private static ContentKeyPolicy EnsureContentKeyPolicyExists(IAzureMediaServicesClient client, string resourceGroup, string accountName, string contentKeyPolicyName) { ContentKeyPolicySymmetricTokenKey primaryKey = new ContentKeyPolicySymmetricTokenKey(TokenSigningKey); List <ContentKeyPolicyRestrictionTokenKey> alternateKeys = null; List <ContentKeyPolicyTokenClaim> requiredClaims = new List <ContentKeyPolicyTokenClaim>() { ContentKeyPolicyTokenClaim.ContentKeyIdentifierClaim }; List <ContentKeyPolicyOption> options = new List <ContentKeyPolicyOption>() { new ContentKeyPolicyOption( new ContentKeyPolicyClearKeyConfiguration(), new ContentKeyPolicyTokenRestriction(Issuer, Audience, primaryKey, ContentKeyPolicyRestrictionTokenType.Jwt, alternateKeys, requiredClaims)) }; // since we are randomly generating the signing key each time, make sure to create or update the policy each time. // Normally you would use a long lived key so you would just check for the policies existence with Get instead of // ensuring to create or update it each time. ContentKeyPolicy policy = client.ContentKeyPolicies.CreateOrUpdate(resourceGroup, accountName, contentKeyPolicyName, options); return(policy); }
// </CreateMediaServicesClient> /// <summary> /// Create the content key policy that configures how the content key is delivered to end clients /// via the Key Delivery component of Azure Media Services. /// </summary> /// <param name="client">The Media Services client.</param> /// <param name="resourceGroupName">The name of the resource group within the Azure subscription.</param> /// <param name="accountName"> The Media Services account name.</param> /// <param name="contentKeyPolicyName">The name of the content key policy resource.</param> /// <returns></returns> // <GetOrCreateContentKeyPolicy> private static async Task <ContentKeyPolicy> GetOrCreateContentKeyPolicyAsync( IAzureMediaServicesClient client, string resourceGroupName, string accountName, string contentKeyPolicyName, byte[] tokenSigningKey) { ContentKeyPolicy policy = await client.ContentKeyPolicies.GetAsync(resourceGroupName, accountName, contentKeyPolicyName); if (policy == null) { ContentKeyPolicySymmetricTokenKey primaryKey = new ContentKeyPolicySymmetricTokenKey(tokenSigningKey); List <ContentKeyPolicyTokenClaim> requiredClaims = new List <ContentKeyPolicyTokenClaim>() { ContentKeyPolicyTokenClaim.ContentKeyIdentifierClaim }; List <ContentKeyPolicyRestrictionTokenKey> alternateKeys = null; ContentKeyPolicyTokenRestriction restriction = new ContentKeyPolicyTokenRestriction(Issuer, Audience, primaryKey, ContentKeyPolicyRestrictionTokenType.Jwt, alternateKeys, requiredClaims); ContentKeyPolicyPlayReadyConfiguration playReadyConfig = ConfigurePlayReadyLicenseTemplate(); ContentKeyPolicyWidevineConfiguration widevineConfig = ConfigureWidevineLicenseTempate(); List <ContentKeyPolicyOption> options = new List <ContentKeyPolicyOption>(); options.Add( new ContentKeyPolicyOption() { Configuration = playReadyConfig, // If you want to set an open restriction, use // Restriction = new ContentKeyPolicyOpenRestriction() Restriction = restriction }); options.Add( new ContentKeyPolicyOption() { Configuration = widevineConfig, Restriction = restriction }); policy = await client.ContentKeyPolicies.CreateOrUpdateAsync(resourceGroupName, accountName, contentKeyPolicyName, options); } else { // Get the signing key from the existing policy. var policyProperties = await client.ContentKeyPolicies.GetPolicyPropertiesWithSecretsAsync(resourceGroupName, accountName, contentKeyPolicyName); var restriction = policyProperties.Options[0].Restriction as ContentKeyPolicyTokenRestriction; if (restriction != null) { var signingKey = restriction.PrimaryVerificationKey as ContentKeyPolicySymmetricTokenKey; if (signingKey != null) { TokenSigningKey = signingKey.KeyValue; } } } return(policy); }
// Create the content key policy that configures how the content key is delivered to end clients private static async Task <ContentKeyPolicy> GetOrCreateContentKeyPolicyAsync( IAzureMediaServicesClient client, string resourceGroupName, string accountName, string contentKeyPolicyName, byte[] tokenSigningKey) { ContentKeyPolicy policy = await client.ContentKeyPolicies.GetAsync(resourceGroupName, accountName, contentKeyPolicyName); if (policy == null) { ContentKeyPolicySymmetricTokenKey primaryKey = new ContentKeyPolicySymmetricTokenKey(TokenSigningKey); List <ContentKeyPolicyRestrictionTokenKey> alternateKeys = null; List <ContentKeyPolicyTokenClaim> requiredClaims = new List <ContentKeyPolicyTokenClaim>() { ContentKeyPolicyTokenClaim.ContentKeyIdentifierClaim }; List <ContentKeyPolicyOption> options = new List <ContentKeyPolicyOption>() { new ContentKeyPolicyOption( new ContentKeyPolicyClearKeyConfiguration(), new ContentKeyPolicyTokenRestriction(Issuer, Audience, primaryKey, ContentKeyPolicyRestrictionTokenType.Jwt, alternateKeys, requiredClaims)) }; policy = await client.ContentKeyPolicies.CreateOrUpdateAsync(resourceGroupName, accountName, contentKeyPolicyName, options); } return(policy); }
private async Task <byte[]> GetOrCreateContentPolicy(string policyName) { var policy = await _client.ContentKeyPolicies.GetAsync(_option.ResourceGroupName, _option.AccountName, policyName); if (policy == null) { var primaryKey = new ContentKeyPolicySymmetricTokenKey(_option.TokenKey); var requiredClaims = new List <ContentKeyPolicyTokenClaim>() { ContentKeyPolicyTokenClaim.ContentKeyIdentifierClaim }; var restriction = new ContentKeyPolicyTokenRestriction(_option.Issuer, _option.Audience, primaryKey, ContentKeyPolicyRestrictionTokenType.Jwt, null, requiredClaims); var options = new List <ContentKeyPolicyOption>() { new ContentKeyPolicyOption() { Name = "playReady", Configuration = ConfigurePlayReadyLicenseTemplate(), Restriction = restriction }, new ContentKeyPolicyOption() { Name = "winevine", Configuration = ConfigureWidevineLicenseTemplate(), Restriction = restriction } }; await _client.ContentKeyPolicies.CreateOrUpdateAsync(_option.ResourceGroupName, _option.AccountName, policyName, options); } var policyProperties = await _client.ContentKeyPolicies.GetPolicyPropertiesWithSecretsAsync(_option.ResourceGroupName, _option.AccountName, policyName); if (policyProperties.Options[0].Restriction is ContentKeyPolicyTokenRestriction restriction2) { if (restriction2.PrimaryVerificationKey is ContentKeyPolicySymmetricTokenKey signingKey) { return(signingKey.KeyValue); } } return(_option.TokenKey); }
public async Task CreateContentPolicyIfNotExists() { var policyName = _option.ContentPolicyOption.ContentPolicyName; var tokenKey = Encoding.ASCII.GetBytes(_option.ContentPolicyOption.TokenValidateKey); var policy = await _client.ContentKeyPolicies.GetAsync(_option.ResourceGroupName, _option.AccountName, policyName); if (policy == null) { var primaryKey = new ContentKeyPolicySymmetricTokenKey(tokenKey); var requiredClaims = new List <ContentKeyPolicyTokenClaim>() { ContentKeyPolicyTokenClaim.ContentKeyIdentifierClaim }; var restriction = new ContentKeyPolicyTokenRestriction(_option.ContentPolicyOption.TokenIssuer, _option.ContentPolicyOption.TokenAudience, primaryKey, ContentKeyPolicyRestrictionTokenType.Jwt, null, requiredClaims); var options = new List <ContentKeyPolicyOption>() { new ContentKeyPolicyOption() { Name = "playReady", Configuration = ConfigurePlayReadyLicenseTemplate(), Restriction = restriction }, new ContentKeyPolicyOption() { Name = "winevine", Configuration = ConfigureWidevineLicenseTemplate(), Restriction = restriction }, new ContentKeyPolicyOption(new ContentKeyPolicyClearKeyConfiguration(), restriction) { Name = "AES" } }; await _client.ContentKeyPolicies.CreateOrUpdateAsync(_option.ResourceGroupName, _option.AccountName, policyName, options); } }
// </RunAsync> /// <summary> /// Create the content key policy that configures how the content key is delivered to end clients /// via the Key Delivery component of Azure Media Services. /// </summary> /// <param name="client">The Media Services client.</param> /// <param name="resourceGroupName">The name of the resource group within the Azure subscription.</param> /// <param name="accountName"> The Media Services account name.</param> /// <param name="contentKeyPolicyName">The name of the content key policy resource.</param> /// <returns></returns> // <GetOrCreateContentKeyPolicy> private static async Task <ContentKeyPolicy> GetOrCreateContentKeyPolicyAsync( IAzureMediaServicesClient client, string resourceGroupName, string accountName, string contentKeyPolicyName) { bool createPolicy = false; ContentKeyPolicy policy = null; try { policy = await client.ContentKeyPolicies.GetAsync(resourceGroupName, accountName, contentKeyPolicyName); } catch (ErrorResponseException ex) when(ex.Response.StatusCode == System.Net.HttpStatusCode.NotFound) { createPolicy = true; } if (createPolicy) { ContentKeyPolicySymmetricTokenKey primaryKey = new ContentKeyPolicySymmetricTokenKey(TokenSigningKey); List <ContentKeyPolicyRestrictionTokenKey> alternateKeys = null; List <ContentKeyPolicyTokenClaim> requiredClaims = new List <ContentKeyPolicyTokenClaim>() { ContentKeyPolicyTokenClaim.ContentKeyIdentifierClaim }; List <ContentKeyPolicyOption> options = new List <ContentKeyPolicyOption>() { new ContentKeyPolicyOption( new ContentKeyPolicyClearKeyConfiguration(), new ContentKeyPolicyTokenRestriction(Issuer, Audience, primaryKey, ContentKeyPolicyRestrictionTokenType.Jwt, alternateKeys, requiredClaims)) }; // Since we are randomly generating the signing key each time, make sure to create or update the policy each time. // Normally you would use a long lived key so you would just check for the policies existence with Get instead of // ensuring to create or update it each time. policy = await client.ContentKeyPolicies.CreateOrUpdateAsync(resourceGroupName, accountName, contentKeyPolicyName, options); } return(policy); }
/// <summary> /// Checks if content key policy exists, if not, creates new one /// This code is based on https://github.com/Azure-Samples/media-services-v3-dotnet-core-tutorials/tree/master/NETCore/EncodeHTTPAndPublishAESEncrypted /// </summary> /// <param name="client">Azure Media Services instance client</param> /// <param name="resourceGroup">Azure resource group</param> /// <param name="accountName">Azure Media Services instance account name</param> /// <param name="contentKeyPolicyName">Content key policy name</param> /// <param name="tokenSigningKey">Token signing key</param> /// <param name="issuer">Token issuer</param> /// <param name="audience">Token audience</param> /// <returns></returns> public static async Task <ContentKeyPolicy> EnsureContentKeyPolicyExists(IAzureMediaServicesClient client, string resourceGroup, string accountName, string contentKeyPolicyName, byte[] tokenSigningKey, string issuer, string audience) { var primaryKey = new ContentKeyPolicySymmetricTokenKey(tokenSigningKey); List <ContentKeyPolicyRestrictionTokenKey> alternateKeys = null; var requiredClaims = new List <ContentKeyPolicyTokenClaim>() { ContentKeyPolicyTokenClaim.ContentKeyIdentifierClaim }; var options = new List <ContentKeyPolicyOption>() { new ContentKeyPolicyOption( new ContentKeyPolicyClearKeyConfiguration(), new ContentKeyPolicyTokenRestriction(issuer, audience, primaryKey, ContentKeyPolicyRestrictionTokenType.Jwt, alternateKeys, requiredClaims)) }; var policy = await client.ContentKeyPolicies.CreateOrUpdateAsync(resourceGroup, accountName, contentKeyPolicyName, options).ConfigureAwait(false); return(policy); }
public void ContentKeyPolicyComboTest() { using (MockContext context = this.StartMockContextAndInitializeClients(this.GetType())) { try { CreateMediaServicesAccount(); // List ContentKeyPolicies, which should be empty var contentKeyPolicies = MediaClient.ContentKeyPolicies.List(ResourceGroup, AccountName); Assert.Empty(contentKeyPolicies); string policyName = TestUtilities.GenerateName("ContentKeyPolicy"); string policyDescription = "Test policy"; // Try to get the policy, which should not exist Assert.Equal(System.Net.HttpStatusCode.NotFound, Assert.Throws <ErrorResponseException>(() => MediaClient.ContentKeyPolicies.Get(ResourceGroup, AccountName, policyName)).Response.StatusCode); // Create the policy ContentKeyPolicyOption[] options = new ContentKeyPolicyOption[] { new ContentKeyPolicyOption(new ContentKeyPolicyClearKeyConfiguration(), new ContentKeyPolicyOpenRestriction()) }; ContentKeyPolicy createdPolicy = MediaClient.ContentKeyPolicies.CreateOrUpdate(ResourceGroup, AccountName, policyName, options, policyDescription); ValidateContentKeyPolicy(createdPolicy, policyName, policyDescription, options); // List ContentKeyPolicies and validate the created policy shows up contentKeyPolicies = MediaClient.ContentKeyPolicies.List(ResourceGroup, AccountName); Assert.Single(contentKeyPolicies); ValidateContentKeyPolicy(createdPolicy, policyName, policyDescription, options); // Get the newly created policy ContentKeyPolicy contentKeyPolicy = MediaClient.ContentKeyPolicies.Get(ResourceGroup, AccountName, policyName); Assert.NotNull(contentKeyPolicy); ValidateContentKeyPolicy(createdPolicy, policyName, policyDescription, options); // Update the policy var primaryVerificationKey = new ContentKeyPolicySymmetricTokenKey(new byte[32]); ContentKeyPolicyOption[] options2 = new ContentKeyPolicyOption[] { new ContentKeyPolicyOption(new ContentKeyPolicyClearKeyConfiguration(), new ContentKeyPolicyTokenRestriction( "issuer", "audience", primaryVerificationKey, ContentKeyPolicyRestrictionTokenType.Jwt, requiredClaims: new ContentKeyPolicyTokenClaim[] { ContentKeyPolicyTokenClaim.ContentKeyIdentifierClaim })) }; ContentKeyPolicy updatedByPutPolicy = MediaClient.ContentKeyPolicies.CreateOrUpdate(ResourceGroup, AccountName, policyName, options2, policyDescription); ValidateContentKeyPolicy(updatedByPutPolicy, policyName, policyDescription, options2); // List ContentKeyPolicies and validate the updated policy shows up as expected contentKeyPolicies = MediaClient.ContentKeyPolicies.List(ResourceGroup, AccountName); Assert.Single(contentKeyPolicies); ValidateContentKeyPolicy(contentKeyPolicies.First(), policyName, policyDescription, options2); // Get the newly updated policy contentKeyPolicy = MediaClient.ContentKeyPolicies.Get(ResourceGroup, AccountName, policyName); Assert.NotNull(contentKeyPolicy); ValidateContentKeyPolicy(contentKeyPolicy, policyName, policyDescription, options2); // Delete the policy MediaClient.ContentKeyPolicies.Delete(ResourceGroup, AccountName, policyName); // List ContentKeyPolicies, which should be empty again contentKeyPolicies = MediaClient.ContentKeyPolicies.List(ResourceGroup, AccountName); Assert.Empty(contentKeyPolicies); // Try to get the policy, which should not exist Assert.Equal(System.Net.HttpStatusCode.NotFound, Assert.Throws <ErrorResponseException>(() => MediaClient.ContentKeyPolicies.Get(ResourceGroup, AccountName, policyName)).Response.StatusCode); } finally { DeleteMediaServicesAccount(); } } }
// </RunAsync> /// <summary> /// Create the content key policy that configures how the content key is delivered to end clients /// via the Key Delivery component of Azure Media Services. /// </summary> /// <param name="client">The Media Services client.</param> /// <param name="resourceGroupName">The name of the resource group within the Azure subscription.</param> /// <param name="accountName"> The Media Services account name.</param> /// <param name="contentKeyPolicyName">The name of the content key policy resource.</param> /// <returns></returns> // <GetOrCreateContentKeyPolicy> private static async Task <ContentKeyPolicy> GetOrCreateContentKeyPolicyAsync( IAzureMediaServicesClient client, string resourceGroupName, string accountName, string contentKeyPolicyName, byte[] tokenSigningKey) { bool createPolicy = false; ContentKeyPolicy policy = null; try { policy = await client.ContentKeyPolicies.GetAsync(resourceGroupName, accountName, contentKeyPolicyName); } catch (ErrorResponseException ex) when(ex.Response.StatusCode == System.Net.HttpStatusCode.NotFound) { createPolicy = true; } if (createPolicy) { ContentKeyPolicySymmetricTokenKey primaryKey = new ContentKeyPolicySymmetricTokenKey(tokenSigningKey); List <ContentKeyPolicyTokenClaim> requiredClaims = new List <ContentKeyPolicyTokenClaim>() { ContentKeyPolicyTokenClaim.ContentKeyIdentifierClaim }; List <ContentKeyPolicyRestrictionTokenKey> alternateKeys = null; ContentKeyPolicyTokenRestriction restriction = new ContentKeyPolicyTokenRestriction(Issuer, Audience, primaryKey, ContentKeyPolicyRestrictionTokenType.Jwt, alternateKeys, requiredClaims); ContentKeyPolicyPlayReadyConfiguration playReadyConfig = ConfigurePlayReadyLicenseTemplate(); ContentKeyPolicyWidevineConfiguration widevineConfig = ConfigureWidevineLicenseTemplate(); // ContentKeyPolicyFairPlayConfiguration fairplayConfig = ConfigureFairPlayPolicyOptions(); List <ContentKeyPolicyOption> options = new List <ContentKeyPolicyOption>(); options.Add( new ContentKeyPolicyOption() { Configuration = playReadyConfig, // If you want to set an open restriction, use // Restriction = new ContentKeyPolicyOpenRestriction() Restriction = restriction }); options.Add( new ContentKeyPolicyOption() { Configuration = widevineConfig, Restriction = restriction }); // add CBCS ContentKeyPolicyOption into the list // options.Add( // new ContentKeyPolicyOption() // { // Configuration = fairplayConfig, // Restriction = restriction, // Name = "ContentKeyPolicyOption_CBCS" // }); policy = await client.ContentKeyPolicies.CreateOrUpdateAsync(resourceGroupName, accountName, contentKeyPolicyName, options); } else { // Get the signing key from the existing policy. var policyProperties = await client.ContentKeyPolicies.GetPolicyPropertiesWithSecretsAsync(resourceGroupName, accountName, contentKeyPolicyName); if (policyProperties.Options[0].Restriction is ContentKeyPolicyTokenRestriction restriction) { if (restriction.PrimaryVerificationKey is ContentKeyPolicySymmetricTokenKey signingKey) { TokenSigningKey = signingKey.KeyValue; } } } return(policy); }