public static IContentKeyAuthorizationPolicyOption AddTokenRestrictedAuthorizationPolicyAES(IContentKey contentKey, string Audience, string Issuer, IList <TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenType tokentype, ExplorerTokenType detailedtokentype, TokenVerificationKey mytokenverificationkey, CloudMediaContext _context, string openIdDiscoveryPath = null) { string tokenTemplateString = GenerateTokenRequirements(tokentype, Audience, Issuer, tokenclaimslist, AddContentKeyIdentifierClaim, mytokenverificationkey, openIdDiscoveryPath); string tname = detailedtokentype.ToString(); List <ContentKeyAuthorizationPolicyRestriction> restrictions = new List <ContentKeyAuthorizationPolicyRestriction>(); ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction { Name = tname + " Token Authorization Policy", KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted, Requirements = tokenTemplateString }; restrictions.Add(restriction); //You could have multiple options IContentKeyAuthorizationPolicyOption policyOption = _context.ContentKeyAuthorizationPolicyOptions.Create( "Token option", ContentKeyDeliveryType.BaselineHttp, restrictions, null // no key delivery data is needed for HLS ); return(policyOption); }
static public void AddOpenAuthorizationPolicy(IContentKey contentKey) { // Create ContentKeyAuthorizationPolicy with Open restrictions and create authorization policy IContentKeyAuthorizationPolicy policy = context.ContentKeyAuthorizationPolicies.CreateAsync("Open Authorization Policy").Result; List <ContentKeyAuthorizationPolicyRestriction> restrictions = new List <ContentKeyAuthorizationPolicyRestriction>(); ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction { Name = "HLS Open Authorization Policy", KeyRestrictionType = (int)ContentKeyRestrictionType.Open, Requirements = null // no requirements needed for HLS }; restrictions.Add(restriction); IContentKeyAuthorizationPolicyOption policyOption = context.ContentKeyAuthorizationPolicyOptions.Create( "policy", ContentKeyDeliveryType.BaselineHttp, restrictions, ""); policy.Options.Add(policyOption); // Add ContentKeyAutorizationPolicy to ContentKey contentKey.AuthorizationPolicyId = policy.Id; IContentKey updatedKey = contentKey.UpdateAsync().Result; }
public IContentKey AddAuthorizationPolicyToContentKey(string assetID, CloudMediaContext mediaContext, IContentKey objIContentKey, string claimType, string claimValue, JwtSecurityToken token) { //we name auth policy same as asset var policy = mediaContext.ContentKeyAuthorizationPolicies.Where(c => c.Name == assetID).FirstOrDefault(); // Create ContentKeyAuthorizationPolicy with restrictions and create authorization policy if (policy == null) { policy = mediaContext.ContentKeyAuthorizationPolicies.CreateAsync(assetID).Result; } //naming policyOption same as asset var policyOption = mediaContext.ContentKeyAuthorizationPolicyOptions.Where(name => name.Name == assetID).FirstOrDefault(); if (policyOption == null) { List <ContentKeyAuthorizationPolicyRestriction> restrictions = new List <ContentKeyAuthorizationPolicyRestriction>(); TokenRestrictionTemplate template = new TokenRestrictionTemplate(); template.TokenType = TokenType.JWT; //Using Active Directory Open ID discovery spec to use Json Web Keys during token verification template.OpenIdConnectDiscoveryDocument = new OpenIdConnectDiscoveryDocument("https://login.windows.net/common/.well-known/openid-configuration"); //Ignore Empty claims if (!String.IsNullOrEmpty(claimType) && !String.IsNullOrEmpty(claimValue)) { template.RequiredClaims.Add(new TokenClaim(claimType, claimValue)); } var audience = token.Audiences.First(); template.Audience = audience; template.Issuer = token.Issuer; string requirements = TokenRestrictionTemplateSerializer.Serialize(template); ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction { Name = "Authorization Policy with Token Restriction", KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted, Requirements = requirements }; restrictions.Add(restriction); policyOption = mediaContext.ContentKeyAuthorizationPolicyOptions.Create(assetID, ContentKeyDeliveryType.BaselineHttp, restrictions, null); policy.Options.Add(policyOption); policy.UpdateAsync(); } // Add ContentKeyAutorizationPolicy to ContentKey objIContentKey.AuthorizationPolicyId = policy.Id; IContentKey IContentKeyUpdated = objIContentKey.UpdateAsync().Result; return(IContentKeyUpdated); }
private List <ContentKeyAuthorizationPolicyRestriction> CreateContentKeyAuthPolicyRestrictions(string policyName, ContentProtection contentProtection) { List <ContentKeyAuthorizationPolicyRestriction> policyRestrictions = new List <ContentKeyAuthorizationPolicyRestriction>(); if (contentProtection.ContentAuthTypeAddress) { ContentKeyAuthorizationPolicyRestriction policyRestriction = new ContentKeyAuthorizationPolicyRestriction(); policyRestriction.Name = string.Concat(policyName, Constant.Media.ContentProtection.AuthPolicyAddressRestrictionName); policyRestriction.SetKeyRestrictionTypeValue(ContentKeyRestrictionType.IPRestricted); policyRestriction.Requirements = GetAddressRangeXml(contentProtection.ContentAuthAddressRange); policyRestrictions.Add(policyRestriction); } if (contentProtection.ContentAuthTypeToken) { string settingKey = Constant.AppSettingKey.DirectoryTenantId; settingKey = string.Format(settingKey, contentProtection.DirectoryId); string directoryTenantId = AppSetting.GetValue(settingKey); settingKey = Constant.AppSettingKey.DirectoryTenantDomain; settingKey = string.Format(settingKey, contentProtection.DirectoryId); string directoryTenantDomain = AppSetting.GetValue(settingKey); string discoveryUrl = Account.GetDiscoveryUrl(contentProtection.DirectoryId, directoryTenantDomain); if (string.Equals(contentProtection.DirectoryId, Constant.DirectoryService.B2C, StringComparison.OrdinalIgnoreCase)) { settingKey = Constant.AppSettingKey.DirectoryPolicyIdSignUpIn; string policyIdSignUpIn = AppSetting.GetValue(settingKey); discoveryUrl = string.Concat(discoveryUrl, "?p=", policyIdSignUpIn); } TokenRestrictionTemplate tokenTemplate = new TokenRestrictionTemplate(TokenType.JWT); tokenTemplate.OpenIdConnectDiscoveryDocument = new OpenIdConnectDiscoveryDocument(discoveryUrl); tokenTemplate.Issuer = Account.GetIssuerUrl(contentProtection.DirectoryId, directoryTenantId); tokenTemplate.Audience = contentProtection.Audience; ContentKeyAuthorizationPolicyRestriction policyRestriction = new ContentKeyAuthorizationPolicyRestriction(); policyRestriction.Name = string.Concat(policyName, Constant.Media.ContentProtection.AuthPolicyTokenRestrictionName); policyRestriction.SetKeyRestrictionTypeValue(ContentKeyRestrictionType.TokenRestricted); policyRestriction.Requirements = TokenRestrictionTemplateSerializer.Serialize(tokenTemplate); policyRestrictions.Add(policyRestriction); } if (policyRestrictions.Count == 0) { ContentKeyAuthorizationPolicyRestriction policyRestriction = new ContentKeyAuthorizationPolicyRestriction(); policyRestriction.Name = string.Concat(policyName, Constant.Media.ContentProtection.AuthPolicyOpenRestrictionName); policyRestriction.SetKeyRestrictionTypeValue(ContentKeyRestrictionType.Open); policyRestrictions.Add(policyRestriction); } return(policyRestrictions); }
private List <ContentKeyAuthorizationPolicyRestriction> CreateContentKeyAuthPolicyRestrictions(string policyName, ContentProtection contentProtection) { List <ContentKeyAuthorizationPolicyRestriction> policyRestrictions = new List <ContentKeyAuthorizationPolicyRestriction>(); if (contentProtection.ContentAuthTypeAddress) { ContentKeyAuthorizationPolicyRestriction policyRestriction = new ContentKeyAuthorizationPolicyRestriction(); policyRestriction.Name = string.Concat(policyName, Constants.Media.ContentProtection.AuthPolicyAddressRestrictionName); policyRestriction.SetKeyRestrictionTypeValue(ContentKeyRestrictionType.IPRestricted); policyRestriction.Requirements = GetAddressRangeXml(contentProtection.ContentAuthAddressRange); policyRestrictions.Add(policyRestriction); } if (contentProtection.ContentAuthTypeToken) { string settingKey = Constants.AppSettingKey.DirectoryDiscoveryUrl; string discoveryUrl = AppSetting.GetValue(settingKey); settingKey = Constants.AppSettingKey.DirectoryIssuerUrl; string issuerUrl = AppSetting.GetValue(settingKey); settingKey = Constants.AppSettingKey.DirectoryClientId; string clientId = AppSetting.GetValue(settingKey); TokenRestrictionTemplate tokenTemplate = new TokenRestrictionTemplate(TokenType.JWT); tokenTemplate.OpenIdConnectDiscoveryDocument = new OpenIdConnectDiscoveryDocument(discoveryUrl); tokenTemplate.Issuer = issuerUrl; tokenTemplate.Audience = clientId; ContentKeyAuthorizationPolicyRestriction policyRestriction = new ContentKeyAuthorizationPolicyRestriction(); policyRestriction.Name = string.Concat(policyName, Constants.Media.ContentProtection.AuthPolicyTokenRestrictionName); policyRestriction.SetKeyRestrictionTypeValue(ContentKeyRestrictionType.TokenRestricted); policyRestriction.Requirements = TokenRestrictionTemplateSerializer.Serialize(tokenTemplate); policyRestrictions.Add(policyRestriction); } if (policyRestrictions.Count == 0) { ContentKeyAuthorizationPolicyRestriction policyRestriction = new ContentKeyAuthorizationPolicyRestriction(); policyRestriction.Name = string.Concat(policyName, Constants.Media.ContentProtection.AuthPolicyOpenRestrictionName); policyRestriction.SetKeyRestrictionTypeValue(ContentKeyRestrictionType.Open); policyRestrictions.Add(policyRestriction); } return(policyRestrictions); }
public static IContentKey AddAuthorizationPolicyToContentKey(CloudMediaContext objCloudMediaContext, IContentKey objIContentKey, string keyId) { // Create ContentKeyAuthorizationPolicy with restrictions and create authorization policy IContentKeyAuthorizationPolicy policy = objCloudMediaContext.ContentKeyAuthorizationPolicies.CreateAsync(keyId).Result; List <ContentKeyAuthorizationPolicyRestriction> restrictions = new List <ContentKeyAuthorizationPolicyRestriction>(); //ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction // { // Name = "Open Authorization Policy", // KeyRestrictionType = (int)ContentKeyRestrictionType.Open, // Requirements = null // no requirements // }; //ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction //{ // Name = "Authorization Policy with SWT Token Restriction", // KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted, // Requirements = ContentKeyAuthorizationHelper.CreateRestrictionRequirements() //}; ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction { Name = "JWTContentKeyAuthorizationPolicyRestriction", KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted, Requirements = ContentKeyAuthorizationHelper.CreateRestrictionRequirementsForJWT() }; restrictions.Add(restriction); IContentKeyAuthorizationPolicyOption policyOption = objCloudMediaContext.ContentKeyAuthorizationPolicyOptions.Create( keyId, ContentKeyDeliveryType.BaselineHttp, restrictions, ""); policy.Options.Add(policyOption); // Add ContentKeyAutorizationPolicy to ContentKey objIContentKey.AuthorizationPolicyId = policy.Id; IContentKey IContentKeyUpdated = objIContentKey.UpdateAsync().Result; return(IContentKeyUpdated); }
private static void CreatePolicyOption(string assetID, CloudMediaContext mediaContext, string claimType, string claim, IContentKeyAuthorizationPolicy policy) { IContentKeyAuthorizationPolicyOption policyOption; List <ContentKeyAuthorizationPolicyRestriction> restrictions = new List <ContentKeyAuthorizationPolicyRestriction>(); List <X509Certificate2> certs = GetX509Certificate2FromADMetadataEndpoint(); JwtSecurityToken token = GetJwtSecurityToken(); TokenRestrictionTemplate template = new TokenRestrictionTemplate(); template.TokenType = TokenType.JWT; template.PrimaryVerificationKey = new X509CertTokenVerificationKey(certs[0]); certs.GetRange(1, certs.Count - 1) .ForEach(c => template.AlternateVerificationKeys.Add(new X509CertTokenVerificationKey(c))); //Ignore Empty claims if (!String.IsNullOrEmpty(claimType) && !String.IsNullOrEmpty(claim)) { template.RequiredClaims.Add(new TokenClaim(claimType, claim)); } var audience = token.Audiences.First(); template.Audience = new Uri(audience); template.Issuer = new Uri(token.Issuer); string requirements = TokenRestrictionTemplateSerializer.Serialize(template); ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction { Name = "Authorization Policy with Token Restriction", KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted, Requirements = requirements }; restrictions.Add(restriction); policyOption = mediaContext.ContentKeyAuthorizationPolicyOptions.Create(assetID + "_group:" + claim, ContentKeyDeliveryType.BaselineHttp, restrictions, null); policy.Options.Add(policyOption); }
public static string AddTokenRestrictedAuthorizationPolicy(IContentKey contentKey) { string tokenTemplateString = GenerateTokenRequirements(); IContentKeyAuthorizationPolicy policy = _context. ContentKeyAuthorizationPolicies. CreateAsync("HLS token restricted authorization policy").Result; List <ContentKeyAuthorizationPolicyRestriction> restrictions = new List <ContentKeyAuthorizationPolicyRestriction>(); ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction { Name = "Token Authorization Policy", KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted, Requirements = tokenTemplateString }; restrictions.Add(restriction); //You could have multiple options IContentKeyAuthorizationPolicyOption policyOption = _context.ContentKeyAuthorizationPolicyOptions.Create( "Token option for HLS", ContentKeyDeliveryType.BaselineHttp, restrictions, null // no key delivery data is needed for HLS ); policy.Options.Add(policyOption); // Add ContentKeyAutorizationPolicy to ContentKey contentKey.AuthorizationPolicyId = policy.Id; IContentKey updatedKey = contentKey.UpdateAsync().Result; Console.WriteLine("Adding Key to Asset: Key ID is " + updatedKey.Id); return(tokenTemplateString); }
private static IContentKeyAuthorizationPolicyOption CreateFairPlayPolicyOption(byte[] iv) { var appCert = new X509Certificate2(pfxPath, pfxPassword, X509KeyStorageFlags.Exportable); var pfxPasswordId = Guid.NewGuid(); byte[] pfxPasswordBytes = System.Text.Encoding.UTF8.GetBytes(pfxPassword); IContentKey pfxPasswordKey = _mediaContext.ContentKeys.Create(pfxPasswordId, pfxPasswordBytes, "pfxPasswordKey", ContentKeyType.FairPlayPfxPassword); var askId = Guid.NewGuid(); IContentKey askKey = _mediaContext.ContentKeys.Create(askId, askBytes, "askKey", ContentKeyType.FairPlayASk); var restriction = new ContentKeyAuthorizationPolicyRestriction { Name = "Open", KeyRestrictionType = (int)ContentKeyRestrictionType.Open, Requirements = null }; var restrictions = new List <ContentKeyAuthorizationPolicyRestriction> { restriction }; string configuration = FairPlayConfiguration.CreateSerializedFairPlayOptionConfiguration( appCert, pfxPassword, pfxPasswordId, askId, iv); var policyOption = _mediaContext.ContentKeyAuthorizationPolicyOptions.Create( "fairPlayTest", ContentKeyDeliveryType.FairPlay, restrictions, configuration); return(policyOption); }
static public IContentKeyAuthorizationPolicy AddOpenAuthorizationPolicy(IContentKey contentKey, ContentKeyDeliveryType contentkeydeliverytype, string keydeliveryconfig, CloudMediaContext _context) { // Create ContentKeyAuthorizationPolicy with Open restrictions // and create authorization policy IContentKeyAuthorizationPolicy policy = _context. ContentKeyAuthorizationPolicies. CreateAsync("Open Authorization Policy").Result; List <ContentKeyAuthorizationPolicyRestriction> restrictions = new List <ContentKeyAuthorizationPolicyRestriction>(); ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction { Name = "Open Authorization Policy", KeyRestrictionType = (int)ContentKeyRestrictionType.Open, Requirements = null // no requirements needed }; restrictions.Add(restriction); IContentKeyAuthorizationPolicyOption policyOption = _context.ContentKeyAuthorizationPolicyOptions.Create( "policy", contentkeydeliverytype, restrictions, keydeliveryconfig); policy.Options.Add(policyOption); // Add ContentKeyAutorizationPolicy to ContentKey contentKey.AuthorizationPolicyId = policy.Id; IContentKey updatedKey = contentKey.UpdateAsync().Result; return(policy); }
public static ContentKeyRestrictionType GetKeyRestrictionTypeValue(ContentKeyAuthorizationPolicyRestriction restriction) { return (ContentKeyRestrictionType)restriction.KeyRestrictionType; }
public static ContentKeyRestrictionType GetKeyRestrictionTypeValue(ContentKeyAuthorizationPolicyRestriction restriction) { return((ContentKeyRestrictionType)restriction.KeyRestrictionType); }
static IAsset CreateAssetAndProtectedStreamingLocatorInV2(CloudMediaContext v2Client, ConfigWrapper config, string assetNameOrDescription) { // Create the input Asset IAsset originalAsset = v2Client.Assets.Create("input asset", AssetCreationOptions.None); string filename = Path.GetFileName(config.FilePathToUpload); IAssetFile assetFile = originalAsset.AssetFiles.Create(filename); assetFile.Upload(config.FilePathToUpload); // Submit a job to encode the single input file into an adaptive streaming set IJob job = v2Client.Jobs.Create("Media Encoder Standard Job"); IMediaProcessor processor = GetMediaEncoderStandardProcessor(v2Client); ITask task = job.Tasks.AddNew("Adaptive Streaming encode", processor, "Adaptive Streaming", TaskOptions.None); task.InputAssets.Add(originalAsset); task.OutputAssets.AddNew(assetNameOrDescription, AssetCreationOptions.None); job.Submit(); job.GetExecutionProgressTask(CancellationToken.None).Wait(); // Get the output asset to publish job.Refresh(); IAsset assetToPublish = v2Client.Assets.Where(a => a.Id == job.Tasks[0].OutputAssets[0].Id).First(); // Create the content key Guid keyId = Guid.NewGuid(); byte[] contentKey = GetRandomBuffer(16); IContentKey key = v2Client.ContentKeys.Create(keyId, contentKey, "ContentKey", ContentKeyType.EnvelopeEncryption); // Create ContentKeyAuthorizationPolicy with Open restriction and create authorization policy IContentKeyAuthorizationPolicy policy = v2Client.ContentKeyAuthorizationPolicies.CreateAsync("Open Authorization Policy").Result; ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction { Name = "Open Authorization Policy", KeyRestrictionType = (int)ContentKeyRestrictionType.Open, Requirements = null }; List <ContentKeyAuthorizationPolicyRestriction> restrictions = new List <ContentKeyAuthorizationPolicyRestriction>(); restrictions.Add(restriction); var policyOption = v2Client.ContentKeyAuthorizationPolicyOptions.Create("policy", ContentKeyDeliveryType.BaselineHttp, restrictions, ""); policy.Options.Add(policyOption); // Add ContentKeyAuthorizationPolicy to ContentKey key.AuthorizationPolicyId = policy.Id; key.Update(); assetToPublish.ContentKeys.Add(key); Uri keyAcquisitionUri = key.GetKeyDeliveryUrl(ContentKeyDeliveryType.BaselineHttp); UriBuilder uriBuilder = new UriBuilder(keyAcquisitionUri); uriBuilder.Query = String.Empty; keyAcquisitionUri = uriBuilder.Uri; // The following policy configuration specifies: // key url that will have KID=<Guid> appended to the envelope and // the Initialization Vector (IV) to use for the envelope encryption. var assetDeliveryPolicyConfiguration = new Dictionary <AssetDeliveryPolicyConfigurationKey, string> { { AssetDeliveryPolicyConfigurationKey.EnvelopeBaseKeyAcquisitionUrl, keyAcquisitionUri.ToString() }, }; var assetDeliveryPolicy = v2Client.AssetDeliveryPolicies.Create("AssetDeliveryPolicy", AssetDeliveryPolicyType.DynamicEnvelopeEncryption, AssetDeliveryProtocol.SmoothStreaming | AssetDeliveryProtocol.HLS | AssetDeliveryProtocol.Dash, assetDeliveryPolicyConfiguration); // Add AssetDelivery Policy to the asset assetToPublish.DeliveryPolicies.Add(assetDeliveryPolicy); // Create a 30-day readonly access policy. // You cannot create a streaming locator using an AccessPolicy that includes write or delete permissions. IAccessPolicy accessPolicy = v2Client.AccessPolicies.Create("Streaming Access Policy", TimeSpan.FromDays(365 * 100), AccessPermissions.Read); // Create a locator to the streaming content on an origin. ILocator originLocator = v2Client.Locators.CreateLocator(LocatorType.OnDemandOrigin, assetToPublish, accessPolicy, DateTime.UtcNow.AddMinutes(-5)); // remove the original input asset as we don't need it for demonstration purposes originalAsset.Delete(); return(assetToPublish); }