private void DoDynamicEncryptionAndKeyDeliveryWithPlayReady(List<IAsset> SelectedAssets, AddDynamicEncryptionFrame1 form1, AddDynamicEncryptionFrame2_PlayReadyKeyConfig form2_PlayReady, List<AddDynamicEncryptionFrame3> form3list, List<AddDynamicEncryptionFrame4_PlayReadyLicense> form4PlayReadyLicenseList, bool DisplayUI)
{
bool ErrorCreationKey = false;
bool reusekey = false;
bool firstkeycreation = true;
IContentKey formerkey = null;
if (!form2_PlayReady.ContentKeyRandomGeneration) // user want to manually enter the key and did not provide a seed
{
// if the key already exists in the account (same key id), let's
formerkey = SelectedAssets.FirstOrDefault().GetMediaContext().ContentKeys.Where(c => c.Id == Constants.ContentKeyIdPrefix + form2_PlayReady.PlayReadyKeyId.ToString()).FirstOrDefault();
if (formerkey != null)
{
if (DisplayUI && MessageBox.Show("A Content key with the same Key Id exists already in the account.\nDo you want to try to replace it?\n(If not, the existing key will be used)", "Content key Id", MessageBoxButtons.YesNo, MessageBoxIcon.Question) == DialogResult.Yes)
{
// user wants to replace the key
try
{
formerkey.Delete();
}
catch (Exception e)
{
// Add useful information to the exception
TextBoxLogWriteLine("There is a problem when deleting the content key {0}.", formerkey.Id, true);
TextBoxLogWriteLine(e);
TextBoxLogWriteLine("The former key will be reused.", true);
reusekey = true;
}
}
else
{
reusekey = true;
}
}
}
foreach (IAsset AssetToProcess in SelectedAssets)
{
if (AssetToProcess != null)
{
IContentKey contentKey = null;
var contentkeys = AssetToProcess.ContentKeys.Where(c => c.ContentKeyType == form1.GetContentKeyType);
// special case, no dynamic encryption, goal is to setup key auth policy. CENC key is selected
if (contentkeys.Count() == 0) // no content key existing so we need to create one
{
ErrorCreationKey = false;
if (form1.GetNumberOfAuthorizationPolicyOptions > 0 && (form2_PlayReady.ContentKeyRandomGeneration)) // Azure will deliver the license and user want to auto generate the key, so we can create a key with a random content key
{
try
{
contentKey = DynamicEncryption.CreateCommonTypeContentKey(AssetToProcess, _context);
}
catch (Exception e)
{
// Add useful information to the exception
TextBoxLogWriteLine("There is a problem when creating the content key for '{0}'.", AssetToProcess.Name, true);
TextBoxLogWriteLine(e);
ErrorCreationKey = true;
}
if (!ErrorCreationKey)
{
TextBoxLogWriteLine("Created key {0} for asset '{1}'.", contentKey.Id, AssetToProcess.Name);
}
}
else // user wants to deliver with an external PlayReady server or want to provide the key, so let's create the key based on what the user input
{
// if the key does not exist in the account (same key id), let's
if (firstkeycreation && !reusekey)
{
if (!string.IsNullOrEmpty(form2_PlayReady.PlayReadyKeySeed)) // seed has been given
{
Guid keyid = (form2_PlayReady.PlayReadyKeyId == null) ? Guid.NewGuid() : (Guid)form2_PlayReady.PlayReadyKeyId;
byte[] bytecontentkey = CommonEncryption.GeneratePlayReadyContentKey(Convert.FromBase64String(form2_PlayReady.PlayReadyKeySeed), keyid);
try
{
contentKey = DynamicEncryption.CreateCommonTypeContentKey(AssetToProcess, _context, keyid, bytecontentkey);
}
catch (Exception e)
{
// Add useful information to the exception
TextBoxLogWriteLine("There is a problem when creating the content key for '{0}'.", AssetToProcess.Name, true);
TextBoxLogWriteLine(e);
ErrorCreationKey = true;
}
if (!ErrorCreationKey)
{
TextBoxLogWriteLine("Created key {0} for the asset {1} ", contentKey.Id, AssetToProcess.Name);
}
}
else // no seed given, so content key has been setup
{
try
{
contentKey = DynamicEncryption.CreateCommonTypeContentKey(AssetToProcess, _context, (Guid)form2_PlayReady.PlayReadyKeyId, Convert.FromBase64String(form2_PlayReady.PlayReadyContentKey));
}
catch (Exception e)
{
// Add useful information to the exception
TextBoxLogWriteLine("There is a problem when creating the content key for asset '{0}'.", AssetToProcess.Name, true);
TextBoxLogWriteLine(e);
ErrorCreationKey = true;
}
if (!ErrorCreationKey)
{
TextBoxLogWriteLine("Created key {0} for asset '{1}'.", contentKey.Id, AssetToProcess.Name);
}
}
formerkey = contentKey;
firstkeycreation = false;
}
else
{
contentKey = formerkey;
AssetToProcess.ContentKeys.Add(contentKey);
AssetToProcess.Update();
TextBoxLogWriteLine("Reusing key {0} for the asset {1} ", contentKey.Id, AssetToProcess.Name);
}
}
}
else if (form1.GetNumberOfAuthorizationPolicyOptions == 0) // user wants to deliver with an external PlayReady server but the key exists already !
{
TextBoxLogWriteLine("Warning for asset '{0}'. A CENC key already exists. You need to make sure that your external PlayReady server can deliver the license for this asset.", AssetToProcess.Name, true);
}
else // let's use existing content key
{
contentKey = contentkeys.FirstOrDefault();
TextBoxLogWriteLine("Existing key '{0}' will be used for asset '{1}'.", contentKey.Id, AssetToProcess.Name);
}
if (form1.GetNumberOfAuthorizationPolicyOptions > 0) // PlayReady license and delivery from Azure Media Services
{
// let's create the Authorization Policy
IContentKeyAuthorizationPolicy contentKeyAuthorizationPolicy = _context.
ContentKeyAuthorizationPolicies.
CreateAsync("My Authorization Policy").Result;
// Associate the content key authorization policy with the content key.
contentKey.AuthorizationPolicyId = contentKeyAuthorizationPolicy.Id;
contentKey = contentKey.UpdateAsync().Result;
foreach (var form3 in form3list)
{
// let's build the PlayReady license template
string PlayReadyLicenseDeliveryConfig = null;
ErrorCreationKey = false;
try
{
PlayReadyLicenseDeliveryConfig = form4PlayReadyLicenseList[form3list.IndexOf(form3)].GetLicenseTemplate;
// PlayReadyLicenseDeliveryConfig = DynamicEncryption.ConfigurePlayReadyLicenseTemplate(form4PlayReadyLicenseList[form3list.IndexOf(form3)].GetLicenseTemplate);
}
catch (Exception e)
{
// Add useful information to the exception
TextBoxLogWriteLine("There is a problem when configuring the PlayReady license template.", true);
TextBoxLogWriteLine(e);
ErrorCreationKey = true;
}
if (!ErrorCreationKey)
{
IContentKeyAuthorizationPolicyOption policyOption = null;
try
{
switch (form3.GetKeyRestrictionType)
{
case ContentKeyRestrictionType.Open:
policyOption = DynamicEncryption.AddOpenAuthorizationPolicyOption(contentKey, ContentKeyDeliveryType.PlayReadyLicense, PlayReadyLicenseDeliveryConfig, _context);
TextBoxLogWriteLine("Created Open authorization policy for the asset {0} ", contentKey.Id, AssetToProcess.Name);
contentKeyAuthorizationPolicy.Options.Add(policyOption);
break;
case ContentKeyRestrictionType.TokenRestricted:
TokenVerificationKey mytokenverifkey = null;
string OpenIdDoc = null;
switch (form3.GetDetailedTokenType)
{
case ExplorerTokenType.SWT:
case ExplorerTokenType.JWTSym:
mytokenverifkey = new SymmetricVerificationKey(Convert.FromBase64String(form3.SymmetricKey));
break;
case ExplorerTokenType.JWTOpenID:
OpenIdDoc = form3.GetOpenIdDiscoveryDocument;
break;
case ExplorerTokenType.JWTX509:
mytokenverifkey = new X509CertTokenVerificationKey(form3.GetX509Certificate);
break;
}
policyOption = DynamicEncryption.AddTokenRestrictedAuthorizationPolicyPlayReady(contentKey, form3.GetAudience, form3.GetIssuer, form3.GetTokenRequiredClaims, form3.AddContentKeyIdentifierClaim, form3.GetTokenType, form3.GetDetailedTokenType, mytokenverifkey, _context, PlayReadyLicenseDeliveryConfig, OpenIdDoc);
TextBoxLogWriteLine("Created Token CENC authorization policy for the asset {0} ", contentKey.Id, AssetToProcess.Name);
contentKeyAuthorizationPolicy.Options.Add(policyOption);
if (form3.GetDetailedTokenType != ExplorerTokenType.JWTOpenID) // not possible to create a test token if OpenId is used
{
// let display a test token
X509SigningCredentials signingcred = null;
if (form3.GetDetailedTokenType == ExplorerTokenType.JWTX509)
{
signingcred = new X509SigningCredentials(form3.GetX509Certificate);
}
_context = Program.ConnectAndGetNewContext(_credentials); // otherwise cache issues with multiple options
DynamicEncryption.TokenResult testToken = DynamicEncryption.GetTestToken(AssetToProcess, _context, form1.GetContentKeyType, signingcred, policyOption.Id);
TextBoxLogWriteLine("The authorization test token for option #{0} ({1} with Bearer) is:\n{2}", form3list.IndexOf(form3), form3.GetTokenType.ToString(), Constants.Bearer + testToken.TokenString);
System.Windows.Forms.Clipboard.SetText(Constants.Bearer + testToken.TokenString);
}
break;
default:
break;
}
}
catch (Exception e)
{
// Add useful information to the exception
TextBoxLogWriteLine("There is a problem when creating the authorization policy for '{0}'.", AssetToProcess.Name, true);
TextBoxLogWriteLine(e);
ErrorCreationKey = true;
}
}
}
contentKeyAuthorizationPolicy.Update();
}
// Let's create the Asset Delivery Policy now
if (form1.GetDeliveryPolicyType != AssetDeliveryPolicyType.None)
{
IAssetDeliveryPolicy DelPol = null;
string name = string.Format("AssetDeliveryPolicy {0} ({1})", form1.GetContentKeyType.ToString(), form1.GetAssetDeliveryProtocol.ToString());
ErrorCreationKey = false;
try
{
if (form1.GetNumberOfAuthorizationPolicyOptions > 0) // Licenses delivered by Azure Media Services
{
DelPol = DynamicEncryption.CreateAssetDeliveryPolicyCENC(AssetToProcess, contentKey, form1.GetAssetDeliveryProtocol, name, _context, null, false, form2_PlayReady.PlayReadyCustomAttributes);
}
else // Licenses NOT delivered by Azure Media Services but by a third party server
{
DelPol = DynamicEncryption.CreateAssetDeliveryPolicyCENC(AssetToProcess, contentKey, form1.GetAssetDeliveryProtocol, name, _context, new Uri(form2_PlayReady.PlayReadyLAurl), form2_PlayReady.PlayReadyLAurlEncodeForSL, form2_PlayReady.PlayReadyCustomAttributes);
}
TextBoxLogWriteLine("Created asset delivery policy '{0}' for asset '{1}'.", DelPol.AssetDeliveryPolicyType, AssetToProcess.Name);
}
catch (Exception e)
{
TextBoxLogWriteLine("There is a problem when creating the delivery policy for '{0}'.", AssetToProcess.Name, true);
TextBoxLogWriteLine(e);
ErrorCreationKey = true;
}
}
}
}
}
private bool SetupDynamicEncryption(List<IAsset> SelectedAssets, bool forceusertoprovidekey)
{
string labelAssetName;
bool oktoproceed = false;
if (SelectedAssets.Count > 0)
{
labelAssetName = "Dynamic encryption will be applied for Asset '" + SelectedAssets.FirstOrDefault().Name + "'.";
if (SelectedAssets.Count > 1)
{
labelAssetName = "Dynamic encryption will applied to the " + SelectedAssets.Count.ToString() + " selected assets.";
}
AddDynamicEncryptionFrame1 form1 = new AddDynamicEncryptionFrame1(_context);
if (form1.ShowDialog() == DialogResult.OK)
{
switch (form1.GetDeliveryPolicyType)
{
///////////////////////////////////////////// CENC Dynamic Encryption
case AssetDeliveryPolicyType.DynamicCommonEncryption:
case AssetDeliveryPolicyType.None: // in that case, user want to configure license delivery on an asset already encrypted
bool NeedToDisplayPlayReadyLicense = form1.GetNumberOfAuthorizationPolicyOptions > 0;
AddDynamicEncryptionFrame2_PlayReadyKeyConfig form2_PlayReady = new AddDynamicEncryptionFrame2_PlayReadyKeyConfig(
SelectedAssets.Count > 1, form1.GetNumberOfAuthorizationPolicyOptions > 0, forceusertoprovidekey || (form1.GetNumberOfAuthorizationPolicyOptions == 0), !NeedToDisplayPlayReadyLicense) { Left = form1.Left, Top = form1.Top };
if (form2_PlayReady.ShowDialog() == DialogResult.OK)
{
List<AddDynamicEncryptionFrame3> form3list = new List<AddDynamicEncryptionFrame3>();
List<AddDynamicEncryptionFrame4_PlayReadyLicense> form4list = new List<AddDynamicEncryptionFrame4_PlayReadyLicense>();
bool usercancelledform3or4 = false;
int step = 3;
string tokensymmetrickey = null;
for (int i = 0; i < form1.GetNumberOfAuthorizationPolicyOptions; i++)
{
AddDynamicEncryptionFrame3 form3 = new AddDynamicEncryptionFrame3(_context, step, i + 1, tokensymmetrickey, !NeedToDisplayPlayReadyLicense) { Left = form2_PlayReady.Left, Top = form2_PlayReady.Top };
if (form3.ShowDialog() == DialogResult.OK)
{
step++;
form3list.Add(form3);
tokensymmetrickey = form3.SymmetricKey;
AddDynamicEncryptionFrame4_PlayReadyLicense form4_PlayReadyLicense = new AddDynamicEncryptionFrame4_PlayReadyLicense(step, i + 1, i == (form1.GetNumberOfAuthorizationPolicyOptions - 1)) { Left = form3.Left, Top = form3.Top };
if (NeedToDisplayPlayReadyLicense) // it's a PlayReady license and user wants to deliver the license from Azure Media Services
{
step++;
if (form4_PlayReadyLicense.ShowDialog() == DialogResult.OK) // let's display the dialog box to configure the playready license
{
form4list.Add(form4_PlayReadyLicense);
}
else
{
usercancelledform3or4 = true;
}
}
}
else
{
usercancelledform3or4 = true;
}
}
if (!usercancelledform3or4)
{
DoDynamicEncryptionAndKeyDeliveryWithPlayReady(SelectedAssets, form1, form2_PlayReady, form3list, form4list, true);
oktoproceed = true;
dataGridViewAssetsV.AnalyzeItemsInBackground();
}
}
break;
///////////////////////////////////////////// AES Dynamic Encryption
case AssetDeliveryPolicyType.DynamicEnvelopeEncryption:
AddDynamicEncryptionFrame2_AESKeyConfig form2_AES = new AddDynamicEncryptionFrame2_AESKeyConfig(forceusertoprovidekey) { Left = form1.Left, Top = form1.Top };
if (form2_AES.ShowDialog() == DialogResult.OK)
{
List<AddDynamicEncryptionFrame3> form3list = new List<AddDynamicEncryptionFrame3>();
bool usercancelledform3 = false;
string tokensymmetrickey = null;
for (int i = 0; i < form1.GetNumberOfAuthorizationPolicyOptions; i++)
{
AddDynamicEncryptionFrame3 form3 = new AddDynamicEncryptionFrame3(_context, i + 3, i + 1, tokensymmetrickey, true) { Left = form2_AES.Left, Top = form2_AES.Top };
if (form3.ShowDialog() == DialogResult.OK)
{
form3list.Add(form3);
tokensymmetrickey = form3.SymmetricKey;
}
else
{
usercancelledform3 = true;
}
}
if (!usercancelledform3)
{
DoDynamicEncryptionWithAES(SelectedAssets, form1, form2_AES, form3list);
oktoproceed = true;
dataGridViewAssetsV.AnalyzeItemsInBackground();
}
}
break;
///////////////////////////////////////////// Decrypt storage protected content
case AssetDeliveryPolicyType.NoDynamicEncryption:
AddDynDecryption(SelectedAssets, form1, _context);
oktoproceed = true;
dataGridViewAssetsV.AnalyzeItemsInBackground();
break;
default:
break;
}
}
}
return oktoproceed;
}
