Beispiel #1
0
        public static async Task <object> Run([HttpTrigger(WebHookType = "genericJson")] HttpRequestMessage req, TraceWriter log)
        {
            log.Info($"AMS v2 Function - Add Authorization Policy was triggered!");

            string jsonContent = await req.Content.ReadAsStringAsync();

            if (string.IsNullOrEmpty(jsonContent))
            {
                return(req.CreateResponse(HttpStatusCode.BadRequest, new { error = "Please pass a JSON request body" }));
            }

            AuthorizationPolicyRequst data = JsonConvert.DeserializeObject <AuthorizationPolicyRequst>(jsonContent);

            // Validate input objects
            if (string.IsNullOrEmpty(data.b64Secret))
            {
                return(req.CreateResponse(HttpStatusCode.BadRequest, new { error = "Please pass a base 64 symetric secret" }));
            }

            if (string.IsNullOrEmpty(data.tokenType))
            {
                return(req.CreateResponse(HttpStatusCode.BadRequest, new { error = "Please pass the token type (SWT or JWT)" }));
            }

            if (string.IsNullOrEmpty(data.audience))
            {
                return(req.CreateResponse(HttpStatusCode.BadRequest, new { error = "Please pass the audience value" }));
            }

            if (string.IsNullOrEmpty(data.issuer))
            {
                return(req.CreateResponse(HttpStatusCode.BadRequest, new { error = "Please pass the issuer value" }));
            }

            if (data.config == null || data.config.Length < 1)
            {
                return(req.CreateResponse(HttpStatusCode.BadRequest, new { error = "Please pass the authorization option configuration" }));
            }

            IContentKeyAuthorizationPolicy result;

            try
            {
                result = GetTokenRestrictedAuthorizationPolicy(log, data);
                log.Info($"Out of auth policy code");
                if (result != null)
                {
                    log.Info($"Made auth policy");
                }
            }
            catch (Exception ex)
            {
                string message = ex.Message + ((ex.InnerException != null) ? Environment.NewLine + MediaServicesHelper.GetErrorMessage(ex) : "") + "\n" + ex.StackTrace;
                log.Info($"ERROR: Exception {message}");
                return(req.CreateResponse(HttpStatusCode.InternalServerError, new { error = message }));
            }

            return(req.CreateResponse(HttpStatusCode.OK, new
            {
                authPolicyId = result.Id,
            }));
        }
Beispiel #2
0
        private static IContentKeyAuthorizationPolicy GetTokenRestrictedAuthorizationPolicy(TraceWriter log, AuthorizationPolicyRequst request)
        {
            MediaServicesCredentials amsCredentials   = new MediaServicesCredentials();
            AzureAdTokenCredentials  tokenCredentials = new AzureAdTokenCredentials(amsCredentials.AmsAadTenantDomain,
                                                                                    new AzureAdClientSymmetricKey(amsCredentials.AmsClientId, amsCredentials.AmsClientSecret),
                                                                                    AzureEnvironments.AzureCloudEnvironment);
            AzureAdTokenProvider tokenProvider = new AzureAdTokenProvider(tokenCredentials);
            CloudMediaContext    context       = new CloudMediaContext(amsCredentials.AmsRestApiEndpoint, tokenProvider);

            byte[]       secret      = request.tokenSecret;
            TokenClaim[] tokenClaims = request.tokenClaims;
            TokenType    tokenType   = request.TokenTypeEnum;
            string       audience    = request.audience;
            string       issuer      = request.issuer;

            List <IContentKeyAuthorizationPolicyOption> authPolicyOptions = new List <IContentKeyAuthorizationPolicyOption>(request.config.Length);
            List <ContentKeyDeliveryType> delTypes = new List <ContentKeyDeliveryType>(request.config.Length);

            log.Info($"Prepared for auth policy loop on {request.config.Length} entries with: {(secret ?? new byte[0]).Length} long key; {(tokenClaims ?? new TokenClaim[0]).Length} claims; {tokenType.ToString()} {audience} {issuer}");

            // return
            foreach (AuthorizationPolicyRequestTokenConfig d in request.config)
            {
                ContentKeyDeliveryType ckdType = d.ContentKeyDeliveryType;
                delTypes.Add(ckdType);
                log.Info($"Making auth policy option! {d.ContentKeyDeliveryType.ToString()} {d.keyDeliveryConfiguration}");
                IContentKeyAuthorizationPolicyOption option = GetTokenRestrictedAuthorizationPolicyOption(context, secret, ckdType, tokenType, audience, issuer, tokenClaims, d.keyDeliveryConfiguration);
                authPolicyOptions.Add(option);
            }

            log.Info($"Making policy container");
            IContentKeyAuthorizationPolicy policy = context.ContentKeyAuthorizationPolicies.CreateAsync(string.Join(", ", delTypes.Select(x => x.ToString())) + " Authentication Policy").Result;

            foreach (IContentKeyAuthorizationPolicyOption a in authPolicyOptions)
            {
                log.Info($"Adding policy " + a.Name);
                policy.Options.Add(a);
            }

            return(policy);
        }