// </CreateMediaServicesClient> /// <summary> /// Create the content key policy that configures how the content key is delivered to end clients /// via the Key Delivery component of Azure Media Services. /// </summary> /// <param name="client">The Media Services client.</param> /// <param name="resourceGroupName">The name of the resource group within the Azure subscription.</param> /// <param name="accountName"> The Media Services account name.</param> /// <param name="contentKeyPolicyName">The name of the content key policy resource.</param> /// <returns></returns> // <GetOrCreateContentKeyPolicy> private static async Task <ContentKeyPolicy> GetOrCreateContentKeyPolicyAsync( IAzureMediaServicesClient client, string resourceGroupName, string accountName, string contentKeyPolicyName, byte[] tokenSigningKey) { ContentKeyPolicy policy = await client.ContentKeyPolicies.GetAsync(resourceGroupName, accountName, contentKeyPolicyName); if (policy == null) { ContentKeyPolicySymmetricTokenKey primaryKey = new ContentKeyPolicySymmetricTokenKey(tokenSigningKey); List <ContentKeyPolicyTokenClaim> requiredClaims = new List <ContentKeyPolicyTokenClaim>() { ContentKeyPolicyTokenClaim.ContentKeyIdentifierClaim }; List <ContentKeyPolicyRestrictionTokenKey> alternateKeys = null; ContentKeyPolicyTokenRestriction restriction = new ContentKeyPolicyTokenRestriction(Issuer, Audience, primaryKey, ContentKeyPolicyRestrictionTokenType.Jwt, alternateKeys, requiredClaims); ContentKeyPolicyPlayReadyConfiguration playReadyConfig = ConfigurePlayReadyLicenseTemplate(); ContentKeyPolicyWidevineConfiguration widevineConfig = ConfigureWidevineLicenseTempate(); List <ContentKeyPolicyOption> options = new List <ContentKeyPolicyOption>(); options.Add( new ContentKeyPolicyOption() { Configuration = playReadyConfig, // If you want to set an open restriction, use // Restriction = new ContentKeyPolicyOpenRestriction() Restriction = restriction }); options.Add( new ContentKeyPolicyOption() { Configuration = widevineConfig, Restriction = restriction }); policy = await client.ContentKeyPolicies.CreateOrUpdateAsync(resourceGroupName, accountName, contentKeyPolicyName, options); } else { // Get the signing key from the existing policy. var policyProperties = await client.ContentKeyPolicies.GetPolicyPropertiesWithSecretsAsync(resourceGroupName, accountName, contentKeyPolicyName); var restriction = policyProperties.Options[0].Restriction as ContentKeyPolicyTokenRestriction; if (restriction != null) { var signingKey = restriction.PrimaryVerificationKey as ContentKeyPolicySymmetricTokenKey; if (signingKey != null) { TokenSigningKey = signingKey.KeyValue; } } } return(policy); }
// </WaitForJobToFinish> /// <summary> /// Configures PlayReady license template. /// </summary> /// <returns></returns> //<ConfigurePlayReadyLicenseTemplate> private static ContentKeyPolicyPlayReadyConfiguration ConfigurePlayReadyLicenseTemplate() { ContentKeyPolicyPlayReadyLicense objContentKeyPolicyPlayReadyLicense; objContentKeyPolicyPlayReadyLicense = new ContentKeyPolicyPlayReadyLicense { AllowTestDevices = true, BeginDate = new DateTime(2016, 1, 1), ContentKeyLocation = new ContentKeyPolicyPlayReadyContentEncryptionKeyFromHeader(), ContentType = ContentKeyPolicyPlayReadyContentType.UltraVioletStreaming, LicenseType = ContentKeyPolicyPlayReadyLicenseType.Persistent, PlayRight = new ContentKeyPolicyPlayReadyPlayRight { ImageConstraintForAnalogComponentVideoRestriction = true, ExplicitAnalogTelevisionOutputRestriction = new ContentKeyPolicyPlayReadyExplicitAnalogTelevisionRestriction(true, 2), AllowPassingVideoContentToUnknownOutput = ContentKeyPolicyPlayReadyUnknownOutputPassingOption.Allowed } }; ContentKeyPolicyPlayReadyConfiguration objContentKeyPolicyPlayReadyConfiguration = new ContentKeyPolicyPlayReadyConfiguration { Licenses = new List <ContentKeyPolicyPlayReadyLicense> { objContentKeyPolicyPlayReadyLicense } }; return(objContentKeyPolicyPlayReadyConfiguration); }
/// <summary> /// Create the content key policy that configures how the content key is delivered to end clients /// via the Key Delivery component of Azure Media Services. /// </summary> /// <param name="client">The Media Services client.</param> /// <param name="resourceGroupName">The name of the resource group within the Azure subscription.</param> /// <param name="accountName"> The Media Services account name.</param> /// <param name="contentKeyPolicyName">The name of the content key policy resource.</param> /// <returns></returns> private static async Task <ContentKeyPolicy> GetOrCreateContentKeyPolicyAsync( IAzureMediaServicesClient client, string resourceGroupName, string accountName, string contentKeyPolicyName) { ContentKeyPolicy policy = await client.ContentKeyPolicies.GetAsync(resourceGroupName, accountName, contentKeyPolicyName); if (policy == null) { ContentKeyPolicyOpenRestriction restriction = new ContentKeyPolicyOpenRestriction(); ContentKeyPolicyPlayReadyConfiguration playReadyConfig = ConfigurePlayReadyLicenseTemplate(); ContentKeyPolicyWidevineConfiguration widevineConfig = ConfigureWidevineLicenseTempate(); List <ContentKeyPolicyOption> options = new List <ContentKeyPolicyOption> { new ContentKeyPolicyOption() { Configuration = playReadyConfig, Restriction = restriction }, new ContentKeyPolicyOption() { Configuration = widevineConfig, Restriction = restriction } }; Console.WriteLine("Creating a content key policy..."); policy = await client.ContentKeyPolicies.CreateOrUpdateAsync(resourceGroupName, accountName, contentKeyPolicyName, options); } return(policy); }
/// <summary> /// Create the content key policy that configures how the content key is delivered to end clients /// via the Key Delivery component of Azure Media Services. /// </summary> /// <param name="client">The Media Services client.</param> /// <param name="resourceGroupName">The name of the resource group within the Azure subscription.</param> /// <param name="accountName"> The Media Services account name.</param> /// <param name="contentKeyPolicyName">The name of the content key policy resource.</param> /// <returns></returns> private static async Task <ContentKeyPolicy> GetOrCreateContentKeyPolicyAsync( IAzureMediaServicesClient client, string resourceGroupName, string accountName, string contentKeyPolicyName) { bool createPolicy = false; ContentKeyPolicy policy = null; try { policy = await client.ContentKeyPolicies.GetAsync(resourceGroupName, accountName, contentKeyPolicyName); } catch (ErrorResponseException ex) when(ex.Response.StatusCode == System.Net.HttpStatusCode.NotFound) { // Content key policy does not exist createPolicy = true; } if (createPolicy) { ContentKeyPolicyOpenRestriction restriction = new(); ContentKeyPolicyPlayReadyConfiguration playReadyConfig = ConfigurePlayReadyLicenseTemplate(); ContentKeyPolicyWidevineConfiguration widevineConfig = ConfigureWidevineLicenseTempate(); List <ContentKeyPolicyOption> options = new() { new ContentKeyPolicyOption() { Configuration = playReadyConfig, Restriction = restriction }, new ContentKeyPolicyOption() { Configuration = widevineConfig, Restriction = restriction } }; Console.WriteLine("Creating a content key policy..."); policy = await client.ContentKeyPolicies.CreateOrUpdateAsync(resourceGroupName, accountName, contentKeyPolicyName, options); } return(policy); }
public void CreateContentKeyPolicyDRM(ContentProtection contentProtection) { ContentKeyPolicyPlayReadyLicenseType licenseType = ContentKeyPolicyPlayReadyLicenseType.NonPersistent; if (contentProtection != null && contentProtection.PersistentLicense) { licenseType = ContentKeyPolicyPlayReadyLicenseType.Persistent; } ContentKeyPolicyPlayReadyLicense playReadyLicense = new ContentKeyPolicyPlayReadyLicense() { LicenseType = licenseType, ContentType = ContentKeyPolicyPlayReadyContentType.Unspecified, ContentKeyLocation = new ContentKeyPolicyPlayReadyContentEncryptionKeyFromHeader() }; ContentKeyPolicyPlayReadyConfiguration playReadyConfiguration = new ContentKeyPolicyPlayReadyConfiguration() { Licenses = new ContentKeyPolicyPlayReadyLicense[] { playReadyLicense } }; WidevineTemplate widevineTemplate = new WidevineTemplate(); if (contentProtection != null && contentProtection.PersistentLicense) { widevineTemplate.PolicyOverrides = new PolicyOverrides() { CanPersist = true }; } ContentKeyPolicyWidevineConfiguration widevineConfiguration = new ContentKeyPolicyWidevineConfiguration() { WidevineTemplate = JsonConvert.SerializeObject(widevineTemplate) }; string policyName = Constant.Media.ContentKey.PolicyDRM; ContentKeyPolicyConfiguration[] policyConfigurations = new ContentKeyPolicyConfiguration[] { playReadyConfiguration, widevineConfiguration }; CreateContentKeyPolicy(policyName, policyConfigurations); }
public static async Task <IActionResult> Run( [HttpTrigger(AuthorizationLevel.Function, "post", Route = null)] HttpRequest req, ILogger log) { log.LogInformation($"AMS v3 Function - CreateContentKeyPolicy was triggered!"); string requestBody = new StreamReader(req.Body).ReadToEnd(); dynamic data = JsonConvert.DeserializeObject(requestBody); if (data.contentKeyPolicyName == null) { return(new BadRequestObjectResult("Please pass contentKeyPolicyName in the input object")); } string contentKeyPolicyName = data.contentKeyPolicyName; string contentKeyPolicyDescription = null; if (data.contentKeyPolicyDescription == null) { contentKeyPolicyDescription = data.contentKeyPolicyDescription; } string mode = data.mode; if (mode != "simple" && mode != "advanced") { return(new BadRequestObjectResult("Please pass valid mode in the input object")); } // // Simple Mode // if (mode == "simple") { if (data.policyOptionName == null) { return(new BadRequestObjectResult("Please pass policyOptionName in the input object")); } if (data.openRestriction == null) { return(new BadRequestObjectResult("Please pass openRestriction in the input object")); } if (data.openRestriction == false) { if (data.audience == null && data.issuer == null && data.tokenType == null && data.tokenKeyType == null && data.tokenKey == null) { return(new BadRequestObjectResult("Please pass required parameters for Token Restriction in the input object")); } } } // // Advanced Mode // if (mode == "advanced") { if (data.contentKeyPolicyOptions == null) { return(new BadRequestObjectResult("Please pass contentKeyPolicyOptions in the input object")); } } MediaServicesConfigWrapper amsconfig = new MediaServicesConfigWrapper(); ContentKeyPolicy policy = null; JsonConverter[] jsonReaders = { new MediaServicesHelperJsonReader(), new MediaServicesHelperTimeSpanJsonConverter() }; try { IAzureMediaServicesClient client = MediaServicesHelper.CreateMediaServicesClientAsync(amsconfig); policy = client.ContentKeyPolicies.Get(amsconfig.ResourceGroup, amsconfig.AccountName, contentKeyPolicyName); if (policy == null) { List <ContentKeyPolicyOption> options = new List <ContentKeyPolicyOption>(); if (mode == "simple") { ContentKeyPolicyOption option = new ContentKeyPolicyOption(); option.Name = data.policyOptionName; // Restrictions if ((bool)data.openRestriction) { option.Restriction = new ContentKeyPolicyOpenRestriction(); } else { ContentKeyPolicyTokenRestriction restriction = new ContentKeyPolicyTokenRestriction(); restriction.Audience = data.audience; restriction.Issuer = data.issuer; string tokenType = data.tokenType; switch (tokenType) { case "Jwt": restriction.RestrictionTokenType = ContentKeyPolicyRestrictionTokenType.Jwt; break; case "Swt": restriction.RestrictionTokenType = ContentKeyPolicyRestrictionTokenType.Swt; break; default: return(new BadRequestObjectResult("Please pass valid tokenType in the input object")); } string tokenKeyType = data.tokenKeyType; switch (tokenKeyType) { case "Symmetric": restriction.PrimaryVerificationKey = new ContentKeyPolicySymmetricTokenKey(Convert.FromBase64String(data.tokenKey.ToString())); break; case "X509": restriction.PrimaryVerificationKey = new ContentKeyPolicyX509CertificateTokenKey(Convert.FromBase64String(data.tokenKey.ToString())); break; case "RSA": restriction.PrimaryVerificationKey = new ContentKeyPolicyRsaTokenKey(); break; default: return(new BadRequestObjectResult("Please pass valid tokenKeyType in the input object")); } if (data.tokenClaims != null) { restriction.RequiredClaims = new List <ContentKeyPolicyTokenClaim>(); String[] tokenClaims = data.tokenClaims.ToString().Split(';'); foreach (string tokenClaim in tokenClaims) { String[] tokenClaimKVP = tokenClaim.Split('='); if (tokenClaimKVP.Length == 2) { restriction.RequiredClaims.Add(new ContentKeyPolicyTokenClaim(tokenClaimKVP[0], tokenClaimKVP[1] == "null" ? null : tokenClaimKVP[1])); } else if (tokenClaimKVP.Length == 1) { restriction.RequiredClaims.Add(new ContentKeyPolicyTokenClaim(tokenClaimKVP[0])); } else { return(new BadRequestObjectResult("Please pass valid tokenClaims in the input object")); } } } if (data.openIdConnectDiscoveryDocument != null) { restriction.OpenIdConnectDiscoveryDocument = data.openIdConnectDiscoveryDocument; } option.Restriction = restriction; } // Configuration string configurationType = data.configurationType; switch (configurationType) { case "ClearKey": option.Configuration = new ContentKeyPolicyClearKeyConfiguration(); break; case "FairPlay": ContentKeyPolicyFairPlayConfiguration configFairPlay = new ContentKeyPolicyFairPlayConfiguration(); configFairPlay.Ask = Convert.FromBase64String(data.fairPlayAsk); configFairPlay.FairPlayPfx = data.fairPlayPfx; configFairPlay.FairPlayPfxPassword = data.fairPlayPfxPassword; switch (data.faiPlayRentalAndLeaseKeyType) { case "Undefined": configFairPlay.RentalAndLeaseKeyType = ContentKeyPolicyFairPlayRentalAndLeaseKeyType.Undefined; break; case "PersistentLimited": configFairPlay.RentalAndLeaseKeyType = ContentKeyPolicyFairPlayRentalAndLeaseKeyType.PersistentLimited; break; case "PersistentUnlimited": configFairPlay.RentalAndLeaseKeyType = ContentKeyPolicyFairPlayRentalAndLeaseKeyType.PersistentUnlimited; break; default: return(new BadRequestObjectResult("Please pass valid faiPlayRentalAndLeaseKeyType in the input object")); } configFairPlay.RentalDuration = data.faiPlayRentalDuration; break; case "PlayReady": ContentKeyPolicyPlayReadyConfiguration configPlayReady = new ContentKeyPolicyPlayReadyConfiguration(); configPlayReady.Licenses = JsonConvert.DeserializeObject <List <ContentKeyPolicyPlayReadyLicense> >(data.playReadyTemplates.ToString(), jsonReaders); if (data.playReadyResponseCustomData != null) { configPlayReady.ResponseCustomData = data.playReadyResponseCustomData; } option.Configuration = configPlayReady; break; case "Widevine": ContentKeyPolicyWidevineConfiguration configWideVine = JsonConvert.DeserializeObject <ContentKeyPolicyWidevineConfiguration>(data.widevineTemplate.ToString(), jsonReaders); option.Configuration = configWideVine; break; default: return(new BadRequestObjectResult("Please pass valid configurationType in the input object")); } options.Add(option); } else if (mode == "advanced") { options = JsonConvert.DeserializeObject <List <ContentKeyPolicyOption> >(data.contentKeyPolicyOptions.ToString(), jsonReaders); } foreach (ContentKeyPolicyOption o in options) { o.Validate(); } policy = client.ContentKeyPolicies.CreateOrUpdate(amsconfig.ResourceGroup, amsconfig.AccountName, contentKeyPolicyName, options, contentKeyPolicyDescription); } } catch (ApiErrorException e) { log.LogError($"ERROR: AMS API call failed with error code: {e.Body.Error.Code} and message: {e.Body.Error.Message}"); return(new BadRequestObjectResult("AMS API call error: " + e.Message + "\nError Code: " + e.Body.Error.Code + "\nMessage: " + e.Body.Error.Message)); } catch (Exception e) { log.LogError($"ERROR: Exception with message: {e.Message}"); return(new BadRequestObjectResult("Error: " + e.Message)); } return((ActionResult) new OkObjectResult(new { policyId = policy.PolicyId })); }
// </RunAsync> /// <summary> /// Create the content key policy that configures how the content key is delivered to end clients /// via the Key Delivery component of Azure Media Services. /// </summary> /// <param name="client">The Media Services client.</param> /// <param name="resourceGroupName">The name of the resource group within the Azure subscription.</param> /// <param name="accountName"> The Media Services account name.</param> /// <param name="contentKeyPolicyName">The name of the content key policy resource.</param> /// <returns></returns> // <GetOrCreateContentKeyPolicy> private static async Task <ContentKeyPolicy> GetOrCreateContentKeyPolicyAsync( IAzureMediaServicesClient client, string resourceGroupName, string accountName, string contentKeyPolicyName, byte[] tokenSigningKey) { bool createPolicy = false; ContentKeyPolicy policy = null; try { policy = await client.ContentKeyPolicies.GetAsync(resourceGroupName, accountName, contentKeyPolicyName); } catch (ErrorResponseException ex) when(ex.Response.StatusCode == System.Net.HttpStatusCode.NotFound) { createPolicy = true; } if (createPolicy) { ContentKeyPolicySymmetricTokenKey primaryKey = new ContentKeyPolicySymmetricTokenKey(tokenSigningKey); List <ContentKeyPolicyTokenClaim> requiredClaims = new List <ContentKeyPolicyTokenClaim>() { ContentKeyPolicyTokenClaim.ContentKeyIdentifierClaim }; List <ContentKeyPolicyRestrictionTokenKey> alternateKeys = null; ContentKeyPolicyTokenRestriction restriction = new ContentKeyPolicyTokenRestriction(Issuer, Audience, primaryKey, ContentKeyPolicyRestrictionTokenType.Jwt, alternateKeys, requiredClaims); ContentKeyPolicyPlayReadyConfiguration playReadyConfig = ConfigurePlayReadyLicenseTemplate(); ContentKeyPolicyWidevineConfiguration widevineConfig = ConfigureWidevineLicenseTemplate(); // ContentKeyPolicyFairPlayConfiguration fairplayConfig = ConfigureFairPlayPolicyOptions(); List <ContentKeyPolicyOption> options = new List <ContentKeyPolicyOption>(); options.Add( new ContentKeyPolicyOption() { Configuration = playReadyConfig, // If you want to set an open restriction, use // Restriction = new ContentKeyPolicyOpenRestriction() Restriction = restriction }); options.Add( new ContentKeyPolicyOption() { Configuration = widevineConfig, Restriction = restriction }); // add CBCS ContentKeyPolicyOption into the list // options.Add( // new ContentKeyPolicyOption() // { // Configuration = fairplayConfig, // Restriction = restriction, // Name = "ContentKeyPolicyOption_CBCS" // }); policy = await client.ContentKeyPolicies.CreateOrUpdateAsync(resourceGroupName, accountName, contentKeyPolicyName, options); } else { // Get the signing key from the existing policy. var policyProperties = await client.ContentKeyPolicies.GetPolicyPropertiesWithSecretsAsync(resourceGroupName, accountName, contentKeyPolicyName); if (policyProperties.Options[0].Restriction is ContentKeyPolicyTokenRestriction restriction) { if (restriction.PrimaryVerificationKey is ContentKeyPolicySymmetricTokenKey signingKey) { TokenSigningKey = signingKey.KeyValue; } } } return(policy); }