add more sophisticated DRM detection for EPUB

Author: chocolatkey

pkg/archive/archive_zip.go

@@ -11,15 +11,15 @@ import (
 	"path"
 	"sync"
 
-	"github.com/chocolatkey/gzran"
 	"github.com/pkg/errors"
+	"github.com/readium/zran"
 )
 
 type gozipArchiveEntry struct {
 	file          *zip.File
 	minimizeReads bool
 
-	gi gzran.Index
+	gi zran.Index
 	gm sync.Mutex
 }
 
@@ -115,7 +115,7 @@ func (e *gozipArchiveEntry) Read(start int64, end int64) ([]byte, error) {
 			// This special reader lets us restore the decompressor state at known offsets
 			// which is useful when a client has already requested previous parts of the file,
 			// such as when a web browser requests subsequent byte ranges for media playback.
-			fzr, err := gzran.NewDReader(bytes.NewReader(compressedData)) // Default interval = 1MB, same as current ZRandCutoff
+			fzr, err := zran.NewDReader(bytes.NewReader(compressedData)) // Default interval = 1MB, same as current ZRandCutoff
 			if err != nil {
 				return nil, err
 			}

pkg/parser/epub/factory.go

@@ -3,14 +3,13 @@ package epub
 import (
 	"github.com/readium/go-toolkit/pkg/internal/extensions"
 	"github.com/readium/go-toolkit/pkg/manifest"
-	"github.com/readium/go-toolkit/pkg/util/url"
 )
 
 type PublicationFactory struct {
 	FallbackTitle   string
 	PackageDocument PackageDocument
 	NavigationData  map[string]manifest.LinkList
-	EncryptionData  map[url.URL]manifest.Encryption
+	EncryptionData  map[string]manifest.Encryption
 	DisplayOptions  map[string]string
 
 	itemById       map[string]Item
@@ -193,7 +192,7 @@ func (f PublicationFactory) computePropertiesAndRels(item Item, itemref *ItemRef
 		rels = extensions.AddToSet(rels, "cover")
 	}
 
-	if edat, ok := f.EncryptionData[item.Href]; ok {
+	if edat, ok := f.EncryptionData[item.Href.Normalize().String()]; ok {
 		properties["encrypted"] = edat.ToMap() // ToMap makes it JSON-like
 	}
 

pkg/parser/epub/parser.go

@@ -9,8 +9,8 @@ import (
 	"github.com/readium/go-toolkit/pkg/fetcher"
 	"github.com/readium/go-toolkit/pkg/manifest"
 	"github.com/readium/go-toolkit/pkg/mediatype"
+	"github.com/readium/go-toolkit/pkg/protection"
 	"github.com/readium/go-toolkit/pkg/pub"
-	"github.com/readium/go-toolkit/pkg/util/url"
 )
 
 type Parser struct {
@@ -51,11 +51,27 @@ func (p Parser) Parse(ctx context.Context, asset asset.PublicationAsset, f fetch
 		return nil, errors.Wrap(err, "invalid OPF file")
 	}
 
+	// Detect the container-level DRM scheme. This is done unconditionally,
+	// not gated on the presence of META-INF/encryption.xml, because schemes
+	// like Adobe ADEPT, Barnes & Noble, Apple FairPlay and Kobo announce
+	// themselves through other well-known files (rights.xml / sinf.xml).
+	// TODO: surface the publication-level scheme on the manifest itself so
+	// consumers can detect protection even when encryption.xml is absent.
+	scheme, err := protection.IdentifyEPUBProtection(ctx, f)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed identifying EPUB protection scheme")
+	}
+
+	encryptionData, err := parseEncryptionData(ctx, f, scheme.URI())
+	if err != nil {
+		return nil, errors.Wrap(err, "failed parsing encryption data")
+	}
+
 	manifest := PublicationFactory{
 		FallbackTitle:   fallbackTitle,
 		PackageDocument: *packageDocument,
 		NavigationData:  parseNavigationData(ctx, *packageDocument, f),
-		EncryptionData:  parseEncryptionData(ctx, f),
+		EncryptionData:  encryptionData,
 		DisplayOptions:  parseDisplayOptions(ctx, f),
 	}.Create()
 
@@ -74,12 +90,16 @@ func (p Parser) Parse(ctx context.Context, asset asset.PublicationAsset, f fetch
 	return pub.NewBuilder(manifest, ffetcher, builder), nil
 }
 
-func parseEncryptionData(ctx context.Context, f fetcher.Fetcher) (ret map[url.URL]manifest.Encryption) {
-	n, err := fetcher.ReadResourceAsXML(ctx, f.Get(ctx, manifest.Link{Href: manifest.MustNewHREFFromString("META-INF/encryption.xml", false)}))
-	if err != nil {
-		return
+// parseEncryptionData parses META-INF/encryption.xml when present and stamps
+// each entry with the supplied DRM scheme URI (typically obtained by calling
+// [protection.IdentifyEPUBProtection] at a higher level). A missing
+// encryption.xml is normal and returns (nil, nil).
+func parseEncryptionData(ctx context.Context, f fetcher.Fetcher, scheme string) (map[string]manifest.Encryption, error) {
+	n, rerr := fetcher.ReadResourceAsXML(ctx, f.Get(ctx, manifest.Link{Href: manifest.MustNewHREFFromString("META-INF/encryption.xml", false)}))
+	if rerr != nil {
+		return nil, nil
 	}
-	return ParseEncryption(n)
+	return ParseEncryption(n, scheme), nil
 }
 
 func parseNavigationData(ctx context.Context, packageDocument PackageDocument, f fetcher.Fetcher) (ret map[string]manifest.LinkList) {

pkg/parser/epub/parser_encryption.go

@@ -5,59 +5,45 @@ import (
 
 	"github.com/antchfx/xmlquery"
 	"github.com/readium/go-toolkit/pkg/manifest"
-	"github.com/readium/go-toolkit/pkg/protection"
 	"github.com/readium/go-toolkit/pkg/util/url"
 )
 
 var (
 	xpEncEncData    = mustCompileNS("//enc:EncryptedData")
 	xpEncCipherData = mustCompileNS("enc:CipherData")
 	xpEncCipherRef  = mustCompileNS("enc:CipherReference")
-	xpEncKeyInfo    = mustCompileNS("ds:KeyInfo")
-	xpEncRetrieval  = mustCompileNS("ds:RetrievalMethod")
 	xpEncMethod     = mustCompileNS("enc:EncryptionMethod")
 	xpEncProps      = mustCompileNS("enc:EncryptionProperties")
 	xpEncProp       = mustCompileNS("enc:EncryptionProperty")
 	xpEncCompress   = mustCompileNS("comp:Compression")
 )
 
-func ParseEncryption(document *xmlquery.Node) (ret map[url.URL]manifest.Encryption) {
+func ParseEncryption(document *xmlquery.Node, scheme string) (ret map[string]manifest.Encryption) {
 	for _, node := range xmlquery.QuerySelectorAll(document, xpEncEncData) {
-		u, e := parseEncryptedData(node)
+		key, e := parseEncryptedData(node, scheme)
 		if e != nil {
 			if ret == nil {
-				ret = make(map[url.URL]manifest.Encryption)
+				ret = make(map[string]manifest.Encryption)
 			}
-			ret[u] = *e
+			ret[key] = *e
 		}
 	}
 	return
 }
 
-func parseEncryptedData(node *xmlquery.Node) (url.URL, *manifest.Encryption) {
+func parseEncryptedData(node *xmlquery.Node, scheme string) (string, *manifest.Encryption) {
 	cdat := xmlquery.QuerySelector(node, xpEncCipherData)
 	if cdat == nil {
-		return nil, nil
+		return "", nil
 	}
 	cipherref := xmlquery.QuerySelector(cdat, xpEncCipherRef)
 	if cipherref == nil {
-		return nil, nil
+		return "", nil
 	}
 	resourceURI := cipherref.SelectAttr("URI")
 
-	retrievalMethod := ""
-	if keyinfo := xmlquery.QuerySelector(node, xpEncKeyInfo); keyinfo != nil {
-		if r := xmlquery.QuerySelector(keyinfo, xpEncRetrieval); r != nil {
-			retrievalMethod = r.SelectAttr("URI")
-		}
-	}
-
 	ret := &manifest.Encryption{
-		// TODO: No profile? https://github.com/readium/kotlin-toolkit/blob/develop/readium/streamer/src/main/java/org/readium/r2/streamer/parser/epub/EncryptionParser.kt#L40
-	}
-
-	if retrievalMethod == "license.lcpl#/encryption/content_key" {
-		ret.Scheme = protection.SchemeLCP
+		Scheme: scheme,
 	}
 
 	if encryptionmethod := xmlquery.QuerySelector(node, xpEncMethod); encryptionmethod != nil {
@@ -74,10 +60,10 @@ func parseEncryptedData(node *xmlquery.Node) (url.URL, *manifest.Encryption) {
 
 	ru, err := url.FromEPUBHref(resourceURI)
 	if err != nil {
-		return nil, nil
+		return "", nil
 	}
 
-	return ru, ret
+	return ru.Normalize().String(), ret
 }
 
 func parseEncryptionProperties(encryptionProperties *xmlquery.Node) (int64, string) {

pkg/parser/epub/parser_encryption_test.go

@@ -6,24 +6,19 @@ import (
 
 	"github.com/readium/go-toolkit/pkg/fetcher"
 	"github.com/readium/go-toolkit/pkg/manifest"
+	"github.com/readium/go-toolkit/pkg/protection"
 	"github.com/readium/go-toolkit/pkg/util/url"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
-func loadEncryption(ctx context.Context, name string) (map[string]manifest.Encryption, error) {
+func loadEncryption(ctx context.Context, name string, scheme protection.Scheme) (map[string]manifest.Encryption, error) {
 	n, rerr := fetcher.ReadResourceAsXML(ctx, fetcher.NewFileResource(manifest.Link{}, "./testdata/encryption/encryption-"+name+".xml"))
 	if rerr != nil {
 		return nil, rerr.Cause
 	}
 
-	enc := ParseEncryption(n)
-	ret := make(map[string]manifest.Encryption)
-	for k, v := range enc {
-		ret[k.String()] = v
-	}
-
-	return ret, nil
+	return ParseEncryption(n, scheme.URI()), nil
 }
 
 var testEncMap = map[string]manifest.Encryption{
@@ -42,19 +37,19 @@ var testEncMap = map[string]manifest.Encryption{
 }
 
 func TestEncryptionParserNamespacePrefixes(t *testing.T) {
-	e, err := loadEncryption(t.Context(), "lcp-prefixes")
+	e, err := loadEncryption(t.Context(), "lcp-prefixes", protection.LCP)
 	require.NoError(t, err)
 	assert.Equal(t, testEncMap, e)
 }
 
 func TestEncryptionParserDefaultNamespaces(t *testing.T) {
-	e, err := loadEncryption(t.Context(), "lcp-xmlns")
+	e, err := loadEncryption(t.Context(), "lcp-xmlns", protection.LCP)
 	require.NoError(t, err)
 	assert.Equal(t, testEncMap, e)
 }
 
 func TestEncryptionParserUnknownRetrievalMethod(t *testing.T) {
-	e, err := loadEncryption(t.Context(), "unknown-method")
+	e, err := loadEncryption(t.Context(), "unknown-method", protection.NoDRM)
 	require.NoError(t, err)
 	assert.Equal(t, map[string]manifest.Encryption{
 		url.MustURLFromString("OEBPS/images/image.jpeg").String(): {

pkg/parser/epub/parser_test.go

@@ -0,0 +1,125 @@
+package epub
+
+import (
+	"context"
+	"errors"
+	"testing"
+
+	"github.com/readium/go-toolkit/pkg/asset"
+	"github.com/readium/go-toolkit/pkg/fetcher"
+	"github.com/readium/go-toolkit/pkg/mediatype"
+	"github.com/readium/go-toolkit/pkg/protection"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+// fakeEPUBAsset is a minimal [asset.PublicationAsset] for parser tests.
+// CreateFetcher is never invoked because the tests construct the fetcher
+// themselves and pass it to [Parser.Parse] directly.
+type fakeEPUBAsset struct{ name string }
+
+func (a fakeEPUBAsset) Name() string                                 { return a.name }
+func (a fakeEPUBAsset) MediaType(context.Context) mediatype.MediaType { return mediatype.EPUB }
+func (a fakeEPUBAsset) CreateFetcher(context.Context, asset.Dependencies, string) (fetcher.Fetcher, error) {
+	return nil, errors.New("unused in tests")
+}
+
+func openProtectionFixture(t *testing.T, file string) *fetcher.ArchiveFetcher {
+	t.Helper()
+	f, err := fetcher.NewArchiveFetcherFromPath(t.Context(), "../../protection/testdata/"+file)
+	require.NoError(t, err)
+	t.Cleanup(f.Close)
+	return f
+}
+
+// TestParserEndToEnd exercises [Parser.Parse] against every DRM fixture in
+// pkg/protection/testdata, asserting the parse succeeds and surfaces the
+// expected publication metadata. expectedScheme is the manifest.Encryption
+// scheme URI that every encrypted resource should carry — empty means either
+// no encryption.xml is present (so no resource should be tagged) or the
+// encryption is generic (no DRM scheme attached).
+func TestParserEndToEnd(t *testing.T) {
+	for _, tt := range []struct {
+		name             string
+		file             string
+		title            string
+		readingOrderSize int
+		hasEncryptionXML bool
+		expectedScheme   string
+	}{
+		{"Adobe ADEPT", "fake-adept.epub", "Fake Adept DRM", 1, false, ""},
+		{"Barnes & Noble", "fake-bn.epub", "Fake B&N DRM", 1, false, ""},
+		{"Apple FairPlay", "fake-fairplay.epub", "Fake Fairplay DRM", 1, false, ""},
+		{"Kobo", "fake-kobo.epub", "Fake Kobo DRM", 1, false, ""},
+		{"Readium LCP", "fake-lcp.epub", "The Level 999 Villager　Chapter 3", 35, true, protection.SchemeLCP},
+		{"Generic encryption (Yahoo)", "yahoo.ypub", "週刊少年マガジン 2019年8号[2019年1月23日発売]", 540, true, ""},
+	} {
+		t.Run(tt.name, func(t *testing.T) {
+			f := openProtectionFixture(t, tt.file)
+			builder, err := NewParser(nil).Parse(t.Context(), fakeEPUBAsset{name: tt.file}, f)
+			require.NoError(t, err)
+			require.NotNil(t, builder)
+
+			m := builder.Manifest
+			assert.Equal(t, tt.title, m.Metadata.Title())
+			assert.Lenf(t, m.ReadingOrder, tt.readingOrderSize,
+				"expected reading order size %d, got %d", tt.readingOrderSize, len(m.ReadingOrder))
+
+			encryptedCount := 0
+			for _, link := range append(m.ReadingOrder, m.Resources...) {
+				enc, ok := link.Properties["encrypted"].(map[string]interface{})
+				if !ok {
+					continue
+				}
+				encryptedCount++
+				if tt.expectedScheme == "" {
+					_, hasScheme := enc["scheme"]
+					assert.Falsef(t, hasScheme, "%s should not have a scheme", link.Href.String())
+				} else {
+					assert.Equalf(t, tt.expectedScheme, enc["scheme"], "scheme mismatch for %s", link.Href.String())
+				}
+			}
+			if tt.hasEncryptionXML {
+				assert.Greater(t, encryptedCount, 0, "expected at least one resource to carry encryption properties")
+			} else {
+				assert.Zero(t, encryptedCount, "no resource should carry encryption properties")
+			}
+		})
+	}
+}
+
+// TestParseEncryptionDataScheme exercises the same two-step the Parser uses:
+// [protection.IdentifyEPUBProtection] followed by parseEncryptionData, and
+// verifies the detected scheme reaches every encryption.xml entry.
+func TestParseEncryptionDataScheme(t *testing.T) {
+	for _, tt := range []struct {
+		name          string
+		file          string
+		expectScheme  string
+		expectEntries bool
+	}{
+		{"Readium LCP", "fake-lcp.epub", protection.SchemeLCP, true},
+		{"Generic encryption (Yahoo)", "yahoo.ypub", "", true},
+		// EPUBs without META-INF/encryption.xml yield no entries at all.
+		{"Adobe ADEPT (no encryption.xml)", "fake-adept.epub", "", false},
+		{"Kobo (no encryption.xml)", "fake-kobo.epub", "", false},
+	} {
+		t.Run(tt.name, func(t *testing.T) {
+			f := openProtectionFixture(t, tt.file)
+
+			scheme, err := protection.IdentifyEPUBProtection(t.Context(), f)
+			require.NoError(t, err)
+
+			enc, err := parseEncryptionData(t.Context(), f, scheme.URI())
+			require.NoError(t, err)
+			if !tt.expectEntries {
+				assert.Empty(t, enc)
+				return
+			}
+			require.NotEmpty(t, enc)
+			for u, e := range enc {
+				assert.Equalf(t, tt.expectScheme, e.Scheme, "scheme mismatch for %s", u)
+			}
+		})
+	}
+}