VT-PR/vinetrimmer/utils/MSL/schemes/KeyExchangeRequest.py

import base64

from vinetrimmer.utils.MSL import KeyExchangeSchemes
from vinetrimmer.utils.MSL.MSLObject import MSLObject


# noinspection PyPep8Naming
class KeyExchangeRequest(MSLObject):
    def __init__(self, scheme, keydata):
        """
        Session key exchange data from a requesting entity.
        https://github.com/Netflix/msl/wiki/Key-Exchange-%28Configuration%29

        :param scheme: Key Exchange Scheme identifier
        :param keydata: Key Request data
        """
        self.scheme = str(scheme)
        self.keydata = keydata

    @classmethod
    def AsymmetricWrapped(cls, keypairid, mechanism, publickey):
        """
        Asymmetric wrapped key exchange uses a generated ephemeral asymmetric key pair for key exchange. It will
        typically be used when there is no other data or keys from which to base secure key exchange.

        This mechanism provides perfect forward secrecy but does not guarantee that session keys will only be available
        to the requesting entity if the requesting MSL stack has been modified to perform the operation on behalf of a
        third party.

        > Key Pair ID

        The key pair ID is included as a sanity check.

        > Mechanism & Public Key

        The following mechanisms are associated public key formats are currently supported.

            Field 	    Public  Key Format 	Description
            RSA 	    SPKI 	RSA-OAEP    encrypt/decrypt
            ECC 	    SPKI 	ECIES       encrypt/decrypt
            JWEJS_RSA 	SPKI 	RSA-OAEP    JSON Web Encryption JSON Serialization
            JWE_RSA 	SPKI 	RSA-OAEP    JSON Web Encryption Compact Serialization
            JWK_RSA 	SPKI 	RSA-OAEP    JSON Web Key
            JWK_RSAES 	SPKI 	RSA PKCS#1  JSON Web Key

        :param keypairid: key pair ID
        :param mechanism: asymmetric key type
        :param publickey: public key
        """
        return cls(
            scheme=KeyExchangeSchemes.AsymmetricWrapped,
            keydata={
                "keypairid": keypairid,
                "mechanism": mechanism,
                "publickey": base64.b64encode(publickey).decode("utf-8")
            }
        )

    @classmethod
    def Widevine(cls, keyrequest):
        """
        Google Widevine provides a secure key exchange mechanism. When requested the Widevine component will issue a
        one-time use key request. The Widevine server library can be used to authenticate the request and return
        randomly generated symmetric keys in a protected key response bound to the request and Widevine client library.
        The key response also specifies the key identities, types and their permitted usage.

        The Widevine key request also contains a model identifier and a unique device identifier with an expectation of
        long-term persistence. These values are available from the Widevine client library and can be retrieved from
        the key request by the Widevine server library.

        The Widevine client library will protect the returned keys from inspection or misuse.

        :param keyrequest: Base64-encoded Widevine CDM license challenge (PSSH: b'\x0A\x7A\x00\x6C\x38\x2B')
        """
        if not isinstance(keyrequest, str):
            keyrequest = base64.b64encode(keyrequest).decode()
        return cls(
            scheme=KeyExchangeSchemes.Widevine,
            keydata={"keyrequest": keyrequest}
        )