public static async Task <object> Run([HttpTrigger(WebHookType = "genericJson")] HttpRequestMessage req, TraceWriter log)
{
log.Info($"AMS v2 Function - Add Authorization Policy was triggered!");
string jsonContent = await req.Content.ReadAsStringAsync();
if (string.IsNullOrEmpty(jsonContent))
{
return(req.CreateResponse(HttpStatusCode.BadRequest, new { error = "Please pass a JSON request body" }));
}
AuthorizationPolicyRequst data = JsonConvert.DeserializeObject <AuthorizationPolicyRequst>(jsonContent);
// Validate input objects
if (string.IsNullOrEmpty(data.b64Secret))
{
return(req.CreateResponse(HttpStatusCode.BadRequest, new { error = "Please pass a base 64 symetric secret" }));
}
if (string.IsNullOrEmpty(data.tokenType))
{
return(req.CreateResponse(HttpStatusCode.BadRequest, new { error = "Please pass the token type (SWT or JWT)" }));
}
if (string.IsNullOrEmpty(data.audience))
{
return(req.CreateResponse(HttpStatusCode.BadRequest, new { error = "Please pass the audience value" }));
}
if (string.IsNullOrEmpty(data.issuer))
{
return(req.CreateResponse(HttpStatusCode.BadRequest, new { error = "Please pass the issuer value" }));
}
if (data.config == null || data.config.Length < 1)
{
return(req.CreateResponse(HttpStatusCode.BadRequest, new { error = "Please pass the authorization option configuration" }));
}
IContentKeyAuthorizationPolicy result;
try
{
result = GetTokenRestrictedAuthorizationPolicy(log, data);
log.Info($"Out of auth policy code");
if (result != null)
{
log.Info($"Made auth policy");
}
}
catch (Exception ex)
{
string message = ex.Message + ((ex.InnerException != null) ? Environment.NewLine + MediaServicesHelper.GetErrorMessage(ex) : "") + "\n" + ex.StackTrace;
log.Info($"ERROR: Exception {message}");
return(req.CreateResponse(HttpStatusCode.InternalServerError, new { error = message }));
}
return(req.CreateResponse(HttpStatusCode.OK, new
{
authPolicyId = result.Id,
}));
}
private static IContentKeyAuthorizationPolicy GetTokenRestrictedAuthorizationPolicy(TraceWriter log, AuthorizationPolicyRequst request)
{
MediaServicesCredentials amsCredentials = new MediaServicesCredentials();
AzureAdTokenCredentials tokenCredentials = new AzureAdTokenCredentials(amsCredentials.AmsAadTenantDomain,
new AzureAdClientSymmetricKey(amsCredentials.AmsClientId, amsCredentials.AmsClientSecret),
AzureEnvironments.AzureCloudEnvironment);
AzureAdTokenProvider tokenProvider = new AzureAdTokenProvider(tokenCredentials);
CloudMediaContext context = new CloudMediaContext(amsCredentials.AmsRestApiEndpoint, tokenProvider);
byte[] secret = request.tokenSecret;
TokenClaim[] tokenClaims = request.tokenClaims;
TokenType tokenType = request.TokenTypeEnum;
string audience = request.audience;
string issuer = request.issuer;
List <IContentKeyAuthorizationPolicyOption> authPolicyOptions = new List <IContentKeyAuthorizationPolicyOption>(request.config.Length);
List <ContentKeyDeliveryType> delTypes = new List <ContentKeyDeliveryType>(request.config.Length);
log.Info($"Prepared for auth policy loop on {request.config.Length} entries with: {(secret ?? new byte[0]).Length} long key; {(tokenClaims ?? new TokenClaim[0]).Length} claims; {tokenType.ToString()} {audience} {issuer}");
// return
foreach (AuthorizationPolicyRequestTokenConfig d in request.config)
{
ContentKeyDeliveryType ckdType = d.ContentKeyDeliveryType;
delTypes.Add(ckdType);
log.Info($"Making auth policy option! {d.ContentKeyDeliveryType.ToString()} {d.keyDeliveryConfiguration}");
IContentKeyAuthorizationPolicyOption option = GetTokenRestrictedAuthorizationPolicyOption(context, secret, ckdType, tokenType, audience, issuer, tokenClaims, d.keyDeliveryConfiguration);
authPolicyOptions.Add(option);
}
log.Info($"Making policy container");
IContentKeyAuthorizationPolicy policy = context.ContentKeyAuthorizationPolicies.CreateAsync(string.Join(", ", delTypes.Select(x => x.ToString())) + " Authentication Policy").Result;
foreach (IContentKeyAuthorizationPolicyOption a in authPolicyOptions)
{
log.Info($"Adding policy " + a.Name);
policy.Options.Add(a);
}
return(policy);
}
