dom/media/eme/CDMProxy.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
 * You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef CDMProxy_h_
#define CDMProxy_h_

#include "mozilla/CDMCaps.h"
#include "mozilla/DataMutex.h"
#include "mozilla/MozPromise.h"

#include "mozilla/dom/MediaKeyMessageEvent.h"
#include "mozilla/dom/MediaKeys.h"

#include "nsIThread.h"

namespace mozilla {
class ErrorResult;
class MediaRawData;
class ChromiumCDMProxy;
#ifdef MOZ_WMF_CDM
class WMFCDMProxy;
#endif

namespace eme {
enum DecryptStatus {
  Ok = 0,
  GenericErr = 1,
  NoKeyErr = 2,
  AbortedErr = 3,
};
}

using eme::DecryptStatus;

struct DecryptResult {
  DecryptResult(DecryptStatus aStatus, MediaRawData* aSample)
      : mStatus(aStatus), mSample(aSample) {}
  DecryptStatus mStatus;
  RefPtr<MediaRawData> mSample;
};

typedef MozPromise<DecryptResult, DecryptResult, /* IsExclusive = */ true>
    DecryptPromise;

class CDMKeyInfo {
 public:
  explicit CDMKeyInfo(const nsTArray<uint8_t>& aKeyId)
      : mKeyId(aKeyId.Clone()), mStatus() {}

  CDMKeyInfo(const nsTArray<uint8_t>& aKeyId,
             const dom::Optional<dom::MediaKeyStatus>& aStatus)
      : mKeyId(aKeyId.Clone()), mStatus(aStatus.Value()) {}

  // The copy-ctor and copy-assignment operator for Optional<T> are declared as
  // delete, so override CDMKeyInfo copy-ctor for nsTArray operations.
  CDMKeyInfo(const CDMKeyInfo& aKeyInfo) {
    mKeyId = aKeyInfo.mKeyId.Clone();
    if (aKeyInfo.mStatus.WasPassed()) {
      mStatus.Construct(aKeyInfo.mStatus.Value());
    }
  }

  nsTArray<uint8_t> mKeyId;
  dom::Optional<dom::MediaKeyStatus> mStatus;
};

// Time is defined as the number of milliseconds since the
// Epoch (00:00:00 UTC, January 1, 1970).
typedef int64_t UnixTime;

// Proxies calls CDM, and proxies calls back.
// Note: Promises are passed in via a PromiseId, so that the ID can be
// passed via IPC to the CDM, which can then signal when to reject or
// resolve the promise using its PromiseId.
class CDMProxy {
 protected:
  typedef dom::PromiseId PromiseId;
  typedef dom::MediaKeySessionType MediaKeySessionType;

 public:
  NS_INLINE_DECL_PURE_VIRTUAL_REFCOUNTING

  // Main thread only.
  // Loads the CDM corresponding to mKeySystem.
  // Calls MediaKeys::OnCDMCreated() when the CDM is created.
  virtual void Init(PromiseId aPromiseId, const nsAString& aOrigin,
                    const nsAString& aTopLevelOrigin,
                    const nsAString& aName) = 0;

  // Main thread only.
  // Uses the CDM to create a key session.
  // Calls MediaKeys::OnSessionActivated() when session is created.
  // Assumes ownership of (std::move()s) aInitData's contents.
  virtual void CreateSession(uint32_t aCreateSessionToken,
                             MediaKeySessionType aSessionType,
                             PromiseId aPromiseId,
                             const nsAString& aInitDataType,
                             nsTArray<uint8_t>& aInitData) = 0;

  // Main thread only.
  // Uses the CDM to load a presistent session stored on disk.
  // Calls MediaKeys::OnSessionActivated() when session is loaded.
  virtual void LoadSession(PromiseId aPromiseId,
                           dom::MediaKeySessionType aSessionType,
                           const nsAString& aSessionId) = 0;

  // Main thread only.
  // Sends a new certificate to the CDM.
  // Calls MediaKeys->ResolvePromise(aPromiseId) after the CDM has
  // processed the request.
  // Assumes ownership of (std::move()s) aCert's contents.
  virtual void SetServerCertificate(PromiseId aPromiseId,
                                    nsTArray<uint8_t>& aCert) = 0;

  // Main thread only.
  // Sends an update to the CDM.
  // Calls MediaKeys->ResolvePromise(aPromiseId) after the CDM has
  // processed the request.
  // Assumes ownership of (std::move()s) aResponse's contents.
  virtual void UpdateSession(const nsAString& aSessionId, PromiseId aPromiseId,
                             nsTArray<uint8_t>& aResponse) = 0;

  // Main thread only.
  // Calls MediaKeys->ResolvePromise(aPromiseId) after the CDM has
  // processed the request.
  // If processing this operation results in the session actually closing,
  // we also call MediaKeySession::OnClosed(), which in turn calls
  // MediaKeys::OnSessionClosed().
  virtual void CloseSession(const nsAString& aSessionId,
                            PromiseId aPromiseId) = 0;

  // Main thread only.
  // Removes all data for a persisent session.
  // Calls MediaKeys->ResolvePromise(aPromiseId) after the CDM has
  // processed the request.
  virtual void RemoveSession(const nsAString& aSessionId,
                             PromiseId aPromiseId) = 0;

  // Main thread only.
  // Called to signal a request for output protection information from the CDM.
  // This should forward the call up the stack where the query should be
  // performed and then responded to via `NotifyOutputProtectionStatus`.
  virtual void QueryOutputProtectionStatus() = 0;

  // NotifyOutputProtectionStatus enums. Explicit values are specified to make
  // it easy to match values in logs.
  enum class OutputProtectionCheckStatus : uint8_t {
    CheckFailed = 0,
    CheckSuccessful = 1,
  };

  enum class OutputProtectionCaptureStatus : uint8_t {
    CapturePossilbe = 0,
    CaptureNotPossible = 1,
    Unused = 2,
  };
  // End NotifyOutputProtectionStatus enums

  // Main thread only.
  // Notifies this proxy of the protection status for the media the CDM is
  // associated with. This can be called in response to
  // `QueryOutputProtectionStatus`, but can also be called without an
  // associated query. In both cases the information will be forwarded to
  // the CDM host machinery and used to handle requests from the CDM.
  // @param aCheckStatus did the check succeed or not.
  // @param aCaptureStatus if the check succeeded, this reflects if capture
  // of media could take place. This doesn't mean capture is taking place.
  // Callers should be conservative with this value such that it's okay to pass
  // CapturePossilbe even if capture is not happening, but should never pass
  // CaptureNotPossible if it could happen. If the check failed, this value is
  // not used, and callers should pass Unused to indicate this.
  virtual void NotifyOutputProtectionStatus(
      OutputProtectionCheckStatus aCheckStatus,
      OutputProtectionCaptureStatus aCaptureStatus) = 0;

  // Main thread only.
  virtual void Shutdown() = 0;

  // Main thread only.
  virtual void Terminated() = 0;

  // Threadsafe.
  const nsCString& GetNodeId() const { return mNodeId; };

  // Main thread only.
  virtual void OnSetSessionId(uint32_t aCreateSessionToken,
                              const nsAString& aSessionId) = 0;

  // Main thread only.
  virtual void OnResolveLoadSessionPromise(uint32_t aPromiseId,
                                           bool aSuccess) = 0;

  // Main thread only.
  virtual void OnSessionMessage(const nsAString& aSessionId,
                                dom::MediaKeyMessageType aMessageType,
                                const nsTArray<uint8_t>& aMessage) = 0;

  // Main thread only.
  virtual void OnExpirationChange(const nsAString& aSessionId,
                                  UnixTime aExpiryTime) = 0;

  // Main thread only.
  virtual void OnSessionClosed(const nsAString& aSessionId) = 0;

  // Main thread only.
  virtual void OnSessionError(const nsAString& aSessionId, nsresult aException,
                              uint32_t aSystemCode, const nsAString& aMsg) = 0;

  // Main thread only.
  virtual void OnRejectPromise(uint32_t aPromiseId, ErrorResult&& aException,
                               const nsCString& aMsg) = 0;

  virtual RefPtr<DecryptPromise> Decrypt(MediaRawData* aSample) = 0;

  // Owner thread only.
  virtual void OnDecrypted(uint32_t aId, DecryptStatus aResult,
                           const nsTArray<uint8_t>& aDecryptedData) = 0;

  // Reject promise with the given ErrorResult.
  //
  // Can be called from any thread.
  virtual void RejectPromise(PromiseId aId, ErrorResult&& aException,
                             const nsCString& aReason) = 0;

  // Resolves promise with "undefined".
  // Can be called from any thread.
  virtual void ResolvePromise(PromiseId aId) = 0;

  // Threadsafe.
  const nsString& KeySystem() const { return mKeySystem; };

  DataMutex<CDMCaps>& Capabilites() { return mCapabilites; };

  // Main thread only.
  virtual void OnKeyStatusesChange(const nsAString& aSessionId) = 0;

  // Main thread only.
  // Calls MediaKeys->ResolvePromiseWithKeyStatus(aPromiseId, aKeyStatus) after
  // the CDM has processed the request.
  virtual void GetStatusForPolicy(PromiseId aPromiseId,
                                  const nsAString& aMinHdcpVersion) = 0;

#ifdef DEBUG
  virtual bool IsOnOwnerThread() = 0;
#endif

  virtual ChromiumCDMProxy* AsChromiumCDMProxy() { return nullptr; }

#ifdef MOZ_WMF_CDM
  virtual WMFCDMProxy* AsWMFCDMProxy() { return nullptr; }
#endif

 protected:
  // Main thread only.
  CDMProxy(dom::MediaKeys* aKeys, const nsAString& aKeySystem,
           bool aDistinctiveIdentifierRequired, bool aPersistentStateRequired)
      : mKeys(aKeys),
        mKeySystem(aKeySystem),
        mCapabilites("CDMProxy::mCDMCaps"),
        mDistinctiveIdentifierRequired(aDistinctiveIdentifierRequired),
        mPersistentStateRequired(aPersistentStateRequired),
        mMainThread(GetMainThreadSerialEventTarget()) {
    MOZ_ASSERT(NS_IsMainThread());
  }

  virtual ~CDMProxy() {}

  // Helper to enforce that a raw pointer is only accessed on the main thread.
  template <class Type>
  class MainThreadOnlyRawPtr {
   public:
    explicit MainThreadOnlyRawPtr(Type* aPtr) : mPtr(aPtr) {
      MOZ_ASSERT(NS_IsMainThread());
    }

    bool IsNull() const {
      MOZ_ASSERT(NS_IsMainThread());
      return !mPtr;
    }

    void Clear() {
      MOZ_ASSERT(NS_IsMainThread());
      mPtr = nullptr;
    }

    Type* operator->() const MOZ_NO_ADDREF_RELEASE_ON_RETURN {
      MOZ_ASSERT(NS_IsMainThread());
      return mPtr;
    }

   private:
    Type* mPtr;
  };

  // Our reference back to the MediaKeys object.
  // WARNING: This is a non-owning reference that is cleared by MediaKeys
  // destructor. only use on main thread, and always nullcheck before using!
  MainThreadOnlyRawPtr<dom::MediaKeys> mKeys;

  const nsString mKeySystem;

  // Onwer specified thread. e.g. Gecko Media Plugin thread.
  // All interactions with the out-of-process EME plugin must come from this
  // thread.
  RefPtr<nsIThread> mOwnerThread;

  nsCString mNodeId;

  DataMutex<CDMCaps> mCapabilites;

  const bool mDistinctiveIdentifierRequired;
  const bool mPersistentStateRequired;

  // The main thread associated with the root document.
  const nsCOMPtr<nsISerialEventTarget> mMainThread;
};

}  // namespace mozilla

#endif  // CDMProxy_h_