Changeset 256429 in webkit

Timestamp:

Feb 12, 2020 3:11:22 AM (4 years ago)

Author:

cturner@igalia.com

Message:

[EME][GStreamer] Introduce CDMProxy
​https://bugs.webkit.org/show_bug.cgi?id=206730

Reviewed by Xabier Rodriguez-Calvar.

Introduce a new subclass of CDMInstance, CDMProxyInstance.

CDMInstance is a main-thread only class, its purpose is to provide
an interface that will satisfy the JavaScript EME APIs, which by
design, don't actually interact with a real DRM system, what might
also be called "The CDM Instance". That's why the naming is
misleading here, CDMInstance isn't actually an instance of a real
CDM, rather it is a facade for JavaScript.

CDMProxyInstance is a sub-class which provides two APIs,
1/ For background media threads to safely interrogate the status
of keys and to perform decryption using said keys. This API is
exposed by CDMProxy and is platform specific.
2/ For media players to safely assess the state of decryptors and
what their status is.

CDMProxy exists to allow thread-safe access to a real CDM, along
with their quirks. The two main problems GTK integrators of a CDM
have in WebKit is key management and CDM access from background
media threads.

Key management is how to manage the state of keys in a way
coherent with JavaScript, the cross-platform EME implementation,
the real CDMs themselves, and the background media
threads. CDMProxy provides a default key store interface for
sub-classes. Sub-classes can, on receipt of new information from a
real CDM, tell CDMProxy about the keys and their
statuses. CDMProxy is intended to Do The Right Thing from there,
letting JavaScript and WebCore know all the details they need to
about the new state, as well as the media decode threads when they
next come asking.

Access from background threads is ill-advised when using the
thread-unsafe CDMInstance. We used to get away with doing exactly
this, but WebCore recently became more diligent about
thread-unsafe access of main-thread-only data, and we had to do
something to fix the asserts. That something was ProxyCDM (a
terrible name, removed now), which was a hack and please forget
about it. CDMProxy can be safely passed to background threads, and
it will by default provide a thread-safe view of the key store for
background threads to interrogate the key store and perform
CDM-specific decryption / decode.

Covered by existing tests.

• WebCore.xcodeproj/project.pbxproj: Add CDMProxy to build

definition.

• platform/GStreamer.cmake: Add CDMProxy include directories and

implementation files.

• platform/encryptedmedia/CDMInstance.h: Remove references to old

ProxyCDM shim. This approach was a temporary hack to avoid some
thread-safety asserts. I took the liberty of renaming to CDMProxy,
for no other reason that it felt like a better name, sorry for the
confusion.

• platform/encryptedmedia/CDMProxy.cpp: Added.

(WebCore::Key::idAsString const):
(WebCore::Key::valueAsString const):
(WebCore::KeyStore::containsKeyID const):
(WebCore::KeyStore::merge):
(WebCore::KeyStore::allKeysAsReleased const):
(WebCore::KeyStore::addKeys):
(WebCore::KeyStore::add):
(WebCore::KeyStore::removeAllKeysFrom):
(WebCore::KeyStore::remove):
(WebCore::KeyStore::keyValue const):
(WebCore::KeyStore::convertToJSKeyStatusVector const):
(WebCore::CDMProxy::updateKeyStore):
(WebCore::CDMProxy::setInstance):
(WebCore::CDMProxy::keyValue const):
(WebCore::CDMProxy::startedWaitingForKey const):
(WebCore::CDMProxy::stoppedWaitingForKey const):
(WebCore::CDMProxy::tryWaitForKey const):
(WebCore::CDMProxy::keyAvailableUnlocked const):
(WebCore::CDMProxy::keyAvailable const):
(WebCore::CDMProxy::getOrWaitForKey const):
(WebCore::CDMInstanceProxy::startedWaitingForKey):
(WebCore::CDMInstanceProxy::stoppedWaitingForKey):
(WebCore::CDMInstanceProxy::mergeKeysFrom):
(WebCore::CDMInstanceProxy::removeAllKeysFrom):

• platform/encryptedmedia/CDMProxy.h: Added.

(WebCore::Key::create):
(WebCore::Key::idAsSharedBuffer const):
(WebCore::Key::id const):
(WebCore::Key::value const):
(WebCore::Key::value):
(WebCore::Key::status const):
(WebCore::Key::operator==):
(WebCore::Key::addSessionReference):
(WebCore::Key::removeSessionReference):
(WebCore::Key::numSessionReferences const):
(WebCore::Key::Key):
(WebCore::KeyStore::removeAllKeys):
(WebCore::KeyStore::numKeys const):
(WebCore::KeyStore::begin):
(WebCore::KeyStore::begin const):
(WebCore::KeyStore::end):
(WebCore::KeyStore::end const):
(WebCore::KeyStore::rbegin):
(WebCore::KeyStore::rbegin const):
(WebCore::KeyStore::rend):
(WebCore::KeyStore::rend const):
(WebCore::CDMInstanceProxy::setProxy):
(WebCore::CDMInstanceProxy::proxy const):
(WebCore::CDMInstanceProxy::isWaitingForKey const):
(WebCore::CDMInstanceProxy::setPlayer):
(WebCore::CDMInstanceProxy::trackSession):

• platform/encryptedmedia/clearkey/CDMClearKey.cpp:

(WebCore::parseLicenseFormat): Refactored to use new Key class.
(WebCore::extractKeyidsLocationFromCencInitData): Refactored to
use better named constants.
(WebCore::extractKeyidsFromCencInitData): Ditto.
(WebCore::CDMInstanceClearKey::createSession): Use the
trackSession method to allow easier monitoring of all EME
sessions.
(WebCore::CDMInstanceSessionClearKey::requestLicense): Refactor to
keep track of generated session IDs.
(WebCore::CDMInstanceSessionClearKey::updateLicense): Refactor to
use new key management classes.
(WebCore::CDMInstanceSessionClearKey::loadSession): Ditto.
(WebCore::CDMInstanceSessionClearKey::removeSessionData): Ditto.
(WebCore::ClearKeyState::keys): Deleted.
(WebCore::ClearKeyState::singleton): Deleted.
(WebCore::isolatedKey): Deleted.
(WebCore::ProxyCDMClearKey::isolatedKeys const): Deleted.
(WebCore::CDMInstanceClearKey::CDMInstanceClearKey): Deleted.
(WebCore::CDMInstanceClearKey::Key::keyIDAsString const): Deleted.
(WebCore::CDMInstanceClearKey::Key::keyValueAsString const): Deleted.
(WebCore::operator==): Deleted.
(WebCore::operator<): Deleted. It looks like we were unnecessarily
sorting the key vectors. It doesn't make any sense to impose an
ordering on keys, so I removed it.

• platform/encryptedmedia/clearkey/CDMClearKey.h: Refactor to use

new key management classes.

• platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.h:

Remove obsolete ProxyCDM method.

• platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::parseInitDataFromProtectionMessage):
Refactored out of syncMessage. The code was moved here and into
waitForCDMAttachment.
(WebCore::MediaPlayerPrivateGStreamer::waitForCDMAttachment):
Ditto.
(WebCore::MediaPlayerPrivateGStreamer::handleSyncMessage):
(WebCore::MediaPlayerPrivateGStreamer::handleMessage): Remove
waiting-for-key code, it was all broken anyway.
(WebCore::MediaPlayerPrivateGStreamer::cdmInstanceAttached):
Enforce use of CDMInstanceProxy, all GStreamer-based ports will be
using the CDMProxy derived classes from background
threads. CDMProxy's need a handle to the MediaPlayer for
waitingForKey management, so wire that in here too. Also wire the
GStreamer specific ClearKey proxy here.
(WebCore::MediaPlayerPrivateGStreamer::cdmInstanceDetached):
(WebCore::MediaPlayerPrivateGStreamer::waitingForKey const): Key
status notifications are the responsibility of the CDMProxy now.
(WebCore::MediaPlayerPrivateGStreamer::setWaitingForKey): Deleted.

• platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: Now

we use CDMInstanceProxy, not CDMInstance.

• platform/graphics/gstreamer/eme/CDMProxyClearKey.cpp:

Added. G*-specific ClearKey implementation.
(WebCore::CDMProxyClearKey::~CDMProxyClearKey):
(WebCore::CDMProxyClearKey::cencSetCounterVector):
(WebCore::CDMProxyClearKey::cencSetDecryptionKey):
(WebCore::CDMProxyClearKey::cencDecryptFullSample):
(WebCore::CDMProxyClearKey::cencDecryptSubsampled):
(WebCore::CDMProxyClearKey::cencDecrypt):
(WebCore::CDMProxyClearKey::initializeGcrypt):

• platform/graphics/gstreamer/eme/CDMProxyClearKey.h: Added.
• platform/graphics/gstreamer/eme/WebKitClearKeyDecryptorGStreamer.cpp:

Refactor to use CDMProxy.
(webkit_media_clear_key_decrypt_class_init):
(webkit_media_clear_key_decrypt_init):
(finalize):
(cdmProxyAttached):
(decrypt):
(handleKeyResponse): Deleted. This was a badly named method that
has been changed to cdmProxyAttached.
(findAndSetKey): Deleted.

• platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.cpp:

(webkit_media_common_encryption_decrypt_class_init):
(transformInPlace):
(isCDMProxyAvailable):
(getCDMProxyFromGstContext):
(attachCDMProxy):
(installCDMProxyIfNotAvailable):
(sinkEventHandler):
(changeState):
(setContext):
(): Deleted.
(isCDMInstanceAvailable): Deleted.
(queryHandler): Deleted.

• platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.h:
• testing/MockCDMFactory.cpp:

(WebCore::MockCDMInstance::proxyCDM const): Deleted.

• testing/MockCDMFactory.h:

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• Sources.txt (modified) (1 diff)
• WebCore.xcodeproj/project.pbxproj (modified) (2 diffs)
• platform/GStreamer.cmake (modified) (1 diff)
• platform/encryptedmedia/CDMInstance.h (modified) (2 diffs)
• platform/encryptedmedia/CDMProxy.cpp (added)
• platform/encryptedmedia/CDMProxy.h (added)
• platform/encryptedmedia/clearkey/CDMClearKey.cpp (modified) (22 diffs)
• platform/encryptedmedia/clearkey/CDMClearKey.h (modified) (4 diffs)
• platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.h (modified) (1 diff)
• platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp (modified) (8 diffs)
• platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h (modified) (3 diffs)
• platform/graphics/gstreamer/eme/CDMProxyClearKey.cpp (added)
• platform/graphics/gstreamer/eme/CDMProxyClearKey.h (added)
• platform/graphics/gstreamer/eme/WebKitClearKeyDecryptorGStreamer.cpp (modified) (8 diffs)
• platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.cpp (modified) (16 diffs)
• platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.h (modified) (2 diffs)
• testing/MockCDMFactory.cpp (modified) (2 diffs)
• testing/MockCDMFactory.h (modified) (2 diffs)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2020-02-12  Charlie Turner  <cturner@igalia.com>
+
+        [EME][GStreamer] Introduce CDMProxy
+        https://bugs.webkit.org/show_bug.cgi?id=206730
+
+        Reviewed by Xabier Rodriguez-Calvar.
+
+        Introduce a new subclass of CDMInstance, CDMProxyInstance.
+
+        CDMInstance is a main-thread only class, its purpose is to provide
+        an interface that will satisfy the JavaScript EME APIs, which by
+        design, don't actually interact with a real DRM system, what might
+        also be called "The CDM Instance". That's why the naming is
+        misleading here, CDMInstance isn't actually an instance of a real
+        CDM, rather it is a facade for JavaScript.
+
+        CDMProxyInstance is a sub-class which provides two APIs,
+        1/ For background media threads to safely interrogate the status
+        of keys and to perform decryption using said keys. This API is
+        exposed by CDMProxy and is platform specific.
+        2/ For media players to safely assess the state of decryptors and
+        what their status is.
+
+        CDMProxy exists to allow thread-safe access to a real CDM, along
+        with their quirks. The two main problems GTK integrators of a CDM
+        have in WebKit is key management and CDM access from background
+        media threads.
+
+        Key management is how to manage the state of keys in a way
+        coherent with JavaScript, the cross-platform EME implementation,
+        the real CDMs themselves, and the background media
+        threads. CDMProxy provides a default key store interface for
+        sub-classes. Sub-classes can, on receipt of new information from a
+        real CDM, tell CDMProxy about the keys and their
+        statuses. CDMProxy is intended to Do The Right Thing from there,
+        letting JavaScript and WebCore know all the details they need to
+        about the new state, as well as the media decode threads when they
+        next come asking.
+
+        Access from background threads is ill-advised when using the
+        thread-unsafe CDMInstance. We used to get away with doing exactly
+        this, but WebCore recently became more diligent about
+        thread-unsafe access of main-thread-only data, and we had to do
+        something to fix the asserts. That something was ProxyCDM (a
+        terrible name, removed now), which was a hack and please forget
+        about it. CDMProxy can be safely passed to background threads, and
+        it will by default provide a thread-safe view of the key store for
+        background threads to interrogate the key store and perform
+        CDM-specific decryption / decode.
+
+        Covered by existing tests.
+
+        * WebCore.xcodeproj/project.pbxproj: Add CDMProxy to build
+        definition.
+        * platform/GStreamer.cmake: Add CDMProxy include directories and
+        implementation files.
+        * platform/encryptedmedia/CDMInstance.h: Remove references to old
+        ProxyCDM shim. This approach was a temporary hack to avoid some
+        thread-safety asserts. I took the liberty of renaming to CDMProxy,
+        for no other reason that it felt like a better name, sorry for the
+        confusion.
+        * platform/encryptedmedia/CDMProxy.cpp: Added.
+        (WebCore::Key::idAsString const):
+        (WebCore::Key::valueAsString const):
+        (WebCore::KeyStore::containsKeyID const):
+        (WebCore::KeyStore::merge):
+        (WebCore::KeyStore::allKeysAsReleased const):
+        (WebCore::KeyStore::addKeys):
+        (WebCore::KeyStore::add):
+        (WebCore::KeyStore::removeAllKeysFrom):
+        (WebCore::KeyStore::remove):
+        (WebCore::KeyStore::keyValue const):
+        (WebCore::KeyStore::convertToJSKeyStatusVector const):
+        (WebCore::CDMProxy::updateKeyStore):
+        (WebCore::CDMProxy::setInstance):
+        (WebCore::CDMProxy::keyValue const):
+        (WebCore::CDMProxy::startedWaitingForKey const):
+        (WebCore::CDMProxy::stoppedWaitingForKey const):
+        (WebCore::CDMProxy::tryWaitForKey const):
+        (WebCore::CDMProxy::keyAvailableUnlocked const):
+        (WebCore::CDMProxy::keyAvailable const):
+        (WebCore::CDMProxy::getOrWaitForKey const):
+        (WebCore::CDMInstanceProxy::startedWaitingForKey):
+        (WebCore::CDMInstanceProxy::stoppedWaitingForKey):
+        (WebCore::CDMInstanceProxy::mergeKeysFrom):
+        (WebCore::CDMInstanceProxy::removeAllKeysFrom):
+        * platform/encryptedmedia/CDMProxy.h: Added.
+        (WebCore::Key::create):
+        (WebCore::Key::idAsSharedBuffer const):
+        (WebCore::Key::id const):
+        (WebCore::Key::value const):
+        (WebCore::Key::value):
+        (WebCore::Key::status const):
+        (WebCore::Key::operator==):
+        (WebCore::Key::addSessionReference):
+        (WebCore::Key::removeSessionReference):
+        (WebCore::Key::numSessionReferences const):
+        (WebCore::Key::Key):
+        (WebCore::KeyStore::removeAllKeys):
+        (WebCore::KeyStore::numKeys const):
+        (WebCore::KeyStore::begin):
+        (WebCore::KeyStore::begin const):
+        (WebCore::KeyStore::end):
+        (WebCore::KeyStore::end const):
+        (WebCore::KeyStore::rbegin):
+        (WebCore::KeyStore::rbegin const):
+        (WebCore::KeyStore::rend):
+        (WebCore::KeyStore::rend const):
+        (WebCore::CDMInstanceProxy::setProxy):
+        (WebCore::CDMInstanceProxy::proxy const):
+        (WebCore::CDMInstanceProxy::isWaitingForKey const):
+        (WebCore::CDMInstanceProxy::setPlayer):
+        (WebCore::CDMInstanceProxy::trackSession):
+        * platform/encryptedmedia/clearkey/CDMClearKey.cpp:
+        (WebCore::parseLicenseFormat): Refactored to use new Key class.
+        (WebCore::extractKeyidsLocationFromCencInitData): Refactored to
+        use better named constants.
+        (WebCore::extractKeyidsFromCencInitData): Ditto.
+        (WebCore::CDMInstanceClearKey::createSession): Use the
+        trackSession method to allow easier monitoring of all EME
+        sessions.
+        (WebCore::CDMInstanceSessionClearKey::requestLicense): Refactor to
+        keep track of generated session IDs.
+        (WebCore::CDMInstanceSessionClearKey::updateLicense): Refactor to
+        use new key management classes.
+        (WebCore::CDMInstanceSessionClearKey::loadSession): Ditto.
+        (WebCore::CDMInstanceSessionClearKey::removeSessionData): Ditto.
+        (WebCore::ClearKeyState::keys): Deleted.
+        (WebCore::ClearKeyState::singleton): Deleted.
+        (WebCore::isolatedKey): Deleted.
+        (WebCore::ProxyCDMClearKey::isolatedKeys const): Deleted.
+        (WebCore::CDMInstanceClearKey::CDMInstanceClearKey): Deleted.
+        (WebCore::CDMInstanceClearKey::Key::keyIDAsString const): Deleted.
+        (WebCore::CDMInstanceClearKey::Key::keyValueAsString const): Deleted.
+        (WebCore::operator==): Deleted.
+        (WebCore::operator<): Deleted. It looks like we were unnecessarily
+        sorting the key vectors. It doesn't make any sense to impose an
+        ordering on keys, so I removed it.
+        * platform/encryptedmedia/clearkey/CDMClearKey.h: Refactor to use
+        new key management classes.
+        * platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.h:
+        Remove obsolete ProxyCDM method.
+        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
+        (WebCore::MediaPlayerPrivateGStreamer::parseInitDataFromProtectionMessage):
+        Refactored out of syncMessage. The code was moved here and into
+        waitForCDMAttachment.
+        (WebCore::MediaPlayerPrivateGStreamer::waitForCDMAttachment):
+        Ditto.
+        (WebCore::MediaPlayerPrivateGStreamer::handleSyncMessage):
+        (WebCore::MediaPlayerPrivateGStreamer::handleMessage): Remove
+        waiting-for-key code, it was all broken anyway.
+        (WebCore::MediaPlayerPrivateGStreamer::cdmInstanceAttached):
+        Enforce use of CDMInstanceProxy, all GStreamer-based ports will be
+        using the CDMProxy derived classes from background
+        threads. CDMProxy's need a handle to the MediaPlayer for
+        waitingForKey management, so wire that in here too. Also wire the
+        GStreamer specific ClearKey proxy here.
+        (WebCore::MediaPlayerPrivateGStreamer::cdmInstanceDetached):
+        (WebCore::MediaPlayerPrivateGStreamer::waitingForKey const): Key
+        status notifications are the responsibility of the CDMProxy now.
+        (WebCore::MediaPlayerPrivateGStreamer::setWaitingForKey): Deleted.
+        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: Now
+        we use CDMInstanceProxy, not CDMInstance.
+        * platform/graphics/gstreamer/eme/CDMProxyClearKey.cpp:
+        Added. G*-specific ClearKey implementation.
+        (WebCore::CDMProxyClearKey::~CDMProxyClearKey):
+        (WebCore::CDMProxyClearKey::cencSetCounterVector):
+        (WebCore::CDMProxyClearKey::cencSetDecryptionKey):
+        (WebCore::CDMProxyClearKey::cencDecryptFullSample):
+        (WebCore::CDMProxyClearKey::cencDecryptSubsampled):
+        (WebCore::CDMProxyClearKey::cencDecrypt):
+        (WebCore::CDMProxyClearKey::initializeGcrypt):
+        * platform/graphics/gstreamer/eme/CDMProxyClearKey.h: Added.
+        * platform/graphics/gstreamer/eme/WebKitClearKeyDecryptorGStreamer.cpp:
+        Refactor to use CDMProxy.
+        (webkit_media_clear_key_decrypt_class_init):
+        (webkit_media_clear_key_decrypt_init):
+        (finalize):
+        (cdmProxyAttached):
+        (decrypt):
+        (handleKeyResponse): Deleted. This was a badly named method that
+        has been changed to cdmProxyAttached.
+        (findAndSetKey): Deleted.
+        * platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.cpp:
+        (webkit_media_common_encryption_decrypt_class_init):
+        (transformInPlace):
+        (isCDMProxyAvailable):
+        (getCDMProxyFromGstContext):
+        (attachCDMProxy):
+        (installCDMProxyIfNotAvailable):
+        (sinkEventHandler):
+        (changeState):
+        (setContext):
+        (): Deleted.
+        (isCDMInstanceAvailable): Deleted.
+        (queryHandler): Deleted.
+        * platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.h:
+        * testing/MockCDMFactory.cpp:
+        (WebCore::MockCDMInstance::proxyCDM const): Deleted.
+        * testing/MockCDMFactory.h:
+
 2020-02-12  Víctor Manuel Jáquez Leal  <vjaquez@igalia.com>
 

trunk/Source/WebCore/Sources.txt

@@ -1820 +1820 @@
 
 platform/encryptedmedia/CDMFactory.cpp
+platform/encryptedmedia/CDMProxy.cpp
 
 platform/graphics/ANGLEWebKitBridge.cpp

trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj

@@ -13884 +13884 @@
                 CD94A5D11F71CB6B00F525C5 /* CDMFactory.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CDMFactory.cpp; sourceTree = "<group>"; };
                 CD94A5D21F71CB6B00F525C5 /* CDMFactory.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CDMFactory.h; sourceTree = "<group>"; };
+                CD94A5CF1F71CB6100F525D5 /* CDMProxy.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CDMProxy.cpp; sourceTree = "<group>"; };
+                CD94A5CF1F71CB6100F525C5 /* CDMProxy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CDMProxy.h; sourceTree = "<group>"; };
                 CD94A5D31F71CB6C00F525C5 /* CDMMediaCapability.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CDMMediaCapability.h; sourceTree = "<group>"; };
                 CD94A5D41F71CB6C00F525C5 /* CDMKeyStatus.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CDMKeyStatus.h; sourceTree = "<group>"; };
@@ -26261 +26263 @@
                                 CD94A5D61F71CB6D00F525C5 /* CDMMessageType.h */,
                                 CD94A5CF1F71CB6A00F525C5 /* CDMPrivate.h */,
+                                CD94A5CF1F71CB6100F525D5 /* CDMProxy.cpp */,
+                                CD94A5CF1F71CB6100F525C5 /* CDMProxy.h */,
                                 CD94A5CC1F71CB6900F525C5 /* CDMRequirement.h */,
                                 CD94A5D01F71CB6B00F525C5 /* CDMRestrictions.h */,

trunk/Source/WebCore/platform/GStreamer.cmake

@@ -165 +165 @@
 
     list(APPEND WebCore_SOURCES
+        platform/encryptedmedia/CDMProxy.cpp
         platform/encryptedmedia/clearkey/CDMClearKey.cpp
-
         platform/graphics/gstreamer/eme/CDMFactoryGStreamer.cpp
+        platform/graphics/gstreamer/eme/CDMProxyClearKey.cpp
     )
 

trunk/Source/WebCore/platform/encryptedmedia/CDMInstance.h

@@ -40 +40 @@
 
 class SharedBuffer;
-
 class CDMInstanceSession;
-class ProxyCDM;
-
-// Handle to a "real" CDM, not the JavaScript facade. This can be used
-// from background threads (i.e. decryptors).
-class ProxyCDM : public ThreadSafeRefCounted<ProxyCDM> {
-public:
-    virtual ~ProxyCDM() = default;
-};
-
 struct CDMKeySystemConfiguration;
 
@@ -78 +68 @@
     virtual const String& keySystem() const = 0;
     virtual RefPtr<CDMInstanceSession> createSession() = 0;
-    virtual RefPtr<ProxyCDM> proxyCDM() const = 0;
 
     enum class HDCPStatus {

trunk/Source/WebCore/platform/encryptedmedia/clearkey/CDMClearKey.cpp

@@ -37 +37 @@
 #include "Logging.h"
 #include "SharedBuffer.h"
+#include <algorithm>
+#include <iterator>
 #include <wtf/JSONValues.h>
 #include <wtf/MainThread.h>
@@ -43 +45 @@
 
 namespace WebCore {
-
-// ClearKey CENC SystemID.
-// https://www.w3.org/TR/eme-initdata-cenc/#common-system
-const uint8_t clearKeyCencSystemId[] = { 0x10, 0x77, 0xef, 0xec, 0xc0, 0xb2, 0x4d, 0x02, 0xac, 0xe3, 0x3c, 0x1e, 0x52, 0xe2, 0xfb, 0x4b };
-const unsigned clearKeyCencSystemIdSize = sizeof(clearKeyCencSystemId);
-const unsigned keyIdSize = 16;
-
-class ClearKeyState {
-    using KeyStore = HashMap<String, Vector<CDMInstanceClearKey::Key>>;
-
-public:
-    static ClearKeyState& singleton();
-
-    KeyStore& keys() { return m_keys; }
-
-private:
-    friend class NeverDestroyed<ClearKeyState>;
-    ClearKeyState();
-    KeyStore m_keys;
-};
-
-ClearKeyState& ClearKeyState::singleton()
-{
-    static NeverDestroyed<ClearKeyState> s_state;
-    return s_state;
-}
-
-ClearKeyState::ClearKeyState() = default;
 
 static RefPtr<JSON::Object> parseJSONObject(const SharedBuffer& buffer)
@@ -89 +63 @@
 }
 
-static Optional<Vector<CDMInstanceClearKey::Key>> parseLicenseFormat(const JSON::Object& root)
+static Optional<Vector<RefPtr<Key>>> parseLicenseFormat(const JSON::Object& root)
 {
     // If the 'keys' key is present in the root object, parse the JSON further
@@ -102 +76 @@
         return WTF::nullopt;
 
-    Vector<CDMInstanceClearKey::Key> decodedKeys;
+    Vector<RefPtr<Key>> decodedKeys;
     bool validFormat = std::all_of(keysArray->begin(), keysArray->end(),
         [&decodedKeys] (const auto& value) {
@@ -117 +91 @@
                 return false;
 
-            Vector<char> keyIDData, keyValueData;
+            Vector<uint8_t> keyIDData, keyValueData;
             if (!WTF::base64URLDecode(keyID, { keyIDData }) || !WTF::base64URLDecode(keyValue, { keyValueData }))
                 return false;
 
-            decodedKeys.append({ CDMInstanceSession::KeyStatus::Usable, SharedBuffer::create(WTFMove(keyIDData)), SharedBuffer::create(WTFMove(keyValueData)) });
+            decodedKeys.append(Key::create(CDMInstanceSession::KeyStatus::Usable, WTFMove(keyIDData), WTFMove(keyValueData)));
             return true;
         });
@@ -182 +156 @@
 
         // Check the overflow InitData.
-        if (index + 12 + clearKeyCencSystemIdSize >= initDataSize)
+        if (index + 12 + ClearKey::cencSystemIdSize >= initDataSize)
             return keyIdsMap;
 
@@ -192 +166 @@
 
         // 12 = BMFF box header + Full box header.
-        if (!memcmp(&data[index + 12], clearKeyCencSystemId, clearKeyCencSystemIdSize)) {
+        if (!memcmp(&data[index + 12], ClearKey::cencSystemId, ClearKey::cencSystemIdSize)) {
             foundPssh = true;
             break;
@@ -203 +177 @@
         return keyIdsMap;
 
-    index += (12 + clearKeyCencSystemIdSize); // 12 (BMFF box header + Full box header) + SystemID size.
+    index += (12 + ClearKey::cencSystemIdSize); // 12 (BMFF box header + Full box header) + SystemID size.
 
     // Check the overflow.
@@ -213 +187 @@
 
     // Check the overflow.
-    if ((index + (keyIdsMap.first * keyIdSize)) >= initDataSize)
+    if ((index + (keyIdsMap.first * ClearKey::KeyIDSizeInBytes)) >= initDataSize)
         return keyIdsMap;
 
@@ -252 +226 @@
     // An array of key IDs. Each element of the array is the base64url encoding of the octet sequence containing the key ID value.
     for (unsigned i = 0; i < keyIdCount; i++) {
-        String keyId = WTF::base64URLEncode(&data[index], keyIdSize);
+        String keyId = WTF::base64URLEncode(&data[index], ClearKey::KeyIDSizeInBytes);
         keyIdsArray->pushString(keyId);
-        index += keyIdSize;
+        index += ClearKey::KeyIDSizeInBytes;
     }
 
@@ -457 +431 @@
 }
 
-// This is for thread-safety during an architectural situation that is
-// less than ideal. The GStreamer decryptors currently need to iterate
-// all known session keys to find the key data for priming
-// GCrypt. Ideally, all decryption would be the responsibility of
-// ProxyCDM object like this one. What the background GStreamer
-// thread was doing was getting copies (i.e. ref()'s) of SharedBuffers
-// created on the main-thread. With the new safety assertions in
-// WebKit, we can no longer do this. Instead, convert the refcounted
-// SharedBuffers into Strings which can be safely copied across
-// threads.
-static ProxyCDMClearKey::Key isolatedKey(const CDMInstanceClearKey::Key& key)
-{
-    return { key.status, String(key.keyIDData->data(), key.keyIDData->size()), String(key.keyValueData->data(), key.keyValueData->size()) };
-}
-
-const Vector<ProxyCDMClearKey::Key> ProxyCDMClearKey::isolatedKeys() const
-{
-    // Return the keys of all sessions, may be copied to background threads.
-    Vector<ProxyCDMClearKey::Key> allKeys { };
-    auto locker = holdLock(m_keysMutex);
-    size_t initialCapacity = 0;
-    for (auto& keyVector : ClearKeyState::singleton().keys().values())
-        initialCapacity += keyVector.size();
-    allKeys.reserveInitialCapacity(initialCapacity);
-
-    for (auto& keyVector : ClearKeyState::singleton().keys().values()) {
-        for (auto& key : keyVector)
-            allKeys.uncheckedAppend(isolatedKey(key));
-    }
-
-    return allKeys;
-}
-
-CDMInstanceClearKey::CDMInstanceClearKey()
-    : m_proxyCDM(adoptRef(*new ProxyCDMClearKey()))
-{
-}
-
 CDMInstanceClearKey::~CDMInstanceClearKey() = default;
 
@@ -536 +472 @@
 RefPtr<CDMInstanceSession> CDMInstanceClearKey::createSession()
 {
-    return adoptRef(new CDMInstanceSessionClearKey());
-}
-
-String CDMInstanceClearKey::Key::keyIDAsString() const
-{
-    return makeString("[", keyIDData->toHexString(), "]");
-}
-
-String CDMInstanceClearKey::Key::keyValueAsString() const
-{
-    return makeString("[", keyValueData->toHexString(), "]");
-}
-
-bool operator==(const CDMInstanceClearKey::Key& k1, const CDMInstanceClearKey::Key& k2)
-{
-    ASSERT(k1.keyIDData);
-    ASSERT(k2.keyIDData);
-
-    return *k1.keyIDData == *k2.keyIDData;
-}
-
-bool operator<(const CDMInstanceClearKey::Key& k1, const CDMInstanceClearKey::Key& k2)
-{
-    ASSERT(k1.keyIDData);
-    ASSERT(k2.keyIDData);
-
-    if (k1.keyIDData->size() != k2.keyIDData->size())
-        return k1.keyIDData->size() < k2.keyIDData->size();
-
-    return memcmp(k1.keyIDData->data(), k2.keyIDData->data(), k1.keyIDData->size());
+    RefPtr<CDMInstanceSession> newSession = adoptRef(new CDMInstanceSessionClearKey(*this));
+    trackSession(newSession);
+    return newSession;
 }
 
@@ -573 +482 @@
     ++s_sessionIdValue;
 
+    m_sessionID = String::number(s_sessionIdValue);
+
     if (equalLettersIgnoringASCIICase(initDataType, "cenc"))
         initData = extractKeyidsFromCencInitData(initData.get());
@@ -580 +491 @@
 
     callOnMainThread(
-        [weakThis = makeWeakPtr(*this), callback = WTFMove(callback), initData = WTFMove(initData), sessionIdValue = s_sessionIdValue]() mutable {
+        [weakThis = makeWeakPtr(*this), this, callback = WTFMove(callback), initData = WTFMove(initData)]() mutable {
             if (!weakThis)
                 return;
 
-            callback(WTFMove(initData), String::number(sessionIdValue), false, Succeeded);
+            callback(WTFMove(initData), m_sessionID, false, Succeeded);
         });
 }
@@ -590 +501 @@
 void CDMInstanceSessionClearKey::updateLicense(const String& sessionId, LicenseType, const SharedBuffer& response, LicenseUpdateCallback&& callback)
 {
-    // Use a helper functor that schedules the callback dispatch, avoiding
-    // duplicated callOnMainThread() calls.
+#if LOG_DISABLED
+    // We only use the sesion ID for debug logging. The verbose preprocessor checks are because
+    // the Mac port has -Werror -Wunused-parameter.
+    UNUSED_PARAM(sessionId);
+#endif
     auto dispatchCallback =
         [this, &callback](bool sessionWasClosed, Optional<KeyStatusVector>&& changedKeys, SuccessValue succeeded) {
@@ -605 +519 @@
     RefPtr<JSON::Object> root = parseJSONObject(response);
     if (!root) {
+        LOG(EME, "EME - ClearKey - session %s update payload was not valid JSON", sessionId.utf8().data());
         dispatchCallback(false, WTF::nullopt, SuccessValue::Failed);
         return;
     }
 
-    LOG(EME, "EME - ClearKey - updating license for session %s", sessionId.utf8().data());
+    LOG(EME, "EME - ClearKey - updating license for session %s which currently contains %u keys", sessionId.utf8().data(), m_keyStore.numKeys());
 
     if (auto decodedKeys = parseLicenseFormat(*root)) {
-        // Retrieve the target Vector of Key objects for this session.
-        // FIXME: Refactor this state management code.
-        Vector<CDMInstanceClearKey::Key>& keyVector = ClearKeyState::singleton().keys().ensure(sessionId, [] { return Vector<CDMInstanceClearKey::Key> { }; }).iterator->value;
-
-        bool keysChanged = false;
-        for (auto& decodedKey : *decodedKeys) {
-            LOG(EME, "EME - ClearKey - Decoded a key with ID %s and key data %s", decodedKey.keyIDAsString().utf8().data(), decodedKey.keyValueAsString().utf8().data());
-            auto keyWithMatchingKeyID = std::find_if(keyVector.begin(), keyVector.end(),
-                [&decodedKey] (const CDMInstanceClearKey::Key& containedKey) {
-                    return containedKey == decodedKey;
-                });
-            if (keyWithMatchingKeyID != keyVector.end()) {
-                LOG(EME, "EME - ClearKey - Existing key found with data %s", keyWithMatchingKeyID->keyValueAsString().utf8().data());
-
-                if (!keyWithMatchingKeyID->hasSameKeyValue(decodedKey)) {
-                    LOG(EME, "EME - ClearKey - Updating key since the data are different");
-                    *keyWithMatchingKeyID = WTFMove(decodedKey);
-                    keysChanged = true;
-                }
-            } else {
-                LOG(EME, "EME - ClearKey - This is a new key");
-                keyVector.append(WTFMove(decodedKey));
-                keysChanged = true;
-            }
-        }
-
-        LOG(EME, "EME - ClearKey - Update has provided %zu keys", keyVector.size());
+        bool keysChanged = m_keyStore.addKeys(WTFMove(*decodedKeys));
+
+        LOG(EME, "EME - ClearKey - session %s has %u keys after update()", sessionId.utf8().data(), m_keyStore.numKeys());
 
         Optional<KeyStatusVector> changedKeys;
         if (keysChanged) {
-            // Sort by key IDs.
-            std::sort(keyVector.begin(), keyVector.end());
-
-            KeyStatusVector keyStatusVector;
-            keyStatusVector.reserveInitialCapacity(keyVector.size());
-            for (auto& key : keyVector)
-                keyStatusVector.uncheckedAppend(std::pair<Ref<SharedBuffer>, KeyStatus> { *key.keyIDData, key.status });
-
-            changedKeys = WTFMove(keyStatusVector);
+            LOG(EME, "EME - ClearKey - session %s has changed keys", sessionId.utf8().data());
+            m_parentInstance.mergeKeysFrom(m_keyStore);
+            changedKeys = m_keyStore.convertToJSKeyStatusVector();
         }
 
@@ -658 +543 @@
 
     if (parseLicenseReleaseAcknowledgementFormat(*root)) {
-        // FIXME: Retrieve the key ID information and use it to validate the keys for this sessionId.
-        ClearKeyState::singleton().keys().remove(sessionId);
+        LOG(EME, "EME - ClearKey - session %s release acknowledged, clearing all known keys", sessionId.utf8().data());
+        m_parentInstance.removeAllKeysFrom(m_keyStore);
+        m_keyStore.removeAllKeys();
         dispatchCallback(true, WTF::nullopt, SuccessValue::Succeeded);
         return;
     }
 
-    // Bail in case no format was recognized.
+    LOG(EME, "EME - ClearKey - session %s update payload was an unrecognized format", sessionId.utf8().data());
     dispatchCallback(false, WTF::nullopt, SuccessValue::Failed);
 }
@@ -670 +556 @@
 void CDMInstanceSessionClearKey::loadSession(LicenseType, const String& sessionId, const String&, LoadSessionCallback&& callback)
 {
-    // Use a helper functor that schedules the callback dispatch, avoiding duplicated callOnMainThread() calls.
-    auto dispatchCallback =
-        [this, &callback](Optional<KeyStatusVector>&& existingKeys, SuccessValue success, SessionLoadFailure loadFailure) {
-            callOnMainThread(
-                [weakThis = makeWeakPtr(*this), callback = WTFMove(callback), existingKeys = WTFMove(existingKeys), success, loadFailure]() mutable {
-                    if (!weakThis)
-                        return;
-
-                    callback(WTFMove(existingKeys), WTF::nullopt, WTF::nullopt, success, loadFailure);
-                });
-        };
-
-    // Construct the KeyStatusVector object, representing all the known keys for this session.
-    KeyStatusVector keyStatusVector;
-    {
-        auto& keys = ClearKeyState::singleton().keys();
-        auto it = keys.find(sessionId);
-        if (it == keys.end()) {
-            dispatchCallback(WTF::nullopt, Failed, SessionLoadFailure::NoSessionData);
+#ifdef NDEBUG
+    UNUSED_PARAM(sessionId);
+#endif
+
+    ASSERT(sessionId == m_sessionID);
+    KeyStatusVector keyStatusVector = m_keyStore.convertToJSKeyStatusVector();
+    callOnMainThread([weakThis = makeWeakPtr(*this), callback = WTFMove(callback), &keyStatusVector]() mutable {
+        if (!weakThis)
             return;
-        }
-
-        auto& keyVector = it->value;
-        keyStatusVector.reserveInitialCapacity(keyVector.size());
-        for (auto& key : keyVector)
-            keyStatusVector.uncheckedAppend(std::pair<Ref<SharedBuffer>, KeyStatus> { *key.keyIDData, key.status });
-    }
-
-    dispatchCallback(WTFMove(keyStatusVector), Succeeded, SessionLoadFailure::None);
+
+        callback(WTFMove(keyStatusVector), WTF::nullopt, WTF::nullopt, Succeeded, SessionLoadFailure::None);
+    });
 }
 
@@ -714 +583 @@
 void CDMInstanceSessionClearKey::removeSessionData(const String& sessionId, LicenseType, RemoveSessionDataCallback&& callback)
 {
-    // Use a helper functor that schedules the callback dispatch, avoiding duplicated callOnMainThread() calls.
+#ifdef NDEBUG
+    UNUSED_PARAM(sessionId);
+#endif
+
+    ASSERT(sessionId == m_sessionID);
+
     auto dispatchCallback =
         [this, &callback](KeyStatusVector&& keyStatusVector, Optional<Ref<SharedBuffer>>&& message, SuccessValue success) {
@@ -728 +602 @@
     // Construct the KeyStatusVector object, representing released keys, and the message in the
     // 'license release' format.
-    KeyStatusVector keyStatusVector;
+    KeyStatusVector keyStatusVector = m_keyStore.allKeysAsReleased();
     RefPtr<SharedBuffer> message;
     {
-        // Retrieve information for the given session ID, bailing if none is found.
-        auto& keys = ClearKeyState::singleton().keys();
-        auto it = keys.find(sessionId);
-        if (it == keys.end()) {
-            dispatchCallback(KeyStatusVector { }, WTF::nullopt, SuccessValue::Failed);
-            return;
-        }
-
-        // Retrieve the Key vector, containing all the keys for this session, and
-        // then remove the key map entry for this session.
-        auto keyVector = WTFMove(it->value);
-        keys.remove(it);
-
-        // Construct the KeyStatusVector object, pairing key IDs with the 'released' status.
-        keyStatusVector.reserveInitialCapacity(keyVector.size());
-        for (auto& key : keyVector)
-            keyStatusVector.uncheckedAppend(std::pair<Ref<SharedBuffer>, KeyStatus> { *key.keyIDData, KeyStatus::Released });
-
         // Construct JSON that represents the 'license release' format, creating a 'kids' array
         // of base64URL-encoded key IDs for all keys that were associated with this session.
@@ -754 +610 @@
         {
             auto array = JSON::Array::create();
-            for (auto& key : keyVector) {
-                ASSERT(key.keyIDData->size() <= std::numeric_limits<unsigned>::max());
-                array->pushString(WTF::base64URLEncode(key.keyIDData->data(), static_cast<unsigned>(key.keyIDData->size())));
+            for (const auto& key : m_keyStore) {
+                ASSERT(key->id().size() <= std::numeric_limits<unsigned>::max());
+                array->pushString(WTF::base64URLEncode(key->id().data(), key->id().size()));
             }
             rootObject->setArray("kids", WTFMove(array));
@@ -767 +623 @@
     }
 
+    m_keyStore.removeAllKeys();
     dispatchCallback(WTFMove(keyStatusVector), Ref<SharedBuffer>(*message), SuccessValue::Succeeded);
 }

trunk/Source/WebCore/platform/encryptedmedia/clearkey/CDMClearKey.h

@@ -32 +32 @@
 
 #include "CDMFactory.h"
-#include "CDMInstance.h"
 #include "CDMInstanceSession.h"
 #include "CDMPrivate.h"
+#include "CDMProxy.h"
 #include "SharedBuffer.h"
 #include <wtf/WeakPtr.h>
 
 namespace WebCore {
+
+namespace ClearKey {
+
+// ClearKey CENC SystemID.
+// https://www.w3.org/TR/eme-initdata-cenc/#common-system
+const uint8_t cencSystemId[] = { 0x10, 0x77, 0xef, 0xec, 0xc0, 0xb2, 0x4d, 0x02, 0xac, 0xe3, 0x3c, 0x1e, 0x52, 0xe2, 0xfb, 0x4b };
+const unsigned cencSystemIdSize = sizeof(cencSystemId);
+enum {
+    AES128CTRBlockSizeInBytes = 16,
+    KeyIDSizeInBytes = 16,
+    IVSizeInBytes = 16,
+};
+
+} // namespace ClearKey
 
 class CDMFactoryClearKey final : public CDMFactory {
@@ -78 +92 @@
 };
 
-class ProxyCDMClearKey final : public ProxyCDM {
+class CDMInstanceClearKey final : public CDMInstanceProxy, public CanMakeWeakPtr<CDMInstanceClearKey> {
 public:
-    struct Key {
-        CDMInstanceSession::KeyStatus status;
-        String keyIDData;
-        String keyValueData;
-    };
-
-    virtual ~ProxyCDMClearKey() = default;
-    const Vector<Key> isolatedKeys() const;
-private:
-    mutable Lock m_keysMutex;
-};
-
-class CDMInstanceClearKey final : public CDMInstance, public CanMakeWeakPtr<CDMInstanceClearKey> {
-public:
-    CDMInstanceClearKey();
     virtual ~CDMInstanceClearKey();
 
+    // CDMInstance
     ImplementationType implementationType() const final { return ImplementationType::ClearKey; }
-
     SuccessValue initializeWithConfiguration(const CDMKeySystemConfiguration&) final;
     SuccessValue setDistinctiveIdentifiersAllowed(bool) final;
@@ -106 +105 @@
     const String& keySystem() const final;
     RefPtr<CDMInstanceSession> createSession() final;
-
-    struct Key {
-        CDMInstanceSession::KeyStatus status;
-        RefPtr<SharedBuffer> keyIDData;
-        RefPtr<SharedBuffer> keyValueData;
-
-        String keyIDAsString() const;
-        String keyValueAsString() const;
-
-        bool hasSameKeyValue(const Key &other)
-        {
-            ASSERT(keyValueData);
-            ASSERT(other.keyValueData);
-            return *keyValueData == *other.keyValueData;
-        }
-
-        // Two keys are equal if they have the same ID, ignoring key value and status.
-        friend bool operator==(const Key &k1, const Key &k2);
-        // Key's are ordered by their IDs, first by size, then by contents.
-        friend bool operator<(const Key &k1, const Key &k2);
-
-        friend bool operator!=(const Key &k1, const Key &k2) { return !(operator==(k1, k2)); }
-        friend bool operator>(const Key &k1, const Key &k2) { return !operator==(k1, k2) && !operator<(k1, k2); }
-        friend bool operator<=(const Key &k1, const Key &k2) { return !operator>(k1, k2); }
-        friend bool operator>=(const Key &k1, const Key &k2) { return !operator<(k1, k2); }
-    };
-
-    RefPtr<ProxyCDM> proxyCDM() const final { return m_proxyCDM; }
-
-private:
-    RefPtr<ProxyCDM> m_proxyCDM;
 };
 
 class CDMInstanceSessionClearKey final : public CDMInstanceSession, public CanMakeWeakPtr<CDMInstanceSessionClearKey> {
 public:
+    CDMInstanceSessionClearKey(CDMInstanceClearKey& parent)
+        : m_parentInstance(parent) { }
     void requestLicense(LicenseType, const AtomString& initDataType, Ref<SharedBuffer>&& initData, LicenseCallback&&) final;
     void updateLicense(const String&, LicenseType, const SharedBuffer&, LicenseUpdateCallback&&) final;
@@ -147 +117 @@
     void removeSessionData(const String&, LicenseType, RemoveSessionDataCallback&&) final;
     void storeRecordOfKeyUsage(const String&) final;
+private:
+    String m_sessionID;
+    CDMInstanceClearKey& m_parentInstance;
+    KeyStore m_keyStore;
 };
 

trunk/Source/WebCore/platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.h

@@ -81 +81 @@
     SuccessValue setStorageDirectory(const String&) final;
     RefPtr<CDMInstanceSession> createSession() final;
-    RefPtr<ProxyCDM> proxyCDM() const final { return nullptr; }
 
     const String& keySystem() const final;

trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp

@@ -66 +66 @@
 #if ENABLE(ENCRYPTED_MEDIA)
 #include "CDMInstance.h"
+#include "CDMProxyClearKey.h"
 #include "GStreamerEMEUtilities.h"
 #include "SharedBuffer.h"
@@ -1789 +1790 @@
 }
 
+InitData MediaPlayerPrivateGStreamer::parseInitDataFromProtectionMessage(GstMessage* message)
+{
+    ASSERT(!isMainThread());
+
+    InitData initData;
+    {
+        LockHolder lock(m_protectionMutex);
+        ProtectionSystemEvents protectionSystemEvents(message);
+        GST_TRACE_OBJECT(pipeline(), "found %zu protection events, %zu decryptors available", protectionSystemEvents.events().size(), protectionSystemEvents.availableSystems().size());
+
+        for (auto& event : protectionSystemEvents.events()) {
+            const char* eventKeySystemId = nullptr;
+            GstBuffer* data = nullptr;
+            gst_event_parse_protection(event.get(), &eventKeySystemId, &data, nullptr);
+
+            initData.append({eventKeySystemId, data});
+            m_handledProtectionEvents.add(GST_EVENT_SEQNUM(event.get()));
+        }
+    }
+
+    return initData;
+}
+
+bool MediaPlayerPrivateGStreamer::waitForCDMAttachment()
+{
+    if (isMainThread()) {
+        GST_ERROR_OBJECT(pipeline(), "can't block the main thread waiting for a CDM instance");
+        ASSERT_NOT_REACHED();
+        return false;
+    }
+
+    GST_INFO_OBJECT(pipeline(), "waiting for a CDM instance");
+
+    bool didCDMAttach = false;
+    {
+        auto cdmAttachmentLocker = holdLock(m_cdmAttachmentMutex);
+        didCDMAttach = m_cdmAttachmentCondition.waitFor(m_cdmAttachmentMutex, 4_s, [this]() {
+            return isCDMAttached();
+        });
+    }
+
+    return didCDMAttach;
+}
+
 bool MediaPlayerPrivateGStreamer::handleSyncMessage(GstMessage* message)
 {
@@ -1824 +1869 @@
 #if ENABLE(ENCRYPTED_MEDIA)
     if (!g_strcmp0(contextType, "drm-preferred-decryption-system-id")) {
-        if (isMainThread()) {
-            GST_ERROR("can't handle drm-preferred-decryption-system-id need context message in the main thread");
-            ASSERT_NOT_REACHED();
-            return false;
-        }
-        GST_DEBUG_OBJECT(pipeline(), "handling drm-preferred-decryption-system-id need context message");
-
-        InitData initData;
-        {
-            LockHolder lock(m_protectionMutex);
-            ProtectionSystemEvents protectionSystemEvents(message);
-            GST_TRACE("found %zu protection events, %zu decryptors available", protectionSystemEvents.events().size(), protectionSystemEvents.availableSystems().size());
-
-            for (auto& event : protectionSystemEvents.events()) {
-                const char* eventKeySystemId = nullptr;
-                GstBuffer* data = nullptr;
-                gst_event_parse_protection(event.get(), &eventKeySystemId, &data, nullptr);
-
-                initData.append({eventKeySystemId, data});
-                m_handledProtectionEvents.add(GST_EVENT_SEQNUM(event.get()));
-            }
-        }
-        initializationDataEncountered(WTFMove(initData));
-
-        GST_INFO_OBJECT(pipeline(), "waiting for a CDM instance");
-
-        bool didCDMAttach = false;
-        {
-            auto cdmAttachmentLocker = holdLock(m_cdmAttachmentMutex);
-            didCDMAttach = m_cdmAttachmentCondition.waitFor(m_cdmAttachmentMutex, 4_s, [this]() {
-                return isCDMAttached();
-            });
-        }
-
-        if (didCDMAttach && !isPlayerShuttingDown() && !m_cdmInstance->keySystem().isEmpty()) {
+        initializationDataEncountered(parseInitDataFromProtectionMessage(message));
+        bool isCDMAttached = waitForCDMAttachment();
+        if (isCDMAttached && !isPlayerShuttingDown() && !m_cdmInstance->keySystem().isEmpty()) {
             const char* preferredKeySystemUuid = GStreamerEMEUtilities::keySystemToUuid(m_cdmInstance->keySystem());
             GST_INFO_OBJECT(pipeline(), "working with key system %s, continuing with key system %s on %s", m_cdmInstance->keySystem().utf8().data(), preferredKeySystemUuid, GST_MESSAGE_SRC_NAME(message));
@@ -1866 +1879 @@
             gst_structure_set(contextStructure, "decryption-system-id", G_TYPE_STRING, preferredKeySystemUuid, nullptr);
             gst_element_set_context(GST_ELEMENT(GST_MESSAGE_SRC(message)), context.get());
-        } else
-            GST_WARNING("CDM instance not initialized");
-
-        return true;
+            return true;
+        }
+
+        GST_WARNING_OBJECT(pipeline(), "waiting for a CDM failed, no CDM available");
+        return false;
     }
 #endif // ENABLE(ENCRYPTED_MEDIA)
@@ -2198 +2212 @@
             processMpegTsSection(section);
             gst_mpegts_section_unref(section);
-        }
-#endif
-#if ENABLE(ENCRYPTED_MEDIA)
-        else if (gst_structure_has_name(structure, "drm-waiting-for-key")) {
-            GST_DEBUG_OBJECT(pipeline(), "drm-waiting-for-key message from %s", GST_MESSAGE_SRC_NAME(message));
-            setWaitingForKey(true);
-            // FIXME: The decryptors should be able to attempt to decrypt after being created and linked in a pipeline but currently they are not and current
-            // architecture does not make this very easy. Fortunately, the arch will change soon and it does not pay off to fix this now with something that could be
-            // more convoluted. In the meantime, force attempt to decrypt when they get blocked.
-            attemptToDecryptWithLocalInstance();
-        } else if (gst_structure_has_name(structure, "drm-key-received")) {
-            GST_DEBUG_OBJECT(pipeline(), "drm-key-received message from %s", GST_MESSAGE_SRC_NAME(message));
-            setWaitingForKey(false);
         }
 #endif
@@ -3729 +3730 @@
     }
 
-    m_cdmInstance = &instance;
-
-    GRefPtr<GstContext> context = adoptGRef(gst_context_new("drm-cdm-instance", FALSE));
+    m_cdmInstance = reinterpret_cast<CDMInstanceProxy*>(&instance);
+    RELEASE_ASSERT(m_cdmInstance);
+    m_cdmInstance->setPlayer(m_player);
+    m_cdmInstance->setProxy(adoptRef(*new CDMProxyClearKey));
+
+    GRefPtr<GstContext> context = adoptGRef(gst_context_new("drm-cdm-proxy", FALSE));
     GstStructure* contextStructure = gst_context_writable_structure(context.get());
-    gst_structure_set(contextStructure, "cdm-instance", G_TYPE_POINTER, m_cdmInstance->proxyCDM().get(), nullptr);
+    gst_structure_set(contextStructure, "cdm-proxy", G_TYPE_POINTER, m_cdmInstance->proxy().get(), nullptr);
     gst_element_set_context(GST_ELEMENT(m_pipeline.get()), context.get());
 
-    GST_DEBUG_OBJECT(m_pipeline.get(), "CDM proxy instance %p dispatched as context", m_cdmInstance->proxyCDM().get());
+    GST_DEBUG_OBJECT(m_pipeline.get(), "CDM proxy instance %p dispatched as context", m_cdmInstance->proxy().get());
 
     LockHolder lock(m_cdmAttachmentMutex);
@@ -3758 +3762 @@
     m_cdmInstance = nullptr;
 
-    GRefPtr<GstContext> context = adoptGRef(gst_context_new("drm-cdm-instance", FALSE));
+    GRefPtr<GstContext> context = adoptGRef(gst_context_new("drm-cdm-proxy", FALSE));
     gst_element_set_context(GST_ELEMENT(m_pipeline.get()), context.get());
 }
@@ -3791 +3795 @@
 }
 
-void MediaPlayerPrivateGStreamer::setWaitingForKey(bool isWaitingForKey)
-{
-    // We bail out if values did not change or if we are requested to not wait anymore but there are still waiting decryptors.
-    GST_TRACE("isWaitingForKey %s, m_isWaitingForKey %s", boolForPrinting(isWaitingForKey), boolForPrinting(m_isWaitingForKey));
-    if (isWaitingForKey == m_isWaitingForKey || (!isWaitingForKey && this->waitingForKey()))
-        return;
-
-    m_isWaitingForKey = isWaitingForKey;
-    GST_DEBUG("waiting for key changed %s", boolForPrinting(m_isWaitingForKey));
-    m_player->waitingForKeyChanged();
-}
-
 bool MediaPlayerPrivateGStreamer::waitingForKey() const
 {
-    if (!m_pipeline)
+    if (!m_pipeline || !m_cdmInstance)
         return false;
 
-    GstState state;
-    gst_element_get_state(m_pipeline.get(), &state, nullptr, 0);
-
-    bool result = false;
-    GRefPtr<GstQuery> query = adoptGRef(gst_query_new_custom(GST_QUERY_CUSTOM, gst_structure_new_empty("any-decryptor-waiting-for-key")));
-    if (state >= GST_STATE_PAUSED) {
-        result = gst_element_query(m_pipeline.get(), query.get());
-        GST_TRACE("query result %s, on %s", boolForPrinting(result), gst_element_state_get_name(state));
-    } else if (state >= GST_STATE_READY) {
-        // Running a query in the pipeline is easier but it only works when the pipeline is set up and running, otherwise we need to inspect it and ask the decryptors directly.
-        GUniquePtr<GstIterator> iterator(gst_bin_iterate_recurse(GST_BIN(m_pipeline.get())));
-        GstIteratorResult iteratorResult;
-        do {
-            iteratorResult = gst_iterator_fold(iterator.get(), [](const GValue *item, GValue *, gpointer data) -> gboolean {
-                GstElement* element = GST_ELEMENT(g_value_get_object(item));
-                GstQuery* query = GST_QUERY(data);
-                return !WEBKIT_IS_MEDIA_CENC_DECRYPT(element) || !gst_element_query(element, query);
-            }, nullptr, query.get());
-            if (iteratorResult == GST_ITERATOR_RESYNC)
-                gst_iterator_resync(iterator.get());
-        } while (iteratorResult == GST_ITERATOR_RESYNC);
-        if (iteratorResult == GST_ITERATOR_ERROR)
-            GST_WARNING("iterator returned an error");
-        result = iteratorResult == GST_ITERATOR_OK;
-        GST_TRACE("iterator result %d, waiting %s", iteratorResult, boolForPrinting(result));
-    }
-
-    return result;
+    return m_cdmInstance->isWaitingForKey();
 }
 #endif

trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h

@@ -75 +75 @@
 #include "TextureMapperPlatformLayerProxyProvider.h"
 #endif
+#endif
+
+#if ENABLE(ENCRYPTED_MEDIA)
+#include "CDMProxy.h"
 #endif
 
@@ -372 +376 @@
     Lock m_cdmAttachmentMutex;
     Condition m_cdmAttachmentCondition;
-    RefPtr<const CDMInstance> m_cdmInstance;
+    RefPtr<CDMInstanceProxy> m_cdmInstance;
 
     Lock m_protectionMutex; // Guards access to m_handledProtectionEvents.
@@ -451 +455 @@
     void attemptToDecryptWithLocalInstance();
     void initializationDataEncountered(InitData&&);
-    void setWaitingForKey(bool);
+    InitData parseInitDataFromProtectionMessage(GstMessage*);
+    bool waitForCDMAttachment();
 #endif
 

trunk/Source/WebCore/platform/graphics/gstreamer/eme/WebKitClearKeyDecryptorGStreamer.cpp

@@ -26 +26 @@
 
 #include "CDMClearKey.h"
+#include "CDMProxyClearKey.h"
 #include "GStreamerCommon.h"
 #include "GStreamerEMEUtilities.h"
@@ -38 +39 @@
 #define WEBKIT_MEDIA_CK_DECRYPT_GET_PRIVATE(obj) (G_TYPE_INSTANCE_GET_PRIVATE((obj), WEBKIT_TYPE_MEDIA_CK_DECRYPT, WebKitMediaClearKeyDecryptPrivate))
 struct _WebKitMediaClearKeyDecryptPrivate {
-    RefPtr<ProxyCDMClearKey> proxyCDM;
-    gcry_cipher_hd_t handle;
+    RefPtr<CDMProxyClearKey> cdmProxy;
 };
 
 static void finalize(GObject*);
-static bool handleKeyResponse(WebKitMediaCommonEncryptionDecrypt* self, RefPtr<ProxyCDM>);
+static bool cdmProxyAttached(WebKitMediaCommonEncryptionDecrypt* self, RefPtr<CDMProxy>);
 static bool decrypt(WebKitMediaCommonEncryptionDecrypt*, GstBuffer* iv, GstBuffer* keyid, GstBuffer* sample, unsigned subSamplesCount, GstBuffer* subSamples);
 
@@ -85 +85 @@
     WebKitMediaCommonEncryptionDecryptClass* cencClass = WEBKIT_MEDIA_CENC_DECRYPT_CLASS(klass);
     cencClass->protectionSystemId = GStreamerEMEUtilities::s_ClearKeyUUID;
-    cencClass->handleKeyResponse = GST_DEBUG_FUNCPTR(handleKeyResponse);
+    cencClass->cdmProxyAttached = GST_DEBUG_FUNCPTR(cdmProxyAttached);
     cencClass->decrypt = GST_DEBUG_FUNCPTR(decrypt);
 
@@ -94 +94 @@
 {
     WebKitMediaClearKeyDecryptPrivate* priv = WEBKIT_MEDIA_CK_DECRYPT_GET_PRIVATE(self);
-
     self->priv = priv;
     new (priv) WebKitMediaClearKeyDecryptPrivate();
-    if (gcry_error_t error = gcry_cipher_open(&(priv->handle), GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, GCRY_CIPHER_SECURE)) {
-        GST_ERROR_OBJECT(self, "Failed to create AES 128 CTR cipher handle: %s", gpg_strerror(error));
-        ASSERT(!error);
-    }
 }
 
@@ -107 +102 @@
     WebKitMediaClearKeyDecrypt* self = WEBKIT_MEDIA_CK_DECRYPT(object);
     WebKitMediaClearKeyDecryptPrivate* priv = self->priv;
-    gcry_cipher_close(priv->handle);
     priv->~WebKitMediaClearKeyDecryptPrivate();
 
@@ -113 +107 @@
 }
 
-static bool handleKeyResponse(WebKitMediaCommonEncryptionDecrypt* self, RefPtr<ProxyCDM> proxyCDM)
+static bool cdmProxyAttached(WebKitMediaCommonEncryptionDecrypt* self, RefPtr<CDMProxy> cdmProxy)
 {
     WebKitMediaClearKeyDecryptPrivate* priv = WEBKIT_MEDIA_CK_DECRYPT_GET_PRIVATE(WEBKIT_MEDIA_CK_DECRYPT(self));
-    priv->proxyCDM = reinterpret_cast<ProxyCDMClearKey*>(proxyCDM.get());
-    return priv->proxyCDM;
+    priv->cdmProxy = reinterpret_cast<CDMProxyClearKey*>(cdmProxy.get());
+    return priv->cdmProxy;
 }
 
-static bool findAndSetKey(WebKitMediaClearKeyDecryptPrivate* priv, const String&& keyID)
+static bool decrypt(WebKitMediaCommonEncryptionDecrypt* self, GstBuffer* ivBuffer, GstBuffer* keyIDBuffer, GstBuffer* buffer, unsigned subsampleCount, GstBuffer* subsamplesBuffer)
 {
-    String keyValue;
+    WebKitMediaClearKeyDecryptPrivate* priv = WEBKIT_MEDIA_CK_DECRYPT_GET_PRIVATE(WEBKIT_MEDIA_CK_DECRYPT(self));
 
-    for (const auto& key : priv->proxyCDM->isolatedKeys()) {
-        if (key.keyIDData == keyID) {
-            keyValue = key.keyValueData;
-            break;
-        }
-    }
-
-    if (keyValue.isEmpty()) {
-        GST_ERROR_OBJECT(priv, "failed to find a decryption key");
-        return false;
-    }
-
-    ASSERT(keyValue.sizeInBytes() == CLEARKEY_SIZE);
-    if (gcry_error_t error = gcry_cipher_setkey(priv->handle, keyValue.characters8(), keyValue.sizeInBytes())) {
-        GST_ERROR_OBJECT(priv, "gcry_cipher_setkey failed: %s", gpg_strerror(error));
-        return false;
-    }
-
-    return true;
-}
-
-static bool decrypt(WebKitMediaCommonEncryptionDecrypt* self, GstBuffer* ivBuffer, GstBuffer* keyIDBuffer, GstBuffer* buffer, unsigned subSampleCount, GstBuffer* subSamplesBuffer)
-{
-    if (!ivBuffer) {
-        GST_ERROR_OBJECT(self, "no IV buffer");
+    if (!ivBuffer || !keyIDBuffer || !buffer) {
+        GST_ERROR_OBJECT(self, "invalid decrypt() parameter");
         return false;
     }
@@ -155 +126 @@
     if (!mappedIVBuffer) {
         GST_ERROR_OBJECT(self, "failed to map IV buffer");
-        return false;
-    }
-
-    uint8_t ctr[CLEARKEY_SIZE];
-    if (mappedIVBuffer->size() == 8) {
-        memset(ctr + 8, 0, 8);
-        memcpy(ctr, mappedIVBuffer->data(), 8);
-    } else {
-        ASSERT(mappedIVBuffer->size() == CLEARKEY_SIZE);
-        memcpy(ctr, mappedIVBuffer->data(), CLEARKEY_SIZE);
-    }
-
-    WebKitMediaClearKeyDecryptPrivate* priv = WEBKIT_MEDIA_CK_DECRYPT_GET_PRIVATE(WEBKIT_MEDIA_CK_DECRYPT(self));
-    gcry_error_t cipherError = gcry_cipher_setctr(priv->handle, ctr, CLEARKEY_SIZE);
-    if (cipherError) {
-        GST_ERROR_OBJECT(self, "gcry_cipher_setctr failed: %s", gpg_strerror(cipherError));
-        return false;
-    }
-
-    if (!buffer) {
-        GST_ERROR_OBJECT(self, "No buffer to decrypt");
         return false;
     }
@@ -191 +141 @@
     }
 
-    findAndSetKey(priv, String(mappedKeyIdBuffer->data(), mappedKeyIdBuffer->size()));
-
-    unsigned position = 0;
-    unsigned sampleIndex = 0;
-
-    if (!subSampleCount) {
-        // Full sample encryption.
-        GST_TRACE_OBJECT(self, "full sample encryption: %zu encrypted bytes", mappedBuffer->size());
-
-        // Check if the buffer is empty.
-        if (mappedBuffer->size()) {
-            cipherError = gcry_cipher_decrypt(priv->handle, mappedBuffer->data(), mappedBuffer->size(), 0, 0);
-            if (cipherError) {
-                GST_ERROR_OBJECT(self, "full sample decryption failed: %s", gpg_strerror(cipherError));
-                return false;
-            }
+    RefPtr<GstMappedBuffer> mappedSubsamplesBuffer;
+    CDMProxyClearKey::cencDecryptContext context;
+    context.keyID = mappedKeyIdBuffer->data();
+    context.keyIDSizeInBytes = mappedKeyIdBuffer->size();
+    context.iv = mappedIVBuffer->data();
+    context.ivSizeInBytes = mappedIVBuffer->size();
+    context.encryptedBuffer = mappedBuffer->data();
+    context.encryptedBufferSizeInBytes = mappedBuffer->size();
+    context.numSubsamples = subsampleCount;
+    if (!subsampleCount)
+        context.subsamplesBuffer = nullptr;
+    else {
+        ASSERT(subsamplesBuffer);
+        mappedSubsamplesBuffer = WebCore::GstMappedBuffer::create(subsamplesBuffer, GST_MAP_READ);
+        if (!mappedSubsamplesBuffer) {
+            GST_ERROR_OBJECT(self, "Failed to map subsample buffer");
+            return false;
         }
-        return true;
+        context.subsamplesBuffer = mappedSubsamplesBuffer->data();
+        context.subsamplesBufferSizeInBytes = mappedSubsamplesBuffer->size();
     }
 
-    // Check subSamplesBuffer isn't null.
-    if (!subSamplesBuffer) {
-        GST_ERROR_OBJECT(self, "Error, the subSampleBuffer is null");
-        return false;
-    }
-
-    // Subsample encryption.
-    auto mappedSubSamplesBuffer = WebCore::GstMappedBuffer::create(subSamplesBuffer, GST_MAP_READ);
-    if (!mappedSubSamplesBuffer) {
-        GST_ERROR_OBJECT(self, "Failed to map subsample buffer");
-        return false;
-    }
-
-    GUniquePtr<GstByteReader> reader(gst_byte_reader_new(mappedSubSamplesBuffer->data(), mappedSubSamplesBuffer->size()));
-    GST_DEBUG_OBJECT(self, "position: %d, size: %zu", position, mappedBuffer->size());
-
-    while (position < mappedBuffer->size()) {
-        guint16 nBytesClear = 0;
-        guint32 nBytesEncrypted = 0;
-
-        if (sampleIndex < subSampleCount) {
-            if (!gst_byte_reader_get_uint16_be(reader.get(), &nBytesClear)
-                || !gst_byte_reader_get_uint32_be(reader.get(), &nBytesEncrypted)) {
-                GST_DEBUG_OBJECT(self, "unsupported");
-                return false;
-            }
-            sampleIndex++;
-        } else {
-            nBytesClear = 0;
-            nBytesEncrypted = mappedBuffer->size() - position;
-        }
-
-        GST_TRACE_OBJECT(self, "subsample index %u - %hu bytes clear (todo=%zu)", sampleIndex, nBytesClear, mappedBuffer->size() - position);
-        position += nBytesClear;
-        if (nBytesEncrypted) {
-            GST_TRACE_OBJECT(self, "subsample index %u - %u bytes encrypted (todo=%zu)", sampleIndex, nBytesEncrypted, mappedBuffer->size() - position);
-            cipherError = gcry_cipher_decrypt(priv->handle, mappedBuffer->data() + position, nBytesEncrypted, 0, 0);
-            if (cipherError) {
-                GST_ERROR_OBJECT(self, "sub sample index %u decryption failed: %s", sampleIndex, gpg_strerror(cipherError));
-                return false;
-            }
-            position += nBytesEncrypted;
-        }
-    }
-
-    return true;
+    return priv->cdmProxy->cencDecrypt(context);
 }
 

trunk/Source/WebCore/platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.cpp

@@ -26 +26 @@
 #if ENABLE(ENCRYPTED_MEDIA) && USE(GSTREAMER)
 
+#include "CDMProxy.h"
 #include "GStreamerCommon.h"
 #include "GStreamerEMEUtilities.h"
@@ -31 +32 @@
 #include <wtf/PrintStream.h>
 #include <wtf/RunLoop.h>
-
-using WebCore::ProxyCDM;
+#include <wtf/Scope.h>
+
+using WebCore::CDMProxy;
 
 #define WEBKIT_MEDIA_CENC_DECRYPT_GET_PRIVATE(obj) (G_TYPE_INSTANCE_GET_PRIVATE((obj), WEBKIT_TYPE_MEDIA_CENC_DECRYPT, WebKitMediaCommonEncryptionDecryptPrivate))
 struct _WebKitMediaCommonEncryptionDecryptPrivate {
     GRefPtr<GstEvent> protectionEvent;
-    RefPtr<ProxyCDM> proxyCDM;
-    bool keyReceived { false };
-    bool waitingForKey { false };
-    Lock mutex;
-    Condition condition;
+    RefPtr<CDMProxy> cdmProxy;
+
+    Lock cdmAttachmentMutex;
+    Condition cdmAttachmentCondition;
 };
+
+static constexpr Seconds MaxSecondsToWaitForCDMProxy = 5_s;
 
 static GstStateChangeReturn changeState(GstElement*, GstStateChange transition);
@@ -49 +52 @@
 static GstFlowReturn transformInPlace(GstBaseTransform*, GstBuffer*);
 static gboolean sinkEventHandler(GstBaseTransform*, GstEvent*);
-static gboolean queryHandler(GstBaseTransform*, GstPadDirection, GstQuery*);
-static bool isCDMInstanceAvailable(WebKitMediaCommonEncryptionDecrypt*);
 static void setContext(GstElement*, GstContext*);
-
 
 GST_DEBUG_CATEGORY_STATIC(webkit_media_common_encryption_decrypt_debug_category);
@@ -77 +77 @@
     baseTransformClass->transform_ip_on_passthrough = FALSE;
     baseTransformClass->sink_event = GST_DEBUG_FUNCPTR(sinkEventHandler);
-    baseTransformClass->query = GST_DEBUG_FUNCPTR(queryHandler);
 
     g_type_class_add_private(klass, sizeof(WebKitMediaCommonEncryptionDecryptPrivate));
@@ -178 +177 @@
     WebKitMediaCommonEncryptionDecrypt* self = WEBKIT_MEDIA_CENC_DECRYPT(base);
     WebKitMediaCommonEncryptionDecryptPrivate* priv = WEBKIT_MEDIA_CENC_DECRYPT_GET_PRIVATE(self);
-    LockHolder locker(priv->mutex);
-
-    // The key might not have been received yet. Wait for it.
-    if (!priv->keyReceived) {
-        GST_DEBUG_OBJECT(self, "key not available yet, waiting for it");
-        if (GST_STATE(GST_ELEMENT(self)) < GST_STATE_PAUSED || (GST_STATE_TARGET(GST_ELEMENT(self)) != GST_STATE_VOID_PENDING && GST_STATE_TARGET(GST_ELEMENT(self)) < GST_STATE_PAUSED)) {
-            GST_ERROR_OBJECT(self, "can't process key requests in less than PAUSED state");
+
+    LockHolder locker(priv->cdmAttachmentMutex);
+
+    // The CDM instance needs to be negotiated before we can begin decryption.
+    if (!priv->cdmProxy) {
+        GST_DEBUG_OBJECT(self, "CDM not available, going to wait for it");
+        priv->cdmAttachmentCondition.waitFor(priv->cdmAttachmentMutex, MaxSecondsToWaitForCDMProxy, [priv] {
+            return priv->cdmProxy;
+        });
+        if (!priv->cdmProxy) {
+            GST_ERROR_OBJECT(self, "CDMProxy was not retrieved in time");
             return GST_FLOW_NOT_SUPPORTED;
         }
-        // Send "drm-cdm-instance-needed" message to the player to resend the CDMInstance if available and inform we are waiting for key.
-        priv->waitingForKey = true;
-        gst_element_post_message(GST_ELEMENT(self), gst_message_new_element(GST_OBJECT(self), gst_structure_new_empty("drm-waiting-for-key")));
-
-        priv->condition.waitFor(priv->mutex, Seconds(5), [priv] {
-            return priv->keyReceived;
-        });
-        if (!priv->keyReceived) {
-            GST_ERROR_OBJECT(self, "key not available");
-            return GST_FLOW_NOT_SUPPORTED;
-        }
-        GST_DEBUG_OBJECT(self, "key received, continuing");
-        priv->waitingForKey = false;
-        gst_element_post_message(GST_ELEMENT(self), gst_message_new_element(GST_OBJECT(self), gst_structure_new_empty("drm-key-received")));
+        GST_DEBUG_OBJECT(self, "CDM now available with address %p", priv->cdmProxy.get());
     }
 
@@ -208 +198 @@
         return GST_FLOW_NOT_SUPPORTED;
     }
+    auto removeProtectionMetaOnReturn = makeScopeExit([buffer, protectionMeta] {
+        gst_buffer_remove_meta(buffer, reinterpret_cast<GstMeta*>(protectionMeta));
+    });
 
     unsigned ivSize;
     if (!gst_structure_get_uint(protectionMeta->info, "iv_size", &ivSize)) {
         GST_ERROR_OBJECT(self, "Failed to get iv_size");
-        gst_buffer_remove_meta(buffer, reinterpret_cast<GstMeta*>(protectionMeta));
         return GST_FLOW_NOT_SUPPORTED;
     }
@@ -219 +211 @@
     if (!gst_structure_get_boolean(protectionMeta->info, "encrypted", &encrypted)) {
         GST_ERROR_OBJECT(self, "Failed to get encrypted flag");
-        gst_buffer_remove_meta(buffer, reinterpret_cast<GstMeta*>(protectionMeta));
-        return GST_FLOW_NOT_SUPPORTED;
-    }
-
-    if (!ivSize || !encrypted) {
-        gst_buffer_remove_meta(buffer, reinterpret_cast<GstMeta*>(protectionMeta));
+        return GST_FLOW_NOT_SUPPORTED;
+    }
+
+    if (!ivSize || !encrypted)
         return GST_FLOW_OK;
-    }
 
     GST_DEBUG_OBJECT(base, "protection meta: %" GST_PTR_FORMAT, protectionMeta->info);
@@ -233 +222 @@
     if (!gst_structure_get_uint(protectionMeta->info, "subsample_count", &subSampleCount)) {
         GST_ERROR_OBJECT(self, "Failed to get subsample_count");
-        gst_buffer_remove_meta(buffer, reinterpret_cast<GstMeta*>(protectionMeta));
         return GST_FLOW_NOT_SUPPORTED;
     }
@@ -243 +231 @@
         if (!value) {
             GST_ERROR_OBJECT(self, "Failed to get subsamples");
-            gst_buffer_remove_meta(buffer, reinterpret_cast<GstMeta*>(protectionMeta));
             return GST_FLOW_NOT_SUPPORTED;
         }
         subSamplesBuffer = gst_value_get_buffer(value);
+        if (!subSamplesBuffer) {
+            GST_ERROR_OBJECT(self, "There is no subsamples buffer, but a positive subsample count");
+            return GST_FLOW_NOT_SUPPORTED;
+        }
     }
 
@@ -253 +244 @@
     if (!value) {
         GST_ERROR_OBJECT(self, "Failed to get key id for buffer");
-        gst_buffer_remove_meta(buffer, reinterpret_cast<GstMeta*>(protectionMeta));
         return GST_FLOW_NOT_SUPPORTED;
     }
@@ -261 +251 @@
     if (!value) {
         GST_ERROR_OBJECT(self, "Failed to get IV for sample");
-        gst_buffer_remove_meta(buffer, reinterpret_cast<GstMeta*>(protectionMeta));
         return GST_FLOW_NOT_SUPPORTED;
     }
@@ -271 +260 @@
     if (!klass->decrypt(self, ivBuffer, keyIDBuffer, buffer, subSampleCount, subSamplesBuffer)) {
         GST_ERROR_OBJECT(self, "Decryption failed");
-        gst_buffer_remove_meta(buffer, reinterpret_cast<GstMeta*>(protectionMeta));
-        return GST_FLOW_NOT_SUPPORTED;
-    }
-
-    gst_buffer_remove_meta(buffer, reinterpret_cast<GstMeta*>(protectionMeta));
+        return GST_FLOW_NOT_SUPPORTED;
+    }
+
     return GST_FLOW_OK;
 }
 
-static bool isCDMInstanceAvailable(WebKitMediaCommonEncryptionDecrypt* self)
-{
-    WebKitMediaCommonEncryptionDecryptPrivate* priv = WEBKIT_MEDIA_CENC_DECRYPT_GET_PRIVATE(self);
-
-    ASSERT(priv->mutex.isLocked());
-
-    if (!priv->proxyCDM) {
-        GRefPtr<GstContext> context = adoptGRef(gst_element_get_context(GST_ELEMENT(self), "drm-cdm-instance"));
-        // According to the GStreamer documentation, if we can't find the context, we should run a downstream query, then an upstream one and then send a bus
-        // message. In this case that does not make a lot of sense since only the app (player) answers it, meaning that no query is going to solve it. A message
-        // could be helpful but the player sets the context as soon as it gets the CDMInstance and if it does not have it, we have no way of asking for one as it is
-        // something provided by crossplatform code. This means that we won't be able to answer the bus request in any way either. Summing up, neither queries nor bus
-        // requests are useful here.
-        if (context) {
-            const GValue* value = gst_structure_get_value(gst_context_get_structure(context.get()), "cdm-instance");
-            priv->proxyCDM = value ? reinterpret_cast<ProxyCDM*>(g_value_get_pointer(value)) : nullptr;
-            if (priv->proxyCDM)
-                GST_DEBUG_OBJECT(self, "received a new CDM proxy instance %p, refcount %u", priv->proxyCDM.get(), priv->proxyCDM->refCount());
-            else
-                GST_TRACE_OBJECT(self, "CDM instance was detached");
-        }
-    }
-
-    GST_TRACE_OBJECT(self, "CDM instance available %s", boolForPrinting(priv->proxyCDM.get()));
-    return priv->proxyCDM;
+static bool isCDMProxyAvailable(WebKitMediaCommonEncryptionDecrypt* self)
+{
+    WebKitMediaCommonEncryptionDecryptPrivate* priv = WEBKIT_MEDIA_CENC_DECRYPT_GET_PRIVATE(self);
+    auto locker = holdLock(priv->cdmAttachmentMutex);
+    return priv->cdmProxy;
+}
+
+static CDMProxy* getCDMProxyFromGstContext(WebKitMediaCommonEncryptionDecrypt* self)
+{
+    GRefPtr<GstContext> context = adoptGRef(gst_element_get_context(GST_ELEMENT(self), "drm-cdm-proxy"));
+    CDMProxy* proxy = nullptr;
+
+    // According to the GStreamer documentation, if we can't find the context, we should run a downstream query, then an upstream one and then send a bus
+    // message. In this case that does not make a lot of sense since only the app (player) answers it, meaning that no query is going to solve it. A message
+    // could be helpful but the player sets the context as soon as it gets the CDMInstance and if it does not have it, we have no way of asking for one as it is
+    // something provided by crossplatform code. This means that we won't be able to answer the bus request in any way either. Summing up, neither queries nor bus
+    // requests are useful here.
+    if (context) {
+        const GValue* value = gst_structure_get_value(gst_context_get_structure(context.get()), "cdm-proxy");
+        if (value) {
+            proxy = reinterpret_cast<CDMProxy*>(g_value_get_pointer(value));
+            if (proxy) {
+                GST_DEBUG_OBJECT(self, "received a new CDM proxy instance %p, refcount %u", proxy, proxy->refCount());
+                return proxy;
+            }
+        }
+        GST_TRACE_OBJECT(self, "CDMProxy not available in the context");
+    }
+    return nullptr;
+}
+
+static void attachCDMProxy(WebKitMediaCommonEncryptionDecrypt* self, CDMProxy* proxy)
+{
+    WebKitMediaCommonEncryptionDecryptPrivate* priv = WEBKIT_MEDIA_CENC_DECRYPT_GET_PRIVATE(self);
+    WebKitMediaCommonEncryptionDecryptClass* klass = WEBKIT_MEDIA_CENC_DECRYPT_GET_CLASS(self);
+
+    auto locker = holdLock(priv->cdmAttachmentMutex);
+    GST_ERROR_OBJECT(self, "Attaching CDMProxy %p", proxy);
+    priv->cdmProxy = proxy;
+    klass->cdmProxyAttached(self, priv->cdmProxy);
+    priv->cdmAttachmentCondition.notifyOne();
+}
+
+static gboolean installCDMProxyIfNotAvailable(WebKitMediaCommonEncryptionDecrypt* self)
+{
+    if (!isCDMProxyAvailable(self)) {
+        gboolean result = FALSE;
+
+        CDMProxy* proxy = getCDMProxyFromGstContext(self);
+        if (proxy) {
+            attachCDMProxy(self, proxy);
+            result = TRUE;
+        } else {
+            GST_ERROR_OBJECT(self, "Failed to retrieve CDMProxy from context");
+            result = FALSE;
+        }
+        return result;
+    }
+
+    return TRUE;
 }
 
@@ -309 +331 @@
 {
     WebKitMediaCommonEncryptionDecrypt* self = WEBKIT_MEDIA_CENC_DECRYPT(trans);
-    WebKitMediaCommonEncryptionDecryptPrivate* priv = WEBKIT_MEDIA_CENC_DECRYPT_GET_PRIVATE(self);
-    WebKitMediaCommonEncryptionDecryptClass* klass = WEBKIT_MEDIA_CENC_DECRYPT_GET_CLASS(self);
     gboolean result = FALSE;
 
+    // FIXME: https://bugs.webkit.org/show_bug.cgi?id=191355
+    // We should be handling protection events in this class in
+    // addition to out-of-band data. In regular playback, after a
+    // preferred system ID context is set, any future protection
+    // events will not be handled by the demuxer, so they must be
+    // handled in here.
     switch (GST_EVENT_TYPE(event)) {
     case GST_EVENT_CUSTOM_DOWNSTREAM_OOB: {
-        // FIXME: https://bugs.webkit.org/show_bug.cgi?id=191355
-        // We should be handling protection events in this class in
-        // addition to out-of-band data. In regular playback, after a
-        // preferred system ID context is set, any future protection
-        // events will not be handled by the demuxer, so the must be
-        // handled in here.
-        LockHolder locker(priv->mutex);
-        if (!isCDMInstanceAvailable(self)) {
-            GST_ERROR_OBJECT(self, "No CDM instance available");
-            result = FALSE;
-            break;
-        }
-
-        if (klass->handleKeyResponse(self, priv->proxyCDM)) {
-            GST_DEBUG_OBJECT(self, "key received");
-            priv->keyReceived = true;
-            priv->condition.notifyOne();
-        }
-
+        ASSERT(gst_event_has_name(event, "attempt-to-decrypt"));
+        GST_DEBUG_OBJECT(self, "Handling attempt-to-decrypt");
+        result = installCDMProxyIfNotAvailable(self);
         gst_event_unref(event);
-        result = TRUE;
         break;
     }
@@ -346 +355 @@
 }
 
-static gboolean queryHandler(GstBaseTransform* trans, GstPadDirection direction, GstQuery* query)
-{
-    if (gst_structure_has_name(gst_query_get_structure(query), "any-decryptor-waiting-for-key")) {
-        WebKitMediaCommonEncryptionDecryptPrivate* priv = WEBKIT_MEDIA_CENC_DECRYPT_GET_PRIVATE(trans);
-        GST_TRACE_OBJECT(trans, "any-decryptor-waiting-for-key query, waitingforkey %s", boolForPrinting(priv->waitingForKey));
-        return priv->waitingForKey;
-    }
-    return GST_BASE_TRANSFORM_CLASS(parent_class)->query(trans, direction, query);
-}
-
 static GstStateChangeReturn changeState(GstElement* element, GstStateChange transition)
 {
@@ -364 +363 @@
     case GST_STATE_CHANGE_PAUSED_TO_READY:
         GST_DEBUG_OBJECT(self, "PAUSED->READY");
-        priv->condition.notifyOne();
+        priv->cdmAttachmentCondition.notifyOne();
         break;
     default:
@@ -381 +380 @@
     WebKitMediaCommonEncryptionDecrypt* self = WEBKIT_MEDIA_CENC_DECRYPT(element);
     WebKitMediaCommonEncryptionDecryptPrivate* priv = WEBKIT_MEDIA_CENC_DECRYPT_GET_PRIVATE(self);
-
-    if (gst_context_has_context_type(context, "drm-cdm-instance")) {
-        const GValue* value = gst_structure_get_value(gst_context_get_structure(context), "cdm-instance");
-        LockHolder locker(priv->mutex);
-        priv->proxyCDM = value ? reinterpret_cast<ProxyCDM*>(g_value_get_pointer(value)) : nullptr;
-        GST_DEBUG_OBJECT(self, "received new CDMInstance %p", priv->proxyCDM.get());
+    WebKitMediaCommonEncryptionDecryptClass* klass = WEBKIT_MEDIA_CENC_DECRYPT_GET_CLASS(self);
+
+    if (gst_context_has_context_type(context, "drm-cdm-proxy")) {
+        const GValue* value = gst_structure_get_value(gst_context_get_structure(context), "cdm-proxy");
+        LockHolder locker(priv->cdmAttachmentMutex);
+        priv->cdmProxy = value ? reinterpret_cast<CDMProxy*>(g_value_get_pointer(value)) : nullptr;
+        GST_DEBUG_OBJECT(self, "received new CDMInstance %p", priv->cdmProxy.get());
+        klass->cdmProxyAttached(self, priv->cdmProxy);
         return;
     }

trunk/Source/WebCore/platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.h

@@ -25 +25 @@
 #if ENABLE(ENCRYPTED_MEDIA) && USE(GSTREAMER)
 
-#include <CDMInstance.h>
+#include <CDMProxy.h>
 #include <gst/base/gstbasetransform.h>
 #include <gst/gst.h>
@@ -56 +56 @@
 
     const char* protectionSystemId;
-    bool (*handleKeyResponse)(WebKitMediaCommonEncryptionDecrypt*, RefPtr<WebCore::ProxyCDM>);
-    bool (*decrypt)(WebKitMediaCommonEncryptionDecrypt*, GstBuffer* ivBuffer, GstBuffer* keyIDBuffer, GstBuffer* buffer, unsigned subSamplesCount, GstBuffer* subSamplesBuffer);
+    bool (*cdmProxyAttached)(WebKitMediaCommonEncryptionDecrypt*, RefPtr<WebCore::CDMProxy>);
+    bool (*decrypt)(WebKitMediaCommonEncryptionDecrypt*, GstBuffer* ivBuffer, GstBuffer* keyIDBuffer, GstBuffer* buffer, unsigned subsamplesCount, GstBuffer* subsamplesBuffer);
 };
 

trunk/Source/WebCore/testing/MockCDMFactory.cpp

@@ -227 +227 @@
 }
 
-ProxyCDMMock::~ProxyCDMMock() = default;
-
 MockCDMInstance::MockCDMInstance(WeakPtr<MockCDM> cdm)
     : m_cdm(cdm)
@@ -295 +293 @@
 {
     return adoptRef(new MockCDMInstanceSession(makeWeakPtr(*this)));
-}
-
-RefPtr<ProxyCDM> MockCDMInstance::proxyCDM() const
-{
-    return adoptRef(new ProxyCDMMock());
 }
 

trunk/Source/WebCore/testing/MockCDMFactory.h

@@ -100 +100 @@
 };
 
-class ProxyCDMMock final : public ProxyCDM {
-public:
-    virtual ~ProxyCDMMock();
-};
-
 class MockCDM : public CDMPrivate, public CanMakeWeakPtr<MockCDM> {
     WTF_MAKE_FAST_ALLOCATED;
@@ -151 +146 @@
     const String& keySystem() const final;
     RefPtr<CDMInstanceSession> createSession() final;
-    RefPtr<ProxyCDM> proxyCDM() const final;
 
     WeakPtr<MockCDM> m_cdm;