static public void CreateAssetDeliveryPolicyCencCbcs(IAsset asset, IContentKey key)
{
var kdPolicy = _context.ContentKeyAuthorizationPolicies.Where(p => p.Id == key.AuthorizationPolicyId).Single();
var kdOption = kdPolicy.Options.Single(o => o.KeyDeliveryType == ContentKeyDeliveryType.FairPlay);
FairPlayConfiguration configFP = JsonConvert.DeserializeObject <FairPlayConfiguration>(kdOption.KeyDeliveryConfiguration);
// Get the FairPlay license service URL.
Uri acquisitionUrl = key.GetKeyDeliveryUrl(ContentKeyDeliveryType.FairPlay);
// The reason the below code replaces "https://" with "skd://" is because
// in the IOS player sample code which you obtained in Apple developer account,
// the player only recognizes a Key URL that starts with skd://.
// However, if you are using a customized player,
// you can choose whatever protocol you want.
// For example, "https".
Dictionary <AssetDeliveryPolicyConfigurationKey, string> assetDeliveryPolicyConfiguration =
new Dictionary <AssetDeliveryPolicyConfigurationKey, string>
{
{ AssetDeliveryPolicyConfigurationKey.FairPlayLicenseAcquisitionUrl, acquisitionUrl.ToString().Replace("https://", "skd://") },
{ AssetDeliveryPolicyConfigurationKey.CommonEncryptionIVForCbcs, configFP.ContentEncryptionIV }
};
var assetDeliveryPolicy = _context.AssetDeliveryPolicies.Create(
"AssetDeliveryPolicy CommonEncryptionCbcs (HLS)",
AssetDeliveryPolicyType.DynamicCommonEncryptionCbcs,
AssetDeliveryProtocol.HLS,
assetDeliveryPolicyConfiguration);
// Add AssetDelivery Policy to the asset
asset.DeliveryPolicies.Add(assetDeliveryPolicy);
}
private static void CreateFairPlayAssetDeliveryPolicy(IAsset asset, IContentKey key)
{
var kdPolicy = _context.ContentKeyAuthorizationPolicies.Where(p => p.Id == key.AuthorizationPolicyId).Single();
var kdOption = kdPolicy.Options.Single(o => o.KeyDeliveryType == ContentKeyDeliveryType.FairPlay);
FairPlayConfiguration configFP = JsonConvert.DeserializeObject <FairPlayConfiguration>(kdOption.KeyDeliveryConfiguration);
// Get the FairPlay license service URL.
Uri acquisitionUrl = key.GetKeyDeliveryUrl(ContentKeyDeliveryType.FairPlay);
Dictionary <AssetDeliveryPolicyConfigurationKey, string> assetDeliveryPolicyConfiguration =
new Dictionary <AssetDeliveryPolicyConfigurationKey, string>
{
{ AssetDeliveryPolicyConfigurationKey.FairPlayLicenseAcquisitionUrl, acquisitionUrl.ToString() },
{ AssetDeliveryPolicyConfigurationKey.CommonEncryptionIVForCbcs, configFP.ContentEncryptionIV }
};
var assetDeliveryPolicy = _context.AssetDeliveryPolicies.Create(
"FairPlay AssetDeliveryPolicy",
AssetDeliveryPolicyType.DynamicCommonEncryptionCbcs,
AssetDeliveryProtocol.HLS,
assetDeliveryPolicyConfiguration);
// Add AssetDelivery Policy to the asset
asset.DeliveryPolicies.Add(assetDeliveryPolicy);
}
public void TestFairPlayConfigurationSerialization()
{
var cert = new X509Certificate2("UnitTest.pfx", "", X509KeyStorageFlags.Exportable);
string password = "";
var passwordId = Guid.NewGuid();
var askId = Guid.NewGuid();
var iv = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 };
string configuration = FairPlayConfiguration.CreateSerializedFairPlayOptionConfiguration(
cert,
password,
passwordId,
askId,
iv);
var result = JsonConvert.DeserializeObject <FairPlayConfiguration>(configuration);
Assert.AreEqual(passwordId, result.FairPlayPfxPasswordId);
Assert.AreEqual(askId, result.ASkId);
Assert.AreEqual("0102030405060708090A0B0C0D0E0F10", result.ContentEncryptionIV);
var cert2 = new X509Certificate2(Convert.FromBase64String(result.FairPlayPfx));
Assert.AreEqual(cert.Thumbprint, cert2.Thumbprint);
}
private static Dictionary <AssetDeliveryPolicyConfigurationKey, String> CreateDeliveryPolicyConfiguration(List <string> assetDeliveryPolicyContentProtectionNames, IContentKeyAuthorizationPolicyOption fairplayPolicyOpiton)
{
Dictionary <AssetDeliveryPolicyConfigurationKey, String> configKeys = new Dictionary <AssetDeliveryPolicyConfigurationKey, String>();
foreach (var c in assetDeliveryPolicyContentProtectionNames)
{
MediaServicesHelper.AssetDeliveryContentProtection cp = MediaServicesHelper.AMSAssetDeliveryContentProtection[c];
switch (cp)
{
case MediaServicesHelper.AssetDeliveryContentProtection.AESClearKey:
// Get the Key Delivery Base Url by removing the Query parameter.
// The Dynamic Encryption service will automatically add the correct key identifier to the url
// when it generates the Envelope encrypted content manifest. Omitting the IV will also cause
// the Dynamice Encryption service to generate a deterministic IV for the content automatically.
// By using the EnvelopeBaseKeyAcquisitionUrl and omitting the IV, this allows the AssetDelivery
// policy to be reused by more than one asset.
IContentKey dummyKey1 = CreateDummyContentKey(ContentKeyType.EnvelopeEncryption);
Uri aesKeyAcquisitionUri = dummyKey1.GetKeyDeliveryUrl(ContentKeyDeliveryType.BaselineHttp);
UriBuilder uriBuilder1 = new UriBuilder(aesKeyAcquisitionUri);
uriBuilder1.Query = String.Empty;
aesKeyAcquisitionUri = uriBuilder1.Uri;
// The following policy configuration specifies:
// key url that will have KID=<Guid> appended to the envelope and
// the Initialization Vector (IV) to use for the envelope encryption.
configKeys.Add(AssetDeliveryPolicyConfigurationKey.EnvelopeBaseKeyAcquisitionUrl, aesKeyAcquisitionUri.ToString());
dummyKey1.Delete();
break;
case MediaServicesHelper.AssetDeliveryContentProtection.PlayReady:
IContentKey dummyKey2 = CreateDummyContentKey(ContentKeyType.CommonEncryption);
Uri playreadyKeyAcquisitionUrl = dummyKey2.GetKeyDeliveryUrl(ContentKeyDeliveryType.PlayReadyLicense);
configKeys.Add(AssetDeliveryPolicyConfigurationKey.PlayReadyLicenseAcquisitionUrl, playreadyKeyAcquisitionUrl.ToString());
dummyKey2.Delete();
break;
case MediaServicesHelper.AssetDeliveryContentProtection.Widevine:
IContentKey dummyKey3 = CreateDummyContentKey(ContentKeyType.CommonEncryption);
Uri widevineKeyAcquisitionUrl = dummyKey3.GetKeyDeliveryUrl(ContentKeyDeliveryType.Widevine);
UriBuilder uriBuilder3 = new UriBuilder(widevineKeyAcquisitionUrl);
uriBuilder3.Query = String.Empty;
widevineKeyAcquisitionUrl = uriBuilder3.Uri;
configKeys.Add(AssetDeliveryPolicyConfigurationKey.WidevineLicenseAcquisitionUrl, widevineKeyAcquisitionUrl.ToString());
dummyKey3.Delete();
break;
case MediaServicesHelper.AssetDeliveryContentProtection.FairPlay:
IContentKey dummyKey4 = CreateDummyContentKey(ContentKeyType.CommonEncryption);
Uri fairplayKeyAcquisitionUrl = dummyKey4.GetKeyDeliveryUrl(ContentKeyDeliveryType.FairPlay);
configKeys.Add(AssetDeliveryPolicyConfigurationKey.FairPlayLicenseAcquisitionUrl, fairplayKeyAcquisitionUrl.ToString().Replace("https://", "skd://"));
dummyKey4.Delete();
FairPlayConfiguration fairplayConfig = JsonConvert.DeserializeObject <FairPlayConfiguration>(fairplayPolicyOpiton.KeyDeliveryConfiguration);
configKeys.Add(AssetDeliveryPolicyConfigurationKey.CommonEncryptionIVForCbcs, fairplayConfig.ContentEncryptionIV);
break;
}
}
return(configKeys);
}
public void TestCreateFairPlayAuthorizationPolicy()
{
Guid keyId = Guid.NewGuid();
byte[] contentKey = Guid.NewGuid().ToByteArray();
IContentKey key = _mediaContext.ContentKeys.Create(keyId, contentKey, "testKey", ContentKeyType.CommonEncryptionCbcs);
byte[] askBytes = Guid.NewGuid().ToByteArray();
var askId = Guid.NewGuid();
IContentKey askKey = _mediaContext.ContentKeys.Create(askId, askBytes, "askKey", ContentKeyType.FairPlayASk);
string pfxPassword = "******";
var pfxPasswordId = Guid.NewGuid();
byte[] pfxPasswordBytes = System.Text.Encoding.UTF8.GetBytes(pfxPassword);
IContentKey pfxPasswordKey = _mediaContext.ContentKeys.Create(pfxPasswordId, pfxPasswordBytes, "pfxPasswordKey", ContentKeyType.FairPlayPfxPassword);
byte[] iv = Guid.NewGuid().ToByteArray();
var restrictions = new List <ContentKeyAuthorizationPolicyRestriction>
{
new ContentKeyAuthorizationPolicyRestriction
{
Name = "Open",
KeyRestrictionType = (int)ContentKeyRestrictionType.Open,
Requirements = null
}
};
var appCert = new X509Certificate2("amscer.pfx", pfxPassword, X509KeyStorageFlags.Exportable);
string configuration = FairPlayConfiguration.CreateSerializedFairPlayOptionConfiguration(
appCert,
pfxPassword,
pfxPasswordId,
askId,
iv);
var policyOption = _mediaContext.ContentKeyAuthorizationPolicyOptions.Create(
"fairPlayTest",
ContentKeyDeliveryType.FairPlay,
restrictions,
configuration);
var contentKeyAuthorizationPolicy = _mediaContext.ContentKeyAuthorizationPolicies.CreateAsync("Key no restrictions").Result;
contentKeyAuthorizationPolicy.Options.Add(policyOption);
key.AuthorizationPolicyId = contentKeyAuthorizationPolicy.Id;
key = key.UpdateAsync().Result;
key.Delete();
pfxPasswordKey.Delete();
askKey.Delete();
contentKeyAuthorizationPolicy.Delete();
}
private static IAssetDeliveryPolicy CreateAssetDeliveryPolicy(IAsset asset, IContentKey key)
{
var policy = asset.DeliveryPolicies
.Where(p => p.AssetDeliveryProtocol == AssetDeliveryProtocol.HLS)
.SingleOrDefault();
if (policy != null)
{
policy.Delete();
}
Uri keyUrl = key.GetKeyDeliveryUrl(ContentKeyDeliveryType.FairPlay);
var configuration = new Dictionary <AssetDeliveryPolicyConfigurationKey, string>();
AssetDeliveryPolicyType policyType;
var kdUrl = keyUrl.ToString().Replace("https://", "skd://");
configuration.Add(AssetDeliveryPolicyConfigurationKey.FairPlayLicenseAcquisitionUrl, kdUrl);
var kdPolicy = _mediaContext.ContentKeyAuthorizationPolicies.Where(p => p.Id == key.AuthorizationPolicyId).Single();
var kdOption = kdPolicy.Options.Single(o => o.KeyDeliveryType == ContentKeyDeliveryType.FairPlay);
FairPlayConfiguration configFP = JsonConvert.DeserializeObject <FairPlayConfiguration>(kdOption.KeyDeliveryConfiguration);
configuration.Add(AssetDeliveryPolicyConfigurationKey.CommonEncryptionIVForCbcs, configFP.ContentEncryptionIV);
policyType = AssetDeliveryPolicyType.DynamicCommonEncryptionCbcs;
policy = _mediaContext.AssetDeliveryPolicies.Create(
"FairPlayDeliveryPolicy",
policyType,
AssetDeliveryProtocol.HLS,
configuration);
return(policy);
}
private static IContentKeyAuthorizationPolicyOption CreateFairPlayPolicyOption(byte[] iv)
{
var appCert = new X509Certificate2(pfxPath, pfxPassword, X509KeyStorageFlags.Exportable);
var pfxPasswordId = Guid.NewGuid();
byte[] pfxPasswordBytes = System.Text.Encoding.UTF8.GetBytes(pfxPassword);
IContentKey pfxPasswordKey = _mediaContext.ContentKeys.Create(pfxPasswordId, pfxPasswordBytes, "pfxPasswordKey", ContentKeyType.FairPlayPfxPassword);
var askId = Guid.NewGuid();
IContentKey askKey = _mediaContext.ContentKeys.Create(askId, askBytes, "askKey", ContentKeyType.FairPlayASk);
var restriction = new ContentKeyAuthorizationPolicyRestriction
{
Name = "Open",
KeyRestrictionType = (int)ContentKeyRestrictionType.Open,
Requirements = null
};
var restrictions = new List <ContentKeyAuthorizationPolicyRestriction> {
restriction
};
string configuration = FairPlayConfiguration.CreateSerializedFairPlayOptionConfiguration(
appCert,
pfxPassword,
pfxPasswordId,
askId,
iv);
var policyOption = _mediaContext.ContentKeyAuthorizationPolicyOptions.Create(
"fairPlayTest",
ContentKeyDeliveryType.FairPlay,
restrictions,
configuration);
return(policyOption);
}
private static async Task <FairPlayConfiguration> GetFairPlayConfigurationAsync(MediaContextBase context)
{
var previousAskKey = default(IContentKey);
var askKeyId = Guid.NewGuid();
var askKeyName = ConfigurationManager.AppSettings["FairPlayASKContentKeyName"];
var askBytes = HexadecimalStringToByteArray(ConfigurationManager.AppSettings["FairPlayASKHexadecimal"]);
var askKey = context.ContentKeys.Where(k => k.Name == askKeyName).FirstOrDefault();
if (askKey == null)
{
askKey = await context.ContentKeys.CreateAsync(askKeyId, askBytes, askKeyName, ContentKeyType.FairPlayASk);
}
else
{
if (!askBytes.SequenceEqual(await askKey.GetClearKeyValueAsync()) || (askKey.ContentKeyType != ContentKeyType.FairPlayASk))
{
previousAskKey = askKey;
askKey = await context.ContentKeys.CreateAsync(askKeyId, askBytes, askKeyName, ContentKeyType.FairPlayASk);
}
askKeyId = Guid.Parse(askKey.Id.Replace(ContentKeyPrefix, string.Empty));
}
var previousAppCertPasswordKey = default(IContentKey);
var appCertPasswordKeyId = Guid.NewGuid();
var appCertPasswordKeyName = ConfigurationManager.AppSettings["FairPlayAppCertPasswordContentKeyName"];
var appCertPassword = ConfigurationManager.AppSettings["FairPlayAppCertPassword"];
var appCertPasswordBytes = Encoding.UTF8.GetBytes(appCertPassword);
var appCertPasswordKey = context.ContentKeys.Where(k => k.Name == appCertPasswordKeyName).FirstOrDefault();
if (appCertPasswordKey == null)
{
appCertPasswordKey = await context.ContentKeys.CreateAsync(appCertPasswordKeyId, appCertPasswordBytes, appCertPasswordKeyName, ContentKeyType.FairPlayPfxPassword);
}
else
{
if (!appCertPasswordBytes.SequenceEqual(await appCertPasswordKey.GetClearKeyValueAsync()) || (appCertPasswordKey.ContentKeyType != ContentKeyType.FairPlayPfxPassword))
{
previousAppCertPasswordKey = appCertPasswordKey;
appCertPasswordKey = await context.ContentKeys.CreateAsync(appCertPasswordKeyId, appCertPasswordBytes, appCertPasswordKeyName, ContentKeyType.FairPlayPfxPassword);
}
appCertPasswordKeyId = Guid.Parse(appCertPasswordKey.Id.Replace(ContentKeyPrefix, string.Empty));
}
var contentEncryptionIv = Guid.NewGuid().ToByteArray();
var appCert = new X509Certificate2(ConfigurationManager.AppSettings["FairPlayAppCertPath"], appCertPassword, X509KeyStorageFlags.Exportable);
var configuration = FairPlayConfiguration.CreateSerializedFairPlayOptionConfiguration(
appCert,
appCertPassword,
appCertPasswordKeyId,
askKeyId,
contentEncryptionIv);
if (previousAskKey != null)
{
await previousAskKey.DeleteAsync();
}
if (previousAppCertPasswordKey != null)
{
await previousAppCertPasswordKey.DeleteAsync();
}
return(JsonConvert.DeserializeObject <FairPlayConfiguration>(configuration));
}
