Inheritance: IContentKey, ICloudMediaContextInit
        public void EncryptContentKeyToCertRoundTripTest()
        {
            var cert = new X509Certificate2("UnitTest.pfx");

            var dataContextMock = new Mock<IMediaDataServiceContext>();

            string testKey = "1234567890123456";
            var fakeResponse = new string[] { Convert.ToBase64String(new System.Text.UTF8Encoding().GetBytes(testKey)) };

            dataContextMock.Setup((ctxt) => ctxt
                .Execute<string>(It.IsAny<Uri>()))
                .Returns(() =>
                {
                    return fakeResponse;
                });

            _mediaContext.MediaServicesClassFactory = new TestMediaServicesClassFactory(dataContextMock.Object);

            var contentKey = new ContentKeyData { Name = "testData", Id = "id" };
            contentKey.SetMediaContext(_mediaContext);

            byte[] encryptedKeyValue = contentKey.GetEncryptedKeyValue(cert);

            byte[] encryptedContentKey = CommonEncryption.EncryptContentKeyToCertificate(cert, encryptedKeyValue);

            byte[] decryptedContentKey = EncryptionUtils.DecryptSymmetricKey(cert, encryptedContentKey);

            Assert.IsTrue(encryptedKeyValue.SequenceEqual(decryptedContentKey));
        }
        /// <summary>
        /// Creates an envelope encryption content key.
        /// </summary>
        /// <param name="keyId">The key id.</param>
        /// <param name="contentKey">The content key data.</param>
        /// <param name="name">The name.</param>
        /// <param name="cert">The cert.</param>
        /// <returns>The content key.</returns>
        internal static ContentKeyData InitializeEnvelopeContentKey(Guid keyId, byte[] contentKey, string name, X509Certificate2 cert)
        {
            if (cert == null)
            {
                throw new ArgumentNullException("cert");
            }

            if (contentKey == null)
            {
                throw new ArgumentNullException("contentKey");
            }

            if (contentKey.Length != EncryptionUtils.KeySizeInBytesForAes128)
            {
                throw new ArgumentOutOfRangeException("contentKey", "Envelope Encryption content keys are 128-bits (16 bytes) in length.");
            }

            byte[] encryptedContentKey = EncryptionUtils.EncryptSymmetricKeyData(cert, contentKey);

            ContentKeyData contentKeyData = new ContentKeyData
            {
                Id = EncryptionUtils.GetKeyIdentifierAsString(keyId),
                EncryptedContentKey = Convert.ToBase64String(encryptedContentKey),
                ContentKeyType      = (int)ContentKeyType.EnvelopeEncryption,
                ProtectionKeyId     = cert.Thumbprint,
                ProtectionKeyType   = (int)ProtectionKeyType.X509CertificateThumbprint,
                Name     = name,
                Checksum = EncryptionUtils.CalculateChecksum(contentKey, keyId)
            };

            return(contentKeyData);
        }
Ejemplo n.º 3
0
        /// <summary>
        /// Asynchronously creates a content key with the specifies key identifier and value.
        /// </summary>
        /// <param name="keyId">The key identifier.</param>
        /// <param name="contentKey">The value of the content key.</param>
        /// <param name="name">A friendly name for the content key.</param>
        /// <param name="contentKeyType">Type of content key to create.</param>
        /// <returns>
        /// A function delegate that returns the future result to be available through the Task&lt;IContentKey&gt;.
        /// </returns>
        public override Task <IContentKey> CreateAsync(Guid keyId, byte[] contentKey, string name, ContentKeyType contentKeyType)
        {
            if ((contentKeyType != ContentKeyType.CommonEncryption) && (contentKeyType != ContentKeyType.EnvelopeEncryption))
            {
                throw new ArgumentException(StringTable.ErrorUnsupportedContentKeyType, "contentKey");
            }

            if (keyId == Guid.Empty)
            {
                throw new ArgumentException(StringTable.ErrorCreateKey_EmptyGuidNotAllowed, "keyId");
            }

            if (contentKey == null)
            {
                throw new ArgumentNullException("contentKey");
            }

            if (contentKey.Length != EncryptionUtils.KeySizeInBytesForAes128)
            {
                throw new ArgumentException(StringTable.ErrorCommonEncryptionKeySize, "contentKey");
            }

            IMediaDataServiceContext dataContext = this.MediaContext.MediaServicesClassFactory.CreateDataServiceContext();
            X509Certificate2         certToUse   = GetCertificateToEncryptContentKey(MediaContext, ContentKeyType.CommonEncryption);

            ContentKeyData contentKeyData = null;

            if (contentKeyType == ContentKeyType.CommonEncryption)
            {
                contentKeyData = InitializeCommonContentKey(keyId, contentKey, name, certToUse);
            }
            else if (contentKeyType == ContentKeyType.EnvelopeEncryption)
            {
                contentKeyData = InitializeEnvelopeContentKey(keyId, contentKey, name, certToUse);
            }

            dataContext.AddObject(ContentKeySet, contentKeyData);

            MediaRetryPolicy retryPolicy = this.MediaContext.MediaServicesClassFactory.GetSaveChangesRetryPolicy(dataContext as IRetryPolicyAdapter);

            return(retryPolicy.ExecuteAsync <IMediaDataServiceResponse>(() => dataContext.SaveChangesAsync(contentKeyData))
                   .ContinueWith <IContentKey>(
                       t =>
            {
                t.ThrowIfFaulted();

                return (ContentKeyData)t.Result.AsyncState;
            },
                       TaskContinuationOptions.ExecuteSynchronously));
        }
        /// <summary>
        /// Creates the storage content key.
        /// </summary>
        /// <param name="fileEncryption">The file encryption.</param>
        /// <param name="cert">The cert.</param>
        /// <returns>The content key.</returns>
        internal static ContentKeyData CreateStorageContentKey(FileEncryption fileEncryption, X509Certificate2 cert)
        {
            byte[] encryptedContentKey = fileEncryption.EncryptContentKeyToCertificate(cert);

            ContentKeyData contentKeyData = new ContentKeyData
            {
                Id = fileEncryption.GetKeyIdentifierAsString(),
                EncryptedContentKey = Convert.ToBase64String(encryptedContentKey),
                ContentKeyType      = (int)ContentKeyType.StorageEncryption,
                ProtectionKeyId     = cert.Thumbprint,
                ProtectionKeyType   = (int)ProtectionKeyType.X509CertificateThumbprint,
                Checksum            = fileEncryption.GetChecksum()
            };

            return(contentKeyData);
        }
        /// <summary>
        /// Creates the configuration content key.
        /// </summary>
        /// <param name="configEncryption">The config encryption.</param>
        /// <param name="cert">The cert.</param>
        /// <returns>The content key.</returns>
        internal static ContentKeyData InitializeConfigurationContentKey(ConfigurationEncryption configEncryption, X509Certificate2 cert)
        {
            byte[] encryptedContentKey = configEncryption.EncryptContentKeyToCertificate(cert);

            ContentKeyData contentKeyData = new ContentKeyData
            {
                Id = configEncryption.GetKeyIdentifierAsString(),
                EncryptedContentKey = Convert.ToBase64String(encryptedContentKey),
                ContentKeyType      = (int)ContentKeyType.ConfigurationEncryption,
                ProtectionKeyId     = cert.Thumbprint,
                ProtectionKeyType   = (int)ProtectionKeyType.X509CertificateThumbprint,
                Checksum            = configEncryption.GetChecksum()
            };

            return(contentKeyData);
        }
        /// <summary>
        /// Creates the common content key.
        /// </summary>
        /// <param name="keyId">The key id.</param>
        /// <param name="contentKey">The content key data.</param>
        /// <param name="name">The name.</param>
        /// <param name="cert">The cert.</param>
        /// <returns>The content key.</returns>
        internal static ContentKeyData CreateCommonContentKey(Guid keyId, byte[] contentKey, string name, X509Certificate2 cert)
        {
            byte[] encryptedContentKey = CommonEncryption.EncryptContentKeyToCertificate(cert, contentKey);

            ContentKeyData contentKeyData = new ContentKeyData
            {
                Id = EncryptionUtils.GetKeyIdentifierAsString(keyId),
                EncryptedContentKey = Convert.ToBase64String(encryptedContentKey),
                ContentKeyType      = (int)ContentKeyType.CommonEncryption,
                ProtectionKeyId     = cert.Thumbprint,
                ProtectionKeyType   = (int)ProtectionKeyType.X509CertificateThumbprint,
                Name     = name,
                Checksum = EncryptionUtils.CalculateChecksum(contentKey, keyId)
            };

            return(contentKeyData);
        }
Ejemplo n.º 7
0
        private static ContentKeyData CreateStorageContentKey(AssetData tempAsset, NullableFileEncryption fileEncryption, DataServiceContext dataContext)
        {
            // Create the content key.
            fileEncryption.Init();

            // Encrypt it for delivery to Nimbus.
            X509Certificate2 certToUse      = ContentKeyCollection.GetCertificateToEncryptContentKey(dataContext, ContentKeyType.StorageEncryption);
            ContentKeyData   contentKeyData = ContentKeyBaseCollection.CreateStorageContentKey(fileEncryption.FileEncryption, certToUse);

            dataContext.AddObject(ContentKeyCollection.ContentKeySet, contentKeyData);
            dataContext.SaveChanges();

            // Associate it with the asset.
            ((IAsset)tempAsset).ContentKeys.Add(contentKeyData);

            return(contentKeyData);
        }
Ejemplo n.º 8
0
        /// <summary>
        /// Creates FairPlay Pfx Password.
        /// </summary>
        /// <param name="keyId">The key id.</param>
        /// <param name="contentKey">The content key data.</param>
        /// <param name="name">The name.</param>
        /// <param name="cert">The cert.</param>
        /// <returns>The content key.</returns>
        internal static ContentKeyData InitializeFairPlayPfxPassword(Guid keyId, byte[] contentKey, string name, X509Certificate2 cert)
        {
            RSACryptoServiceProvider rsaPublicKey = cert.PublicKey.Key as RSACryptoServiceProvider;

            RSAOAEPKeyExchangeFormatter keyFormatter = new RSAOAEPKeyExchangeFormatter(rsaPublicKey);

            byte[] encryptedContentKey = keyFormatter.CreateKeyExchange(contentKey);

            ContentKeyData contentKeyData = new ContentKeyData
            {
                Id = EncryptionUtils.GetKeyIdentifierAsString(keyId),
                EncryptedContentKey = Convert.ToBase64String(encryptedContentKey),
                ContentKeyType      = (int)ContentKeyType.FairPlayPfxPassword,
                ProtectionKeyId     = cert.Thumbprint,
                ProtectionKeyType   = (int)ProtectionKeyType.X509CertificateThumbprint,
                Name = name,
            };

            return(contentKeyData);
        }
        private ContentKeyData CreateStorageContentKey(AssetData tempAsset, NullableFileEncryption fileEncryption, IMediaDataServiceContext dataContext)
        {
            // Create the content key.
            fileEncryption.Init();

            // Encrypt it for delivery to Nimbus.
            X509Certificate2 certToUse      = ContentKeyCollection.GetCertificateToEncryptContentKey(MediaContext, ContentKeyType.StorageEncryption);
            ContentKeyData   contentKeyData = ContentKeyBaseCollection.InitializeStorageContentKey(fileEncryption.FileEncryption, certToUse);

            dataContext.AddObject(ContentKeyBaseCollection.ContentKeySet, contentKeyData);

            MediaRetryPolicy retryPolicy = this.MediaContext.MediaServicesClassFactory.GetSaveChangesRetryPolicy(dataContext as IRetryPolicyAdapter);

            retryPolicy.ExecuteAction <IMediaDataServiceResponse>(() => dataContext.SaveChanges());

            // Associate it with the asset.
            ((IAsset)tempAsset).ContentKeys.Add(contentKeyData);

            return(contentKeyData);
        }
        private void ProtectTaskConfiguration(TaskTemplateData taskTemplate, ref X509Certificate2 certToUse, IMediaDataServiceContext dataContext)
        {
            using (ConfigurationEncryption configEncryption = new ConfigurationEncryption())
            {
                // Update the task template with the required data.
                taskTemplate.Configuration        = configEncryption.Encrypt(taskTemplate.Configuration);
                taskTemplate.EncryptionKeyId      = configEncryption.GetKeyIdentifierAsString();
                taskTemplate.EncryptionScheme     = ConfigurationEncryption.SchemeName;
                taskTemplate.EncryptionVersion    = ConfigurationEncryption.SchemeVersion;
                taskTemplate.InitializationVector = configEncryption.GetInitializationVectorAsString();

                if (certToUse == null)
                {
                    // Get the certificate to use to encrypt the configuration encryption key.
                    certToUse = ContentKeyBaseCollection.GetCertificateToEncryptContentKey(GetMediaContext(), ContentKeyType.ConfigurationEncryption);
                }

                // Create a content key object to hold the encryption key.
                ContentKeyData contentKeyData = ContentKeyBaseCollection.InitializeConfigurationContentKey(configEncryption, certToUse);
                dataContext.AddObject(ContentKeyBaseCollection.ContentKeySet, contentKeyData);
            }
        }
Ejemplo n.º 11
0
        /// <summary>
        /// Asynchronously creates a content key with the specifies key identifier and value.
        /// </summary>
        /// <param name="keyId">The key identifier.</param>
        /// <param name="contentKey">The value of the content key.</param>
        /// <param name="name">A friendly name for the content key.</param>
        /// <returns>
        /// A function delegate that returns the future result to be available through the Task&lt;IContentKey&gt;.
        /// </returns>
        public override Task <IContentKey> CreateAsync(Guid keyId, byte[] contentKey, string name)
        {
            if (keyId == Guid.Empty)
            {
                throw new ArgumentException(StringTable.ErrorCreateKey_EmptyGuidNotAllowed, "keyId");
            }

            if (contentKey == null)
            {
                throw new ArgumentNullException("contentKey");
            }

            if (contentKey.Length != EncryptionUtils.KeySizeInBytesForAes128)
            {
                throw new ArgumentException(StringTable.ErrorCommonEncryptionKeySize, "contentKey");
            }

            DataServiceContext dataContext    = this._cloudMediaContext.DataContextFactory.CreateDataServiceContext();
            X509Certificate2   certToUse      = ContentKeyBaseCollection.GetCertificateToEncryptContentKey(dataContext, ContentKeyType.CommonEncryption);
            ContentKeyData     contentKeyData = CreateCommonContentKey(keyId, contentKey, name, certToUse);

            contentKeyData.InitCloudMediaContext(this._cloudMediaContext);

            dataContext.AddObject(ContentKeySet, contentKeyData);

            return(dataContext
                   .SaveChangesAsync(contentKeyData)
                   .ContinueWith <IContentKey>(
                       t =>
            {
                t.ThrowIfFaulted();

                return (ContentKeyData)t.AsyncState;
            },
                       TaskContinuationOptions.ExecuteSynchronously));
        }