private void CreateContentKeyPolicy(string policyName)
{
ContentKeyPolicyOption[] options = new ContentKeyPolicyOption[]
{
new ContentKeyPolicyOption(new ContentKeyPolicyClearKeyConfiguration(), new ContentKeyPolicyOpenRestriction())
};
ContentKeyPolicy policy = MediaClient.ContentKeyPolicies.CreateOrUpdate(ResourceGroup, AccountName, policyName, options);
}
public ContentKeyPolicy CreateContentKeyPolicy(string policyName, ContentKeyPolicyConfiguration[] policyConfigurations)
{
ContentKeyPolicy contentKeyPolicy = _media.ContentKeyPolicies.Get(MediaAccount.ResourceGroupName, MediaAccount.Name, policyName);
if (contentKeyPolicy == null)
{
string settingKey = Constant.AppSettingKey.DirectoryClientId;
string clientId = AppSetting.GetValue(settingKey);
settingKey = Constant.AppSettingKey.DirectoryTenantId;
string tenantId = AppSetting.GetValue(settingKey);
settingKey = Constant.AppSettingKey.DirectoryAuthorityUrl;
string authorityUrl = AppSetting.GetValue(settingKey);
authorityUrl = string.Format(authorityUrl, tenantId);
settingKey = Constant.AppSettingKey.DirectoryPolicyIdSignUpIn;
string signUpInPolicyId = AppSetting.GetValue(settingKey);
settingKey = Constant.AppSettingKey.DirectoryDiscoveryPath;
string discoveryPath = AppSetting.GetValue(settingKey);
discoveryPath = string.Concat(discoveryPath, "?p=", signUpInPolicyId);
ContentKeyPolicyTokenRestriction policyRestriction = new ContentKeyPolicyTokenRestriction()
{
OpenIdConnectDiscoveryDocument = string.Concat(authorityUrl, discoveryPath),
RestrictionTokenType = ContentKeyPolicyRestrictionTokenType.Jwt,
Issuer = authorityUrl,
Audience = clientId
};
List <ContentKeyPolicyOption> policyOptions = new List <ContentKeyPolicyOption>();
foreach (ContentKeyPolicyConfiguration policyConfiguration in policyConfigurations)
{
ContentKeyPolicyOption policyOption = new ContentKeyPolicyOption(policyConfiguration, policyRestriction);
policyOptions.Add(policyOption);
}
contentKeyPolicy = _media.ContentKeyPolicies.CreateOrUpdate(MediaAccount.ResourceGroupName, MediaAccount.Name, policyName, policyOptions);
}
return(contentKeyPolicy);
}
public static async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "post", Route = null)] HttpRequest req,
ILogger log)
{
log.LogInformation($"AMS v3 Function - CreateContentKeyPolicy was triggered!");
string requestBody = new StreamReader(req.Body).ReadToEnd();
dynamic data = JsonConvert.DeserializeObject(requestBody);
if (data.contentKeyPolicyName == null)
{
return(new BadRequestObjectResult("Please pass contentKeyPolicyName in the input object"));
}
string contentKeyPolicyName = data.contentKeyPolicyName;
string contentKeyPolicyDescription = null;
if (data.contentKeyPolicyDescription == null)
{
contentKeyPolicyDescription = data.contentKeyPolicyDescription;
}
string mode = data.mode;
if (mode != "simple" && mode != "advanced")
{
return(new BadRequestObjectResult("Please pass valid mode in the input object"));
}
//
// Simple Mode
//
if (mode == "simple")
{
if (data.policyOptionName == null)
{
return(new BadRequestObjectResult("Please pass policyOptionName in the input object"));
}
if (data.openRestriction == null)
{
return(new BadRequestObjectResult("Please pass openRestriction in the input object"));
}
if (data.openRestriction == false)
{
if (data.audience == null &&
data.issuer == null &&
data.tokenType == null &&
data.tokenKeyType == null &&
data.tokenKey == null)
{
return(new BadRequestObjectResult("Please pass required parameters for Token Restriction in the input object"));
}
}
}
//
// Advanced Mode
//
if (mode == "advanced")
{
if (data.contentKeyPolicyOptions == null)
{
return(new BadRequestObjectResult("Please pass contentKeyPolicyOptions in the input object"));
}
}
MediaServicesConfigWrapper amsconfig = new MediaServicesConfigWrapper();
ContentKeyPolicy policy = null;
JsonConverter[] jsonReaders =
{
new MediaServicesHelperJsonReader(),
new MediaServicesHelperTimeSpanJsonConverter()
};
try
{
IAzureMediaServicesClient client = MediaServicesHelper.CreateMediaServicesClientAsync(amsconfig);
policy = client.ContentKeyPolicies.Get(amsconfig.ResourceGroup, amsconfig.AccountName, contentKeyPolicyName);
if (policy == null)
{
List <ContentKeyPolicyOption> options = new List <ContentKeyPolicyOption>();
if (mode == "simple")
{
ContentKeyPolicyOption option = new ContentKeyPolicyOption();
option.Name = data.policyOptionName;
// Restrictions
if ((bool)data.openRestriction)
{
option.Restriction = new ContentKeyPolicyOpenRestriction();
}
else
{
ContentKeyPolicyTokenRestriction restriction = new ContentKeyPolicyTokenRestriction();
restriction.Audience = data.audience;
restriction.Issuer = data.issuer;
string tokenType = data.tokenType;
switch (tokenType)
{
case "Jwt":
restriction.RestrictionTokenType = ContentKeyPolicyRestrictionTokenType.Jwt;
break;
case "Swt":
restriction.RestrictionTokenType = ContentKeyPolicyRestrictionTokenType.Swt;
break;
default:
return(new BadRequestObjectResult("Please pass valid tokenType in the input object"));
}
string tokenKeyType = data.tokenKeyType;
switch (tokenKeyType)
{
case "Symmetric":
restriction.PrimaryVerificationKey = new ContentKeyPolicySymmetricTokenKey(Convert.FromBase64String(data.tokenKey.ToString()));
break;
case "X509":
restriction.PrimaryVerificationKey = new ContentKeyPolicyX509CertificateTokenKey(Convert.FromBase64String(data.tokenKey.ToString()));
break;
case "RSA":
restriction.PrimaryVerificationKey = new ContentKeyPolicyRsaTokenKey();
break;
default:
return(new BadRequestObjectResult("Please pass valid tokenKeyType in the input object"));
}
if (data.tokenClaims != null)
{
restriction.RequiredClaims = new List <ContentKeyPolicyTokenClaim>();
String[] tokenClaims = data.tokenClaims.ToString().Split(';');
foreach (string tokenClaim in tokenClaims)
{
String[] tokenClaimKVP = tokenClaim.Split('=');
if (tokenClaimKVP.Length == 2)
{
restriction.RequiredClaims.Add(new ContentKeyPolicyTokenClaim(tokenClaimKVP[0], tokenClaimKVP[1] == "null" ? null : tokenClaimKVP[1]));
}
else if (tokenClaimKVP.Length == 1)
{
restriction.RequiredClaims.Add(new ContentKeyPolicyTokenClaim(tokenClaimKVP[0]));
}
else
{
return(new BadRequestObjectResult("Please pass valid tokenClaims in the input object"));
}
}
}
if (data.openIdConnectDiscoveryDocument != null)
{
restriction.OpenIdConnectDiscoveryDocument = data.openIdConnectDiscoveryDocument;
}
option.Restriction = restriction;
}
// Configuration
string configurationType = data.configurationType;
switch (configurationType)
{
case "ClearKey":
option.Configuration = new ContentKeyPolicyClearKeyConfiguration();
break;
case "FairPlay":
ContentKeyPolicyFairPlayConfiguration configFairPlay = new ContentKeyPolicyFairPlayConfiguration();
configFairPlay.Ask = Convert.FromBase64String(data.fairPlayAsk);
configFairPlay.FairPlayPfx = data.fairPlayPfx;
configFairPlay.FairPlayPfxPassword = data.fairPlayPfxPassword;
switch (data.faiPlayRentalAndLeaseKeyType)
{
case "Undefined":
configFairPlay.RentalAndLeaseKeyType = ContentKeyPolicyFairPlayRentalAndLeaseKeyType.Undefined;
break;
case "PersistentLimited":
configFairPlay.RentalAndLeaseKeyType = ContentKeyPolicyFairPlayRentalAndLeaseKeyType.PersistentLimited;
break;
case "PersistentUnlimited":
configFairPlay.RentalAndLeaseKeyType = ContentKeyPolicyFairPlayRentalAndLeaseKeyType.PersistentUnlimited;
break;
default:
return(new BadRequestObjectResult("Please pass valid faiPlayRentalAndLeaseKeyType in the input object"));
}
configFairPlay.RentalDuration = data.faiPlayRentalDuration;
break;
case "PlayReady":
ContentKeyPolicyPlayReadyConfiguration configPlayReady = new ContentKeyPolicyPlayReadyConfiguration();
configPlayReady.Licenses = JsonConvert.DeserializeObject <List <ContentKeyPolicyPlayReadyLicense> >(data.playReadyTemplates.ToString(), jsonReaders);
if (data.playReadyResponseCustomData != null)
{
configPlayReady.ResponseCustomData = data.playReadyResponseCustomData;
}
option.Configuration = configPlayReady;
break;
case "Widevine":
ContentKeyPolicyWidevineConfiguration configWideVine = JsonConvert.DeserializeObject <ContentKeyPolicyWidevineConfiguration>(data.widevineTemplate.ToString(), jsonReaders);
option.Configuration = configWideVine;
break;
default:
return(new BadRequestObjectResult("Please pass valid configurationType in the input object"));
}
options.Add(option);
}
else if (mode == "advanced")
{
options = JsonConvert.DeserializeObject <List <ContentKeyPolicyOption> >(data.contentKeyPolicyOptions.ToString(), jsonReaders);
}
foreach (ContentKeyPolicyOption o in options)
{
o.Validate();
}
policy = client.ContentKeyPolicies.CreateOrUpdate(amsconfig.ResourceGroup, amsconfig.AccountName, contentKeyPolicyName, options, contentKeyPolicyDescription);
}
}
catch (ApiErrorException e)
{
log.LogError($"ERROR: AMS API call failed with error code: {e.Body.Error.Code} and message: {e.Body.Error.Message}");
return(new BadRequestObjectResult("AMS API call error: " + e.Message + "\nError Code: " + e.Body.Error.Code + "\nMessage: " + e.Body.Error.Message));
}
catch (Exception e)
{
log.LogError($"ERROR: Exception with message: {e.Message}");
return(new BadRequestObjectResult("Error: " + e.Message));
}
return((ActionResult) new OkObjectResult(new
{
policyId = policy.PolicyId
}));
}
public void ContentKeyPolicyComboTest()
{
using (MockContext context = this.StartMockContextAndInitializeClients(this.GetType()))
{
try
{
CreateMediaServicesAccount();
// List ContentKeyPolicies, which should be empty
var contentKeyPolicies = MediaClient.ContentKeyPolicies.List(ResourceGroup, AccountName);
Assert.Empty(contentKeyPolicies);
string policyName = TestUtilities.GenerateName("ContentKeyPolicy");
string policyDescription = "Test policy";
// Try to get the policy, which should not exist
Assert.Equal(System.Net.HttpStatusCode.NotFound, Assert.Throws <ErrorResponseException>(() => MediaClient.ContentKeyPolicies.Get(ResourceGroup, AccountName, policyName)).Response.StatusCode);
// Create the policy
ContentKeyPolicyOption[] options = new ContentKeyPolicyOption[]
{
new ContentKeyPolicyOption(new ContentKeyPolicyClearKeyConfiguration(), new ContentKeyPolicyOpenRestriction())
};
ContentKeyPolicy createdPolicy = MediaClient.ContentKeyPolicies.CreateOrUpdate(ResourceGroup, AccountName, policyName, options, policyDescription);
ValidateContentKeyPolicy(createdPolicy, policyName, policyDescription, options);
// List ContentKeyPolicies and validate the created policy shows up
contentKeyPolicies = MediaClient.ContentKeyPolicies.List(ResourceGroup, AccountName);
Assert.Single(contentKeyPolicies);
ValidateContentKeyPolicy(createdPolicy, policyName, policyDescription, options);
// Get the newly created policy
ContentKeyPolicy contentKeyPolicy = MediaClient.ContentKeyPolicies.Get(ResourceGroup, AccountName, policyName);
Assert.NotNull(contentKeyPolicy);
ValidateContentKeyPolicy(createdPolicy, policyName, policyDescription, options);
// Update the policy
var primaryVerificationKey = new ContentKeyPolicySymmetricTokenKey(new byte[32]);
ContentKeyPolicyOption[] options2 = new ContentKeyPolicyOption[]
{
new ContentKeyPolicyOption(new ContentKeyPolicyClearKeyConfiguration(),
new ContentKeyPolicyTokenRestriction(
"issuer",
"audience",
primaryVerificationKey,
ContentKeyPolicyRestrictionTokenType.Jwt,
requiredClaims: new ContentKeyPolicyTokenClaim[] { ContentKeyPolicyTokenClaim.ContentKeyIdentifierClaim }))
};
ContentKeyPolicy updatedByPutPolicy = MediaClient.ContentKeyPolicies.CreateOrUpdate(ResourceGroup, AccountName, policyName, options2, policyDescription);
ValidateContentKeyPolicy(updatedByPutPolicy, policyName, policyDescription, options2);
// List ContentKeyPolicies and validate the updated policy shows up as expected
contentKeyPolicies = MediaClient.ContentKeyPolicies.List(ResourceGroup, AccountName);
Assert.Single(contentKeyPolicies);
ValidateContentKeyPolicy(contentKeyPolicies.First(), policyName, policyDescription, options2);
// Get the newly updated policy
contentKeyPolicy = MediaClient.ContentKeyPolicies.Get(ResourceGroup, AccountName, policyName);
Assert.NotNull(contentKeyPolicy);
ValidateContentKeyPolicy(contentKeyPolicy, policyName, policyDescription, options2);
// Delete the policy
MediaClient.ContentKeyPolicies.Delete(ResourceGroup, AccountName, policyName);
// List ContentKeyPolicies, which should be empty again
contentKeyPolicies = MediaClient.ContentKeyPolicies.List(ResourceGroup, AccountName);
Assert.Empty(contentKeyPolicies);
// Try to get the policy, which should not exist
Assert.Equal(System.Net.HttpStatusCode.NotFound, Assert.Throws <ErrorResponseException>(() => MediaClient.ContentKeyPolicies.Get(ResourceGroup, AccountName, policyName)).Response.StatusCode);
}
finally
{
DeleteMediaServicesAccount();
}
}
}
