static public void CreateAssetDeliveryPolicyCencCbcs(IAsset asset, IContentKey key) { var kdPolicy = _context.ContentKeyAuthorizationPolicies.Where(p => p.Id == key.AuthorizationPolicyId).Single(); var kdOption = kdPolicy.Options.Single(o => o.KeyDeliveryType == ContentKeyDeliveryType.FairPlay); FairPlayConfiguration configFP = JsonConvert.DeserializeObject <FairPlayConfiguration>(kdOption.KeyDeliveryConfiguration); // Get the FairPlay license service URL. Uri acquisitionUrl = key.GetKeyDeliveryUrl(ContentKeyDeliveryType.FairPlay); // The reason the below code replaces "https://" with "skd://" is because // in the IOS player sample code which you obtained in Apple developer account, // the player only recognizes a Key URL that starts with skd://. // However, if you are using a customized player, // you can choose whatever protocol you want. // For example, "https". Dictionary <AssetDeliveryPolicyConfigurationKey, string> assetDeliveryPolicyConfiguration = new Dictionary <AssetDeliveryPolicyConfigurationKey, string> { { AssetDeliveryPolicyConfigurationKey.FairPlayLicenseAcquisitionUrl, acquisitionUrl.ToString().Replace("https://", "skd://") }, { AssetDeliveryPolicyConfigurationKey.CommonEncryptionIVForCbcs, configFP.ContentEncryptionIV } }; var assetDeliveryPolicy = _context.AssetDeliveryPolicies.Create( "AssetDeliveryPolicy CommonEncryptionCbcs (HLS)", AssetDeliveryPolicyType.DynamicCommonEncryptionCbcs, AssetDeliveryProtocol.HLS, assetDeliveryPolicyConfiguration); // Add AssetDelivery Policy to the asset asset.DeliveryPolicies.Add(assetDeliveryPolicy); }
private static void CreateFairPlayAssetDeliveryPolicy(IAsset asset, IContentKey key) { var kdPolicy = _context.ContentKeyAuthorizationPolicies.Where(p => p.Id == key.AuthorizationPolicyId).Single(); var kdOption = kdPolicy.Options.Single(o => o.KeyDeliveryType == ContentKeyDeliveryType.FairPlay); FairPlayConfiguration configFP = JsonConvert.DeserializeObject <FairPlayConfiguration>(kdOption.KeyDeliveryConfiguration); // Get the FairPlay license service URL. Uri acquisitionUrl = key.GetKeyDeliveryUrl(ContentKeyDeliveryType.FairPlay); Dictionary <AssetDeliveryPolicyConfigurationKey, string> assetDeliveryPolicyConfiguration = new Dictionary <AssetDeliveryPolicyConfigurationKey, string> { { AssetDeliveryPolicyConfigurationKey.FairPlayLicenseAcquisitionUrl, acquisitionUrl.ToString() }, { AssetDeliveryPolicyConfigurationKey.CommonEncryptionIVForCbcs, configFP.ContentEncryptionIV } }; var assetDeliveryPolicy = _context.AssetDeliveryPolicies.Create( "FairPlay AssetDeliveryPolicy", AssetDeliveryPolicyType.DynamicCommonEncryptionCbcs, AssetDeliveryProtocol.HLS, assetDeliveryPolicyConfiguration); // Add AssetDelivery Policy to the asset asset.DeliveryPolicies.Add(assetDeliveryPolicy); }
public void TestFairPlayConfigurationSerialization() { var cert = new X509Certificate2("UnitTest.pfx", "", X509KeyStorageFlags.Exportable); string password = ""; var passwordId = Guid.NewGuid(); var askId = Guid.NewGuid(); var iv = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 }; string configuration = FairPlayConfiguration.CreateSerializedFairPlayOptionConfiguration( cert, password, passwordId, askId, iv); var result = JsonConvert.DeserializeObject <FairPlayConfiguration>(configuration); Assert.AreEqual(passwordId, result.FairPlayPfxPasswordId); Assert.AreEqual(askId, result.ASkId); Assert.AreEqual("0102030405060708090A0B0C0D0E0F10", result.ContentEncryptionIV); var cert2 = new X509Certificate2(Convert.FromBase64String(result.FairPlayPfx)); Assert.AreEqual(cert.Thumbprint, cert2.Thumbprint); }
private static Dictionary <AssetDeliveryPolicyConfigurationKey, String> CreateDeliveryPolicyConfiguration(List <string> assetDeliveryPolicyContentProtectionNames, IContentKeyAuthorizationPolicyOption fairplayPolicyOpiton) { Dictionary <AssetDeliveryPolicyConfigurationKey, String> configKeys = new Dictionary <AssetDeliveryPolicyConfigurationKey, String>(); foreach (var c in assetDeliveryPolicyContentProtectionNames) { MediaServicesHelper.AssetDeliveryContentProtection cp = MediaServicesHelper.AMSAssetDeliveryContentProtection[c]; switch (cp) { case MediaServicesHelper.AssetDeliveryContentProtection.AESClearKey: // Get the Key Delivery Base Url by removing the Query parameter. // The Dynamic Encryption service will automatically add the correct key identifier to the url // when it generates the Envelope encrypted content manifest. Omitting the IV will also cause // the Dynamice Encryption service to generate a deterministic IV for the content automatically. // By using the EnvelopeBaseKeyAcquisitionUrl and omitting the IV, this allows the AssetDelivery // policy to be reused by more than one asset. IContentKey dummyKey1 = CreateDummyContentKey(ContentKeyType.EnvelopeEncryption); Uri aesKeyAcquisitionUri = dummyKey1.GetKeyDeliveryUrl(ContentKeyDeliveryType.BaselineHttp); UriBuilder uriBuilder1 = new UriBuilder(aesKeyAcquisitionUri); uriBuilder1.Query = String.Empty; aesKeyAcquisitionUri = uriBuilder1.Uri; // The following policy configuration specifies: // key url that will have KID=<Guid> appended to the envelope and // the Initialization Vector (IV) to use for the envelope encryption. configKeys.Add(AssetDeliveryPolicyConfigurationKey.EnvelopeBaseKeyAcquisitionUrl, aesKeyAcquisitionUri.ToString()); dummyKey1.Delete(); break; case MediaServicesHelper.AssetDeliveryContentProtection.PlayReady: IContentKey dummyKey2 = CreateDummyContentKey(ContentKeyType.CommonEncryption); Uri playreadyKeyAcquisitionUrl = dummyKey2.GetKeyDeliveryUrl(ContentKeyDeliveryType.PlayReadyLicense); configKeys.Add(AssetDeliveryPolicyConfigurationKey.PlayReadyLicenseAcquisitionUrl, playreadyKeyAcquisitionUrl.ToString()); dummyKey2.Delete(); break; case MediaServicesHelper.AssetDeliveryContentProtection.Widevine: IContentKey dummyKey3 = CreateDummyContentKey(ContentKeyType.CommonEncryption); Uri widevineKeyAcquisitionUrl = dummyKey3.GetKeyDeliveryUrl(ContentKeyDeliveryType.Widevine); UriBuilder uriBuilder3 = new UriBuilder(widevineKeyAcquisitionUrl); uriBuilder3.Query = String.Empty; widevineKeyAcquisitionUrl = uriBuilder3.Uri; configKeys.Add(AssetDeliveryPolicyConfigurationKey.WidevineLicenseAcquisitionUrl, widevineKeyAcquisitionUrl.ToString()); dummyKey3.Delete(); break; case MediaServicesHelper.AssetDeliveryContentProtection.FairPlay: IContentKey dummyKey4 = CreateDummyContentKey(ContentKeyType.CommonEncryption); Uri fairplayKeyAcquisitionUrl = dummyKey4.GetKeyDeliveryUrl(ContentKeyDeliveryType.FairPlay); configKeys.Add(AssetDeliveryPolicyConfigurationKey.FairPlayLicenseAcquisitionUrl, fairplayKeyAcquisitionUrl.ToString().Replace("https://", "skd://")); dummyKey4.Delete(); FairPlayConfiguration fairplayConfig = JsonConvert.DeserializeObject <FairPlayConfiguration>(fairplayPolicyOpiton.KeyDeliveryConfiguration); configKeys.Add(AssetDeliveryPolicyConfigurationKey.CommonEncryptionIVForCbcs, fairplayConfig.ContentEncryptionIV); break; } } return(configKeys); }
public void TestCreateFairPlayAuthorizationPolicy() { Guid keyId = Guid.NewGuid(); byte[] contentKey = Guid.NewGuid().ToByteArray(); IContentKey key = _mediaContext.ContentKeys.Create(keyId, contentKey, "testKey", ContentKeyType.CommonEncryptionCbcs); byte[] askBytes = Guid.NewGuid().ToByteArray(); var askId = Guid.NewGuid(); IContentKey askKey = _mediaContext.ContentKeys.Create(askId, askBytes, "askKey", ContentKeyType.FairPlayASk); string pfxPassword = "******"; var pfxPasswordId = Guid.NewGuid(); byte[] pfxPasswordBytes = System.Text.Encoding.UTF8.GetBytes(pfxPassword); IContentKey pfxPasswordKey = _mediaContext.ContentKeys.Create(pfxPasswordId, pfxPasswordBytes, "pfxPasswordKey", ContentKeyType.FairPlayPfxPassword); byte[] iv = Guid.NewGuid().ToByteArray(); var restrictions = new List <ContentKeyAuthorizationPolicyRestriction> { new ContentKeyAuthorizationPolicyRestriction { Name = "Open", KeyRestrictionType = (int)ContentKeyRestrictionType.Open, Requirements = null } }; var appCert = new X509Certificate2("amscer.pfx", pfxPassword, X509KeyStorageFlags.Exportable); string configuration = FairPlayConfiguration.CreateSerializedFairPlayOptionConfiguration( appCert, pfxPassword, pfxPasswordId, askId, iv); var policyOption = _mediaContext.ContentKeyAuthorizationPolicyOptions.Create( "fairPlayTest", ContentKeyDeliveryType.FairPlay, restrictions, configuration); var contentKeyAuthorizationPolicy = _mediaContext.ContentKeyAuthorizationPolicies.CreateAsync("Key no restrictions").Result; contentKeyAuthorizationPolicy.Options.Add(policyOption); key.AuthorizationPolicyId = contentKeyAuthorizationPolicy.Id; key = key.UpdateAsync().Result; key.Delete(); pfxPasswordKey.Delete(); askKey.Delete(); contentKeyAuthorizationPolicy.Delete(); }
private static IAssetDeliveryPolicy CreateAssetDeliveryPolicy(IAsset asset, IContentKey key) { var policy = asset.DeliveryPolicies .Where(p => p.AssetDeliveryProtocol == AssetDeliveryProtocol.HLS) .SingleOrDefault(); if (policy != null) { policy.Delete(); } Uri keyUrl = key.GetKeyDeliveryUrl(ContentKeyDeliveryType.FairPlay); var configuration = new Dictionary <AssetDeliveryPolicyConfigurationKey, string>(); AssetDeliveryPolicyType policyType; var kdUrl = keyUrl.ToString().Replace("https://", "skd://"); configuration.Add(AssetDeliveryPolicyConfigurationKey.FairPlayLicenseAcquisitionUrl, kdUrl); var kdPolicy = _mediaContext.ContentKeyAuthorizationPolicies.Where(p => p.Id == key.AuthorizationPolicyId).Single(); var kdOption = kdPolicy.Options.Single(o => o.KeyDeliveryType == ContentKeyDeliveryType.FairPlay); FairPlayConfiguration configFP = JsonConvert.DeserializeObject <FairPlayConfiguration>(kdOption.KeyDeliveryConfiguration); configuration.Add(AssetDeliveryPolicyConfigurationKey.CommonEncryptionIVForCbcs, configFP.ContentEncryptionIV); policyType = AssetDeliveryPolicyType.DynamicCommonEncryptionCbcs; policy = _mediaContext.AssetDeliveryPolicies.Create( "FairPlayDeliveryPolicy", policyType, AssetDeliveryProtocol.HLS, configuration); return(policy); }
private static IContentKeyAuthorizationPolicyOption CreateFairPlayPolicyOption(byte[] iv) { var appCert = new X509Certificate2(pfxPath, pfxPassword, X509KeyStorageFlags.Exportable); var pfxPasswordId = Guid.NewGuid(); byte[] pfxPasswordBytes = System.Text.Encoding.UTF8.GetBytes(pfxPassword); IContentKey pfxPasswordKey = _mediaContext.ContentKeys.Create(pfxPasswordId, pfxPasswordBytes, "pfxPasswordKey", ContentKeyType.FairPlayPfxPassword); var askId = Guid.NewGuid(); IContentKey askKey = _mediaContext.ContentKeys.Create(askId, askBytes, "askKey", ContentKeyType.FairPlayASk); var restriction = new ContentKeyAuthorizationPolicyRestriction { Name = "Open", KeyRestrictionType = (int)ContentKeyRestrictionType.Open, Requirements = null }; var restrictions = new List <ContentKeyAuthorizationPolicyRestriction> { restriction }; string configuration = FairPlayConfiguration.CreateSerializedFairPlayOptionConfiguration( appCert, pfxPassword, pfxPasswordId, askId, iv); var policyOption = _mediaContext.ContentKeyAuthorizationPolicyOptions.Create( "fairPlayTest", ContentKeyDeliveryType.FairPlay, restrictions, configuration); return(policyOption); }
private static async Task <FairPlayConfiguration> GetFairPlayConfigurationAsync(MediaContextBase context) { var previousAskKey = default(IContentKey); var askKeyId = Guid.NewGuid(); var askKeyName = ConfigurationManager.AppSettings["FairPlayASKContentKeyName"]; var askBytes = HexadecimalStringToByteArray(ConfigurationManager.AppSettings["FairPlayASKHexadecimal"]); var askKey = context.ContentKeys.Where(k => k.Name == askKeyName).FirstOrDefault(); if (askKey == null) { askKey = await context.ContentKeys.CreateAsync(askKeyId, askBytes, askKeyName, ContentKeyType.FairPlayASk); } else { if (!askBytes.SequenceEqual(await askKey.GetClearKeyValueAsync()) || (askKey.ContentKeyType != ContentKeyType.FairPlayASk)) { previousAskKey = askKey; askKey = await context.ContentKeys.CreateAsync(askKeyId, askBytes, askKeyName, ContentKeyType.FairPlayASk); } askKeyId = Guid.Parse(askKey.Id.Replace(ContentKeyPrefix, string.Empty)); } var previousAppCertPasswordKey = default(IContentKey); var appCertPasswordKeyId = Guid.NewGuid(); var appCertPasswordKeyName = ConfigurationManager.AppSettings["FairPlayAppCertPasswordContentKeyName"]; var appCertPassword = ConfigurationManager.AppSettings["FairPlayAppCertPassword"]; var appCertPasswordBytes = Encoding.UTF8.GetBytes(appCertPassword); var appCertPasswordKey = context.ContentKeys.Where(k => k.Name == appCertPasswordKeyName).FirstOrDefault(); if (appCertPasswordKey == null) { appCertPasswordKey = await context.ContentKeys.CreateAsync(appCertPasswordKeyId, appCertPasswordBytes, appCertPasswordKeyName, ContentKeyType.FairPlayPfxPassword); } else { if (!appCertPasswordBytes.SequenceEqual(await appCertPasswordKey.GetClearKeyValueAsync()) || (appCertPasswordKey.ContentKeyType != ContentKeyType.FairPlayPfxPassword)) { previousAppCertPasswordKey = appCertPasswordKey; appCertPasswordKey = await context.ContentKeys.CreateAsync(appCertPasswordKeyId, appCertPasswordBytes, appCertPasswordKeyName, ContentKeyType.FairPlayPfxPassword); } appCertPasswordKeyId = Guid.Parse(appCertPasswordKey.Id.Replace(ContentKeyPrefix, string.Empty)); } var contentEncryptionIv = Guid.NewGuid().ToByteArray(); var appCert = new X509Certificate2(ConfigurationManager.AppSettings["FairPlayAppCertPath"], appCertPassword, X509KeyStorageFlags.Exportable); var configuration = FairPlayConfiguration.CreateSerializedFairPlayOptionConfiguration( appCert, appCertPassword, appCertPasswordKeyId, askKeyId, contentEncryptionIv); if (previousAskKey != null) { await previousAskKey.DeleteAsync(); } if (previousAppCertPasswordKey != null) { await previousAppCertPasswordKey.DeleteAsync(); } return(JsonConvert.DeserializeObject <FairPlayConfiguration>(configuration)); }