/// <summary>
/// Used to generate a test token based on the the data in the given TokenRestrictionTemplate.
/// </summary>
/// <param name="tokenTemplate">TokenRestrictionTemplate describing the token to generate</param>
/// <param name="signingKeyToUse">Specifies the specific signing key to use. If null, the PrimaryVerificationKey from the template is used.</param>
/// <param name="keyIdForContentKeyIdentifierClaim">Key Identifier used as the value of the Content Key Identifier Claim. Ignored if no TokenClaim with a ClaimType of TokenClaim.ContentKeyIdentifierClaimType is not present</param>
/// <param name="tokenExpiration">The Date and Time when the token expires. Expired tokens are considered invalid by the Key Delivery Service.</param>
/// <returns>A Simple Web Token (SWT)</returns>
public static string GenerateTestToken(TokenRestrictionTemplate tokenTemplate, TokenVerificationKey signingKeyToUse = null, Guid? keyIdForContentKeyIdentifierClaim = null, DateTime? tokenExpiration = null)
{
if (tokenTemplate == null)
{
throw new ArgumentNullException("tokenTemplate");
}
if (signingKeyToUse == null)
{
signingKeyToUse = tokenTemplate.PrimaryVerificationKey;
}
if (!tokenExpiration.HasValue)
{
tokenExpiration = DateTime.UtcNow.AddMinutes(10);
}
StringBuilder builder = new StringBuilder();
foreach (TokenClaim claim in tokenTemplate.RequiredClaims)
{
string claimValue = claim.ClaimValue;
if (claim.ClaimType == TokenClaim.ContentKeyIdentifierClaimType)
{
claimValue = keyIdForContentKeyIdentifierClaim.ToString();
}
builder.AppendFormat("{0}={1}&", HttpUtility.UrlEncode(claim.ClaimType), HttpUtility.UrlEncode(claimValue));
}
builder.AppendFormat("Audience={0}&", HttpUtility.UrlEncode(tokenTemplate.Audience.AbsoluteUri));
builder.AppendFormat("ExpiresOn={0}&", GenerateTokenExpiry(tokenExpiration.Value));
builder.AppendFormat("Issuer={0}", HttpUtility.UrlEncode(tokenTemplate.Issuer.AbsoluteUri));
SymmetricVerificationKey signingKey = (SymmetricVerificationKey)signingKeyToUse;
using (var signatureAlgorithm = new HMACSHA256(signingKey.KeyValue))
{
byte[] unsignedTokenAsBytes = Encoding.UTF8.GetBytes(builder.ToString());
byte[] signatureBytes = signatureAlgorithm.ComputeHash(unsignedTokenAsBytes);
string signatureString = Convert.ToBase64String(signatureBytes);
builder.Insert(0, "Bearer=");
builder.AppendFormat("&HMACSHA256={0}", HttpUtility.UrlEncode(signatureString));
}
return builder.ToString();
}
static private string GenerateTokenRequirements(TokenType mytokentype, string _sampleAudience, string _sampleIssuer, IList <TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenVerificationKey mytokenverificationkey, string openIdDiscoveryURL = null)
{
TokenRestrictionTemplate TokenrestrictionTemplate = new TokenRestrictionTemplate(mytokentype)
{
Audience = _sampleAudience,
Issuer = _sampleIssuer,
};
if (AddContentKeyIdentifierClaim)
{
TokenrestrictionTemplate.RequiredClaims.Add(TokenClaim.ContentKeyIdentifierClaim);
}
if (openIdDiscoveryURL != null)
{
TokenrestrictionTemplate.OpenIdConnectDiscoveryDocument = new OpenIdConnectDiscoveryDocument(openIdDiscoveryURL);
}
else
{
TokenrestrictionTemplate.PrimaryVerificationKey = mytokenverificationkey;
}
foreach (var t in tokenclaimslist)
{
TokenrestrictionTemplate.RequiredClaims.Add(t);
}
return(TokenRestrictionTemplateSerializer.Serialize(TokenrestrictionTemplate));
}
public static IContentKeyAuthorizationPolicyOption AddTokenRestrictedAuthorizationPolicyCENC(ContentKeyDeliveryType deliveryType, IContentKey contentKey, string Audience, string Issuer, IList <TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenType tokentype, ExplorerTokenType detailedtokentype, TokenVerificationKey mytokenverificationkey, CloudMediaContext _context, string newLicenseTemplate, string openIdDiscoveryPath = null)
{
string tokenTemplateString = GenerateTokenRequirements(tokentype, Audience, Issuer, tokenclaimslist, AddContentKeyIdentifierClaim, mytokenverificationkey, openIdDiscoveryPath);
string tname = detailedtokentype.ToString();
List <ContentKeyAuthorizationPolicyRestriction> restrictions = new List <ContentKeyAuthorizationPolicyRestriction>
{
new ContentKeyAuthorizationPolicyRestriction
{
Name = tname + " Token Authorization Policy",
KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted,
Requirements = tokenTemplateString,
}
};
IContentKeyAuthorizationPolicyOption policyOption =
_context.ContentKeyAuthorizationPolicyOptions.Create(tname + " Token option " + deliveryType.ToString(),
deliveryType,
restrictions, newLicenseTemplate);
return(policyOption);
}
public static IContentKeyAuthorizationPolicyOption AddTokenRestrictedAuthorizationPolicyAES(IContentKey contentKey, string Audience, string Issuer, IList <TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenType tokentype, ExplorerTokenType detailedtokentype, TokenVerificationKey mytokenverificationkey, CloudMediaContext _context, string openIdDiscoveryPath = null)
{
string tokenTemplateString = GenerateTokenRequirements(tokentype, Audience, Issuer, tokenclaimslist, AddContentKeyIdentifierClaim, mytokenverificationkey, openIdDiscoveryPath);
string tname = detailedtokentype.ToString();
List <ContentKeyAuthorizationPolicyRestriction> restrictions = new List <ContentKeyAuthorizationPolicyRestriction>();
ContentKeyAuthorizationPolicyRestriction restriction =
new ContentKeyAuthorizationPolicyRestriction
{
Name = tname + " Token Authorization Policy",
KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted,
Requirements = tokenTemplateString
};
restrictions.Add(restriction);
//You could have multiple options
IContentKeyAuthorizationPolicyOption policyOption =
_context.ContentKeyAuthorizationPolicyOptions.Create(
"Token option",
ContentKeyDeliveryType.BaselineHttp,
restrictions,
null // no key delivery data is needed for HLS
);
return(policyOption);
}
/// <summary>
/// Used to generate a test token based on the the data in the given TokenRestrictionTemplate.
/// </summary>
/// <param name="tokenTemplate">TokenRestrictionTemplate describing the token to generate</param>
/// <param name="signingKeyToUse">Specifies the specific signing key to use. If null, the PrimaryVerificationKey from the template is used.</param>
/// <param name="keyIdForContentKeyIdentifierClaim">Key Identifier used as the value of the Content Key Identifier Claim. Ignored if no TokenClaim with a ClaimType of TokenClaim.ContentKeyIdentifierClaimType is not present</param>
/// <param name="tokenExpiration">The Date and Time when the token expires. Expired tokens are considered invalid by the Key Delivery Service.</param>
/// <returns>A Simple Web Token (SWT)</returns>
public static string GenerateTestToken(TokenRestrictionTemplate tokenTemplate, TokenVerificationKey signingKeyToUse = null, Guid?keyIdForContentKeyIdentifierClaim = null, DateTime?tokenExpiration = null)
{
if (tokenTemplate == null)
{
throw new ArgumentNullException("tokenTemplate");
}
if (signingKeyToUse == null)
{
signingKeyToUse = tokenTemplate.PrimaryVerificationKey;
}
if (!tokenExpiration.HasValue)
{
tokenExpiration = DateTime.UtcNow.AddMinutes(10);
}
StringBuilder builder = new StringBuilder();
foreach (TokenClaim claim in tokenTemplate.RequiredClaims)
{
string claimValue = claim.ClaimValue;
if (claim.ClaimType == TokenClaim.ContentKeyIdentifierClaimType)
{
claimValue = keyIdForContentKeyIdentifierClaim.ToString();
}
builder.AppendFormat("{0}={1}&", HttpUtility.UrlEncode(claim.ClaimType), HttpUtility.UrlEncode(claimValue));
}
builder.AppendFormat("Audience={0}&", HttpUtility.UrlEncode(tokenTemplate.Audience.AbsoluteUri));
builder.AppendFormat("ExpiresOn={0}&", GenerateTokenExpiry(tokenExpiration.Value));
builder.AppendFormat("Issuer={0}", HttpUtility.UrlEncode(tokenTemplate.Issuer.AbsoluteUri));
SymmetricVerificationKey signingKey = (SymmetricVerificationKey)signingKeyToUse;
using (var signatureAlgorithm = new HMACSHA256(signingKey.KeyValue))
{
byte[] unsignedTokenAsBytes = Encoding.UTF8.GetBytes(builder.ToString());
byte[] signatureBytes = signatureAlgorithm.ComputeHash(unsignedTokenAsBytes);
string signatureString = Convert.ToBase64String(signatureBytes);
builder.Insert(0, "Bearer=");
builder.AppendFormat("&HMACSHA256={0}", HttpUtility.UrlEncode(signatureString));
}
return(builder.ToString());
}
static private string GenerateTokenRequirements(TokenType mytokentype, string _sampleAudience, string _sampleIssuer, IList<TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenVerificationKey mytokenverificationkey, string openIdDiscoveryURL = null)
{
TokenRestrictionTemplate TokenrestrictionTemplate = new TokenRestrictionTemplate(mytokentype)
{
Audience = _sampleAudience,
Issuer = _sampleIssuer,
};
if (AddContentKeyIdentifierClaim)
{
TokenrestrictionTemplate.RequiredClaims.Add(TokenClaim.ContentKeyIdentifierClaim);
}
if (openIdDiscoveryURL != null)
{
TokenrestrictionTemplate.OpenIdConnectDiscoveryDocument = new OpenIdConnectDiscoveryDocument(openIdDiscoveryURL);
}
else
{
TokenrestrictionTemplate.PrimaryVerificationKey = mytokenverificationkey;
}
foreach (var t in tokenclaimslist)
{
TokenrestrictionTemplate.RequiredClaims.Add(t);
}
return TokenRestrictionTemplateSerializer.Serialize(TokenrestrictionTemplate);
}
public static IContentKeyAuthorizationPolicyOption AddTokenRestrictedAuthorizationPolicyPlayReady(IContentKey contentKey, string Audience, string Issuer, IList<TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenType tokentype, ExplorerTokenType detailedtokentype, TokenVerificationKey mytokenverificationkey, CloudMediaContext _context, string newLicenseTemplate, string openIdDiscoveryPath = null)
{
string tokenTemplateString = GenerateTokenRequirements(tokentype, Audience, Issuer, tokenclaimslist, AddContentKeyIdentifierClaim, mytokenverificationkey, openIdDiscoveryPath);
string tname = detailedtokentype.ToString();
List<ContentKeyAuthorizationPolicyRestriction> restrictions = new List<ContentKeyAuthorizationPolicyRestriction>
{
new ContentKeyAuthorizationPolicyRestriction
{
Name = tname+ " Token Authorization Policy",
KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted,
Requirements = tokenTemplateString,
}
};
IContentKeyAuthorizationPolicyOption policyOption =
_context.ContentKeyAuthorizationPolicyOptions.Create(tname + "Token option",
ContentKeyDeliveryType.PlayReadyLicense,
restrictions, newLicenseTemplate);
IContentKeyAuthorizationPolicy contentKeyAuthorizationPolicy = _context.
ContentKeyAuthorizationPolicies.
CreateAsync("Deliver Common Content Key with no restrictions").
Result;
return policyOption;
}
public static IContentKeyAuthorizationPolicyOption AddTokenRestrictedAuthorizationPolicyAES(IContentKey contentKey, string Audience, string Issuer, IList<TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenType tokentype, ExplorerTokenType detailedtokentype, TokenVerificationKey mytokenverificationkey, CloudMediaContext _context, string openIdDiscoveryPath = null)
{
string tokenTemplateString = GenerateTokenRequirements(tokentype, Audience, Issuer, tokenclaimslist, AddContentKeyIdentifierClaim, mytokenverificationkey, openIdDiscoveryPath);
string tname = detailedtokentype.ToString();
List<ContentKeyAuthorizationPolicyRestriction> restrictions =
new List<ContentKeyAuthorizationPolicyRestriction>();
ContentKeyAuthorizationPolicyRestriction restriction =
new ContentKeyAuthorizationPolicyRestriction
{
Name = tname + " Token Authorization Policy",
KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted,
Requirements = tokenTemplateString
};
restrictions.Add(restriction);
//You could have multiple options
IContentKeyAuthorizationPolicyOption policyOption =
_context.ContentKeyAuthorizationPolicyOptions.Create(
"Token option",
ContentKeyDeliveryType.BaselineHttp,
restrictions,
null // no key delivery data is needed for HLS
);
return policyOption;
}
public static IContentKeyAuthorizationPolicyOption AddTokenRestrictedAuthorizationPolicyAES(IContentKey contentKey, string Audience, string Issuer, IList<TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenType tokentype, bool IsJWTKeySymmetric, TokenVerificationKey mytokenverificationkey, CloudMediaContext _context)
{
string tokenTemplateString = GenerateTokenRequirements(tokentype, Audience, Issuer, tokenclaimslist, AddContentKeyIdentifierClaim, mytokenverificationkey);
string tname = ((IsJWTKeySymmetric) ? "Sym " : "Asym ") + ((tokentype == TokenType.SWT) ? "SWT " : "JWT ");
List<ContentKeyAuthorizationPolicyRestriction> restrictions =
new List<ContentKeyAuthorizationPolicyRestriction>();
ContentKeyAuthorizationPolicyRestriction restriction =
new ContentKeyAuthorizationPolicyRestriction
{
Name = "Token Authorization Policy",
KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted,
Requirements = tokenTemplateString
};
restrictions.Add(restriction);
//You could have multiple options
IContentKeyAuthorizationPolicyOption policyOption =
_context.ContentKeyAuthorizationPolicyOptions.Create(
"Token option",
ContentKeyDeliveryType.BaselineHttp,
restrictions,
null // no key delivery data is needed for HLS
);
return policyOption;
}
private static string GenerateTokenRequirements(TokenType mytokentype, string _sampleAudience, string _sampleIssuer, IList<TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenVerificationKey mytokenverificationkey)
{
TokenRestrictionTemplate TokenrestrictionTemplate = new TokenRestrictionTemplate(mytokentype)
{
PrimaryVerificationKey = mytokenverificationkey,
Audience = _sampleAudience,
Issuer = _sampleIssuer
};
if (AddContentKeyIdentifierClaim) TokenrestrictionTemplate.RequiredClaims.Add(TokenClaim.ContentKeyIdentifierClaim);
foreach (var t in tokenclaimslist)
{
TokenrestrictionTemplate.RequiredClaims.Add(t);
}
return TokenRestrictionTemplateSerializer.Serialize(TokenrestrictionTemplate);
}
public static IContentKeyAuthorizationPolicyOption AddTokenRestrictedAuthorizationPolicyPlayReady(IContentKey contentKey, string Audience, string Issuer, IList<TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenType tokentype, bool IsJWTKeySymmetric, TokenVerificationKey mytokenverificationkey, CloudMediaContext _context, string newLicenseTemplate)
{
string tokenTemplateString = GenerateTokenRequirements(tokentype, Audience, Issuer, tokenclaimslist, AddContentKeyIdentifierClaim, mytokenverificationkey);
string tname = ((IsJWTKeySymmetric) ? "Sym " : "Asym ") + ((tokentype == TokenType.SWT) ? "SWT " : " JWT ");
List<ContentKeyAuthorizationPolicyRestriction> restrictions = new List<ContentKeyAuthorizationPolicyRestriction>
{
new ContentKeyAuthorizationPolicyRestriction
{
Name = tname+ "Token Authorization Policy",
KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted,
Requirements = tokenTemplateString,
}
};
IContentKeyAuthorizationPolicyOption policyOption =
_context.ContentKeyAuthorizationPolicyOptions.Create(tname + "Token option",
ContentKeyDeliveryType.PlayReadyLicense,
restrictions, newLicenseTemplate);
IContentKeyAuthorizationPolicy contentKeyAuthorizationPolicy = _context.
ContentKeyAuthorizationPolicies.
CreateAsync("Deliver Common Content Key with no restrictions").
Result;
return policyOption;
}
