/// <summary> /// Used to generate a test token based on the the data in the given TokenRestrictionTemplate. /// </summary> /// <param name="tokenTemplate">TokenRestrictionTemplate describing the token to generate</param> /// <param name="signingKeyToUse">Specifies the specific signing key to use. If null, the PrimaryVerificationKey from the template is used.</param> /// <param name="keyIdForContentKeyIdentifierClaim">Key Identifier used as the value of the Content Key Identifier Claim. Ignored if no TokenClaim with a ClaimType of TokenClaim.ContentKeyIdentifierClaimType is not present</param> /// <param name="tokenExpiration">The Date and Time when the token expires. Expired tokens are considered invalid by the Key Delivery Service.</param> /// <returns>A Simple Web Token (SWT)</returns> public static string GenerateTestToken(TokenRestrictionTemplate tokenTemplate, TokenVerificationKey signingKeyToUse = null, Guid? keyIdForContentKeyIdentifierClaim = null, DateTime? tokenExpiration = null) { if (tokenTemplate == null) { throw new ArgumentNullException("tokenTemplate"); } if (signingKeyToUse == null) { signingKeyToUse = tokenTemplate.PrimaryVerificationKey; } if (!tokenExpiration.HasValue) { tokenExpiration = DateTime.UtcNow.AddMinutes(10); } StringBuilder builder = new StringBuilder(); foreach (TokenClaim claim in tokenTemplate.RequiredClaims) { string claimValue = claim.ClaimValue; if (claim.ClaimType == TokenClaim.ContentKeyIdentifierClaimType) { claimValue = keyIdForContentKeyIdentifierClaim.ToString(); } builder.AppendFormat("{0}={1}&", HttpUtility.UrlEncode(claim.ClaimType), HttpUtility.UrlEncode(claimValue)); } builder.AppendFormat("Audience={0}&", HttpUtility.UrlEncode(tokenTemplate.Audience.AbsoluteUri)); builder.AppendFormat("ExpiresOn={0}&", GenerateTokenExpiry(tokenExpiration.Value)); builder.AppendFormat("Issuer={0}", HttpUtility.UrlEncode(tokenTemplate.Issuer.AbsoluteUri)); SymmetricVerificationKey signingKey = (SymmetricVerificationKey)signingKeyToUse; using (var signatureAlgorithm = new HMACSHA256(signingKey.KeyValue)) { byte[] unsignedTokenAsBytes = Encoding.UTF8.GetBytes(builder.ToString()); byte[] signatureBytes = signatureAlgorithm.ComputeHash(unsignedTokenAsBytes); string signatureString = Convert.ToBase64String(signatureBytes); builder.Insert(0, "Bearer="); builder.AppendFormat("&HMACSHA256={0}", HttpUtility.UrlEncode(signatureString)); } return builder.ToString(); }
static private string GenerateTokenRequirements(TokenType mytokentype, string _sampleAudience, string _sampleIssuer, IList <TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenVerificationKey mytokenverificationkey, string openIdDiscoveryURL = null) { TokenRestrictionTemplate TokenrestrictionTemplate = new TokenRestrictionTemplate(mytokentype) { Audience = _sampleAudience, Issuer = _sampleIssuer, }; if (AddContentKeyIdentifierClaim) { TokenrestrictionTemplate.RequiredClaims.Add(TokenClaim.ContentKeyIdentifierClaim); } if (openIdDiscoveryURL != null) { TokenrestrictionTemplate.OpenIdConnectDiscoveryDocument = new OpenIdConnectDiscoveryDocument(openIdDiscoveryURL); } else { TokenrestrictionTemplate.PrimaryVerificationKey = mytokenverificationkey; } foreach (var t in tokenclaimslist) { TokenrestrictionTemplate.RequiredClaims.Add(t); } return(TokenRestrictionTemplateSerializer.Serialize(TokenrestrictionTemplate)); }
public static IContentKeyAuthorizationPolicyOption AddTokenRestrictedAuthorizationPolicyCENC(ContentKeyDeliveryType deliveryType, IContentKey contentKey, string Audience, string Issuer, IList <TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenType tokentype, ExplorerTokenType detailedtokentype, TokenVerificationKey mytokenverificationkey, CloudMediaContext _context, string newLicenseTemplate, string openIdDiscoveryPath = null) { string tokenTemplateString = GenerateTokenRequirements(tokentype, Audience, Issuer, tokenclaimslist, AddContentKeyIdentifierClaim, mytokenverificationkey, openIdDiscoveryPath); string tname = detailedtokentype.ToString(); List <ContentKeyAuthorizationPolicyRestriction> restrictions = new List <ContentKeyAuthorizationPolicyRestriction> { new ContentKeyAuthorizationPolicyRestriction { Name = tname + " Token Authorization Policy", KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted, Requirements = tokenTemplateString, } }; IContentKeyAuthorizationPolicyOption policyOption = _context.ContentKeyAuthorizationPolicyOptions.Create(tname + " Token option " + deliveryType.ToString(), deliveryType, restrictions, newLicenseTemplate); return(policyOption); }
public static IContentKeyAuthorizationPolicyOption AddTokenRestrictedAuthorizationPolicyAES(IContentKey contentKey, string Audience, string Issuer, IList <TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenType tokentype, ExplorerTokenType detailedtokentype, TokenVerificationKey mytokenverificationkey, CloudMediaContext _context, string openIdDiscoveryPath = null) { string tokenTemplateString = GenerateTokenRequirements(tokentype, Audience, Issuer, tokenclaimslist, AddContentKeyIdentifierClaim, mytokenverificationkey, openIdDiscoveryPath); string tname = detailedtokentype.ToString(); List <ContentKeyAuthorizationPolicyRestriction> restrictions = new List <ContentKeyAuthorizationPolicyRestriction>(); ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction { Name = tname + " Token Authorization Policy", KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted, Requirements = tokenTemplateString }; restrictions.Add(restriction); //You could have multiple options IContentKeyAuthorizationPolicyOption policyOption = _context.ContentKeyAuthorizationPolicyOptions.Create( "Token option", ContentKeyDeliveryType.BaselineHttp, restrictions, null // no key delivery data is needed for HLS ); return(policyOption); }
/// <summary> /// Used to generate a test token based on the the data in the given TokenRestrictionTemplate. /// </summary> /// <param name="tokenTemplate">TokenRestrictionTemplate describing the token to generate</param> /// <param name="signingKeyToUse">Specifies the specific signing key to use. If null, the PrimaryVerificationKey from the template is used.</param> /// <param name="keyIdForContentKeyIdentifierClaim">Key Identifier used as the value of the Content Key Identifier Claim. Ignored if no TokenClaim with a ClaimType of TokenClaim.ContentKeyIdentifierClaimType is not present</param> /// <param name="tokenExpiration">The Date and Time when the token expires. Expired tokens are considered invalid by the Key Delivery Service.</param> /// <returns>A Simple Web Token (SWT)</returns> public static string GenerateTestToken(TokenRestrictionTemplate tokenTemplate, TokenVerificationKey signingKeyToUse = null, Guid?keyIdForContentKeyIdentifierClaim = null, DateTime?tokenExpiration = null) { if (tokenTemplate == null) { throw new ArgumentNullException("tokenTemplate"); } if (signingKeyToUse == null) { signingKeyToUse = tokenTemplate.PrimaryVerificationKey; } if (!tokenExpiration.HasValue) { tokenExpiration = DateTime.UtcNow.AddMinutes(10); } StringBuilder builder = new StringBuilder(); foreach (TokenClaim claim in tokenTemplate.RequiredClaims) { string claimValue = claim.ClaimValue; if (claim.ClaimType == TokenClaim.ContentKeyIdentifierClaimType) { claimValue = keyIdForContentKeyIdentifierClaim.ToString(); } builder.AppendFormat("{0}={1}&", HttpUtility.UrlEncode(claim.ClaimType), HttpUtility.UrlEncode(claimValue)); } builder.AppendFormat("Audience={0}&", HttpUtility.UrlEncode(tokenTemplate.Audience.AbsoluteUri)); builder.AppendFormat("ExpiresOn={0}&", GenerateTokenExpiry(tokenExpiration.Value)); builder.AppendFormat("Issuer={0}", HttpUtility.UrlEncode(tokenTemplate.Issuer.AbsoluteUri)); SymmetricVerificationKey signingKey = (SymmetricVerificationKey)signingKeyToUse; using (var signatureAlgorithm = new HMACSHA256(signingKey.KeyValue)) { byte[] unsignedTokenAsBytes = Encoding.UTF8.GetBytes(builder.ToString()); byte[] signatureBytes = signatureAlgorithm.ComputeHash(unsignedTokenAsBytes); string signatureString = Convert.ToBase64String(signatureBytes); builder.Insert(0, "Bearer="); builder.AppendFormat("&HMACSHA256={0}", HttpUtility.UrlEncode(signatureString)); } return(builder.ToString()); }
static private string GenerateTokenRequirements(TokenType mytokentype, string _sampleAudience, string _sampleIssuer, IList<TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenVerificationKey mytokenverificationkey, string openIdDiscoveryURL = null) { TokenRestrictionTemplate TokenrestrictionTemplate = new TokenRestrictionTemplate(mytokentype) { Audience = _sampleAudience, Issuer = _sampleIssuer, }; if (AddContentKeyIdentifierClaim) { TokenrestrictionTemplate.RequiredClaims.Add(TokenClaim.ContentKeyIdentifierClaim); } if (openIdDiscoveryURL != null) { TokenrestrictionTemplate.OpenIdConnectDiscoveryDocument = new OpenIdConnectDiscoveryDocument(openIdDiscoveryURL); } else { TokenrestrictionTemplate.PrimaryVerificationKey = mytokenverificationkey; } foreach (var t in tokenclaimslist) { TokenrestrictionTemplate.RequiredClaims.Add(t); } return TokenRestrictionTemplateSerializer.Serialize(TokenrestrictionTemplate); }
public static IContentKeyAuthorizationPolicyOption AddTokenRestrictedAuthorizationPolicyPlayReady(IContentKey contentKey, string Audience, string Issuer, IList<TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenType tokentype, ExplorerTokenType detailedtokentype, TokenVerificationKey mytokenverificationkey, CloudMediaContext _context, string newLicenseTemplate, string openIdDiscoveryPath = null) { string tokenTemplateString = GenerateTokenRequirements(tokentype, Audience, Issuer, tokenclaimslist, AddContentKeyIdentifierClaim, mytokenverificationkey, openIdDiscoveryPath); string tname = detailedtokentype.ToString(); List<ContentKeyAuthorizationPolicyRestriction> restrictions = new List<ContentKeyAuthorizationPolicyRestriction> { new ContentKeyAuthorizationPolicyRestriction { Name = tname+ " Token Authorization Policy", KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted, Requirements = tokenTemplateString, } }; IContentKeyAuthorizationPolicyOption policyOption = _context.ContentKeyAuthorizationPolicyOptions.Create(tname + "Token option", ContentKeyDeliveryType.PlayReadyLicense, restrictions, newLicenseTemplate); IContentKeyAuthorizationPolicy contentKeyAuthorizationPolicy = _context. ContentKeyAuthorizationPolicies. CreateAsync("Deliver Common Content Key with no restrictions"). Result; return policyOption; }
public static IContentKeyAuthorizationPolicyOption AddTokenRestrictedAuthorizationPolicyAES(IContentKey contentKey, string Audience, string Issuer, IList<TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenType tokentype, ExplorerTokenType detailedtokentype, TokenVerificationKey mytokenverificationkey, CloudMediaContext _context, string openIdDiscoveryPath = null) { string tokenTemplateString = GenerateTokenRequirements(tokentype, Audience, Issuer, tokenclaimslist, AddContentKeyIdentifierClaim, mytokenverificationkey, openIdDiscoveryPath); string tname = detailedtokentype.ToString(); List<ContentKeyAuthorizationPolicyRestriction> restrictions = new List<ContentKeyAuthorizationPolicyRestriction>(); ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction { Name = tname + " Token Authorization Policy", KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted, Requirements = tokenTemplateString }; restrictions.Add(restriction); //You could have multiple options IContentKeyAuthorizationPolicyOption policyOption = _context.ContentKeyAuthorizationPolicyOptions.Create( "Token option", ContentKeyDeliveryType.BaselineHttp, restrictions, null // no key delivery data is needed for HLS ); return policyOption; }
public static IContentKeyAuthorizationPolicyOption AddTokenRestrictedAuthorizationPolicyAES(IContentKey contentKey, string Audience, string Issuer, IList<TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenType tokentype, bool IsJWTKeySymmetric, TokenVerificationKey mytokenverificationkey, CloudMediaContext _context) { string tokenTemplateString = GenerateTokenRequirements(tokentype, Audience, Issuer, tokenclaimslist, AddContentKeyIdentifierClaim, mytokenverificationkey); string tname = ((IsJWTKeySymmetric) ? "Sym " : "Asym ") + ((tokentype == TokenType.SWT) ? "SWT " : "JWT "); List<ContentKeyAuthorizationPolicyRestriction> restrictions = new List<ContentKeyAuthorizationPolicyRestriction>(); ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction { Name = "Token Authorization Policy", KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted, Requirements = tokenTemplateString }; restrictions.Add(restriction); //You could have multiple options IContentKeyAuthorizationPolicyOption policyOption = _context.ContentKeyAuthorizationPolicyOptions.Create( "Token option", ContentKeyDeliveryType.BaselineHttp, restrictions, null // no key delivery data is needed for HLS ); return policyOption; }
private static string GenerateTokenRequirements(TokenType mytokentype, string _sampleAudience, string _sampleIssuer, IList<TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenVerificationKey mytokenverificationkey) { TokenRestrictionTemplate TokenrestrictionTemplate = new TokenRestrictionTemplate(mytokentype) { PrimaryVerificationKey = mytokenverificationkey, Audience = _sampleAudience, Issuer = _sampleIssuer }; if (AddContentKeyIdentifierClaim) TokenrestrictionTemplate.RequiredClaims.Add(TokenClaim.ContentKeyIdentifierClaim); foreach (var t in tokenclaimslist) { TokenrestrictionTemplate.RequiredClaims.Add(t); } return TokenRestrictionTemplateSerializer.Serialize(TokenrestrictionTemplate); }
public static IContentKeyAuthorizationPolicyOption AddTokenRestrictedAuthorizationPolicyPlayReady(IContentKey contentKey, string Audience, string Issuer, IList<TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenType tokentype, bool IsJWTKeySymmetric, TokenVerificationKey mytokenverificationkey, CloudMediaContext _context, string newLicenseTemplate) { string tokenTemplateString = GenerateTokenRequirements(tokentype, Audience, Issuer, tokenclaimslist, AddContentKeyIdentifierClaim, mytokenverificationkey); string tname = ((IsJWTKeySymmetric) ? "Sym " : "Asym ") + ((tokentype == TokenType.SWT) ? "SWT " : " JWT "); List<ContentKeyAuthorizationPolicyRestriction> restrictions = new List<ContentKeyAuthorizationPolicyRestriction> { new ContentKeyAuthorizationPolicyRestriction { Name = tname+ "Token Authorization Policy", KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted, Requirements = tokenTemplateString, } }; IContentKeyAuthorizationPolicyOption policyOption = _context.ContentKeyAuthorizationPolicyOptions.Create(tname + "Token option", ContentKeyDeliveryType.PlayReadyLicense, restrictions, newLicenseTemplate); IContentKeyAuthorizationPolicy contentKeyAuthorizationPolicy = _context. ContentKeyAuthorizationPolicies. CreateAsync("Deliver Common Content Key with no restrictions"). Result; return policyOption; }