// Copyright 2019 The Fuchsia Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

library fuchsia.media.drm;

using fuchsia.io;

/// A sentinel value for use with [`KeySystem.CreateContentDecryptionModule2`]
/// to create a [`ContentDecryptionModule`] without a client data store.
const uint32 NO_DATA_STORE = 0;

protocol KeySystem {
    /// Adds a client data store to the `KeySystem`.
    ///
    /// DRM systems generate data on behalf of clients as part of provisioning
    /// and license management. This data is only usable by the DRM system, but
    /// the client is the owner of the data. The client controls the lifetime of
    /// the data and can select which data set is to be used for a
    /// [`ContentDecryptionModule`].
    ///
    /// + request `data_store_id` a client-assigned identifier for the data
    ///   store. The identifier is scoped to the `KeySystem` channel. It is
    ///   invalid for the client to provide [`NO_DATA_STORE`] or an already
    ///   added `data_store_id` and the server should close the channel.
    /// + request `data_store_params` the parameters to be used for this data
    ///   store.
    [Transitional]
    AddDataStore(uint32 data_store_id,
                 DataStoreParams data_store_params) -> () error Error;

    /// Destroys the client data store.
    ///
    /// This method permanently removes this data store and all of its contents.
    /// This means that all provisioning and license data will be removed and
    /// any active [`ContentDecryptionModule`] using this data store will be
    /// closed.
    ///
    /// + request `data_store_id` the client-assigned identifier for the data
    ///  store to be removed. It is invalid for the client to provide
    ///  [`NO_DATA_STORE`] or a `data_store_id` value that has not previously
    ///  been added.
    [Transitional]
    DestroyDataStore(uint32 data_store_id);

    /// Creates a new [`ContentDecryptionModule`].
    ///
    /// Creates a `ContentDecryptionModule` that will use the associated data
    /// store, if provided. If [`NO_DATA_STORE`] is provided for the
    /// `data_store_id`, then the created `ContentDecryptionModule` will only
    /// support [`LicenseSession`]s of [`LicenseSessionType.TEMPORARY`] type.
    /// If a `data_store_id` is provided, then the created
    /// `ContentDecryptionModule` will persist data to that data store. If the
    /// `KeySystem` requires a data store and `NO_DATA_STORE` was provided or
    /// the `KeySystem` does not support data stores and one was provided, then
    /// the server should close the `cdm`.
    ///
    /// + request `data_store_id` the data store that should be used by the
    ///   `ContentDecryptionModule`.
    /// + request `cdm` the server endpoint of the `ContentDecryptionModule`.
    [Transitional]
    CreateContentDecryptionModule2(uint32 data_store_id,
                                   request<ContentDecryptionModule> cdm);
};

table DataStoreParams {
    /// Directory into which this data store should write persistent
    /// provisioning and licenses, or their proxy. This field is required.
    1: fuchsia.io.Directory data_directory;

    /// Certificate to use for encrypting provisioning messages. This field is
    /// optional.
    2: bytes provision_server_certificate;

    /// The client endpoint of the [`ProvisioningFetcher`] to be used when this
    /// data store requires provisioning. If the DRM system requires data store
    /// provisioning, then this field is required to be set. Otherwise, it is
    /// optional.
    3: ProvisioningFetcher provisioning_fetcher;
};

// TODO(MTWN-394): Convert these protocols to services once available.

/// A service hub providing access to the ClearKey key system. This key system
/// is defined by the [`W3C Encrypted Media Extensions`]. It uses plain-text
/// keys to decrypt the source.
///
/// If the client closes the `ClearKey` channel, derived
/// `ContentDecryptionModule`s will remain active.
///
/// [`W3C Encrypted Media Extensions`]:
///   https://www.w3.org/TR/encrypted-media
[Discoverable]
protocol ClearKey {
    compose KeySystem;

    /// Creates a new [`ContentDecryptionModule`].
    ///
    /// DEPRECATED: See [`KeySystem.CreateContentDecryptionModule2`] instead.
    ///
    /// + request `cdm` the server endpoint of the `ContentDecryptionModule`.
    [Transitional, Deprecated]
    CreateContentDecryptionModule(request<ContentDecryptionModule> cdm);
};

/// A service hub providing access to the Widevine key system.
///
/// If the client closes the `Widevine` channel, derived
/// `ContentDecryptionModule`s will remain active.
[Discoverable]
protocol Widevine {
    compose KeySystem;

    /// Creates a new [`ContentDecryptionModule`].
    ///
    /// The `ContentDecryptionModule`s created will share their persistent
    /// state, but will not share active sessions.
    ///
    /// DEPRECATED: See [`KeySystem.CreateContentDecryptionModule2`] instead.
    ///
    /// + request `cdm` the server endpoint of the `ContentDecryptionModule`.
    [Transitional, Deprecated]
    CreateContentDecryptionModule(request<ContentDecryptionModule> cdm);

    /// Creates a new [`Provisioner`].
    ///
    /// There can only be one active `Provisioner` for each service instance.
    ///
    /// DEPRECATED: See [`KeySystem.AddDataStore`] instead.
    ///
    /// + request `provisioner` the server endpoint of the `Provisioner`.
    [Transitional, Deprecated]
    CreateProvisioner(request<Provisioner> provisioner);
};

/// A service hub providing access to the PlayReady key system.
///
/// If the client closes the `PlayReady` channel, derived
/// `ContentDecryptionModule`s will remain active.
[Discoverable]
protocol PlayReady {
    compose KeySystem;

    /// Creates a new [`ContentDecryptionModule`].
    ///
    /// The `ContentDecryptionModule`s created will share their persistent
    /// state, but will not share active sessions.
    ///
    /// DEPRECATED: See [`KeySystem.CreateContentDecryptionModule2`] instead.
    ///
    /// + request `cdm` the server endpoint of the `ContentDecryptionModule`.
    [Transitional, Deprecated]
    CreateContentDecryptionModule(request<ContentDecryptionModule> cdm);
};