Added certificate aquisition logic

Author: gorkemg

src/streaming/protection/controllers/ProtectionController.js

@@ -48,6 +48,8 @@ const NEEDKEY_BEFORE_INITIALIZE_TIMEOUT = 500;
 const LICENSE_SERVER_REQUEST_RETRIES = 3;
 const LICENSE_SERVER_REQUEST_RETRY_INTERVAL = 1000;
 const LICENSE_SERVER_REQUEST_DEFAULT_TIMEOUT = 8000;
+const CERTIFICATE_REQUEST_RETRY_INTERVAL = 500;
+const CERTIFICATE_REQUEST_DEFAULT_TIMEOUT = 8000;
 
 /**
  * @module ProtectionController
@@ -255,13 +257,17 @@ function ProtectionController(config) {
         if (!selectedKeySystem) { return; }
         const ksString = selectedKeySystem.systemString;
         const cacheEntry = certificateCache.get(ksString);
-        if (cacheEntry && cacheEntry.applied) { return; }
+        if (cacheEntry && (cacheEntry.applied || cacheEntry.inProgress)) { return; }
         // Gather certUrls from collected mediaInfoArr contentProtection entries matching this key system
         const preferredType = settings.get().streaming.protection.preferredCertType;
         const certCandidates = _collectCertificateUrlsForSelectedKeySystem(preferredType);
         if (!certCandidates.length) { return; }
-        // TODO: implement actual certificate acquisition logic (fetch, retry, set via protectionModel.setServerCertificate())
-        logger.debug('DRM: Found ' + certCandidates.length + ' certificate candidate(s) for ' + ksString + ' (download logic to be implemented).');
+        logger.debug('DRM: Found ' + certCandidates.length + ' certificate candidate(s) for ' + ksString + '. Starting acquisition.');
+        const protData = _getProtDataForKeySystem(selectedKeySystem) || {};
+        const entry = cacheEntry || { applied: false, inProgress: true, attempts: 0 };
+        entry.inProgress = true;
+        certificateCache.set(ksString, entry);
+        _fetchAndApplyCertificateSequentially(certCandidates, 0, protData, ksString, entry);
     }
 
     /**
@@ -304,6 +310,130 @@ function ProtectionController(config) {
         });
     }
 
+    /**
+     * Sequentially try to download and apply a certificate from the candidates list.
+     * @param {Array<{url:string, certType:string|null}>} candidates
+     * @param {number} index
+     * @param {object} protData
+     * @param {string} ksString
+     * @param {object} cacheEntry
+     * @private
+     */
+    function _fetchAndApplyCertificateSequentially(candidates, index, protData, ksString, cacheEntry) {
+        if (index >= candidates.length) {
+            cacheEntry.inProgress = false;
+            cacheEntry.error = cacheEntry.error || 'All certificate candidates failed';
+            logger.warn('DRM: All certificate candidates failed for ' + ksString + '.');
+            return;
+        }
+        const candidate = candidates[index];
+        const retryAttempts = settings.get().streaming.protection.certificateRetryAttempts;
+        logger.debug('DRM: Attempting certificate download (' + (index + 1) + '/' + candidates.length + ') url=' + candidate.url);
+        _downloadCertificate(candidate.url, protData, retryAttempts)
+            .then((arrayBuffer) => {
+                if (!arrayBuffer || !arrayBuffer.byteLength) {
+                    throw new Error('Empty certificate response');
+                }
+                cacheEntry.urlUsed = candidate.url;
+                cacheEntry.buffer = arrayBuffer;
+                return _applyServerCertificate(arrayBuffer, ksString, cacheEntry);
+            })
+            .then((applied) => {
+                if (applied) {
+                    cacheEntry.applied = true;
+                    cacheEntry.inProgress = false;
+                    logger.info('DRM: Server certificate applied successfully from ' + cacheEntry.urlUsed + ' for ' + ksString + '.');
+                } else {
+                    throw new Error('CDM rejected certificate');
+                }
+            })
+            .catch((err) => {
+                cacheEntry.attempts++;
+                cacheEntry.lastError = err && err.message ? err.message : err;
+                logger.warn('DRM: Certificate attempt failed (' + candidate.url + '): ' + cacheEntry.lastError);
+                // Try next candidate
+                _fetchAndApplyCertificateSequentially(candidates, index + 1, protData, ksString, cacheEntry);
+            });
+    }
+
+    /**
+     * Download a certificate binary with retries.
+     * @param {string} url
+     * @param {object} protData
+     * @param {number} retries
+     * @return {Promise<ArrayBuffer>}
+     * @private
+     */
+    function _downloadCertificate(url, protData, retries) {
+        return new Promise((resolve, reject) => {
+            const xhr = new XMLHttpRequest();
+            xhr.open('GET', url, true);
+            xhr.responseType = 'arraybuffer';
+            const timeout = protData && !isNaN(protData.httpTimeout) ? protData.httpTimeout : CERTIFICATE_REQUEST_DEFAULT_TIMEOUT;
+            if (timeout > 0) { xhr.timeout = timeout; }
+            let withCredentials = false;
+            if (protData && typeof protData.withCredentials === 'boolean') { withCredentials = protData.withCredentials; }
+            xhr.withCredentials = withCredentials;
+            if (protData && protData.httpRequestHeaders) {
+                Object.keys(protData.httpRequestHeaders).forEach(h => {
+                    xhr.setRequestHeader(h, protData.httpRequestHeaders[h]);
+                });
+            }
+            const attemptFail = (reason) => {
+                if (retries > 0) {
+                    const remaining = retries - 1;
+                    logger.debug('DRM: Certificate request failed (' + reason + '). Retrying... remaining=' + remaining);
+                    setTimeout(() => {
+                        _downloadCertificate(url, protData, remaining).then(resolve).catch(reject);
+                    }, CERTIFICATE_REQUEST_RETRY_INTERVAL);
+                } else {
+                    reject(new Error(reason));
+                }
+            };
+            xhr.onload = function () {
+                if (this.status >= 200 && this.status <= 299) {
+                    resolve(this.response);
+                } else {
+                    attemptFail('HTTP ' + this.status);
+                }
+            };
+            xhr.onerror = function () { attemptFail('network error'); };
+            xhr.ontimeout = function () { attemptFail('timeout'); };
+            xhr.onabort = function () { attemptFail('aborted'); };
+            try { xhr.send(); } catch (e) { reject(e); }
+        });
+    }
+
+    /**
+     * Apply the certificate to the CDM; supports both sync and promise-returning implementations.
+     * @param {ArrayBuffer} buffer
+     * @param {string} ksString
+     * @param {object} cacheEntry
+     * @return {Promise<boolean>}
+     * @private
+     */
+    function _applyServerCertificate(buffer, ksString, cacheEntry) {
+        return new Promise((resolve, reject) => {
+            try {
+                const result = protectionModel.setServerCertificate(buffer);
+                if (result && typeof result.then === 'function') {
+                    result.then((val) => {
+                        resolve(typeof val === 'boolean' ? val : true);
+                    }).catch((e) => {
+                        cacheEntry.error = e && e.message ? e.message : e;
+                        reject(e);
+                    });
+                } else {
+                    resolve(true);
+                }
+            } catch (e) {
+                cacheEntry.error = e && e.message ? e.message : e;
+                logger.warn('DRM: setServerCertificate threw for ' + ksString + ': ' + cacheEntry.error);
+                reject(e);
+            }
+        });
+    }
+
     /**
      * If we have already selected a key system we only need to create a new key session and issue a new license request if the init data has changed.
      * @private