Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: e3c739f5d15c05a8c7635b28d7c2bd0ac46d188f
https://github.com/WebKit/WebKit/commit/e3c739f5d15c05a8c7635b28d7c2bd0ac46d188f
Author: Enrique Ocaña González <[email protected]>
Date: 2026-04-10 (Fri, 10 Apr 2026)
Changed paths:
M Source/WebCore/Modules/encryptedmedia/MediaKeySession.cpp
M Source/WebCore/Modules/encryptedmedia/MediaKeySession.h
M Source/WebCore/Modules/encryptedmedia/MediaKeys.cpp
M Source/WebCore/Modules/encryptedmedia/MediaKeys.h
M Source/WebCore/platform/graphics/gstreamer/eme/CDMThunder.cpp
Log Message:
-----------
[EME][GStreamer][OCDM] Persistent licenses on CDMThunder
https://bugs.webkit.org/show_bug.cgi?id=311719
Reviewed by Xabier Rodriguez-Calvar.
The mechanism to store/retrieve persistent EME licenses has been defined
on opencdm_construct_session() and opencdm_session_load() in a backwards
compatible way (no API changes, just using the current API in a specific
way). A way to use that feature should be added to CDMThunder.
The way in which this has been defined is that
opencdm_construct_session() would get the previously stored sessionID at
construction time in its CDMData parameter and specifying
PersistentLicense as licenseType. If that session exists, a valid
session will be returned. The actual data load will happen in
opencdm_session_load().
See: https://github.com/WebPlatformForEmbedded/WPEWebKit/issues/1546
This change adds a mechanism to MediaKeySession to check that no other
active session with the same id for the same security origin exists (a
FIXME pending in the preexisting code). The spec[1] mandates that this
check must be done synchronously at load time, but that's not enough in
practice. Sessions are created by MediaKeys.createSession() in an
uninitialized state and with an empty session id. In the case of
persistent sessions, that id is populated by load() in a queued task, so
there's some time after the synchronous check is done and after the
session id is set in MediaKeySession when the set id is still empty.
That can create a race condition when two sessions are trying to load
with the same id. That's why the check is done again when the queued
task is processed, to give another session loading in parallel time to
set its id, so we can check that no other session is using the same
value we're trying to set.
The proper code to load the session using OpenCDM API has been added to
CDMInstanceSessionThunder.
[1] https://www.w3.org/TR/encrypted-media/#dom-mediakeysession-load (step 8.3)
"do not create a session if a non-closed session, regardless of type,
already exists for this sanitized session ID in this browsing context"
* Source/WebCore/Modules/encryptedmedia/MediaKeySession.cpp:
(WebCore::MediaKeySession::hasSecurityOrigin const): Added API to check if a
session has a specific security origin, without revealing what the session
security origin is.
(WebCore::MediaKeySession::load): Immediately reject loading if there's already
another open session with the same id for the same security origin. Capture
"origin" (security origin) and pass it to the lambda of the enqueued task that
processes the promise and repeat the check later, right before resolving the
promise, to avoid the race condition explained before.
* Source/WebCore/Modules/encryptedmedia/MediaKeySession.h: Added
hasSecurityOrigin().
* Source/WebCore/Modules/encryptedmedia/MediaKeys.cpp:
(WebCore::MediaKeys::hasOpenSessionWithIdForOrigin const): Check if there's
another open session with the supplied id. It's a way to check that without
revealing the session id to the caller.
* Source/WebCore/Modules/encryptedmedia/MediaKeys.h: Added
hasOpenSessionWithIdForOrigin().
* Source/WebCore/platform/graphics/gstreamer/eme/CDMThunder.cpp:
(WebCore::CDMInstanceSessionThunder::CDMInstanceSessionThunder): Removed the
assert for zero challengeLength, since persistent license loading can generate
a challenge with length 0.
(WebCore::CDMInstanceSessionThunder::challengeGeneratedCallback): Empty
challenges (generated by license loading) aren't processed, since there's no
data to process. Exit early.
(WebCore::CDMInstanceSessionThunder::loadSession): Implement loading by
constructing the session passing the session id as CDMData (and its length).
Check for error conditions and finally set the session id if loading succeeds.
Finally, load the data. Some safety assumptions (initialized and open
MediaKeySession, sanitized session id, license type being one of the persistent
ones) are guaranteed by the upper WebCore layer and aren't checked again here.
The changed callbacks are kept, since they might be useful if the session
changes (renewal is required, etc.). I can't check this in practice until the
real integration is done. I've been working with a mockup to check the code
until now.
Canonical link: https://commits.webkit.org/310914@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
