Check for target user before trying to decrypt a file

2022-12-21 21:06:03 +01:00 · 2022-12-21 21:06:03 +01:00 · f65e8cd9eb
commit f65e8cd9eb
parent 24bae89095
2 changed files with 10 additions and 2 deletions
--- a/include/libgourou_common.h
+++ b/include/libgourou_common.h
@ -129,7 +129,8 @@ namespace gourou
 	DRM_IN_OUT_EQUALS,
 	DRM_MISSING_PARAMETER,
 	DRM_INVALID_KEY_SIZE,
-	DRM_ERR_ENCRYPTION_KEY_FP
+	DRM_ERR_ENCRYPTION_KEY_FP,
+	DRM_INVALID_USER
    };
    
    #ifndef _NOEXCEPT
--- a/src/libgourou.cpp
+++ b/src/libgourou.cpp
@ -1028,6 +1028,13 @@ namespace gourou
    {
 	unsigned char rsaKey[RSA_KEY_SIZE];
 	
+	std::string user = extractTextElem(rightsDoc, "/adept:rights/licenseToken/user");
+
+	if (this->user->getUUID() != user)
+	{
+	    EXCEPTION(DRM_INVALID_USER, "This book has been downloaded for another user (" << user << ")");
+	}
+	
 	if (!encryptionKey)
 	{
 	    std::string encryptedKey = extractTextElem(rightsDoc, "/adept:rights/licenseToken/encryptedKey");
@ -1041,7 +1048,7 @@ namespace gourou

 	    ByteArray arrayEncryptedKey = ByteArray::fromBase64(encryptedKey);

-	    std::string privateKeyData = user->getPrivateLicenseKey();
+	    std::string privateKeyData = this->user->getPrivateLicenseKey();
 	    ByteArray privateRSAKey = ByteArray::fromBase64(privateKeyData);
 	
 	    dumpBuffer(gourou::LG_LOG_DEBUG, "To decrypt : ", arrayEncryptedKey.data(), arrayEncryptedKey.length());