// </CreateMediaServicesClient>
/// <summary>
/// Create the content key policy that configures how the content key is delivered to end clients
/// via the Key Delivery component of Azure Media Services.
/// </summary>
/// <param name="client">The Media Services client.</param>
/// <param name="resourceGroupName">The name of the resource group within the Azure subscription.</param>
/// <param name="accountName"> The Media Services account name.</param>
/// <param name="contentKeyPolicyName">The name of the content key policy resource.</param>
/// <returns></returns>
// <GetOrCreateContentKeyPolicy>
private static async Task <ContentKeyPolicy> GetOrCreateContentKeyPolicyAsync(
IAzureMediaServicesClient client,
string resourceGroupName,
string accountName,
string contentKeyPolicyName,
byte[] tokenSigningKey)
{
ContentKeyPolicy policy = await client.ContentKeyPolicies.GetAsync(resourceGroupName, accountName, contentKeyPolicyName);
if (policy == null)
{
ContentKeyPolicySymmetricTokenKey primaryKey = new ContentKeyPolicySymmetricTokenKey(tokenSigningKey);
List <ContentKeyPolicyTokenClaim> requiredClaims = new List <ContentKeyPolicyTokenClaim>()
{
ContentKeyPolicyTokenClaim.ContentKeyIdentifierClaim
};
List <ContentKeyPolicyRestrictionTokenKey> alternateKeys = null;
ContentKeyPolicyTokenRestriction restriction
= new ContentKeyPolicyTokenRestriction(Issuer, Audience, primaryKey, ContentKeyPolicyRestrictionTokenType.Jwt, alternateKeys, requiredClaims);
ContentKeyPolicyPlayReadyConfiguration playReadyConfig = ConfigurePlayReadyLicenseTemplate();
ContentKeyPolicyWidevineConfiguration widevineConfig = ConfigureWidevineLicenseTempate();
List <ContentKeyPolicyOption> options = new List <ContentKeyPolicyOption>();
options.Add(
new ContentKeyPolicyOption()
{
Configuration = playReadyConfig,
// If you want to set an open restriction, use
// Restriction = new ContentKeyPolicyOpenRestriction()
Restriction = restriction
});
options.Add(
new ContentKeyPolicyOption()
{
Configuration = widevineConfig,
Restriction = restriction
});
policy = await client.ContentKeyPolicies.CreateOrUpdateAsync(resourceGroupName, accountName, contentKeyPolicyName, options);
}
else
{
// Get the signing key from the existing policy.
var policyProperties = await client.ContentKeyPolicies.GetPolicyPropertiesWithSecretsAsync(resourceGroupName, accountName, contentKeyPolicyName);
var restriction = policyProperties.Options[0].Restriction as ContentKeyPolicyTokenRestriction;
if (restriction != null)
{
var signingKey = restriction.PrimaryVerificationKey as ContentKeyPolicySymmetricTokenKey;
if (signingKey != null)
{
TokenSigningKey = signingKey.KeyValue;
}
}
}
return(policy);
}
// </WaitForJobToFinish>
/// <summary>
/// Configures PlayReady license template.
/// </summary>
/// <returns></returns>
//<ConfigurePlayReadyLicenseTemplate>
private static ContentKeyPolicyPlayReadyConfiguration ConfigurePlayReadyLicenseTemplate()
{
ContentKeyPolicyPlayReadyLicense objContentKeyPolicyPlayReadyLicense;
objContentKeyPolicyPlayReadyLicense = new ContentKeyPolicyPlayReadyLicense
{
AllowTestDevices = true,
BeginDate = new DateTime(2016, 1, 1),
ContentKeyLocation = new ContentKeyPolicyPlayReadyContentEncryptionKeyFromHeader(),
ContentType = ContentKeyPolicyPlayReadyContentType.UltraVioletStreaming,
LicenseType = ContentKeyPolicyPlayReadyLicenseType.Persistent,
PlayRight = new ContentKeyPolicyPlayReadyPlayRight
{
ImageConstraintForAnalogComponentVideoRestriction = true,
ExplicitAnalogTelevisionOutputRestriction = new ContentKeyPolicyPlayReadyExplicitAnalogTelevisionRestriction(true, 2),
AllowPassingVideoContentToUnknownOutput = ContentKeyPolicyPlayReadyUnknownOutputPassingOption.Allowed
}
};
ContentKeyPolicyPlayReadyConfiguration objContentKeyPolicyPlayReadyConfiguration = new ContentKeyPolicyPlayReadyConfiguration
{
Licenses = new List <ContentKeyPolicyPlayReadyLicense> {
objContentKeyPolicyPlayReadyLicense
}
};
return(objContentKeyPolicyPlayReadyConfiguration);
}
/// <summary>
/// Create the content key policy that configures how the content key is delivered to end clients
/// via the Key Delivery component of Azure Media Services.
/// </summary>
/// <param name="client">The Media Services client.</param>
/// <param name="resourceGroupName">The name of the resource group within the Azure subscription.</param>
/// <param name="accountName"> The Media Services account name.</param>
/// <param name="contentKeyPolicyName">The name of the content key policy resource.</param>
/// <returns></returns>
private static async Task <ContentKeyPolicy> GetOrCreateContentKeyPolicyAsync(
IAzureMediaServicesClient client,
string resourceGroupName,
string accountName,
string contentKeyPolicyName)
{
ContentKeyPolicy policy = await client.ContentKeyPolicies.GetAsync(resourceGroupName, accountName, contentKeyPolicyName);
if (policy == null)
{
ContentKeyPolicyOpenRestriction restriction = new ContentKeyPolicyOpenRestriction();
ContentKeyPolicyPlayReadyConfiguration playReadyConfig = ConfigurePlayReadyLicenseTemplate();
ContentKeyPolicyWidevineConfiguration widevineConfig = ConfigureWidevineLicenseTempate();
List <ContentKeyPolicyOption> options = new List <ContentKeyPolicyOption>
{
new ContentKeyPolicyOption()
{
Configuration = playReadyConfig,
Restriction = restriction
},
new ContentKeyPolicyOption()
{
Configuration = widevineConfig,
Restriction = restriction
}
};
Console.WriteLine("Creating a content key policy...");
policy = await client.ContentKeyPolicies.CreateOrUpdateAsync(resourceGroupName, accountName, contentKeyPolicyName, options);
}
return(policy);
}
/// <summary>
/// Create the content key policy that configures how the content key is delivered to end clients
/// via the Key Delivery component of Azure Media Services.
/// </summary>
/// <param name="client">The Media Services client.</param>
/// <param name="resourceGroupName">The name of the resource group within the Azure subscription.</param>
/// <param name="accountName"> The Media Services account name.</param>
/// <param name="contentKeyPolicyName">The name of the content key policy resource.</param>
/// <returns></returns>
private static async Task <ContentKeyPolicy> GetOrCreateContentKeyPolicyAsync(
IAzureMediaServicesClient client,
string resourceGroupName,
string accountName,
string contentKeyPolicyName)
{
bool createPolicy = false;
ContentKeyPolicy policy = null;
try
{
policy = await client.ContentKeyPolicies.GetAsync(resourceGroupName, accountName, contentKeyPolicyName);
}
catch (ErrorResponseException ex) when(ex.Response.StatusCode == System.Net.HttpStatusCode.NotFound)
{
// Content key policy does not exist
createPolicy = true;
}
if (createPolicy)
{
ContentKeyPolicyOpenRestriction restriction = new();
ContentKeyPolicyPlayReadyConfiguration playReadyConfig = ConfigurePlayReadyLicenseTemplate();
ContentKeyPolicyWidevineConfiguration widevineConfig = ConfigureWidevineLicenseTempate();
List <ContentKeyPolicyOption> options = new()
{
new ContentKeyPolicyOption()
{
Configuration = playReadyConfig,
Restriction = restriction
},
new ContentKeyPolicyOption()
{
Configuration = widevineConfig,
Restriction = restriction
}
};
Console.WriteLine("Creating a content key policy...");
policy = await client.ContentKeyPolicies.CreateOrUpdateAsync(resourceGroupName, accountName, contentKeyPolicyName, options);
}
return(policy);
}
public void CreateContentKeyPolicyDRM(ContentProtection contentProtection)
{
ContentKeyPolicyPlayReadyLicenseType licenseType = ContentKeyPolicyPlayReadyLicenseType.NonPersistent;
if (contentProtection != null && contentProtection.PersistentLicense)
{
licenseType = ContentKeyPolicyPlayReadyLicenseType.Persistent;
}
ContentKeyPolicyPlayReadyLicense playReadyLicense = new ContentKeyPolicyPlayReadyLicense()
{
LicenseType = licenseType,
ContentType = ContentKeyPolicyPlayReadyContentType.Unspecified,
ContentKeyLocation = new ContentKeyPolicyPlayReadyContentEncryptionKeyFromHeader()
};
ContentKeyPolicyPlayReadyConfiguration playReadyConfiguration = new ContentKeyPolicyPlayReadyConfiguration()
{
Licenses = new ContentKeyPolicyPlayReadyLicense[] { playReadyLicense }
};
WidevineTemplate widevineTemplate = new WidevineTemplate();
if (contentProtection != null && contentProtection.PersistentLicense)
{
widevineTemplate.PolicyOverrides = new PolicyOverrides()
{
CanPersist = true
};
}
ContentKeyPolicyWidevineConfiguration widevineConfiguration = new ContentKeyPolicyWidevineConfiguration()
{
WidevineTemplate = JsonConvert.SerializeObject(widevineTemplate)
};
string policyName = Constant.Media.ContentKey.PolicyDRM;
ContentKeyPolicyConfiguration[] policyConfigurations = new ContentKeyPolicyConfiguration[]
{
playReadyConfiguration,
widevineConfiguration
};
CreateContentKeyPolicy(policyName, policyConfigurations);
}
public static async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "post", Route = null)] HttpRequest req,
ILogger log)
{
log.LogInformation($"AMS v3 Function - CreateContentKeyPolicy was triggered!");
string requestBody = new StreamReader(req.Body).ReadToEnd();
dynamic data = JsonConvert.DeserializeObject(requestBody);
if (data.contentKeyPolicyName == null)
{
return(new BadRequestObjectResult("Please pass contentKeyPolicyName in the input object"));
}
string contentKeyPolicyName = data.contentKeyPolicyName;
string contentKeyPolicyDescription = null;
if (data.contentKeyPolicyDescription == null)
{
contentKeyPolicyDescription = data.contentKeyPolicyDescription;
}
string mode = data.mode;
if (mode != "simple" && mode != "advanced")
{
return(new BadRequestObjectResult("Please pass valid mode in the input object"));
}
//
// Simple Mode
//
if (mode == "simple")
{
if (data.policyOptionName == null)
{
return(new BadRequestObjectResult("Please pass policyOptionName in the input object"));
}
if (data.openRestriction == null)
{
return(new BadRequestObjectResult("Please pass openRestriction in the input object"));
}
if (data.openRestriction == false)
{
if (data.audience == null &&
data.issuer == null &&
data.tokenType == null &&
data.tokenKeyType == null &&
data.tokenKey == null)
{
return(new BadRequestObjectResult("Please pass required parameters for Token Restriction in the input object"));
}
}
}
//
// Advanced Mode
//
if (mode == "advanced")
{
if (data.contentKeyPolicyOptions == null)
{
return(new BadRequestObjectResult("Please pass contentKeyPolicyOptions in the input object"));
}
}
MediaServicesConfigWrapper amsconfig = new MediaServicesConfigWrapper();
ContentKeyPolicy policy = null;
JsonConverter[] jsonReaders =
{
new MediaServicesHelperJsonReader(),
new MediaServicesHelperTimeSpanJsonConverter()
};
try
{
IAzureMediaServicesClient client = MediaServicesHelper.CreateMediaServicesClientAsync(amsconfig);
policy = client.ContentKeyPolicies.Get(amsconfig.ResourceGroup, amsconfig.AccountName, contentKeyPolicyName);
if (policy == null)
{
List <ContentKeyPolicyOption> options = new List <ContentKeyPolicyOption>();
if (mode == "simple")
{
ContentKeyPolicyOption option = new ContentKeyPolicyOption();
option.Name = data.policyOptionName;
// Restrictions
if ((bool)data.openRestriction)
{
option.Restriction = new ContentKeyPolicyOpenRestriction();
}
else
{
ContentKeyPolicyTokenRestriction restriction = new ContentKeyPolicyTokenRestriction();
restriction.Audience = data.audience;
restriction.Issuer = data.issuer;
string tokenType = data.tokenType;
switch (tokenType)
{
case "Jwt":
restriction.RestrictionTokenType = ContentKeyPolicyRestrictionTokenType.Jwt;
break;
case "Swt":
restriction.RestrictionTokenType = ContentKeyPolicyRestrictionTokenType.Swt;
break;
default:
return(new BadRequestObjectResult("Please pass valid tokenType in the input object"));
}
string tokenKeyType = data.tokenKeyType;
switch (tokenKeyType)
{
case "Symmetric":
restriction.PrimaryVerificationKey = new ContentKeyPolicySymmetricTokenKey(Convert.FromBase64String(data.tokenKey.ToString()));
break;
case "X509":
restriction.PrimaryVerificationKey = new ContentKeyPolicyX509CertificateTokenKey(Convert.FromBase64String(data.tokenKey.ToString()));
break;
case "RSA":
restriction.PrimaryVerificationKey = new ContentKeyPolicyRsaTokenKey();
break;
default:
return(new BadRequestObjectResult("Please pass valid tokenKeyType in the input object"));
}
if (data.tokenClaims != null)
{
restriction.RequiredClaims = new List <ContentKeyPolicyTokenClaim>();
String[] tokenClaims = data.tokenClaims.ToString().Split(';');
foreach (string tokenClaim in tokenClaims)
{
String[] tokenClaimKVP = tokenClaim.Split('=');
if (tokenClaimKVP.Length == 2)
{
restriction.RequiredClaims.Add(new ContentKeyPolicyTokenClaim(tokenClaimKVP[0], tokenClaimKVP[1] == "null" ? null : tokenClaimKVP[1]));
}
else if (tokenClaimKVP.Length == 1)
{
restriction.RequiredClaims.Add(new ContentKeyPolicyTokenClaim(tokenClaimKVP[0]));
}
else
{
return(new BadRequestObjectResult("Please pass valid tokenClaims in the input object"));
}
}
}
if (data.openIdConnectDiscoveryDocument != null)
{
restriction.OpenIdConnectDiscoveryDocument = data.openIdConnectDiscoveryDocument;
}
option.Restriction = restriction;
}
// Configuration
string configurationType = data.configurationType;
switch (configurationType)
{
case "ClearKey":
option.Configuration = new ContentKeyPolicyClearKeyConfiguration();
break;
case "FairPlay":
ContentKeyPolicyFairPlayConfiguration configFairPlay = new ContentKeyPolicyFairPlayConfiguration();
configFairPlay.Ask = Convert.FromBase64String(data.fairPlayAsk);
configFairPlay.FairPlayPfx = data.fairPlayPfx;
configFairPlay.FairPlayPfxPassword = data.fairPlayPfxPassword;
switch (data.faiPlayRentalAndLeaseKeyType)
{
case "Undefined":
configFairPlay.RentalAndLeaseKeyType = ContentKeyPolicyFairPlayRentalAndLeaseKeyType.Undefined;
break;
case "PersistentLimited":
configFairPlay.RentalAndLeaseKeyType = ContentKeyPolicyFairPlayRentalAndLeaseKeyType.PersistentLimited;
break;
case "PersistentUnlimited":
configFairPlay.RentalAndLeaseKeyType = ContentKeyPolicyFairPlayRentalAndLeaseKeyType.PersistentUnlimited;
break;
default:
return(new BadRequestObjectResult("Please pass valid faiPlayRentalAndLeaseKeyType in the input object"));
}
configFairPlay.RentalDuration = data.faiPlayRentalDuration;
break;
case "PlayReady":
ContentKeyPolicyPlayReadyConfiguration configPlayReady = new ContentKeyPolicyPlayReadyConfiguration();
configPlayReady.Licenses = JsonConvert.DeserializeObject <List <ContentKeyPolicyPlayReadyLicense> >(data.playReadyTemplates.ToString(), jsonReaders);
if (data.playReadyResponseCustomData != null)
{
configPlayReady.ResponseCustomData = data.playReadyResponseCustomData;
}
option.Configuration = configPlayReady;
break;
case "Widevine":
ContentKeyPolicyWidevineConfiguration configWideVine = JsonConvert.DeserializeObject <ContentKeyPolicyWidevineConfiguration>(data.widevineTemplate.ToString(), jsonReaders);
option.Configuration = configWideVine;
break;
default:
return(new BadRequestObjectResult("Please pass valid configurationType in the input object"));
}
options.Add(option);
}
else if (mode == "advanced")
{
options = JsonConvert.DeserializeObject <List <ContentKeyPolicyOption> >(data.contentKeyPolicyOptions.ToString(), jsonReaders);
}
foreach (ContentKeyPolicyOption o in options)
{
o.Validate();
}
policy = client.ContentKeyPolicies.CreateOrUpdate(amsconfig.ResourceGroup, amsconfig.AccountName, contentKeyPolicyName, options, contentKeyPolicyDescription);
}
}
catch (ApiErrorException e)
{
log.LogError($"ERROR: AMS API call failed with error code: {e.Body.Error.Code} and message: {e.Body.Error.Message}");
return(new BadRequestObjectResult("AMS API call error: " + e.Message + "\nError Code: " + e.Body.Error.Code + "\nMessage: " + e.Body.Error.Message));
}
catch (Exception e)
{
log.LogError($"ERROR: Exception with message: {e.Message}");
return(new BadRequestObjectResult("Error: " + e.Message));
}
return((ActionResult) new OkObjectResult(new
{
policyId = policy.PolicyId
}));
}
// </RunAsync>
/// <summary>
/// Create the content key policy that configures how the content key is delivered to end clients
/// via the Key Delivery component of Azure Media Services.
/// </summary>
/// <param name="client">The Media Services client.</param>
/// <param name="resourceGroupName">The name of the resource group within the Azure subscription.</param>
/// <param name="accountName"> The Media Services account name.</param>
/// <param name="contentKeyPolicyName">The name of the content key policy resource.</param>
/// <returns></returns>
// <GetOrCreateContentKeyPolicy>
private static async Task <ContentKeyPolicy> GetOrCreateContentKeyPolicyAsync(
IAzureMediaServicesClient client,
string resourceGroupName,
string accountName,
string contentKeyPolicyName,
byte[] tokenSigningKey)
{
bool createPolicy = false;
ContentKeyPolicy policy = null;
try
{
policy = await client.ContentKeyPolicies.GetAsync(resourceGroupName, accountName, contentKeyPolicyName);
}
catch (ErrorResponseException ex) when(ex.Response.StatusCode == System.Net.HttpStatusCode.NotFound)
{
createPolicy = true;
}
if (createPolicy)
{
ContentKeyPolicySymmetricTokenKey primaryKey = new ContentKeyPolicySymmetricTokenKey(tokenSigningKey);
List <ContentKeyPolicyTokenClaim> requiredClaims = new List <ContentKeyPolicyTokenClaim>()
{
ContentKeyPolicyTokenClaim.ContentKeyIdentifierClaim
};
List <ContentKeyPolicyRestrictionTokenKey> alternateKeys = null;
ContentKeyPolicyTokenRestriction restriction
= new ContentKeyPolicyTokenRestriction(Issuer, Audience, primaryKey, ContentKeyPolicyRestrictionTokenType.Jwt, alternateKeys, requiredClaims);
ContentKeyPolicyPlayReadyConfiguration playReadyConfig = ConfigurePlayReadyLicenseTemplate();
ContentKeyPolicyWidevineConfiguration widevineConfig = ConfigureWidevineLicenseTemplate();
// ContentKeyPolicyFairPlayConfiguration fairplayConfig = ConfigureFairPlayPolicyOptions();
List <ContentKeyPolicyOption> options = new List <ContentKeyPolicyOption>();
options.Add(
new ContentKeyPolicyOption()
{
Configuration = playReadyConfig,
// If you want to set an open restriction, use
// Restriction = new ContentKeyPolicyOpenRestriction()
Restriction = restriction
});
options.Add(
new ContentKeyPolicyOption()
{
Configuration = widevineConfig,
Restriction = restriction
});
// add CBCS ContentKeyPolicyOption into the list
// options.Add(
// new ContentKeyPolicyOption()
// {
// Configuration = fairplayConfig,
// Restriction = restriction,
// Name = "ContentKeyPolicyOption_CBCS"
// });
policy = await client.ContentKeyPolicies.CreateOrUpdateAsync(resourceGroupName, accountName, contentKeyPolicyName, options);
}
else
{
// Get the signing key from the existing policy.
var policyProperties = await client.ContentKeyPolicies.GetPolicyPropertiesWithSecretsAsync(resourceGroupName, accountName, contentKeyPolicyName);
if (policyProperties.Options[0].Restriction is ContentKeyPolicyTokenRestriction restriction)
{
if (restriction.PrimaryVerificationKey is ContentKeyPolicySymmetricTokenKey signingKey)
{
TokenSigningKey = signingKey.KeyValue;
}
}
}
return(policy);
}
