumulated_configuration->distinctiveIdentifier);
+  if (!IsDistinctiveIdentifierSupported(key_system, requirement, false))
+    return false;
+
+  requirement = ConvertRequirement(accumulated_configuration->persistentState);
+  if (!IsPersistentStateSupported(key_system, requirement, false))
+    return false;
+
+  // 12. Return accumulated configuration.
+  //     (As an extra step, we record the available session types so that
+  //     createSession() can be synchronous.)
+  std::vector<blink::WebString> session_types;
+  session_types.push_back(kTemporarySessionType);
+  if (accumulated_configuration->persistentState ==
+      blink::WebMediaKeySystemConfiguration::Requirement::Required) {
+    if (IsPersistentLicenseSupported(key_system, false))
+      session_types.push_back(kPersistentLicenseSessionType);
+    if (IsPersistentReleaseMessageSupported(key_system, false))
+      session_types.push_back(kPersistentReleaseMessageSessionType);
+  }
+  accumulated_configuration->sessionTypes = session_types;
 
   return true;
 }
 
 // Report usage of key system to UMA. There are 2 different counts logged:
 // 1. The key system is requested.
 // 2. The requested key system and options are supported.
 // Each stat is only reported once per renderer frame per key system.
 // Note that WebEncryptedMediaClientImpl is only created once by each
 // renderer frame.
@@ skipping 53 matching lines @@
 WebEncryptedMediaClientImpl::~WebEncryptedMediaClientImpl() {
 }
 
 void WebEncryptedMediaClientImpl::requestMediaKeySystemAccess(
     blink::WebEncryptedMediaRequest request) {
   // TODO(jrummell): This should be asynchronous.
 
   // Continued from requestMediaKeySystemAccess(), step 7, from
   // https://w3c.github.io/encrypted-media/#requestmediakeysystemaccess
   //
-  // 7.1 If keySystem is not one of the Key Systems supported by the user
-  //     agent, reject promise with with a new DOMException whose name is
-  //     NotSupportedError. String comparison is case-sensitive.
+  // 7.1. If keySystem is not one of the Key Systems supported by the user
+  //      agent, reject promise with with a new DOMException whose name is
+  //      NotSupportedError. String comparison is case-sensitive.
   if (!base::IsStringASCII(request.keySystem())) {
     request.requestNotSupported("Only ASCII keySystems are supported");
     return;
   }
 
   std::string key_system = base::UTF16ToASCII(request.keySystem());
 
   // Report this request to the appropriate Reporter.
   Reporter* reporter = GetReporter(key_system);
   reporter->ReportRequested();
 
   if (!IsSupportedKeySystem(key_system)) {
     request.requestNotSupported("Unsupported keySystem");
     return;
   }
 
-  // 7.2 Let implementation be the implementation of keySystem.
-  // 7.3 For each value in supportedConfigurations, run the GetSupported
-  //     Configuration algorithm and if successful, resolve promise with access
-  //     and abort these steps.
+  // 7.2. Let implementation be the implementation of keySystem.
+  // 7.3. For each value in supportedConfigurations:
   const blink::WebVector<blink::WebMediaKeySystemConfiguration>&
       configurations = request.supportedConfigurations();
-
-  // TODO(sandersd): Remove once Blink requires the configurations parameter for
-  // requestMediaKeySystemAccess().
-  if (configurations.isEmpty()) {
-    reporter->ReportSupported();
-    request.requestSucceeded(WebContentDecryptionModuleAccessImpl::Create(
-        request.keySystem(), blink::WebMediaKeySystemConfiguration(),
-        request.securityOrigin(), weak_factory_.GetWeakPtr()));
-    return;
-  }
-
   for (size_t i = 0; i < configurations.size(); i++) {
-    const blink::WebMediaKeySystemConfiguration& candidate = configurations[i];
+    // 7.3.1. Let candidate configuration be the value.
+    const blink::WebMediaKeySystemConfiguration& candidate_configuration =
+        configurations[i];
+    // 7.3.2. Let supported configuration be the result of executing the Get
+    //        Supported Configuration algorithm on implementation, candidate
+    //        configuration, and origin.
+    // 7.3.3. If supported configuration is not null, [initialize and return a
+    //        new MediaKeySystemAccess object.]
     blink::WebMediaKeySystemConfiguration accumulated_configuration;
-    if (GetSupportedConfiguration(key_system, candidate,
+    if (GetSupportedConfiguration(key_system, candidate_configuration,
                                   request.securityOrigin(),
                                   &accumulated_configuration)) {
       reporter->ReportSupported();
       request.requestSucceeded(WebContentDecryptionModuleAccessImpl::Create(
           request.keySystem(), accumulated_configuration,
           request.securityOrigin(), weak_factory_.GetWeakPtr()));
       return;
     }
   }
 
-  // 7.4 Reject promise with a new DOMException whose name is NotSupportedError.
+  // 7.4. Reject promise with a new DOMException whose name is
+  //      NotSupportedError.
   request.requestNotSupported(
       "None of the requested configurations were supported.");
 }
 
 void WebEncryptedMediaClientImpl::CreateCdm(
     const blink::WebString& key_system,
     const blink::WebSecurityOrigin& security_origin,
     blink::WebContentDecryptionModuleResult result) {
   WebContentDecryptionModuleImpl::Create(cdm_factory_.get(), security_origin,
                                          key_system, result);
 }
 
 // Lazily create Reporters.
 WebEncryptedMediaClientImpl::Reporter* WebEncryptedMediaClientImpl::GetReporter(
     const std::string& key_system) {
   std::string uma_name = GetKeySystemNameForUMA(key_system);
   Reporter* reporter = reporters_.get(uma_name);
   if (reporter != nullptr)
     return reporter;
 
   // Reporter not found, so create one.
   auto result =
       reporters_.add(uma_name, make_scoped_ptr(new Reporter(uma_name)));
   DCHECK(result.second);
   return result.first->second;
 }
 
 }  // namespace media