MediaDrm
class MediaDrm : AutoCloseable
kotlin.Any | |
↳ | android.media.MediaDrm |
MediaDrm can be used to obtain keys for decrypting protected media streams, in conjunction with android.media.MediaCrypto
. The MediaDrm APIs are designed to support the ISO/IEC 23001-7: Common Encryption standard, but may also be used to implement other encryption schemes.
Encrypted content is prepared using an encryption server and stored in a content library. The encrypted content is streamed or downloaded from the content library to client devices via content servers. Licenses to view the content are obtained from a License Server.
Keys are requested from the license server using a key request. The key response is delivered to the client app, which provides the response to the MediaDrm API.
A Provisioning server may be required to distribute device-unique credentials to the devices.
Enforcing requirements related to the number of devices that may play content simultaneously can be performed either through key renewal or using the secure stop methods.
The following sequence diagram shows the interactions between the objects involved while playing back encrypted content:
The app first constructs android.media.MediaExtractor
and android.media.MediaCodec
objects. It accesses the DRM-scheme-identifying UUID, typically from metadata in the content, and uses this UUID to construct an instance of a MediaDrm object that is able to support the DRM scheme required by the content. Crypto schemes are assigned 16 byte UUIDs. The method #isCryptoSchemeSupported can be used to query if a given scheme is supported on the device.
The app calls #openSession to generate a sessionId that will uniquely identify the session in subsequent interactions. The app next uses the MediaDrm object to obtain a key request message and send it to the license server, then provide the server's response to the MediaDrm object.
Once the app has a sessionId, it can construct a MediaCrypto object from the UUID and sessionId. The MediaCrypto object is registered with the MediaCodec in the android.media.MediaCodec#configure method to enable the codec to decrypt content.
When the app has constructed android.media.MediaExtractor
, android.media.MediaCodec
and android.media.MediaCrypto
objects, it proceeds to pull samples from the extractor and queue them into the decoder. For encrypted content, the samples returned from the extractor remain encrypted, they are only decrypted when the samples are delivered to the decoder.
MediaDrm methods throw android.media.MediaDrm.MediaDrmStateException
when a method is called on a MediaDrm object that has had an unrecoverable failure in the DRM plugin or security hardware. android.media.MediaDrm.MediaDrmStateException
extends java.lang.IllegalStateException
with the addition of a developer-readable diagnostic information string associated with the exception.
In the event of a mediaserver process crash or restart while a MediaDrm object is active, MediaDrm methods may throw android.media.MediaDrmResetException
. To recover, the app must release the MediaDrm object, then create and initialize a new one.
As android.media.MediaDrmResetException
and android.media.MediaDrm.MediaDrmStateException
both extend java.lang.IllegalStateException
, they should be in an earlier catch() block than java.lang.IllegalStateException
if handled separately.
Callbacks
Applications should register for informational events in order to be informed of key state updates during playback or streaming. Registration for these events is done via a call to #setOnEventListener. In order to receive the respective callback associated with this listener, applications are required to create MediaDrm objects on a thread with its own Looper running (main UI thread by default has a Looper running).
Summary
Nested classes | |
---|---|
In addition to supporting decryption of DASH Common Encrypted Media, the MediaDrm APIs provide the ability to securely deliver session keys from an operator's session key server to a client device, based on the factory-installed root of trust, and then perform encrypt, decrypt, sign and verify operations with the session key on arbitrary user data. |
|
Error codes that may be returned from |
|
Contains the opaque data an app uses to request keys from a license server. |
|
Defines the status of a key. |
|
A |
|
Thrown when a general failure occurs during a MediaDrm operation. |
|
Definitions for the metrics that are reported via the |
|
abstract |
Interface definition for a callback to be invoked when a drm event occurs |
abstract |
Interface definition for a callback to be invoked when a drm session expiration update occurs |
abstract |
Interface definition for a callback to be invoked when the keys in a drm session change states. |
abstract |
Interface definition for a callback to be invoked when the session state has been lost and is now invalid |
This class contains the Drm session ID and log session ID |
|
Contains the opaque data an app uses to request a certificate from a provisioning server |
|
|
Constants | |
---|---|
static Int |
This event type indicates that the licensed usage duration for keys in a session has expired. |
static Int |
This event type indicates that the app needs to request keys from a license server. |
static Int |
This event type indicates that the app needs to request a certificate from the provisioning server. |
static Int |
This event indicates that a session opened by the app has been reclaimed by the resource manager. |
static Int |
This event may indicate some specific vendor-defined condition, see your DRM provider documentation for details |
static Int |
The DRM plugin did not report an HDCP level, or an error occurred accessing it |
static Int |
HDCP is not supported on this device, content is unprotected |
static Int |
No digital output, implicitly secure |
static Int |
HDCP version 1. |
static Int |
HDCP version 2. |
static Int |
HDCP version 2. |
static Int |
HDCP version 2. |
static Int |
HDCP version 2. |
static Int |
This key request type specifies that the keys will be for offline use, they will be saved to the device for use when the device is not connected to a network. |
static Int |
This key request type specifies that previously saved offline keys should be released. |
static Int |
This key request type species that the keys will be for online use, they will not be saved to the device for subsequent use when the device is not connected to a network. |
static Int |
Offline license is released, the keys have been marked for release using |
static Int |
Offline license state is unknown, an error occurred while trying to access it. |
static Int |
Offline license is usable, the keys may be used for decryption. |
static String |
String property name: a comma-separated list of cipher and mac algorithms supported by CryptoSession. |
static String |
String property name: describes the DRM plugin |
static String |
Byte array property name: the device unique identifier is established during device provisioning and provides a means of uniquely identifying each device. |
static String |
String property name: identifies the maker of the DRM plugin |
static String |
String property name: identifies the version of the DRM plugin |
static Int |
DRM key management, crypto operations, decoding of content and all handling of the media (compressed and uncompressed) is handled within a hardware backed trusted execution environment. |
static Int |
DRM key management and crypto operations are performed within a hardware backed trusted execution environment. |
static Int |
DRM key management, crypto operations and decoding of content are performed within a hardware backed trusted execution environment. |
static Int |
DRM key management uses software-based whitebox crypto. |
static Int |
DRM key management and decoding use software-based whitebox crypto. |
static Int |
The DRM plugin did not report a security level, or an error occurred accessing it |
Public constructors | |
---|---|
Instantiate a MediaDrm object |
Public methods | |
---|---|
Unit |
Clear the |
Unit |
Clear the |
Unit |
Clear the |
Unit |
Clear the |
Unit |
close() Releases resources associated with the current session of MediaDrm. |
Unit |
closeSession(sessionId: ByteArray) Close a session on the MediaDrm object that was previously opened with #openSession. |
Int |
Return the HDCP level negotiated with downstream receivers the device is connected to. |
MediaDrm.CryptoSession! |
getCryptoSession(sessionId: ByteArray, cipherAlgorithm: String, macAlgorithm: String) Obtain a CryptoSession object which can be used to encrypt, decrypt, sign and verify messages or data using the session keys established for the session using methods |
MediaDrm.KeyRequest |
getKeyRequest(scope: ByteArray, init: ByteArray?, mimeType: String?, keyType: Int, optionalParameters: HashMap<String!, String!>?) A key request/response exchange occurs between the app and a license server to obtain or release keys used to decrypt encrypted content. |
MutableList<MediaDrm.LogMessage!> |
Returns recent |
Int |
Return the maximum supported HDCP level. |
static Int |
Returns a value that may be passed as a parameter to |
Int |
Return the maximum number of MediaDrm sessions that may be opened simultaneosly among all MediaDrm instances for the active DRM scheme. |
PersistableBundle! |
Return Metrics data about the current MediaDrm instance. |
MutableList<ByteArray!> |
The keys in an offline license allow protected content to be played even if the device is not connected to a network. |
Int |
getOfflineLicenseState(keySetId: ByteArray) Request the state of an offline license. |
Int |
Return the number of MediaDrm sessions that are currently opened simultaneously among all MediaDrm instances for the active DRM scheme. |
MediaDrm.PlaybackComponent? |
getPlaybackComponent(sessionId: ByteArray) Obtain a |
ByteArray |
getPropertyByteArray(propertyName: String!) Read a MediaDrm byte array property value, given the property name string. |
String |
getPropertyString(propertyName: String) Read a MediaDrm String property value, given the property name string. |
MediaDrm.ProvisionRequest |
A provision request/response exchange occurs between the app and a provisioning server to retrieve a device certificate. |
ByteArray |
getSecureStop(ssid: ByteArray) Access a specific secure stop given its secure stop ID. |
MutableList<ByteArray!> |
Return a list of all secure stop IDs currently in persistent memory. |
MutableList<ByteArray!> |
Secure stops are a way to enforce limits on the number of concurrent streams per subscriber across devices. |
Int |
getSecurityLevel(sessionId: ByteArray) Return the current security level of a session. |
static MutableList<UUID!> | |
static Boolean |
isCryptoSchemeSupported(uuid: UUID) Query if the given scheme identified by its UUID is supported on this device. |
static Boolean |
isCryptoSchemeSupported(uuid: UUID, mimeType: String) Query if the given scheme identified by its UUID is supported on this device, and whether the DRM plugin is able to handle the media container format specified by mimeType. |
static Boolean |
isCryptoSchemeSupported(uuid: UUID, mimeType: String, securityLevel: Int) Query if the given scheme identified by its UUID is supported on this device, and whether the DRM plugin is able to handle the media container format specified by mimeType at the requested security level. |
ByteArray |
Open a new session with the MediaDrm object. |
ByteArray |
openSession(level: Int) Open a new session at a requested security level. |
ByteArray? |
provideKeyResponse(scope: ByteArray, response: ByteArray) A key response is received from the license server by the app, then it is provided to the MediaDrm instance using provideKeyResponse. |
Unit |
provideProvisionResponse(response: ByteArray) After a provision response is received by the app, it is provided to the MediaDrm instance using this method. |
HashMap<String!, String!> |
queryKeyStatus(sessionId: ByteArray) Request an informative description of the key status for the session. |
Unit |
release() |
Unit |
Remove all secure stops without requiring a secure stop release message from the license server. |
Unit |
releaseSecureStops(ssRelease: ByteArray) Process the secure stop server response message ssRelease. |
Unit |
Remove all secure stops without requiring a secure stop release message from the license server. |
Unit |
removeKeys(sessionId: ByteArray) Remove the current keys from a session. |
Unit |
removeOfflineLicense(keySetId: ByteArray) Normally offline licenses are released using a key request/response exchange using |
Unit |
removeSecureStop(ssid: ByteArray) Remove a specific secure stop without requiring a secure stop release message from the license server. |
Boolean |
requiresSecureDecoder(mime: String) Query if the crypto scheme requires the use of a secure decoder to decode data of the given mime type at the default security level. |
Boolean |
requiresSecureDecoder(mime: String, level: Int) Query if the crypto scheme requires the use of a secure decoder to decode data of the given mime type at the given security level. |
Unit |
restoreKeys(sessionId: ByteArray, keySetId: ByteArray) Restore persisted offline keys into a new session. |
Unit |
setOnEventListener(listener: MediaDrm.OnEventListener?) Register a callback to be invoked when an event occurs |
Unit |
setOnEventListener(listener: MediaDrm.OnEventListener?, handler: Handler?) Register a callback to be invoked when an event occurs |
Unit |
setOnEventListener(executor: Executor, listener: MediaDrm.OnEventListener) Register a callback to be invoked when an event occurs |
Unit |
setOnExpirationUpdateListener(listener: MediaDrm.OnExpirationUpdateListener?, handler: Handler?) Register a callback to be invoked when a session expiration update occurs. |
Unit |
setOnExpirationUpdateListener(executor: Executor, listener: MediaDrm.OnExpirationUpdateListener) Register a callback to be invoked when a session expiration update occurs. |
Unit |
setOnKeyStatusChangeListener(listener: MediaDrm.OnKeyStatusChangeListener?, handler: Handler?) Register a callback to be invoked when the state of keys in a session change, e. |
Unit |
setOnKeyStatusChangeListener(executor: Executor, listener: MediaDrm.OnKeyStatusChangeListener) Register a callback to be invoked when the state of keys in a session change. |
Unit |
setOnSessionLostStateListener(listener: MediaDrm.OnSessionLostStateListener?, handler: Handler?) Register a callback to be invoked when session state has been lost. |
Unit |
setOnSessionLostStateListener(executor: Executor, listener: MediaDrm.OnSessionLostStateListener?) Register a callback to be invoked when session state has been lost. |
Unit |
setPropertyByteArray(propertyName: String, value: ByteArray) Set a MediaDrm byte array property value, given the property name string and new value for the property. |
Unit |
setPropertyString(propertyName: String, value: String) Set a MediaDrm String property value, given the property name string and new value for the property. |
Protected methods | |
---|---|
Unit |
finalize() |
Constants
EVENT_KEY_EXPIRED
static valEVENT_KEY_EXPIRED: Int
Deprecated: Use OnKeyStatusChangeListener.onKeyStatusChange
and check for MediaDrm.KeyStatus.STATUS_EXPIRED
in the MediaDrm.KeyStatus
instead.
This event type indicates that the licensed usage duration for keys in a session has expired. The keys are no longer valid.
Value: 3
EVENT_KEY_REQUIRED
static val EVENT_KEY_REQUIRED: Int
This event type indicates that the app needs to request keys from a license server. The request message data is obtained using getKeyRequest
.
Value: 2
EVENT_PROVISION_REQUIRED
static valEVENT_PROVISION_REQUIRED: Int
Deprecated: Handle provisioning via android.media.NotProvisionedException
instead.
This event type indicates that the app needs to request a certificate from the provisioning server. The request message data is obtained using getProvisionRequest
Value: 1
EVENT_SESSION_RECLAIMED
static val EVENT_SESSION_RECLAIMED: Int
This event indicates that a session opened by the app has been reclaimed by the resource manager.
Value: 5
EVENT_VENDOR_DEFINED
static val EVENT_VENDOR_DEFINED: Int
This event may indicate some specific vendor-defined condition, see your DRM provider documentation for details
Value: 4
HDCP_LEVEL_UNKNOWN
static val HDCP_LEVEL_UNKNOWN: Int
The DRM plugin did not report an HDCP level, or an error occurred accessing it
Value: 0
HDCP_NONE
static val HDCP_NONE: Int
HDCP is not supported on this device, content is unprotected
Value: 1
HDCP_NO_DIGITAL_OUTPUT
static val HDCP_NO_DIGITAL_OUTPUT: Int
No digital output, implicitly secure
Value: 2147483647
KEY_TYPE_OFFLINE
static val KEY_TYPE_OFFLINE: Int
This key request type specifies that the keys will be for offline use, they will be saved to the device for use when the device is not connected to a network.
Value: 2
KEY_TYPE_RELEASE
static val KEY_TYPE_RELEASE: Int
This key request type specifies that previously saved offline keys should be released.
Value: 3
KEY_TYPE_STREAMING
static val KEY_TYPE_STREAMING: Int
This key request type species that the keys will be for online use, they will not be saved to the device for subsequent use when the device is not connected to a network.
Value: 1
OFFLINE_LICENSE_STATE_RELEASED
static val OFFLINE_LICENSE_STATE_RELEASED: Int
Offline license is released, the keys have been marked for release using getKeyRequest
with KEY_TYPE_RELEASE but the key response has not been received.
Value: 2
OFFLINE_LICENSE_STATE_UNKNOWN
static val OFFLINE_LICENSE_STATE_UNKNOWN: Int
Offline license state is unknown, an error occurred while trying to access it.
Value: 0
OFFLINE_LICENSE_STATE_USABLE
static val OFFLINE_LICENSE_STATE_USABLE: Int
Offline license is usable, the keys may be used for decryption.
Value: 1
PROPERTY_ALGORITHMS
static val PROPERTY_ALGORITHMS: String
String property name: a comma-separated list of cipher and mac algorithms supported by CryptoSession. The list may be empty if the DRM plugin does not support CryptoSession operations.
Value: "algorithms"
PROPERTY_DESCRIPTION
static val PROPERTY_DESCRIPTION: String
String property name: describes the DRM plugin
Value: "description"
PROPERTY_DEVICE_UNIQUE_ID
static val PROPERTY_DEVICE_UNIQUE_ID: String
Byte array property name: the device unique identifier is established during device provisioning and provides a means of uniquely identifying each device.
Value: "deviceUniqueId"
PROPERTY_VENDOR
static val PROPERTY_VENDOR: String
String property name: identifies the maker of the DRM plugin
Value: "vendor"
PROPERTY_VERSION
static val PROPERTY_VERSION: String
String property name: identifies the version of the DRM plugin
Value: "version"
SECURITY_LEVEL_HW_SECURE_ALL
static val SECURITY_LEVEL_HW_SECURE_ALL: Int
DRM key management, crypto operations, decoding of content and all handling of the media (compressed and uncompressed) is handled within a hardware backed trusted execution environment.
Value: 5
SECURITY_LEVEL_HW_SECURE_CRYPTO
static val SECURITY_LEVEL_HW_SECURE_CRYPTO: Int
DRM key management and crypto operations are performed within a hardware backed trusted execution environment.
Value: 3
SECURITY_LEVEL_HW_SECURE_DECODE
static val SECURITY_LEVEL_HW_SECURE_DECODE: Int
DRM key management, crypto operations and decoding of content are performed within a hardware backed trusted execution environment.
Value: 4
SECURITY_LEVEL_SW_SECURE_CRYPTO
static val SECURITY_LEVEL_SW_SECURE_CRYPTO: Int
DRM key management uses software-based whitebox crypto.
Value: 1
SECURITY_LEVEL_SW_SECURE_DECODE
static val SECURITY_LEVEL_SW_SECURE_DECODE: Int
DRM key management and decoding use software-based whitebox crypto.
Value: 2
SECURITY_LEVEL_UNKNOWN
static val SECURITY_LEVEL_UNKNOWN: Int
The DRM plugin did not report a security level, or an error occurred accessing it
Value: 0
Public constructors
MediaDrm
MediaDrm(uuid: UUID)
Instantiate a MediaDrm object
Parameters | |
---|---|
uuid |
UUID: The UUID of the crypto scheme. This value cannot be null . |
Exceptions | |
---|---|
android.media.UnsupportedSchemeException |
if the device does not support the specified scheme UUID |
Public methods
clearOnEventListener
fun clearOnEventListener(): Unit
Clear the OnEventListener
.
clearOnExpirationUpdateListener
fun clearOnExpirationUpdateListener(): Unit
Clear the OnExpirationUpdateListener
.
clearOnKeyStatusChangeListener
fun clearOnKeyStatusChangeListener(): Unit
Clear the OnKeyStatusChangeListener
.
clearOnSessionLostStateListener
fun clearOnSessionLostStateListener(): Unit
Clear the OnSessionLostStateListener
.
close
fun close(): Unit
Releases resources associated with the current session of MediaDrm. It is considered good practice to call this method when the MediaDrm
object is no longer needed in your application. After this method is called, MediaDrm
is no longer usable since it has lost all of its required resource. This method was added in API 28. In API versions 18 through 27, release() should be called instead. There is no need to do anything for API versions prior to 18.
Exceptions | |
---|---|
java.lang.Exception |
if this resource cannot be closed |
closeSession
fun closeSession(sessionId: ByteArray): Unit
Close a session on the MediaDrm object that was previously opened with #openSession.
Parameters | |
---|---|
sessionId |
ByteArray: This value cannot be null . |
getConnectedHdcpLevel
fun getConnectedHdcpLevel(): Int
Return the HDCP level negotiated with downstream receivers the device is connected to. If multiple HDCP-capable displays are simultaneously connected to separate interfaces, this method returns the lowest negotiated level of all interfaces.
This method should only be used for informational purposes, not for enforcing compliance with HDCP requirements. Trusted enforcement of HDCP policies must be handled by the DRM system.
getCryptoSession
fun getCryptoSession(
sessionId: ByteArray,
cipherAlgorithm: String,
macAlgorithm: String
): MediaDrm.CryptoSession!
Obtain a CryptoSession object which can be used to encrypt, decrypt, sign and verify messages or data using the session keys established for the session using methods getKeyRequest
and provideKeyResponse
using a session key server.
Parameters | |
---|---|
sessionId |
ByteArray: the session ID for the session containing keys to be used for encrypt, decrypt, sign and/or verify This value cannot be null . |
cipherAlgorithm |
String: the algorithm to use for encryption and decryption ciphers. The algorithm string conforms to JCA Standard Names for Cipher Transforms and is case insensitive. For example "AES/CBC/NoPadding". This value cannot be null . |
macAlgorithm |
String: the algorithm to use for sign and verify The algorithm string conforms to JCA Standard Names for Mac Algorithms and is case insensitive. For example "HmacSHA256".
The list of supported algorithms for a DRM plugin can be obtained using the method |
getKeyRequest
fun getKeyRequest(
scope: ByteArray,
init: ByteArray?,
mimeType: String?,
keyType: Int,
optionalParameters: HashMap<String!, String!>?
): MediaDrm.KeyRequest
A key request/response exchange occurs between the app and a license server to obtain or release keys used to decrypt encrypted content.
getKeyRequest() is used to obtain an opaque key request byte array that is delivered to the license server. The opaque key request byte array is returned in KeyRequest.data. The recommended URL to deliver the key request to is returned in KeyRequest.defaultUrl.
After the app has received the key request response from the server, it should deliver to the response to the MediaDrm instance using the method provideKeyResponse
.
Parameters | |
---|---|
scope |
ByteArray: may be a sessionId or a keySetId, depending on the specified keyType. When the keyType is KEY_TYPE_STREAMING or KEY_TYPE_OFFLINE, scope should be set to the sessionId the keys will be provided to. When the keyType is KEY_TYPE_RELEASE, scope should be set to the keySetId of the keys being released. Releasing keys from a device invalidates them for all sessions. This value cannot be null . |
init |
ByteArray?: container-specific data, its meaning is interpreted based on the mime type provided in the mimeType parameter. It could contain, for example, the content ID, key ID or other data obtained from the content metadata that is required in generating the key request. May be null when keyType is KEY_TYPE_RELEASE or if the request is a renewal, i.e. not the first key request for the session. |
mimeType |
String?: identifies the mime type of the content. May be null if the keyType is KEY_TYPE_RELEASE or if the request is a renewal, i.e. not the first key request for the session. |
keyType |
Int: specifes the type of the request. The request may be to acquire keys for streaming or offline content, or to release previously acquired keys, which are identified by a keySetId. Value is android.media.MediaDrm#KEY_TYPE_STREAMING , android.media.MediaDrm#KEY_TYPE_OFFLINE , or android.media.MediaDrm#KEY_TYPE_RELEASE |
optionalParameters |
HashMap<String!, String!>?: are included in the key request message to allow a client application to provide additional message parameters to the server. This may be null if no additional parameters are to be sent. |
Return | |
---|---|
MediaDrm.KeyRequest |
This value cannot be null . |
Exceptions | |
---|---|
android.media.NotProvisionedException |
if reprovisioning is needed, due to a problem with the certifcate |
getLogMessages
fun getLogMessages(): MutableList<MediaDrm.LogMessage!>
Returns recent LogMessages
associated with this MediaDrm
instance.
Return | |
---|---|
MutableList<MediaDrm.LogMessage!> |
This value cannot be null . |
getMaxHdcpLevel
fun getMaxHdcpLevel(): Int
Return the maximum supported HDCP level. The maximum HDCP level is a constant for a given device, it does not depend on downstream receivers that may be connected. If multiple HDCP-capable interfaces are present, it indicates the highest of the maximum HDCP levels of all interfaces.
getMaxSecurityLevel
static fun getMaxSecurityLevel(): Int
Returns a value that may be passed as a parameter to openSession(int)
requesting that the session be opened at the maximum security level of the device. This security level is only valid for the application running on the physical Android device (e.g. android.content.Context#DEVICE_ID_DEFAULT
). While running on a android.companion.virtual.VirtualDevice
the maximum supported security level might be different.
getMaxSessionCount
fun getMaxSessionCount(): Int
Return the maximum number of MediaDrm sessions that may be opened simultaneosly among all MediaDrm instances for the active DRM scheme. The maximum number of sessions is not affected by any sessions that may have already been opened.
Return | |
---|---|
Int |
maximum sessions. |
getMetrics
fun getMetrics(): PersistableBundle!
Return Metrics data about the current MediaDrm instance.
Return | |
---|---|
PersistableBundle! |
a PersistableBundle containing the set of attributes and values available for this instance of MediaDrm. The attributes are described in MetricsConstants . Additional vendor-specific fields may also be present in the return value. |
getOfflineLicenseKeySetIds
fun getOfflineLicenseKeySetIds(): MutableList<ByteArray!>
The keys in an offline license allow protected content to be played even if the device is not connected to a network. Offline licenses are stored on the device after a key request/response exchange when the key request KeyType is OFFLINE. Normally each app is responsible for keeping track of the keySetIds it has created. If an app loses the keySetId for any stored licenses that it created, however, it must be able to recover the stored keySetIds so those licenses can be removed when they expire or when the app is uninstalled.
This method returns a list of the keySetIds for all offline licenses. The offline license keySetId may be used to query the status of an offline license with getOfflineLicenseState
or remove it with removeOfflineLicense
.
Return | |
---|---|
MutableList<ByteArray!> |
a list of offline license keySetIds This value cannot be null . |
getOfflineLicenseState
fun getOfflineLicenseState(keySetId: ByteArray): Int
Request the state of an offline license. An offline license may be usable or inactive. The keys in a usable offline license are available for decryption. When the offline license state is inactive, the keys have been marked for release using getKeyRequest
with KEY_TYPE_RELEASE but the key response has not been received. The keys in an inactive offline license are not usable for decryption.
Parameters | |
---|---|
keySetId |
ByteArray: selects the offline license This value cannot be null . |
Return | |
---|---|
Int |
the offline license state Value is android.media.MediaDrm#OFFLINE_LICENSE_STATE_UNKNOWN , android.media.MediaDrm#OFFLINE_LICENSE_STATE_USABLE , or android.media.MediaDrm#OFFLINE_LICENSE_STATE_RELEASED |
Exceptions | |
---|---|
java.lang.IllegalArgumentException |
if the keySetId does not refer to an offline license. |
getOpenSessionCount
fun getOpenSessionCount(): Int
Return the number of MediaDrm sessions that are currently opened simultaneously among all MediaDrm instances for the active DRM scheme.
Return | |
---|---|
Int |
the number of open sessions. |
getPlaybackComponent
fun getPlaybackComponent(sessionId: ByteArray): MediaDrm.PlaybackComponent?
Obtain a PlaybackComponent
associated with a DRM session. Call PlaybackComponent.setLogSessionId(LogSessionId)
on the returned object to associate a playback session with the DRM session.
Parameters | |
---|---|
sessionId |
ByteArray: a DRM session ID obtained from openSession() This value cannot be null . |
Return | |
---|---|
MediaDrm.PlaybackComponent? |
a PlaybackComponent associated with the session, or null if the session is closed or does not exist. |
getPropertyByteArray
fun getPropertyByteArray(propertyName: String!): ByteArray
Read a MediaDrm byte array property value, given the property name string.
Standard fields names are PROPERTY_DEVICE_UNIQUE_ID
Return | |
---|---|
ByteArray |
This value cannot be null . |
getPropertyString
fun getPropertyString(propertyName: String): String
Read a MediaDrm String property value, given the property name string.
Standard fields names are: PROPERTY_VENDOR
, PROPERTY_VERSION
, PROPERTY_DESCRIPTION
, PROPERTY_ALGORITHMS
Parameters | |
---|---|
propertyName |
String: This value cannot be null . |
Return | |
---|---|
String |
This value cannot be null . |
getProvisionRequest
fun getProvisionRequest(): MediaDrm.ProvisionRequest
A provision request/response exchange occurs between the app and a provisioning server to retrieve a device certificate. If provisionining is required, the EVENT_PROVISION_REQUIRED event will be sent to the event handler. getProvisionRequest is used to obtain the opaque provision request byte array that should be delivered to the provisioning server. The provision request byte array is returned in ProvisionRequest.data. The recommended URL to deliver the provision request to is returned in ProvisionRequest.defaultUrl.
Return | |
---|---|
MediaDrm.ProvisionRequest |
This value cannot be null . |
getSecureStop
fungetSecureStop(ssid: ByteArray): ByteArray
Deprecated: This method is deprecated and may be removed in a future release. Use renewals by calling getKeyRequest
to track concurrent playback. See additional information in getSecureStops
Access a specific secure stop given its secure stop ID. Each secure stop has a unique ID.
Parameters | |
---|---|
ssid |
ByteArray: the ID of the secure stop to return This value cannot be null . |
Return | |
---|---|
ByteArray |
the secure stop identified by ssid This value cannot be null . |
getSecureStopIds
fungetSecureStopIds(): MutableList<ByteArray!>
Deprecated: This method is deprecated and may be removed in a future release. Use renewals by calling getKeyRequest
to track concurrent playback. See additional information in getSecureStops
Return a list of all secure stop IDs currently in persistent memory. The secure stop ID can be used to access or remove the corresponding secure stop.
Return | |
---|---|
MutableList<ByteArray!> |
a list of secure stop IDs This value cannot be null . |
getSecureStops
fungetSecureStops(): MutableList<ByteArray!>
Deprecated: This method is deprecated and may be removed in a future release. Secure stops are a way to enforce limits on the number of concurrent streams per subscriber across devices. They provide secure monitoring of the lifetime of content decryption keys in MediaDrm sessions. Limits on concurrent streams may also be enforced by periodically renewing licenses. This can be achieved by calling getKeyRequest
to initiate a renewal. MediaDrm users should transition away from secure stops to periodic renewals.
Secure stops are a way to enforce limits on the number of concurrent streams per subscriber across devices. They provide secure monitoring of the lifetime of content decryption keys in MediaDrm sessions.
A secure stop is written to secure persistent memory when keys are loaded into a MediaDrm session. The secure stop state indicates that the keys are available for use. When playback completes and the keys are removed or the session is destroyed, the secure stop state is updated to indicate that keys are no longer usable.
After playback, the app can query the secure stop and send it in a message to the license server confirming that the keys are no longer active. The license server returns a secure stop release response message to the app which then deletes the secure stop from persistent memory using releaseSecureStops
.
Each secure stop has a unique ID that can be used to identify it during enumeration, access and removal.
Return | |
---|---|
MutableList<ByteArray!> |
a list of all secure stops from secure persistent memory This value cannot be null . |
getSecurityLevel
fun getSecurityLevel(sessionId: ByteArray): Int
Return the current security level of a session. A session has an initial security level determined by the robustness of the DRM system's implementation on the device. The security level may be changed at the time a session is opened using #openSession.
Parameters | |
---|---|
sessionId |
ByteArray: the session to query.
This value cannot be |
getSupportedCryptoSchemes
static fun getSupportedCryptoSchemes(): MutableList<UUID!>
Return | |
---|---|
MutableList<UUID!> |
list of crypto schemes (as UUID s) for which isCryptoSchemeSupported(java.util.UUID) returns true; each UUID can be used as input to create MediaDrm objects via MediaDrm(java.util.UUID) . This value cannot be null . |
isCryptoSchemeSupported
static fun isCryptoSchemeSupported(uuid: UUID): Boolean
Query if the given scheme identified by its UUID is supported on this device.
Parameters | |
---|---|
uuid |
UUID: The UUID of the crypto scheme. This value cannot be null . |
isCryptoSchemeSupported
static fun isCryptoSchemeSupported(
uuid: UUID,
mimeType: String
): Boolean
Query if the given scheme identified by its UUID is supported on this device, and whether the DRM plugin is able to handle the media container format specified by mimeType.
Parameters | |
---|---|
uuid |
UUID: The UUID of the crypto scheme. This value cannot be null . |
mimeType |
String: The MIME type of the media container, e.g. "video/mp4" or "video/webm" This value cannot be null . |
isCryptoSchemeSupported
static fun isCryptoSchemeSupported(
uuid: UUID,
mimeType: String,
securityLevel: Int
): Boolean
Query if the given scheme identified by its UUID is supported on this device, and whether the DRM plugin is able to handle the media container format specified by mimeType at the requested security level. Calling this method while the application is running on the physical Android device or a android.companion.virtual.VirtualDevice
may lead to different results, based on the different DRM capabilities of the devices.
Parameters | |
---|---|
uuid |
UUID: The UUID of the crypto scheme. This value cannot be null . |
mimeType |
String: The MIME type of the media container, e.g. "video/mp4" or "video/webm" This value cannot be null . |
securityLevel |
Int: the security level requested Value is android.media.MediaDrm#SECURITY_LEVEL_UNKNOWN , android.media.MediaDrm#SECURITY_LEVEL_SW_SECURE_CRYPTO , android.media.MediaDrm#SECURITY_LEVEL_SW_SECURE_DECODE , android.media.MediaDrm#SECURITY_LEVEL_HW_SECURE_CRYPTO , android.media.MediaDrm#SECURITY_LEVEL_HW_SECURE_DECODE , or android.media.MediaDrm#SECURITY_LEVEL_HW_SECURE_ALL |
openSession
fun openSession(): ByteArray
Open a new session with the MediaDrm object. A session ID is returned. By default, sessions are opened at the native security level of the device. If the application is currently running on a android.companion.virtual.VirtualDevice
the security level will be adjusted accordingly to the maximum supported level for the display.
Return | |
---|---|
ByteArray |
This value cannot be null . |
Exceptions | |
---|---|
android.media.NotProvisionedException |
if provisioning is needed |
android.media.ResourceBusyException |
if required resources are in use |
openSession
fun openSession(level: Int): ByteArray
Open a new session at a requested security level. The security level represents the robustness of the device's DRM implementation. By default, sessions are opened at the native security level of the device. Overriding the security level is necessary when the decrypted frames need to be manipulated, such as for image compositing. The security level parameter must be lower than the native level. Reducing the security level will typically limit the content to lower resolutions, as determined by the license policy. If the requested level is not supported, the next lower supported security level will be set. The level can be queried using getSecurityLevel
. A session ID is returned. If the application is currently running on a android.companion.virtual.VirtualDevice
the security level will be adjusted accordingly to the maximum supported level for the display.
Return | |
---|---|
ByteArray |
This value cannot be null . |
Exceptions | |
---|---|
android.media.NotProvisionedException |
if provisioning is needed |
android.media.ResourceBusyException |
if required resources are in use |
java.lang.IllegalArgumentException |
if the requested security level is higher than the native level or lower than the lowest supported level or if the device does not support specifying the security level when opening a session |
provideKeyResponse
fun provideKeyResponse(
scope: ByteArray,
response: ByteArray
): ByteArray?
A key response is received from the license server by the app, then it is provided to the MediaDrm instance using provideKeyResponse. When the response is for an offline key request, a keySetId is returned that can be used to later restore the keys to a new session with the method restoreKeys
. When the response is for a streaming or release request, an empty byte array is returned.
Parameters | |
---|---|
scope |
ByteArray: may be a sessionId or keySetId depending on the type of the response. Scope should be set to the sessionId when the response is for either streaming or offline key requests. Scope should be set to the keySetId when the response is for a release request. This value cannot be null . |
response |
ByteArray: the byte array response from the server This value cannot be null . |
Return | |
---|---|
ByteArray? |
If the response is for an offline request, the keySetId for the offline keys will be returned. If the response is for a streaming or release request an empty byte array will be returned. This value may be null . |
Exceptions | |
---|---|
android.media.NotProvisionedException |
if the response indicates that reprovisioning is required |
android.media.DeniedByServerException |
if the response indicates that the server rejected the request |
provideProvisionResponse
fun provideProvisionResponse(response: ByteArray): Unit
After a provision response is received by the app, it is provided to the MediaDrm instance using this method.
Parameters | |
---|---|
response |
ByteArray: the opaque provisioning response byte array to provide to the MediaDrm instance. This value cannot be null . |
Exceptions | |
---|---|
android.media.DeniedByServerException |
if the response indicates that the server rejected the request |
queryKeyStatus
fun queryKeyStatus(sessionId: ByteArray): HashMap<String!, String!>
Request an informative description of the key status for the session. The status is in the form of {name, value} pairs. Since DRM license policies vary by vendor, the specific status field names are determined by each DRM vendor. Refer to your DRM provider documentation for definitions of the field names for a particular DRM plugin.
Parameters | |
---|---|
sessionId |
ByteArray: the session ID for the DRM session This value cannot be null . |
Return | |
---|---|
HashMap<String!, String!> |
This value cannot be null . |
releaseAllSecureStops
funreleaseAllSecureStops(): Unit
Deprecated: Remove all secure stops using removeAllSecureStops
instead.
Remove all secure stops without requiring a secure stop release message from the license server.
releaseSecureStops
funreleaseSecureStops(ssRelease: ByteArray): Unit
Deprecated: This method is deprecated and may be removed in a future release. Use renewals by calling getKeyRequest
to track concurrent playback. See additional information in getSecureStops
Process the secure stop server response message ssRelease. After authenticating the message, remove the secure stops identified in the response.
Parameters | |
---|---|
ssRelease |
ByteArray: the server response indicating which secure stops to release This value cannot be null . |
removeAllSecureStops
funremoveAllSecureStops(): Unit
Deprecated: This method is deprecated and may be removed in a future release. Use renewals by calling getKeyRequest
to track concurrent playback. See additional information in getSecureStops
Remove all secure stops without requiring a secure stop release message from the license server. This method was added in API 28. In API versions 18 through 27, releaseAllSecureStops
should be called instead. There is no need to do anything for API versions prior to 18.
removeKeys
fun removeKeys(sessionId: ByteArray): Unit
Remove the current keys from a session.
Parameters | |
---|---|
sessionId |
ByteArray: the session ID for the DRM session This value cannot be null . |
removeOfflineLicense
fun removeOfflineLicense(keySetId: ByteArray): Unit
Normally offline licenses are released using a key request/response exchange using getKeyRequest
where the key type is KEY_TYPE_RELEASE, followed by provideKeyResponse
. This allows the server to cryptographically confirm that the license has been removed and then adjust the count of offline licenses allocated to the device.
In some exceptional situations it may be necessary to directly remove offline licenses without notifying the server, which may be performed using this method.
Parameters | |
---|---|
keySetId |
ByteArray: the id of the offline license to remove This value cannot be null . |
Exceptions | |
---|---|
java.lang.IllegalArgumentException |
if the keySetId does not refer to an offline license. |
removeSecureStop
funremoveSecureStop(ssid: ByteArray): Unit
Deprecated: This method is deprecated and may be removed in a future release. Use renewals by calling getKeyRequest
to track concurrent playback. See additional information in getSecureStops
Remove a specific secure stop without requiring a secure stop release message from the license server.
Parameters | |
---|---|
ssid |
ByteArray: the ID of the secure stop to remove This value cannot be null . |
requiresSecureDecoder
fun requiresSecureDecoder(mime: String): Boolean
Query if the crypto scheme requires the use of a secure decoder to decode data of the given mime type at the default security level. The default security level is defined as the highest security level supported on the device.
Parameters | |
---|---|
mime |
String: The mime type of the media data. Please use isCryptoSchemeSupported(java.util.UUID,java.lang.String) to query mime type support separately; for unsupported mime types the return value of requiresSecureDecoder(java.lang.String) is crypto scheme dependent. This value cannot be null . |
requiresSecureDecoder
fun requiresSecureDecoder(
mime: String,
level: Int
): Boolean
Query if the crypto scheme requires the use of a secure decoder to decode data of the given mime type at the given security level.
Parameters | |
---|---|
mime |
String: The mime type of the media data. Please use isCryptoSchemeSupported(java.util.UUID,java.lang.String,int) to query mime type support separately; for unsupported mime types the return value of requiresSecureDecoder(java.lang.String,int) is crypto scheme dependent. This value cannot be null . |
level |
Int: a security level between SECURITY_LEVEL_SW_SECURE_CRYPTO and SECURITY_LEVEL_HW_SECURE_ALL . Otherwise the special value getMaxSecurityLevel() is also permitted; use getMaxSecurityLevel() to indicate the maximum security level supported by the device. Value is android.media.MediaDrm#SECURITY_LEVEL_UNKNOWN , android.media.MediaDrm#SECURITY_LEVEL_SW_SECURE_CRYPTO , android.media.MediaDrm#SECURITY_LEVEL_SW_SECURE_DECODE , android.media.MediaDrm#SECURITY_LEVEL_HW_SECURE_CRYPTO , android.media.MediaDrm#SECURITY_LEVEL_HW_SECURE_DECODE , or android.media.MediaDrm#SECURITY_LEVEL_HW_SECURE_ALL |
Exceptions | |
---|---|
java.lang.IllegalArgumentException |
if the requested security level is none of the documented values for the parameter level . |
restoreKeys
fun restoreKeys(
sessionId: ByteArray,
keySetId: ByteArray
): Unit
Restore persisted offline keys into a new session. keySetId identifies the keys to load, obtained from a prior call to provideKeyResponse
.
Parameters | |
---|---|
sessionId |
ByteArray: the session ID for the DRM session This value cannot be null . |
keySetId |
ByteArray: identifies the saved key set to restore This value cannot be null . |
setOnEventListener
fun setOnEventListener(listener: MediaDrm.OnEventListener?): Unit
Register a callback to be invoked when an event occurs
Parameters | |
---|---|
listener |
MediaDrm.OnEventListener?: the callback that will be run. Use null to stop receiving event callbacks. |
setOnEventListener
fun setOnEventListener(
listener: MediaDrm.OnEventListener?,
handler: Handler?
): Unit
Register a callback to be invoked when an event occurs
Parameters | |
---|---|
listener |
MediaDrm.OnEventListener?: the callback that will be run. Use null to stop receiving event callbacks. |
handler |
Handler?: the handler on which the listener should be invoked, or null if the listener should be invoked on the calling thread's looper. |
setOnEventListener
fun setOnEventListener(
executor: Executor,
listener: MediaDrm.OnEventListener
): Unit
Register a callback to be invoked when an event occurs
Parameters | |
---|---|
executor |
Executor: the executor through which the listener should be invoked This value cannot be null . Callback and listener events are dispatched through this Executor , providing an easy way to control which thread is used. To dispatch events through the main thread of your application, you can use Context.getMainExecutor() . Otherwise, provide an Executor that dispatches to an appropriate thread. |
listener |
MediaDrm.OnEventListener: the callback that will be run. This value cannot be null . |
See Also
setOnExpirationUpdateListener
fun setOnExpirationUpdateListener(
listener: MediaDrm.OnExpirationUpdateListener?,
handler: Handler?
): Unit
Register a callback to be invoked when a session expiration update occurs. The app's OnExpirationUpdateListener will be notified when the expiration time of the keys in the session have changed.
Parameters | |
---|---|
listener |
MediaDrm.OnExpirationUpdateListener?: the callback that will be run, or null to unregister the previously registered callback. |
handler |
Handler?: the handler on which the listener should be invoked, or null if the listener should be invoked on the calling thread's looper. |
setOnExpirationUpdateListener
fun setOnExpirationUpdateListener(
executor: Executor,
listener: MediaDrm.OnExpirationUpdateListener
): Unit
Register a callback to be invoked when a session expiration update occurs.
Parameters | |
---|---|
executor |
Executor: the executor through which the listener should be invoked This value cannot be null . Callback and listener events are dispatched through this Executor , providing an easy way to control which thread is used. To dispatch events through the main thread of your application, you can use Context.getMainExecutor() . Otherwise, provide an Executor that dispatches to an appropriate thread. |
listener |
MediaDrm.OnExpirationUpdateListener: the callback that will be run. This value cannot be null . |
setOnKeyStatusChangeListener
fun setOnKeyStatusChangeListener(
listener: MediaDrm.OnKeyStatusChangeListener?,
handler: Handler?
): Unit
Register a callback to be invoked when the state of keys in a session change, e.g. when a license update occurs or when a license expires.
Parameters | |
---|---|
listener |
MediaDrm.OnKeyStatusChangeListener?: the callback that will be run when key status changes, or null to unregister the previously registered callback. |
handler |
Handler?: the handler on which the listener should be invoked, or null if the listener should be invoked on the calling thread's looper. |
setOnKeyStatusChangeListener
fun setOnKeyStatusChangeListener(
executor: Executor,
listener: MediaDrm.OnKeyStatusChangeListener
): Unit
Register a callback to be invoked when the state of keys in a session change.
Parameters | |
---|---|
listener |
MediaDrm.OnKeyStatusChangeListener: the callback that will be run when key status changes. This value cannot be null . |
executor |
Executor: the executor on which the listener should be invoked. This value cannot be null . Callback and listener events are dispatched through this Executor , providing an easy way to control which thread is used. To dispatch events through the main thread of your application, you can use Context.getMainExecutor() . Otherwise, provide an Executor that dispatches to an appropriate thread. |
setOnSessionLostStateListener
fun setOnSessionLostStateListener(
listener: MediaDrm.OnSessionLostStateListener?,
handler: Handler?
): Unit
Register a callback to be invoked when session state has been lost. This event can occur on devices that are not capable of retaining crypto session state across device suspend/resume cycles. When this event occurs, the session must be closed and a new session opened to resume operation.
Parameters | |
---|---|
listener |
MediaDrm.OnSessionLostStateListener?: the callback that will be run, or null to unregister the previously registered callback. |
handler |
Handler?: the handler on which the listener should be invoked, or null if the listener should be invoked on the calling thread's looper. |
setOnSessionLostStateListener
fun setOnSessionLostStateListener(
executor: Executor,
listener: MediaDrm.OnSessionLostStateListener?
): Unit
Register a callback to be invoked when session state has been lost.
Parameters | |
---|---|
listener |
MediaDrm.OnSessionLostStateListener?: the callback that will be run. This value may be null . |
executor |
Executor: the executor on which the listener should be invoked. This value cannot be null . Callback and listener events are dispatched through this Executor , providing an easy way to control which thread is used. To dispatch events through the main thread of your application, you can use Context.getMainExecutor() . Otherwise, provide an Executor that dispatches to an appropriate thread. |
setPropertyByteArray
fun setPropertyByteArray(
propertyName: String,
value: ByteArray
): Unit
Set a MediaDrm byte array property value, given the property name string and new value for the property.
Parameters | |
---|---|
propertyName |
String: This value cannot be null . |
value |
ByteArray: This value cannot be null . |
setPropertyString
fun setPropertyString(
propertyName: String,
value: String
): Unit
Set a MediaDrm String property value, given the property name string and new value for the property.
Parameters | |
---|---|
propertyName |
String: This value cannot be null . |
value |
String: This value cannot be null . |
Protected methods
finalize
protected fun finalize(): Unit
Exceptions | |
---|---|
java.lang.Throwable |
the Exception raised by this method |