Check for target user before trying to decrypt a file

This commit is contained in:
Grégory Soutadé 2022-12-21 21:06:03 +01:00
parent 24bae89095
commit f65e8cd9eb
2 changed files with 10 additions and 2 deletions

View File

@ -129,7 +129,8 @@ namespace gourou
DRM_IN_OUT_EQUALS, DRM_IN_OUT_EQUALS,
DRM_MISSING_PARAMETER, DRM_MISSING_PARAMETER,
DRM_INVALID_KEY_SIZE, DRM_INVALID_KEY_SIZE,
DRM_ERR_ENCRYPTION_KEY_FP DRM_ERR_ENCRYPTION_KEY_FP,
DRM_INVALID_USER
}; };
#ifndef _NOEXCEPT #ifndef _NOEXCEPT

View File

@ -1028,6 +1028,13 @@ namespace gourou
{ {
unsigned char rsaKey[RSA_KEY_SIZE]; unsigned char rsaKey[RSA_KEY_SIZE];
std::string user = extractTextElem(rightsDoc, "/adept:rights/licenseToken/user");
if (this->user->getUUID() != user)
{
EXCEPTION(DRM_INVALID_USER, "This book has been downloaded for another user (" << user << ")");
}
if (!encryptionKey) if (!encryptionKey)
{ {
std::string encryptedKey = extractTextElem(rightsDoc, "/adept:rights/licenseToken/encryptedKey"); std::string encryptedKey = extractTextElem(rightsDoc, "/adept:rights/licenseToken/encryptedKey");
@ -1041,7 +1048,7 @@ namespace gourou
ByteArray arrayEncryptedKey = ByteArray::fromBase64(encryptedKey); ByteArray arrayEncryptedKey = ByteArray::fromBase64(encryptedKey);
std::string privateKeyData = user->getPrivateLicenseKey(); std::string privateKeyData = this->user->getPrivateLicenseKey();
ByteArray privateRSAKey = ByteArray::fromBase64(privateKeyData); ByteArray privateRSAKey = ByteArray::fromBase64(privateKeyData);
dumpBuffer(gourou::LG_LOG_DEBUG, "To decrypt : ", arrayEncryptedKey.data(), arrayEncryptedKey.length()); dumpBuffer(gourou::LG_LOG_DEBUG, "To decrypt : ", arrayEncryptedKey.data(), arrayEncryptedKey.length());