public static void ClassInit(TestContext context)
{
//CreateCounters();
_mediaContext = WindowsAzureMediaServicesTestConfiguration.CreateCloudMediaContext();
IContentKeyAuthorizationPolicyOption policyOption = null;
for (int i = 0; i < 10; i++)
{
byte[] expectedKey = null;
IContentKey contentKey = GetKeyDeliveryUrlTests.CreateTestKey(_mediaContext, ContentKeyType.EnvelopeEncryption, out expectedKey);
policyOption = ContentKeyAuthorizationPolicyOptionTests.CreateOption(_mediaContext, String.Empty, ContentKeyDeliveryType.BaselineHttp, null, null, ContentKeyRestrictionType.Open);
List <IContentKeyAuthorizationPolicyOption> options = new List <IContentKeyAuthorizationPolicyOption>
{
policyOption
};
GetKeyDeliveryUrlTests.CreateTestPolicy(_mediaContext, String.Empty, options, ref contentKey);
Uri keyDeliveryServiceUri = contentKey.GetKeyDeliveryUrl(ContentKeyDeliveryType.BaselineHttp);
Assert.IsNotNull(keyDeliveryServiceUri);
string rawkey = EncryptionUtils.GetKeyIdAsGuid(contentKey.Id).ToString();
_testData.Add(new Tuple <Uri, string, string>(keyDeliveryServiceUri, TokenServiceClient.GetAuthTokenForKey(rawkey), GetKeyDeliveryUrlTests.GetString(expectedKey)));
}
}
public void GetPlayReadyLicenseDeliveryUrl()
{
IContentKey contentKey = null;
IContentKeyAuthorizationPolicy contentKeyAuthorizationPolicy = null;
IContentKeyAuthorizationPolicyOption policyOption = null;
try
{
contentKey = CreateTestKey(_mediaContext, ContentKeyType.CommonEncryption);
PlayReadyLicenseResponseTemplate responseTemplate = new PlayReadyLicenseResponseTemplate();
responseTemplate.LicenseTemplates.Add(new PlayReadyLicenseTemplate());
string licenseTemplate = MediaServicesLicenseTemplateSerializer.Serialize(responseTemplate);
policyOption = ContentKeyAuthorizationPolicyOptionTests.CreateOption(_mediaContext, String.Empty, ContentKeyDeliveryType.PlayReadyLicense, null, licenseTemplate, ContentKeyRestrictionType.Open);
List <IContentKeyAuthorizationPolicyOption> options = new List <IContentKeyAuthorizationPolicyOption>
{
policyOption
};
contentKeyAuthorizationPolicy = CreateTestPolicy(_mediaContext, String.Empty, options, ref contentKey);
Uri keyDeliveryServiceUri = contentKey.GetKeyDeliveryUrl(ContentKeyDeliveryType.PlayReadyLicense);
Assert.IsNotNull(keyDeliveryServiceUri);
Assert.IsTrue(0 == String.Compare(keyDeliveryServiceUri.AbsolutePath, "/PlayReady/", StringComparison.OrdinalIgnoreCase));
}
finally
{
CleanupKeyAndPolicy(contentKey, contentKeyAuthorizationPolicy, policyOption);
}
}
//given an unprotected IAsset, set up dynamic PR protection
//you have to publish AFTER this setup
public static void SetupDynamicPlayReadyProtection(CloudMediaContext objCloudMediaContext, IAsset objIAsset)
{
string keySeedB64, contentKeyB64;
Guid keyId = Guid.NewGuid();
//Different ways to create content key:
//Method 1: Without using key seed, generete content key directly
//contentKeyB64 = GeneratePlayReadyContentKey();
//Method 2: With a given key seed and generated key ID (Key Identifiers are unique in the system and there can only be one key with a given Guid within a cluster (even across accounts for now although that may change to be account scoped in the future). If you try to submit a protection job with a keyId that already exists but a different key value that will cause the PlayReady protection job to fail (the same keyId and keyValue is okay).
keySeedB64 = "XVBovsmzhP9gRIZxWfFta3VVRPzVEWmJsazEJ46I";
contentKeyB64 = GetPlayReadyContentKeyFromKeyIdKeySeed(keyId.ToString(), keySeedB64);
//Method 3: With a randomly generated key seed, create content key from the key ID and key seed
//keySeedB64 = GeneratePlayReadyKeySeed();
//contentKeyB64 = GetPlayReadyContentKeyFromKeyIdKeySeed(keyId.ToString(), keySeedB64);
//Method 4: Reuse an existing key ID
//keyId = new Guid("a7586184-40ff-4047-9edd-6a8273ac50fc");
//keySeedB64 = "XVBovsmzhP9gRIZxWfFta3VVRPzVEWmJsazEJ46I";
//contentKeyB64 = GetPlayReadyContentKeyFromKeyIdKeySeed(keyId.ToString(), keySeedB64);
Console.WriteLine(string.Format("STEP 1: Key ID = {0}, Content Key = {1}, Key Seed = {2}", contentKeyB64, keyId.ToString(), keySeedB64));
IContentKey objIContentKey = ConfigureKeyDeliveryService(objCloudMediaContext, keyId, contentKeyB64, objIAsset.Id);
//associate IAsset with the IContentkey
objIAsset.ContentKeys.Add(objIContentKey);
CreateAssetDeliveryPolicy(objCloudMediaContext, objIAsset, objIContentKey);
}
public void EnsureNoneKeyDeliveryUrlFails()
{
IContentKey contentKey = null;
IContentKeyAuthorizationPolicy contentKeyAuthorizationPolicy = null;
IContentKeyAuthorizationPolicyOption policyOption = null;
try
{
contentKey = CreateTestKey(_mediaContext, ContentKeyType.EnvelopeEncryption);
policyOption = ContentKeyAuthorizationPolicyOptionTests.CreateOption(_mediaContext, String.Empty, ContentKeyDeliveryType.BaselineHttp, null, null, ContentKeyRestrictionType.Open);
List <IContentKeyAuthorizationPolicyOption> options = new List <IContentKeyAuthorizationPolicyOption>
{
policyOption
};
contentKeyAuthorizationPolicy = CreateTestPolicy(_mediaContext, String.Empty, options, ref contentKey);
Uri keyDeliveryServiceUri = contentKey.GetKeyDeliveryUrl(ContentKeyDeliveryType.None);
}
finally
{
CleanupKeyAndPolicy(contentKey, contentKeyAuthorizationPolicy, policyOption);
}
}
public static IContentKey CreateTestKey(CloudMediaContext mediaContext, ContentKeyType contentKeyType, out byte[] key, string name = "")
{
key = ContentKeyTests.GetRandomBuffer(16);
IContentKey contentKey = mediaContext.ContentKeys.Create(Guid.NewGuid(), key, name, contentKeyType);
return(contentKey);
}
public static IContentKey AddAuthorizationPolicyToContentKey(string assetID, CloudMediaContext mediaContext, IContentKey objIContentKey, string claimType, string[] claimValue)
{
//we name auth policy same as asset
var policy = mediaContext.ContentKeyAuthorizationPolicies.Where(c => c.Name == assetID).FirstOrDefault();
// Create ContentKeyAuthorizationPolicy with restrictions and create authorization policy
if (policy == null)
{
policy = mediaContext.ContentKeyAuthorizationPolicies.CreateAsync(assetID).Result;
}
// Add each claim (group) as a Policy Option
foreach (var claim in claimValue)
{
CreatePolicyOption(assetID, mediaContext, claimType, claim, policy);
}
// After adding Policy Options to the Policy, update it
policy.UpdateAsync();
// Add ContentKeyAutorizationPolicy to ContentKey
objIContentKey.AuthorizationPolicyId = policy.Id;
IContentKey IContentKeyUpdated = objIContentKey.UpdateAsync().Result;
return(IContentKeyUpdated);
}
private static string DecryptedFile(IIngestManifestFile ingestManifestFile, string encryptedPath, CloudMediaContext context)
{
IIngestManifestAsset ingestManifestAsset = context.IngestManifestAssets.Where(a => a.Id == ingestManifestFile.ParentIngestManifestAssetId).FirstOrDefault();
Assert.IsNotNull(ingestManifestAsset);
IList <IContentKey> keys = ingestManifestAsset.Asset.ContentKeys.Where(c => c.ContentKeyType == ContentKeyType.StorageEncryption).ToList();
Assert.AreEqual(1, keys.Count, "Expecting only one storage key per asset");
IContentKey key = keys.FirstOrDefault();
Assert.IsNotNull(ingestManifestAsset);
Guid keyId = EncryptionUtils.GetKeyIdAsGuid(key.Id);
FileEncryption fileEncryption = new FileEncryption(key.GetClearKeyValue(), keyId);
ulong iv = Convert.ToUInt64(ingestManifestFile.InitializationVector, CultureInfo.InvariantCulture);
var decryptedPath = @".\Resources\TestFiles\Decrypted" + Guid.NewGuid();
if (!Directory.Exists(decryptedPath))
{
Directory.CreateDirectory(decryptedPath);
}
decryptedPath = Path.Combine(decryptedPath, ingestManifestFile.Name);
FileInfo fileInfo = new FileInfo(encryptedPath);
var maxblocksize = GetBlockSize(fileInfo.Length);
List <string> blockList = new List <string>();
int numberOfthreads = 1;
var queue = PreapreDownloadQueue(maxblocksize, fileInfo.Length, ref numberOfthreads, out blockList);
using (var fs = new FileStream(decryptedPath, FileMode.OpenOrCreate, FileAccess.Write, FileShare.Read))
{
KeyValuePair <int, int> block;
while (queue.TryDequeue(out block))
{
fs.Seek(block.Key * maxblocksize, SeekOrigin.Begin);
using (FileStream stream = File.OpenRead(encryptedPath))
{
byte[] buffer = new byte[block.Value];
stream.Seek(block.Key * maxblocksize, SeekOrigin.Begin);
int read = stream.Read(buffer, 0, (int)block.Value);
if (fileEncryption != null)
{
lock (fileEncryption)
{
using (FileEncryptionTransform encryptor = fileEncryption.GetTransform(iv, block.Key * maxblocksize))
{
encryptor.TransformBlock(inputBuffer: buffer, inputOffset: 0, inputCount: buffer.Length, outputBuffer: buffer, outputOffset: 0);
}
}
}
fs.Write(buffer, 0, buffer.Length);
}
}
}
return(decryptedPath);
}
public void EnsureEnvelopeKeyDeliveryUrlForCommonKeyFails()
{
IContentKey contentKey = null;
IContentKeyAuthorizationPolicy contentKeyAuthorizationPolicy = null;
IContentKeyAuthorizationPolicyOption policyOption = null;
PlayReadyLicenseResponseTemplate responseTemplate = new PlayReadyLicenseResponseTemplate();
responseTemplate.LicenseTemplates.Add(new PlayReadyLicenseTemplate());
string licenseTemplate = MediaServicesLicenseTemplateSerializer.Serialize(responseTemplate);
try
{
contentKey = CreateTestKey(_mediaContext, ContentKeyType.CommonEncryption);
policyOption = ContentKeyAuthorizationPolicyOptionTests.CreateOption(_mediaContext, String.Empty, ContentKeyDeliveryType.PlayReadyLicense, null, licenseTemplate, ContentKeyRestrictionType.Open);
List <IContentKeyAuthorizationPolicyOption> options = new List <IContentKeyAuthorizationPolicyOption>
{
policyOption
};
contentKeyAuthorizationPolicy = CreateTestPolicy(_mediaContext, String.Empty, options, ref contentKey);
Uri keyDeliveryServiceUri = contentKey.GetKeyDeliveryUrl(ContentKeyDeliveryType.BaselineHttp);
}
finally
{
CleanupKeyAndPolicy(contentKey, contentKeyAuthorizationPolicy, policyOption);
}
}
private static string AddFairPlayTokenRestrictedAuthorizationPolicyFairPlay(IContentKey contentKey)
{
string tokenTemplateString = DRMHelper.GenerateTokenRequirementsString(_tokenPrimaryVerificationKey, _tokenAlternativeVerificationKey, _tokenScope, _tokenIssuer, true);
List <ContentKeyAuthorizationPolicyRestriction> restrictions = new List <ContentKeyAuthorizationPolicyRestriction>
{
new ContentKeyAuthorizationPolicyRestriction
{
Name = "FairPlay Token Authorization Policy",
KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted,
Requirements = tokenTemplateString,
}
};
// Configure FairPlay policy option.
string FairPlayConfiguration = ConfigureFairPlayPolicyOptions();
IContentKeyAuthorizationPolicyOption FairPlayPolicy = _context.ContentKeyAuthorizationPolicyOptions.Create("FairPlay token option", ContentKeyDeliveryType.FairPlay, restrictions, FairPlayConfiguration);
IContentKeyAuthorizationPolicy contentKeyAuthorizationPolicy = _context.ContentKeyAuthorizationPolicies.CreateAsync("Deliver CBC Content Key with token restrictions").Result;
contentKeyAuthorizationPolicy.Options.Add(FairPlayPolicy);
// Associate the content key authorization policy with the content key
contentKey.AuthorizationPolicyId = contentKeyAuthorizationPolicy.Id;
contentKey = contentKey.UpdateAsync().Result;
return(tokenTemplateString);
}
public void ShouldCreateAssetFileArrayWithPlayReadyEncryption()
{
// Note that these files are not really PlayReady encrypted. For the purposes of this test that is okay.
IAsset asset = _mediaContext.Assets.Create(Guid.NewGuid().ToString(), AssetCreationOptions.CommonEncryptionProtected);
IAccessPolicy policy = _mediaContext.AccessPolicies.Create("Write", TimeSpan.FromMinutes(5), AccessPermissions.Write);
ILocator locator = _mediaContext.Locators.CreateSasLocator(asset, policy);
var blobclient = new BlobTransferClient
{
NumberOfConcurrentTransfers = 5,
ParallelTransferThreadCount = 5
};
foreach (string filePath in new[] { WindowsAzureMediaServicesTestConfiguration.SmallWmv, WindowsAzureMediaServicesTestConfiguration.SmallWmv2 })
{
var info = new FileInfo(filePath);
IAssetFile file = asset.AssetFiles.Create(info.Name);
file.UploadAsync(filePath, blobclient, locator, CancellationToken.None).Wait();
}
Guid keyId = Guid.NewGuid();
byte[] contentKey = GetRandomBuffer(16);
IContentKey key = _mediaContext.ContentKeys.Create(keyId, contentKey);
asset.ContentKeys.Add(key);
Assert.IsNotNull(asset, "Asset should be non null");
Assert.AreNotEqual(Guid.Empty, asset.Id, "Asset ID should not be null");
Assert.IsTrue(asset.Options == AssetCreationOptions.CommonEncryptionProtected, "AssetCreationOptions did not have the expected value");
VerifyFileAndContentKeyMetadataForCommonEncryption(asset);
VerifyContentKeyVersusExpectedValue2(asset, contentKey, keyId);
}
static public void CreateAssetDeliveryPolicy(IAsset asset, IContentKey key)
{
// Get the PlayReady license service URL.
Uri acquisitionUrl = key.GetKeyDeliveryUrl(ContentKeyDeliveryType.PlayReadyLicense);
// GetKeyDeliveryUrl for Widevine attaches the KID to the URL.
// For example: https://amsaccount1.keydelivery.mediaservices.windows.net/Widevine/?KID=268a6dcb-18c8-4648-8c95-f46429e4927c.
// The WidevineBaseLicenseAcquisitionUrl (used below) also tells Dynamaic Encryption
// to append /? KID =< keyId > to the end of the url when creating the manifest.
// As a result Widevine license aquisition URL will have KID appended twice,
// so we need to remove the KID that in the URL when we call GetKeyDeliveryUrl.
Uri widevineUrl = key.GetKeyDeliveryUrl(ContentKeyDeliveryType.Widevine);
UriBuilder uriBuilder = new UriBuilder(widevineUrl);
uriBuilder.Query = String.Empty;
widevineUrl = uriBuilder.Uri;
Dictionary <AssetDeliveryPolicyConfigurationKey, string> assetDeliveryPolicyConfiguration =
new Dictionary <AssetDeliveryPolicyConfigurationKey, string>
{
{ AssetDeliveryPolicyConfigurationKey.PlayReadyLicenseAcquisitionUrl, acquisitionUrl.ToString() },
{ AssetDeliveryPolicyConfigurationKey.WidevineBaseLicenseAcquisitionUrl, widevineUrl.ToString() }
};
var assetDeliveryPolicy = _context.AssetDeliveryPolicies.Create(
"AssetDeliveryPolicy",
AssetDeliveryPolicyType.DynamicCommonEncryption,
AssetDeliveryProtocol.Dash,
assetDeliveryPolicyConfiguration);
// Add AssetDelivery Policy to the asset
asset.DeliveryPolicies.Add(assetDeliveryPolicy);
}
static public void CreateAssetDeliveryPolicyCencCbcs(IAsset asset, IContentKey key)
{
var kdPolicy = _context.ContentKeyAuthorizationPolicies.Where(p => p.Id == key.AuthorizationPolicyId).Single();
var kdOption = kdPolicy.Options.Single(o => o.KeyDeliveryType == ContentKeyDeliveryType.FairPlay);
FairPlayConfiguration configFP = JsonConvert.DeserializeObject <FairPlayConfiguration>(kdOption.KeyDeliveryConfiguration);
// Get the FairPlay license service URL.
Uri acquisitionUrl = key.GetKeyDeliveryUrl(ContentKeyDeliveryType.FairPlay);
// The reason the below code replaces "https://" with "skd://" is because
// in the IOS player sample code which you obtained in Apple developer account,
// the player only recognizes a Key URL that starts with skd://.
// However, if you are using a customized player,
// you can choose whatever protocol you want.
// For example, "https".
Dictionary <AssetDeliveryPolicyConfigurationKey, string> assetDeliveryPolicyConfiguration =
new Dictionary <AssetDeliveryPolicyConfigurationKey, string>
{
{ AssetDeliveryPolicyConfigurationKey.FairPlayLicenseAcquisitionUrl, acquisitionUrl.ToString().Replace("https://", "skd://") },
{ AssetDeliveryPolicyConfigurationKey.CommonEncryptionIVForCbcs, configFP.ContentEncryptionIV }
};
var assetDeliveryPolicy = _context.AssetDeliveryPolicies.Create(
"AssetDeliveryPolicy CommonEncryptionCbcs (HLS)",
AssetDeliveryPolicyType.DynamicCommonEncryptionCbcs,
AssetDeliveryProtocol.HLS,
assetDeliveryPolicyConfiguration);
// Add AssetDelivery Policy to the asset
asset.DeliveryPolicies.Add(assetDeliveryPolicy);
}
static void Main(string[] args)
{
// Create and cache the Media Services credentials in a static class variable.
_cachedCredentials = new MediaServicesCredentials(
_mediaServicesAccountName,
_mediaServicesAccountKey);
// Used the cached credentials to create CloudMediaContext.
_context = new CloudMediaContext(_cachedCredentials);
bool tokenRestriction = false;
string tokenTemplateString = null;
IContentKey key = CreateCommonTypeContentKey();
// Print out the key ID and Key in base64 string format
Console.WriteLine("Created key {0} with key value {1} ", key.Id, System.Convert.ToBase64String(key.GetClearKeyValue()));
Console.WriteLine("PlayReady License Key delivery URL: {0}", key.GetKeyDeliveryUrl(ContentKeyDeliveryType.PlayReadyLicense));
if (tokenRestriction)
{
tokenTemplateString = AddTokenRestrictedAuthorizationPolicy(key);
}
else
{
AddOpenAuthorizationPolicy(key);
}
Console.WriteLine("Added authorization policy: {0}", key.AuthorizationPolicyId);
Console.WriteLine();
Console.ReadLine();
}
private static IAssetDeliveryPolicy CreateAssetDeliveryPolicy(IAsset asset, IContentKey key)
{
var policy = asset.DeliveryPolicies
.Where(p => p.AssetDeliveryProtocol == AssetDeliveryProtocol.HLS)
.SingleOrDefault();
if (policy != null)
{
policy.Delete();
}
Uri keyUrl = key.GetKeyDeliveryUrl(ContentKeyDeliveryType.Widevine);
var configuration = new Dictionary <AssetDeliveryPolicyConfigurationKey, string>();
configuration.Add(AssetDeliveryPolicyConfigurationKey.WidevineLicenseAcquisitionUrl, keyUrl.ToString());
policy = _mediaContext.AssetDeliveryPolicies.Create(
"WidevineDeliveryPolicy",
AssetDeliveryPolicyType.DynamicCommonEncryption,
AssetDeliveryProtocol.Dash,
configuration);
return(policy);
}
public void TestGetEncryptionState()
{
IAsset asset = JobTests.CreateSmoothAsset(_mediaContext, _filePaths, AssetCreationOptions.None);
AssetDeliveryProtocol protocolsToSet = AssetDeliveryProtocol.HLS | AssetDeliveryProtocol.SmoothStreaming | AssetDeliveryProtocol.Dash;
Dictionary <AssetDeliveryPolicyConfigurationKey, string> configuration = new Dictionary <AssetDeliveryPolicyConfigurationKey, string>()
{
{ AssetDeliveryPolicyConfigurationKey.EnvelopeBaseKeyAcquisitionUrl, "https://www.test.com/" },
{ AssetDeliveryPolicyConfigurationKey.EnvelopeEncryptionIVAsBase64, Convert.ToBase64String(ContentKeyTests.GetRandomBuffer(16)) }
};
IAssetDeliveryPolicy policy = _mediaContext.AssetDeliveryPolicies.Create("Test Policy", AssetDeliveryPolicyType.DynamicEnvelopeEncryption, protocolsToSet, configuration);
IContentKey key = _mediaContext.ContentKeys.Create(Guid.NewGuid(), ContentKeyTests.GetRandomBuffer(16), "Test key", ContentKeyType.EnvelopeEncryption);
asset.ContentKeys.Add(key);
asset.DeliveryPolicies.Add(policy);
AssetEncryptionState state = asset.GetEncryptionState(protocolsToSet);
Assert.AreEqual(AssetEncryptionState.DynamicEnvelopeEncryption, state);
state = asset.GetEncryptionState(AssetDeliveryProtocol.Dash | AssetDeliveryProtocol.Hds);
Assert.AreEqual(AssetEncryptionState.NoSinglePolicyApplies, state);
state = asset.GetEncryptionState(AssetDeliveryProtocol.Hds);
Assert.AreEqual(AssetEncryptionState.BlockedByPolicy, state);
CleanupAsset(asset);
}
static void Main(string[] args)
{
VerifyCerts();
var credentials = new MediaServicesCredentials(_wamsAccount, _wamsAccountKey)
{
AcsBaseAddress = _wamsAcsBaseAddress,
Scope = _wamsAcsScope
};
_mediaContext = new CloudMediaContext(_wamsEndpoint, credentials);
IAsset asset = CreateAsset();
IContentKey key = CreateKeyWithPolicy(asset);
IAssetDeliveryPolicy assetDeliveryPolicy = CreateAssetDeliveryPolicy(asset, key);
asset.DeliveryPolicies.Add(assetDeliveryPolicy);
Console.WriteLine("Asset Delivery Policy Added");
ILocator streamingLocator = CreateLocator(asset);
IStreamingEndpoint origin = GetOrigin(recreate: false);
Uri uri = GetManifestUrl(origin, asset, streamingLocator);
string keyDeliveryUrl = key.GetKeyDeliveryUrl(ContentKeyDeliveryType.FairPlay).ToString();
Console.WriteLine("ism: {0}\nkey delivery: {1}", uri, keyDeliveryUrl);
Console.ReadKey();
}
/// <summary>
/// Uploads the destinationPath with given path asynchronously
/// </summary>
/// <param name="path">The path of a destinationPath to upload</param>
/// <param name="blobTransferClient">The <see cref="BlobTransferClient"/> which is used to upload files.</param>
/// <param name="locator">An asset <see cref="ILocator"/> which defines permissions associated with the Asset.</param>
/// <param name="token">A <see cref="CancellationToken"/> to use for canceling upload operation.</param>
/// <returns>A function delegate that returns the future result to be available through the Task.</returns>
public Task UploadAsync(string path, BlobTransferClient blobTransferClient, ILocator locator, CancellationToken token)
{
if (blobTransferClient == null)
{
throw new ArgumentNullException("blobTransferClient");
}
if (locator == null)
{
throw new ArgumentNullException("locator");
}
if (path == null)
{
throw new ArgumentNullException("path");
}
if (!File.Exists(path))
{
throw new FileNotFoundException(path);
}
ValidateFileName(path);
IContentKey contentKeyData = null;
FileEncryption fileEncryption = null;
AssetCreationOptions assetCreationOptions = this.Asset.Options;
if (assetCreationOptions.HasFlag(AssetCreationOptions.StorageEncrypted))
{
contentKeyData = this.Asset.ContentKeys.Where(c => c.ContentKeyType == ContentKeyType.StorageEncryption).FirstOrDefault();
if (contentKeyData == null)
{
throw new InvalidOperationException(String.Format(CultureInfo.InvariantCulture, StringTable.StorageEncryptionContentKeyIsMissing, this.Asset.Id));
}
fileEncryption = new FileEncryption(contentKeyData.GetClearKeyValue(), EncryptionUtils.GetKeyIdAsGuid(contentKeyData.Id));
}
EventHandler <BlobTransferProgressChangedEventArgs> handler = (s, e) => OnUploadProgressChanged(path, e);
blobTransferClient.TransferProgressChanged += handler;
MediaRetryPolicy retryPolicy = this.GetMediaContext().MediaServicesClassFactory.GetBlobStorageClientRetryPolicy();
return(blobTransferClient.UploadBlob(
new Uri(locator.BaseUri),
path,
null,
fileEncryption,
token,
retryPolicy.AsAzureStorageClientRetryPolicy(),
() => locator.ContentAccessComponent)
.ContinueWith(
ts =>
{
blobTransferClient.TransferProgressChanged -= handler;
this.PostUploadAction(ts, path, fileEncryption, assetCreationOptions, token);
}));
}
private static void CreateFairPlayAssetDeliveryPolicy(IAsset asset, IContentKey key)
{
var kdPolicy = _context.ContentKeyAuthorizationPolicies.Where(p => p.Id == key.AuthorizationPolicyId).Single();
var kdOption = kdPolicy.Options.Single(o => o.KeyDeliveryType == ContentKeyDeliveryType.FairPlay);
FairPlayConfiguration configFP = JsonConvert.DeserializeObject <FairPlayConfiguration>(kdOption.KeyDeliveryConfiguration);
// Get the FairPlay license service URL.
Uri acquisitionUrl = key.GetKeyDeliveryUrl(ContentKeyDeliveryType.FairPlay);
Dictionary <AssetDeliveryPolicyConfigurationKey, string> assetDeliveryPolicyConfiguration =
new Dictionary <AssetDeliveryPolicyConfigurationKey, string>
{
{ AssetDeliveryPolicyConfigurationKey.FairPlayLicenseAcquisitionUrl, acquisitionUrl.ToString() },
{ AssetDeliveryPolicyConfigurationKey.CommonEncryptionIVForCbcs, configFP.ContentEncryptionIV }
};
var assetDeliveryPolicy = _context.AssetDeliveryPolicies.Create(
"FairPlay AssetDeliveryPolicy",
AssetDeliveryPolicyType.DynamicCommonEncryptionCbcs,
AssetDeliveryProtocol.HLS,
assetDeliveryPolicyConfiguration);
// Add AssetDelivery Policy to the asset
asset.DeliveryPolicies.Add(assetDeliveryPolicy);
}
private IContentKey[] GetContentKeys(ContentProtection contentProtection)
{
List <IContentKey> contentKeys = new List <IContentKey>();
if (contentProtection.AES)
{
ContentKeyType keyType = ContentKeyType.EnvelopeEncryption;
string keyName = Constants.Media.ContentProtection.ContentKeyNameAes;
IContentKey contentKey = GetContentKey(keyType, keyName, contentProtection);
contentKeys.Add(contentKey);
}
if (contentProtection.DRMPlayReady && contentProtection.DRMWidevine)
{
ContentKeyType keyType = ContentKeyType.CommonEncryption;
string keyName = Constants.Media.ContentProtection.ContentKeyNameDrmPlayReadyWidevine;
IContentKey contentKey = GetContentKey(keyType, keyName, contentProtection);
contentKeys.Add(contentKey);
}
else if (contentProtection.DRMPlayReady)
{
ContentKeyType keyType = ContentKeyType.CommonEncryption;
string keyName = Constants.Media.ContentProtection.ContentKeyNameDrmPlayReady;
IContentKey contentKey = GetContentKey(keyType, keyName, contentProtection);
contentKeys.Add(contentKey);
}
else if (contentProtection.DRMWidevine)
{
ContentKeyType keyType = ContentKeyType.CommonEncryption;
string keyName = Constants.Media.ContentProtection.ContentKeyNameDrmWidevine;
IContentKey contentKey = GetContentKey(keyType, keyName, contentProtection);
contentKeys.Add(contentKey);
}
return(contentKeys.ToArray());
}
public void ShouldDeleteAssetWithCommonEncryptionContentKey()
{
var dataContext2 = WindowsAzureMediaServicesTestConfiguration.CreateCloudMediaContext();
// Note that this file is not really PlayReady encrypted. For the purposes of this test that is okay.
IAsset asset = AssetTests.CreateAsset(_mediaContext, Path.GetFullPath(WindowsAzureMediaServicesTestConfiguration.SmallWmv), AssetCreationOptions.CommonEncryptionProtected);
string assetId = asset.Id;
string fileId = asset.AssetFiles.ToList()[0].Id;
Guid keyId = Guid.NewGuid();
byte[] contentKeyBytes = GetRandomBuffer(16);
IContentKey key = _mediaContext.ContentKeys.Create(keyId, contentKeyBytes);
asset.ContentKeys.Add(key);
string keyIdentifier = key.Id;
asset.Delete();
IAsset resultAsset = dataContext2.Assets.Where(a => a.Id == assetId).FirstOrDefault();
Assert.IsNull(resultAsset, "Asset was deleted we should not be able to query it by identifier.");
IAssetFile resultFile = dataContext2.Files.Where(f => f.Id == fileId).FirstOrDefault();
Assert.IsNull(resultFile, "Asset was deleted we should not be able to query its associated File by identifier.");
// The content key should not exists
IContentKey resultContentKey = dataContext2.ContentKeys.Where(c => c.Id == keyIdentifier).FirstOrDefault();
Assert.IsNull(resultContentKey, "Common Encryption Content Key should be deleted by deleting the asset");
}
static public void AddOpenAuthorizationPolicy(IContentKey contentKey)
{
// Create ContentKeyAuthorizationPolicy with Open restrictions and create authorization policy
IContentKeyAuthorizationPolicy policy = context.ContentKeyAuthorizationPolicies.CreateAsync("Open Authorization Policy").Result;
List <ContentKeyAuthorizationPolicyRestriction> restrictions = new List <ContentKeyAuthorizationPolicyRestriction>();
ContentKeyAuthorizationPolicyRestriction restriction =
new ContentKeyAuthorizationPolicyRestriction
{
Name = "HLS Open Authorization Policy",
KeyRestrictionType = (int)ContentKeyRestrictionType.Open,
Requirements = null // no requirements needed for HLS
};
restrictions.Add(restriction);
IContentKeyAuthorizationPolicyOption policyOption =
context.ContentKeyAuthorizationPolicyOptions.Create(
"policy",
ContentKeyDeliveryType.BaselineHttp,
restrictions,
"");
policy.Options.Add(policyOption);
// Add ContentKeyAutorizationPolicy to ContentKey
contentKey.AuthorizationPolicyId = policy.Id;
IContentKey updatedKey = contentKey.UpdateAsync().Result;
}
static public IContentKeyAuthorizationPolicy AddOpenAuthorizationPolicy(IContentKey contentKey, ContentKeyDeliveryType contentkeydeliverytype, string keydeliveryconfig, CloudMediaContext _context)
{
// Create ContentKeyAuthorizationPolicy with Open restrictions
// and create authorization policy
List <ContentKeyAuthorizationPolicyRestriction> restrictions = new List <ContentKeyAuthorizationPolicyRestriction>
{
new ContentKeyAuthorizationPolicyRestriction
{
Name = "Open",
KeyRestrictionType = (int)ContentKeyRestrictionType.Open,
Requirements = null
}
};
IContentKeyAuthorizationPolicyOption policyOption =
_context.ContentKeyAuthorizationPolicyOptions.Create(
"policy",
contentkeydeliverytype,
restrictions,
keydeliveryconfig);
IContentKeyAuthorizationPolicy contentKeyAuthorizationPolicy = _context.
ContentKeyAuthorizationPolicies.
CreateAsync("Open Authorization Policy").Result;
contentKeyAuthorizationPolicy.Options.Add(policyOption);
// Associate the content key authorization policy with the content key.
contentKey.AuthorizationPolicyId = contentKeyAuthorizationPolicy.Id;
contentKey = contentKey.UpdateAsync().Result;
return(contentKeyAuthorizationPolicy);
}
public override void HandleExecute(Common.workflow.ChainRequest request)
{
myRequest = (ButlerProcessRequest)request;
Setup();
_MediaServiceContext = new CloudMediaContext(myRequest.MediaAccountName, myRequest.MediaAccountKey);
IAsset encodedAsset = (from m in _MediaServiceContext.Assets select m).Where(m => m.Id == myRequest.AssetId).FirstOrDefault();
//Create key
IContentKey key = CreateEnvelopeTypeContentKey(encodedAsset);
//Create Token Template
string tokenTemplateString = AddTokenRestrictedAuthorizationPolicy(key);
Trace.TraceInformation("Added authorization policy: {0}", key.AuthorizationPolicyId);
//create Delivery Policy
CreateAssetDeliveryPolicy(encodedAsset, key);
if (!String.IsNullOrEmpty(tokenTemplateString))
{
// Deserializes a string containing an Xml representation of a TokenRestrictionTemplate
// back into a TokenRestrictionTemplate class instance.
TokenRestrictionTemplate tokenTemplate = TokenRestrictionTemplateSerializer.Deserialize(tokenTemplateString);
// Generate a test token based on the data in the given TokenRestrictionTemplate.
// Note, you need to pass the key id Guid because we specified
// TokenClaim.ContentKeyIdentifierClaim in during the creation of TokenRestrictionTemplate.
Guid rawkey = EncryptionUtils.GetKeyIdAsGuid(key.Id);
string testToken = TokenRestrictionTemplateSerializer.GenerateTestToken(tokenTemplate, null, rawkey);
Trace.TraceInformation("The authorization token is:\n{0}", testToken);
myRequest.Log.Add("The authorization token");
myRequest.Log.Add(testToken);
myRequest.Log.Add("");
}
}
/// <summary>
/// This is a helper method to setup a Content Key for delivery from Azure Media Services
/// </summary>
/// <param name="context">The CloudMediaContext instance used to communicate with Azure Media Services</param>
/// <param name="restrictions">One or more restrictions to add to the ContentKeyAuthorizationPolicy associated with the ContentKey</param>
/// <returns>A ContentKey that is configured for delivery to clients</returns>
private static IContentKey SetupContentKey(CloudMediaContext context, List <ContentKeyAuthorizationPolicyRestriction> restrictions)
{
//
// Create the ContentKeyAuthorizationPolicyOption
//
IContentKeyAuthorizationPolicyOption option =
context.ContentKeyAuthorizationPolicyOptions.Create("Option with Token Restriction",
ContentKeyDeliveryType.BaselineHttp,
restrictions,
null);
//
// Create the ContentKeyAuthorizationPolicy and add the option from above
//
IContentKeyAuthorizationPolicy policy = context.ContentKeyAuthorizationPolicies.CreateAsync("Policy to illustrate integration with ACS").Result;
policy.Options.Add(option);
//
// Create the ContentKey and associate the policy from above
//
byte[] keyValue = GetRandomKeyValue();
Guid keyId = Guid.NewGuid();
IContentKey contentKey = context.ContentKeys.Create(keyId, keyValue, "Test Key", ContentKeyType.EnvelopeEncryption);
contentKey.AuthorizationPolicyId = policy.Id;
contentKey.Update();
return(contentKey);
}
public static void AddOpenAuthorizationPolicy(IContentKey contentKey)
{
// Create ContentKeyAuthorizationPolicy with Open restrictions
// and create authorization policy
IContentKeyAuthorizationPolicy policy = _context.
ContentKeyAuthorizationPolicies.
CreateAsync("Open Authorization Policy").Result;
List<ContentKeyAuthorizationPolicyRestriction> restrictions =
new List<ContentKeyAuthorizationPolicyRestriction>();
ContentKeyAuthorizationPolicyRestriction restriction =
new ContentKeyAuthorizationPolicyRestriction
{
Name = "HLS Open Authorization Policy",
KeyRestrictionType = (int)ContentKeyRestrictionType.Open,
Requirements = null // no requirements needed for HLS
};
restrictions.Add(restriction);
IContentKeyAuthorizationPolicyOption policyOption =
_context.ContentKeyAuthorizationPolicyOptions.Create(
"policy",
ContentKeyDeliveryType.BaselineHttp,
restrictions,
"");
policy.Options.Add(policyOption);
// Add ContentKeyAutorizationPolicy to ContentKey
contentKey.AuthorizationPolicyId = policy.Id;
IContentKey updatedKey = contentKey.UpdateAsync().Result;
Console.WriteLine("Adding Key to Asset: Key ID is " + updatedKey.Id);
}
static public void AddOpenAuthorizationPolicy(IContentKey contentKey)
{
// Create ContentKeyAuthorizationPolicy with Open restrictions
// and create authorization policy
List <ContentKeyAuthorizationPolicyRestriction> restrictions = new List <ContentKeyAuthorizationPolicyRestriction>
{
new ContentKeyAuthorizationPolicyRestriction
{
Name = "Open",
KeyRestrictionType = (int)ContentKeyRestrictionType.Open,
Requirements = null
}
};
// Configure PlayReady license template.
string newLicenseTemplate = ConfigurePlayReadyLicenseTemplate();
IContentKeyAuthorizationPolicyOption policyOption =
_context.ContentKeyAuthorizationPolicyOptions.Create("",
ContentKeyDeliveryType.PlayReadyLicense,
restrictions, newLicenseTemplate);
IContentKeyAuthorizationPolicy contentKeyAuthorizationPolicy = _context.
ContentKeyAuthorizationPolicies.
CreateAsync("Deliver Common Content Key with no restrictions").
Result;
contentKeyAuthorizationPolicy.Options.Add(policyOption);
// Associate the content key authorization policy with the content key.
contentKey.AuthorizationPolicyId = contentKeyAuthorizationPolicy.Id;
contentKey = contentKey.UpdateAsync().Result;
}
/// <summary>
/// Removes locators, delivery policies and keys associated with an asset
/// </summary>
/// <param name="asset"></param>
private static void CleanUpAsset(IAsset asset)
{
foreach (var locator in asset.Locators)
{
ILocator locatorRefreshed = _context.Locators.Where(p => p.Id == locator.Id).FirstOrDefault();
if (locatorRefreshed != null)
{
locatorRefreshed.Delete();
}
}
var deliveryPolicies = asset.DeliveryPolicies.ToList();
foreach (var deliveryPolicy in deliveryPolicies)
{
asset.DeliveryPolicies.Remove(deliveryPolicy);
var deliveryPolicyRefreshed = _context.AssetDeliveryPolicies.Where(p => p.Id == deliveryPolicy.Id).FirstOrDefault();
if (deliveryPolicyRefreshed != null)
{
deliveryPolicyRefreshed.Delete();
}
}
var keys = asset.ContentKeys.ToList();
foreach (var key in keys)
{
asset.ContentKeys.Remove(key);
IContentKey keyRefreshed = _context.ContentKeys.Where(p => p.Id == key.Id).FirstOrDefault();
if (keyRefreshed != null)
{
keyRefreshed.Delete();
}
}
}
public string[] GetProtectionTypes(IAsset asset)
{
List <string> protectionTypes = new List <string>();
IAssetDeliveryPolicy deliveryPolicy = asset.DeliveryPolicies.Where(p => p.AssetDeliveryPolicyType == AssetDeliveryPolicyType.DynamicEnvelopeEncryption).SingleOrDefault();
if (deliveryPolicy != null)
{
protectionTypes.Add(MediaProtection.AES.ToString());
}
deliveryPolicy = asset.DeliveryPolicies.Where(p => p.AssetDeliveryPolicyType == AssetDeliveryPolicyType.DynamicCommonEncryption).SingleOrDefault();
if (deliveryPolicy != null)
{
IContentKey contentKey = asset.ContentKeys.Where(k => k.ContentKeyType == ContentKeyType.CommonEncryption).SingleOrDefault();
if (contentKey != null)
{
IContentKeyAuthorizationPolicy authPolicy = GetEntityById(MediaEntity.ContentKeyAuthPolicy, contentKey.AuthorizationPolicyId) as IContentKeyAuthorizationPolicy;
if (authPolicy != null)
{
IContentKeyAuthorizationPolicyOption policyOption = authPolicy.Options.Where(o => o.KeyDeliveryType == ContentKeyDeliveryType.PlayReadyLicense).SingleOrDefault();
if (policyOption != null)
{
protectionTypes.Add(MediaProtection.PlayReady.ToString());
}
policyOption = authPolicy.Options.Where(o => o.KeyDeliveryType == ContentKeyDeliveryType.Widevine).SingleOrDefault();
if (policyOption != null)
{
protectionTypes.Add(MediaProtection.Widevine.ToString());
}
}
}
}
return(protectionTypes.ToArray());
}
static public void CreateAssetDeliveryPolicy(IAsset asset, IContentKey key)
{
Uri keyAcquisitionUri = key.GetKeyDeliveryUrl(ContentKeyDeliveryType.BaselineHttp);
string envelopeEncryptionIV = Convert.ToBase64String(GetRandomBuffer(16));
// The following policy configuration specifies:
// key url that will have KID=<Guid> appended to the envelope and
// the Initialization Vector (IV) to use for the envelope encryption.
Dictionary <AssetDeliveryPolicyConfigurationKey, string> assetDeliveryPolicyConfiguration =
new Dictionary <AssetDeliveryPolicyConfigurationKey, string>
{
{ AssetDeliveryPolicyConfigurationKey.EnvelopeKeyAcquisitionUrl, keyAcquisitionUri.ToString() }
};
IAssetDeliveryPolicy assetDeliveryPolicy =
_context.AssetDeliveryPolicies.Create(
"AssetDeliveryPolicy",
AssetDeliveryPolicyType.DynamicEnvelopeEncryption,
AssetDeliveryProtocol.SmoothStreaming | AssetDeliveryProtocol.HLS | AssetDeliveryProtocol.Dash,
assetDeliveryPolicyConfiguration);
// Add AssetDelivery Policy to the asset
asset.DeliveryPolicies.Add(assetDeliveryPolicy);
Console.WriteLine();
Console.WriteLine("Adding Asset Delivery Policy: " +
assetDeliveryPolicy.AssetDeliveryPolicyType);
}
private static string ConfigureFairPlayPolicyOptions()
{
// For testing you can provide all zeroes for ASK bytes together with the cert from Apple FPS SDK.
// However, for production you must use a real ASK from Apple bound to a real prod certificate.
byte[] askBytes = string.IsNullOrEmpty(_fairPlayASK) ? Guid.NewGuid().ToByteArray() : System.Text.Encoding.UTF8.GetBytes(_fairPlayASK);
var askId = string.IsNullOrEmpty(_fairPlayASKId) ? Guid.NewGuid() : Guid.Parse(_fairPlayASKId);
// Key delivery retrieves askKey by askId and uses this key to generate the response.
IContentKey askKey = _context.ContentKeys.Create(askId, askBytes, "askKey", ContentKeyType.FairPlayASk);
//Customer password for creating the .pfx file.
string pfxPassword = _fairPlayPFXPassword;
// Key delivery retrieves pfxPasswordKey by pfxPasswordId and uses this key to generate the response.
var pfxPasswordId = Guid.NewGuid();
byte[] pfxPasswordBytes = System.Text.Encoding.UTF8.GetBytes(pfxPassword);
IContentKey pfxPasswordKey = _context.ContentKeys.Create(pfxPasswordId, pfxPasswordBytes, "pfxPasswordKey", ContentKeyType.FairPlayPfxPassword);
// iv - 16 bytes random value, must match the iv in the asset delivery policy.
byte[] iv = Guid.NewGuid().ToByteArray();
//Specify the .pfx file created by the customer.
var appCert = new X509Certificate2(_fairPlayPFXPath, pfxPassword, X509KeyStorageFlags.Exportable);
string FairPlayConfiguration =
Microsoft.WindowsAzure.MediaServices.Client.FairPlay.FairPlayConfiguration.CreateSerializedFairPlayOptionConfiguration(
appCert,
pfxPassword,
pfxPasswordId,
askId,
iv);
return(FairPlayConfiguration);
}
static void Main(string[] args)
{
//
// Get all of the values we need from the App.Config
//
string mediaServicesAccountName = ConfigurationManager.AppSettings["MediaServiceAccountName"];
string mediaServicesAccountKey = ConfigurationManager.AppSettings["MediaServiceAccountKey"];
string clientId = ConfigurationManager.AppSettings["AcsAccountName"];
string clientSecret = ConfigurationManager.AppSettings["AcsAccountKey"];
string issuerString = ConfigurationManager.AppSettings["AcsEndpoint"];
string scopeString = ConfigurationManager.AppSettings["AcsScope"];
string signingKeyString = ConfigurationManager.AppSettings["AcsSigningKey"];
byte[] signingKey = Convert.FromBase64String(signingKeyString);
//
// Create the context to talk to Azure Media Services
//
MediaServicesCredentials creds = new MediaServicesCredentials(mediaServicesAccountName, mediaServicesAccountKey);
CloudMediaContext context = new CloudMediaContext(creds);
//
// Setup Media Services for Key Delivery of an Envelope Content Key with a Token Restriction.
// The GetTokenRestriction method has all of the details on how the ACS parameters from the App.Config
// are used to configure the token validation logic associated with delivering the content key.
//
List <ContentKeyAuthorizationPolicyRestriction> restrictions = GetTokenRestriction("Token Restriction using token from ACS", issuerString, scopeString, signingKey);
IContentKey contentKey = SetupContentKey(context, restrictions);
//
// Now simulate a client downloading the content key to use for playback by
// using ACS to get an authentication token and using the token to download
// the Envelope key from the Key Delivery service.
//
string authToken = GetToken(clientId, clientSecret, scopeString, issuerString);
Uri keyUrl = contentKey.GetKeyDeliveryUrl(ContentKeyDeliveryType.BaselineHttp);
using (WebClient client = new WebClient())
{
Console.WriteLine("Token=Bearer " + authToken);
client.Headers["Authorization"] = "Bearer " + authToken;
byte[] downloadedKeyValue;
try
{
downloadedKeyValue = client.DownloadData(keyUrl);
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("\nContent Key acquired successfully!");
}
catch (Exception ex)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("\nKey acquisition failed.\n{0}", ex.Message);
}
}
Console.ResetColor();
Console.ReadLine();
}
public static IContentKeyAuthorizationPolicy CreateTestPolicy(CloudMediaContext mediaContext, string name, List<IContentKeyAuthorizationPolicyOption> policyOptions, ref IContentKey contentKey)
{
IContentKeyAuthorizationPolicy contentKeyAuthorizationPolicy = mediaContext.ContentKeyAuthorizationPolicies.CreateAsync(name).Result;
foreach (IContentKeyAuthorizationPolicyOption option in policyOptions)
{
contentKeyAuthorizationPolicy.Options.Add(option);
}
// Associate the content key authorization policy with the content key
contentKey.AuthorizationPolicyId = contentKeyAuthorizationPolicy.Id;
contentKey = contentKey.UpdateAsync().Result;
return contentKeyAuthorizationPolicy;
}
public static void AddOpenAuthorizationPolicy(IContentKey contentKey)
{
// Create ContentKeyAuthorizationPolicy with Open restrictions
// and create authorization policy
List<ContentKeyAuthorizationPolicyRestriction> restrictions = new List<ContentKeyAuthorizationPolicyRestriction>
{
new ContentKeyAuthorizationPolicyRestriction
{
Name = "Open",
KeyRestrictionType = (int)ContentKeyRestrictionType.Open,
Requirements = null
}
};
// Configure PlayReady and Widevine license templates.
string PlayReadyLicenseTemplate = ConfigurePlayReadyLicenseTemplate();
string WidevineLicenseTemplate = ConfigureWidevineLicenseTemplate();
IContentKeyAuthorizationPolicyOption PlayReadyPolicy =
_context.ContentKeyAuthorizationPolicyOptions.Create("",
ContentKeyDeliveryType.PlayReadyLicense,
restrictions, PlayReadyLicenseTemplate);
IContentKeyAuthorizationPolicyOption WidevinePolicy =
_context.ContentKeyAuthorizationPolicyOptions.Create("",
ContentKeyDeliveryType.Widevine,
restrictions, WidevineLicenseTemplate);
IContentKeyAuthorizationPolicy contentKeyAuthorizationPolicy = _context.
ContentKeyAuthorizationPolicies.
CreateAsync("Deliver Common Content Key with no restrictions").
Result;
contentKeyAuthorizationPolicy.Options.Add(PlayReadyPolicy);
contentKeyAuthorizationPolicy.Options.Add(WidevinePolicy);
// Associate the content key authorization policy with the content key.
contentKey.AuthorizationPolicyId = contentKeyAuthorizationPolicy.Id;
contentKey = contentKey.UpdateAsync().Result;
}
private string AddTokenRestrictedAuthorizationPolicy(IContentKey contentKey)
{
string tokenTemplateString = GenerateTokenRequirements();
IContentKeyAuthorizationPolicy policy = _MediaServiceContext.
ContentKeyAuthorizationPolicies.
CreateAsync(myConfig.policyName).Result;
List<ContentKeyAuthorizationPolicyRestriction> restrictions =
new List<ContentKeyAuthorizationPolicyRestriction>();
ContentKeyAuthorizationPolicyRestriction restriction =
new ContentKeyAuthorizationPolicyRestriction
{
Name = "Token Authorization Policy",
KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted,
Requirements = tokenTemplateString
};
restrictions.Add(restriction);
//You could have multiple options
IContentKeyAuthorizationPolicyOption policyOption =
_MediaServiceContext.ContentKeyAuthorizationPolicyOptions.Create(
"Token option for HLS",
ContentKeyDeliveryType.BaselineHttp,
restrictions,
null // no key delivery data is needed for HLS
);
policy.Options.Add(policyOption);
// Add ContentKeyAutorizationPolicy to ContentKey
contentKey.AuthorizationPolicyId = policy.Id;
IContentKey updatedKey = contentKey.UpdateAsync().Result;
Trace.TraceInformation("Adding Key to Asset: Key ID is " + updatedKey.Id);
return tokenTemplateString;
}
public static IContentKeyAuthorizationPolicyOption AddOpenAuthorizationPolicyOption(IContentKey contentKey, ContentKeyDeliveryType contentkeydeliverytype, string keydeliveryconfig, CloudMediaContext _context)
{
// Create ContentKeyAuthorizationPolicy with Open restrictions
// and create authorization policy
List<ContentKeyAuthorizationPolicyRestriction> restrictions = new List<ContentKeyAuthorizationPolicyRestriction>
{
new ContentKeyAuthorizationPolicyRestriction
{
Name = "Open Authorization Policy",
KeyRestrictionType = (int)ContentKeyRestrictionType.Open,
Requirements = null
}
};
IContentKeyAuthorizationPolicyOption policyOption =
_context.ContentKeyAuthorizationPolicyOptions.Create(
"Open option",
contentkeydeliverytype,
restrictions,
keydeliveryconfig);
return policyOption;
}
static public IAssetDeliveryPolicy CreateAssetDeliveryPolicyAES(IAsset asset, IContentKey key, AssetDeliveryProtocol assetdeliveryprotocol, string name, CloudMediaContext _context, Uri keyAcquisitionUri)
{
// if user does not specify a custom LA URL, let's use the AES key server from Azure Media Services
if (keyAcquisitionUri == null)
{
keyAcquisitionUri = key.GetKeyDeliveryUrl(ContentKeyDeliveryType.BaselineHttp);
}
// let's key the url with the key id parameter
UriBuilder uriBuilder = new UriBuilder(keyAcquisitionUri);
uriBuilder.Query = String.Empty;
keyAcquisitionUri = uriBuilder.Uri;
// Removed in March 2016. In order to use EnvelopeBaseKeyAcquisitionUrl and reuse the same policy for several assets
//string envelopeEncryptionIV = Convert.ToBase64String(GetRandomBuffer(16));
// The following policy configuration specifies:
// key url that will have KID=<Guid> appended to the envelope and
// the Initialization Vector (IV) to use for the envelope encryption.
Dictionary<AssetDeliveryPolicyConfigurationKey, string> assetDeliveryPolicyConfiguration =
new Dictionary<AssetDeliveryPolicyConfigurationKey, string>
{
{AssetDeliveryPolicyConfigurationKey.EnvelopeBaseKeyAcquisitionUrl, keyAcquisitionUri.ToString()}
//{AssetDeliveryPolicyConfigurationKey.EnvelopeKeyAcquisitionUrl, keyAcquisitionUri.ToString()},
//{AssetDeliveryPolicyConfigurationKey.EnvelopeEncryptionIVAsBase64, envelopeEncryptionIV}
};
IAssetDeliveryPolicy assetDeliveryPolicy =
_context.AssetDeliveryPolicies.Create(
name,
AssetDeliveryPolicyType.DynamicEnvelopeEncryption,
assetdeliveryprotocol,
assetDeliveryPolicyConfiguration);
// Add AssetDelivery Policy to the asset
asset.DeliveryPolicies.Add(assetDeliveryPolicy);
return assetDeliveryPolicy;
}
static public IAssetDeliveryPolicy CreateAssetDeliveryPolicyCENC(IAsset asset, IContentKey key, AddDynamicEncryptionFrame1 form1, string name, CloudMediaContext _context, Uri playreadyAcquisitionUrl = null, bool playreadyEncodeLAURLForSilverlight = false, string widevineAcquisitionUrl = null)
{
Dictionary<AssetDeliveryPolicyConfigurationKey, string> assetDeliveryPolicyConfiguration = new Dictionary<AssetDeliveryPolicyConfigurationKey, string>();
// PlayReady
if (form1.PlayReadyPackaging)
{
string stringPRacquisitionUrl;
if (playreadyEncodeLAURLForSilverlight && playreadyAcquisitionUrl != null)
{
stringPRacquisitionUrl = playreadyAcquisitionUrl.ToString().Replace("&", "%26");
}
else
{
if (playreadyAcquisitionUrl == null)
{
playreadyAcquisitionUrl = key.GetKeyDeliveryUrl(ContentKeyDeliveryType.PlayReadyLicense);
}
stringPRacquisitionUrl = System.Security.SecurityElement.Escape(playreadyAcquisitionUrl.ToString());
}
assetDeliveryPolicyConfiguration.Add(AssetDeliveryPolicyConfigurationKey.PlayReadyLicenseAcquisitionUrl, stringPRacquisitionUrl);
if (form1.PlayReadyCustomAttributes != null) // let's add custom attributes
{
assetDeliveryPolicyConfiguration.Add(AssetDeliveryPolicyConfigurationKey.PlayReadyCustomAttributes, form1.PlayReadyCustomAttributes);
}
}
// Widevine
if (form1.WidevinePackaging) // let's add Widevine
{
if (widevineAcquisitionUrl == null)
{
widevineAcquisitionUrl = key.GetKeyDeliveryUrl(ContentKeyDeliveryType.Widevine).ToString();
}
// let's get the url without the key id parameter
UriBuilder uriBuilder = new UriBuilder(widevineAcquisitionUrl);
uriBuilder.Query = String.Empty;
widevineAcquisitionUrl = uriBuilder.Uri.ToString();
assetDeliveryPolicyConfiguration.Add(AssetDeliveryPolicyConfigurationKey.WidevineBaseLicenseAcquisitionUrl, widevineAcquisitionUrl);
}
// let's check the protocol: DASH only if only Widevine packaging
var protocol = form1.GetAssetDeliveryProtocol;
if (!form1.PlayReadyPackaging && form1.WidevinePackaging)
{
protocol = AssetDeliveryProtocol.Dash;
}
var assetDeliveryPolicy = _context.AssetDeliveryPolicies.Create(
name,
AssetDeliveryPolicyType.DynamicCommonEncryption,
protocol,
assetDeliveryPolicyConfiguration
);
// Add AssetDelivery Policy to the asset
asset.DeliveryPolicies.Add(assetDeliveryPolicy);
return assetDeliveryPolicy;
}
private void listViewAutOptions_SelectedIndexChanged(object sender, EventArgs e)
{
if (listViewAutOptions.SelectedIndices.Count > 0)
{
var it = listViewAutOptions.SelectedItems[0];
string stringoptionid = it.SubItems[2].Text;
SelectedOption = mycontext.ContentKeyAuthorizationPolicyOptions.Where(p => p.Id == stringoptionid).FirstOrDefault();
KeyFromSelectedOption = ContentKeyDisplayed[listViewAutOptions.SelectedItems[0].Index];
string tokenTemplateString = SelectedOption.Restrictions.FirstOrDefault().Requirements;
if (!string.IsNullOrEmpty(tokenTemplateString))
{
TokenRestrictionTemplate tokenTemplate = TokenRestrictionTemplateSerializer.Deserialize(tokenTemplateString);
textBoxAudience.Text = tokenTemplate.Audience.ToString();
textBoxIssuer.Text = tokenTemplate.Issuer.ToString();
checkBoxAddContentKeyIdentifierClaim.Checked = false;
groupBoxStartDate.Enabled = (tokenTemplate.TokenType == TokenType.JWT);
panelJWTX509Cert.Enabled = !(tokenTemplate.PrimaryVerificationKey.GetType() == typeof(SymmetricVerificationKey));
TokenClaimsList.Clear();
foreach (var claim in tokenTemplate.RequiredClaims)
{
if (claim.ClaimType == TokenClaim.ContentKeyIdentifierClaimType)
{
checkBoxAddContentKeyIdentifierClaim.Checked = true;
}
else
{
TokenClaimsList.Add(new MyTokenClaim()
{
Type = claim.ClaimType,
Value = claim.ClaimValue
});
}
}
}
UpdateButtonOk();
}
}
public static IContentKeyAuthorizationPolicyOption AddTokenRestrictedAuthorizationPolicyAES(IContentKey contentKey, string Audience, string Issuer, IList<TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenType tokentype, ExplorerTokenType detailedtokentype, TokenVerificationKey mytokenverificationkey, CloudMediaContext _context, string openIdDiscoveryPath = null)
{
string tokenTemplateString = GenerateTokenRequirements(tokentype, Audience, Issuer, tokenclaimslist, AddContentKeyIdentifierClaim, mytokenverificationkey, openIdDiscoveryPath);
string tname = detailedtokentype.ToString();
List<ContentKeyAuthorizationPolicyRestriction> restrictions =
new List<ContentKeyAuthorizationPolicyRestriction>();
ContentKeyAuthorizationPolicyRestriction restriction =
new ContentKeyAuthorizationPolicyRestriction
{
Name = tname + " Token Authorization Policy",
KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted,
Requirements = tokenTemplateString
};
restrictions.Add(restriction);
//You could have multiple options
IContentKeyAuthorizationPolicyOption policyOption =
_context.ContentKeyAuthorizationPolicyOptions.Create(
"Token option",
ContentKeyDeliveryType.BaselineHttp,
restrictions,
null // no key delivery data is needed for HLS
);
return policyOption;
}
public static IContentKeyAuthorizationPolicyOption AddTokenRestrictedAuthorizationPolicyPlayReady(IContentKey contentKey, string Audience, string Issuer, IList<TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenType tokentype, ExplorerTokenType detailedtokentype, TokenVerificationKey mytokenverificationkey, CloudMediaContext _context, string newLicenseTemplate, string openIdDiscoveryPath = null)
{
string tokenTemplateString = GenerateTokenRequirements(tokentype, Audience, Issuer, tokenclaimslist, AddContentKeyIdentifierClaim, mytokenverificationkey, openIdDiscoveryPath);
string tname = detailedtokentype.ToString();
List<ContentKeyAuthorizationPolicyRestriction> restrictions = new List<ContentKeyAuthorizationPolicyRestriction>
{
new ContentKeyAuthorizationPolicyRestriction
{
Name = tname+ " Token Authorization Policy",
KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted,
Requirements = tokenTemplateString,
}
};
IContentKeyAuthorizationPolicyOption policyOption =
_context.ContentKeyAuthorizationPolicyOptions.Create(tname + "Token option",
ContentKeyDeliveryType.PlayReadyLicense,
restrictions, newLicenseTemplate);
IContentKeyAuthorizationPolicy contentKeyAuthorizationPolicy = _context.
ContentKeyAuthorizationPolicies.
CreateAsync("Deliver Common Content Key with no restrictions").
Result;
return policyOption;
}
public IContentKey AddAuthorizationPolicyToContentKey(string assetID, CloudMediaContext mediaContext, IContentKey objIContentKey, string claimType, string claimValue, JwtSecurityToken token)
{
//we name auth policy same as asset
var policy = mediaContext.ContentKeyAuthorizationPolicies.Where(c => c.Name == assetID).FirstOrDefault();
// Create ContentKeyAuthorizationPolicy with restrictions and create authorization policy
if (policy == null)
{
policy = mediaContext.ContentKeyAuthorizationPolicies.CreateAsync(assetID).Result;
}
//naming policyOption same as asset
var policyOption = mediaContext.ContentKeyAuthorizationPolicyOptions.Where(name => name.Name == assetID).FirstOrDefault();
if (policyOption == null)
{
List<ContentKeyAuthorizationPolicyRestriction> restrictions = new List<ContentKeyAuthorizationPolicyRestriction>();
TokenRestrictionTemplate template = new TokenRestrictionTemplate();
template.TokenType = TokenType.JWT;
//Using Active Directory Open ID discovery spec to use Json Web Keys during token verification
template.OpenIdConnectDiscoveryDocument = new OpenIdConnectDiscoveryDocument("https://login.windows.net/common/.well-known/openid-configuration");
//Ignore Empty claims
if (!String.IsNullOrEmpty(claimType) && !String.IsNullOrEmpty(claimValue))
{
template.RequiredClaims.Add(new TokenClaim(claimType, claimValue));
}
var audience = token.Audiences.First();
template.Audience = audience;
template.Issuer = token.Issuer;
string requirements = TokenRestrictionTemplateSerializer.Serialize(template);
ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction
{
Name = "Authorization Policy with Token Restriction",
KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted,
Requirements = requirements
};
restrictions.Add(restriction);
policyOption =
mediaContext.ContentKeyAuthorizationPolicyOptions.Create(assetID,
ContentKeyDeliveryType.BaselineHttp, restrictions, null);
policy.Options.Add(policyOption);
policy.UpdateAsync();
}
// Add ContentKeyAutorizationPolicy to ContentKey
objIContentKey.AuthorizationPolicyId = policy.Id;
IContentKey IContentKeyUpdated = objIContentKey.UpdateAsync().Result;
return IContentKeyUpdated;
}
public static IContentKeyAuthorizationPolicyOption AddTokenRestrictedAuthorizationPolicyAES(IContentKey contentKey, string Audience, string Issuer, IList<TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenType tokentype, bool IsJWTKeySymmetric, TokenVerificationKey mytokenverificationkey, CloudMediaContext _context)
{
string tokenTemplateString = GenerateTokenRequirements(tokentype, Audience, Issuer, tokenclaimslist, AddContentKeyIdentifierClaim, mytokenverificationkey);
string tname = ((IsJWTKeySymmetric) ? "Sym " : "Asym ") + ((tokentype == TokenType.SWT) ? "SWT " : "JWT ");
List<ContentKeyAuthorizationPolicyRestriction> restrictions =
new List<ContentKeyAuthorizationPolicyRestriction>();
ContentKeyAuthorizationPolicyRestriction restriction =
new ContentKeyAuthorizationPolicyRestriction
{
Name = "Token Authorization Policy",
KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted,
Requirements = tokenTemplateString
};
restrictions.Add(restriction);
//You could have multiple options
IContentKeyAuthorizationPolicyOption policyOption =
_context.ContentKeyAuthorizationPolicyOptions.Create(
"Token option",
ContentKeyDeliveryType.BaselineHttp,
restrictions,
null // no key delivery data is needed for HLS
);
return policyOption;
}
private void CleanupKeyAndPolicy(IContentKey contentKey, IContentKeyAuthorizationPolicy contentKeyAuthorizationPolicy, IContentKeyAuthorizationPolicyOption policyOption)
{
if (contentKey != null)
{
contentKey.Delete();
}
if (contentKeyAuthorizationPolicy != null)
{
contentKeyAuthorizationPolicy.Delete();
}
/*
if (policyOption != null)
{
policyOption.Delete();
}
*/
}
public static string AddTokenRestrictedAuthorizationPolicy(IContentKey contentKey)
{
string tokenTemplateString = GenerateTokenRequirements();
IContentKeyAuthorizationPolicy policy = _context.
ContentKeyAuthorizationPolicies.
CreateAsync("HLS token restricted authorization policy").Result;
List<ContentKeyAuthorizationPolicyRestriction> restrictions = new List<ContentKeyAuthorizationPolicyRestriction>
{
new ContentKeyAuthorizationPolicyRestriction
{
Name = "Token Authorization Policy",
KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted,
Requirements = tokenTemplateString,
}
};
// Configure PlayReady license template.
string newLicenseTemplate = ConfigurePlayReadyLicenseTemplate();
IContentKeyAuthorizationPolicyOption policyOption =
_context.ContentKeyAuthorizationPolicyOptions.Create("Token option",
ContentKeyDeliveryType.PlayReadyLicense,
restrictions, newLicenseTemplate);
IContentKeyAuthorizationPolicy contentKeyAuthorizationPolicy = _context.
ContentKeyAuthorizationPolicies.
CreateAsync("Deliver Common Content Key with no restrictions").
Result;
policy.Options.Add(policyOption);
// Add ContentKeyAutorizationPolicy to ContentKey
contentKeyAuthorizationPolicy.Options.Add(policyOption);
// Associate the content key authorization policy with the content key
contentKey.AuthorizationPolicyId = contentKeyAuthorizationPolicy.Id;
contentKey = contentKey.UpdateAsync().Result;
return tokenTemplateString;
}
static public void CreateAssetDeliveryPolicy(IAsset asset, IContentKey key)
{
Uri acquisitionUrl = key.GetKeyDeliveryUrl(ContentKeyDeliveryType.PlayReadyLicense);
Dictionary<AssetDeliveryPolicyConfigurationKey, string> assetDeliveryPolicyConfiguration =
new Dictionary<AssetDeliveryPolicyConfigurationKey, string>
{
{AssetDeliveryPolicyConfigurationKey.PlayReadyLicenseAcquisitionUrl, acquisitionUrl.ToString()},
};
var assetDeliveryPolicy = _context.AssetDeliveryPolicies.Create(
"AssetDeliveryPolicy",
AssetDeliveryPolicyType.DynamicCommonEncryption,
AssetDeliveryProtocol.SmoothStreaming,
assetDeliveryPolicyConfiguration);
// Add AssetDelivery Policy to the asset
asset.DeliveryPolicies.Add(assetDeliveryPolicy);
Console.WriteLine();
Console.WriteLine("Adding Asset Delivery Policy: " +
assetDeliveryPolicy.AssetDeliveryPolicyType);
}
private static void CreateAssetDeliveryPolicy(MediaContextBase context, IAsset asset, IContentKey key)
{
Uri keyAcquisitionUri = key.GetKeyDeliveryUrl(ContentKeyDeliveryType.BaselineHttp);
string envelopeEncryptionIV = Convert.ToBase64String(GetRandomBuffer(16));
// The following policy configuration specifies:
// key url that will have KID=<Guid> appended to the envelope and
// the Initialization Vector (IV) to use for the envelope encryption.
Dictionary<AssetDeliveryPolicyConfigurationKey, string> assetDeliveryPolicyConfiguration = new Dictionary<AssetDeliveryPolicyConfigurationKey, string>
{
{ AssetDeliveryPolicyConfigurationKey.EnvelopeKeyAcquisitionUrl, keyAcquisitionUri.ToString() },
{ AssetDeliveryPolicyConfigurationKey.EnvelopeEncryptionIVAsBase64, envelopeEncryptionIV }
};
IAssetDeliveryPolicy assetDeliveryPolicy = context.AssetDeliveryPolicies.Create(
"AssetDeliveryPolicy",
AssetDeliveryPolicyType.DynamicEnvelopeEncryption,
AssetDeliveryProtocol.SmoothStreaming | AssetDeliveryProtocol.HLS | AssetDeliveryProtocol.Dash,
assetDeliveryPolicyConfiguration);
// Add AssetDelivery Policy to the asset
asset.DeliveryPolicies.Add(assetDeliveryPolicy);
}
private static void AddOpenRestrictedAuthorizationPolicy(MediaContextBase context, IContentKey contentKey)
{
// Create ContentKeyAuthorizationPolicy with Open restrictions and create authorization policy
IContentKeyAuthorizationPolicy policy = context.ContentKeyAuthorizationPolicies.CreateAsync("Open Authorization Policy").Result;
List<ContentKeyAuthorizationPolicyRestriction> restrictions = new List<ContentKeyAuthorizationPolicyRestriction>
{
new ContentKeyAuthorizationPolicyRestriction
{
Name = "Open Authorization Policy",
KeyRestrictionType = (int)ContentKeyRestrictionType.Open,
Requirements = null // no requirements needed
}
};
IContentKeyAuthorizationPolicyOption policyOption = context.ContentKeyAuthorizationPolicyOptions.Create("Option", ContentKeyDeliveryType.BaselineHttp, restrictions, string.Empty);
policy.Options.Add(policyOption);
// Add ContentKeyAutorizationPolicy to ContentKey
contentKey.AuthorizationPolicyId = policy.Id;
IContentKey updatedKey = contentKey.UpdateAsync().Result;
}
public static void CreateAssetDeliveryPolicy(IAsset asset, IContentKey key)
{
// Get the PlayReady license service URL.
Uri acquisitionUrl = key.GetKeyDeliveryUrl(ContentKeyDeliveryType.PlayReadyLicense);
// GetKeyDeliveryUrl for Widevine attaches the KID to the URL.
// For example: https://amsaccount1.keydelivery.mediaservices.windows.net/Widevine/?KID=268a6dcb-18c8-4648-8c95-f46429e4927c.
// The WidevineBaseLicenseAcquisitionUrl (used below) also tells Dynamaic Encryption
// to append /? KID =< keyId > to the end of the url when creating the manifest.
// As a result Widevine license aquisition URL will have KID appended twice,
// so we need to remove the KID that in the URL when we call GetKeyDeliveryUrl.
Uri widevineUrl = key.GetKeyDeliveryUrl(ContentKeyDeliveryType.Widevine);
UriBuilder uriBuilder = new UriBuilder(widevineUrl);
uriBuilder.Query = String.Empty;
widevineUrl = uriBuilder.Uri;
Dictionary<AssetDeliveryPolicyConfigurationKey, string> assetDeliveryPolicyConfiguration =
new Dictionary<AssetDeliveryPolicyConfigurationKey, string>
{
{AssetDeliveryPolicyConfigurationKey.PlayReadyLicenseAcquisitionUrl, acquisitionUrl.ToString()},
{AssetDeliveryPolicyConfigurationKey.WidevineBaseLicenseAcquisitionUrl, widevineUrl.ToString()}
};
var assetDeliveryPolicy = _context.AssetDeliveryPolicies.Create(
"AssetDeliveryPolicy",
AssetDeliveryPolicyType.DynamicCommonEncryption,
AssetDeliveryProtocol.Dash,
assetDeliveryPolicyConfiguration);
// Add AssetDelivery Policy to the asset
asset.DeliveryPolicies.Add(assetDeliveryPolicy);
}
static public IAssetDeliveryPolicy CreateAssetDeliveryPolicyCENC(IAsset asset, IContentKey key, AssetDeliveryProtocol assetdeliveryprotocol, string name, CloudMediaContext _context, Uri playreadyAcquisitionUrl = null, bool playreadyEncodeLAURLForSilverlight = false, string playreadyCustomAttributes = null, string widevineAcquisitionUrl = null)
{
string stringacquisitionUrl;
if (playreadyEncodeLAURLForSilverlight && playreadyAcquisitionUrl != null)
{
stringacquisitionUrl = playreadyAcquisitionUrl.ToString().Replace("&", "%26");
}
else
{
if (playreadyAcquisitionUrl == null) playreadyAcquisitionUrl = key.GetKeyDeliveryUrl(ContentKeyDeliveryType.PlayReadyLicense);
stringacquisitionUrl = System.Security.SecurityElement.Escape(playreadyAcquisitionUrl.ToString());
}
Dictionary<AssetDeliveryPolicyConfigurationKey, string> assetDeliveryPolicyConfiguration = new Dictionary<AssetDeliveryPolicyConfigurationKey, string>
{
{
AssetDeliveryPolicyConfigurationKey.PlayReadyLicenseAcquisitionUrl, stringacquisitionUrl
},
};
if (playreadyCustomAttributes != null) // let's add custom attributes
{
assetDeliveryPolicyConfiguration.Add(AssetDeliveryPolicyConfigurationKey.PlayReadyCustomAttributes, playreadyCustomAttributes);
}
// Widevine
if (widevineAcquisitionUrl != null) // let's add Widevine
{
assetDeliveryPolicyConfiguration.Add(AssetDeliveryPolicyConfigurationKey.WidevineLicenseAcquisitionUrl, widevineAcquisitionUrl);
}
var assetDeliveryPolicy = _context.AssetDeliveryPolicies.Create(
name,
AssetDeliveryPolicyType.DynamicCommonEncryption,
assetdeliveryprotocol,
assetDeliveryPolicyConfiguration);
// Add AssetDelivery Policy to the asset
asset.DeliveryPolicies.Add(assetDeliveryPolicy);
return assetDeliveryPolicy;
}
public static IContentKey AddAuthorizationPolicyToContentKey(string assetID, CloudMediaContext mediaContext, IContentKey objIContentKey, string claimType, string claimValue)
{
//we name auth policy same as asset
var policy = mediaContext.ContentKeyAuthorizationPolicies.Where(c => c.Name == assetID).FirstOrDefault();
// Create ContentKeyAuthorizationPolicy with restrictions and create authorization policy
if (policy == null)
{
policy = mediaContext.ContentKeyAuthorizationPolicies.CreateAsync(assetID).Result;
}
//naming policyOption same as asset
var policyOption = mediaContext.ContentKeyAuthorizationPolicyOptions.Where(name => name.Name == assetID).FirstOrDefault();
if (policyOption == null)
{
List<ContentKeyAuthorizationPolicyRestriction> restrictions = new List<ContentKeyAuthorizationPolicyRestriction>();
List<X509Certificate2> certs = GetX509Certificate2FromADMetadataEndpoint();
JwtSecurityToken token = GetJwtSecurityToken();
TokenRestrictionTemplate template = new TokenRestrictionTemplate();
template.TokenType = TokenType.JWT;
template.PrimaryVerificationKey = new X509CertTokenVerificationKey(certs[0]);
certs.GetRange(1, certs.Count - 1).ForEach(c => template.AlternateVerificationKeys.Add(new X509CertTokenVerificationKey(c)));
//Ignore Empty claims
if (!String.IsNullOrEmpty(claimType) && !String.IsNullOrEmpty(claimValue))
{
template.RequiredClaims.Add(new TokenClaim(claimType, claimValue));
}
var audience = token.Audiences.First();
template.Audience = new Uri(audience);
template.Issuer = new Uri(token.Issuer);
string requirements = TokenRestrictionTemplateSerializer.Serialize(template);
ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction
{
Name = "Authorization Policy with Token Restriction",
KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted,
Requirements = requirements
};
restrictions.Add(restriction);
policyOption =
mediaContext.ContentKeyAuthorizationPolicyOptions.Create(assetID,
ContentKeyDeliveryType.BaselineHttp, restrictions, null);
policy.Options.Add(policyOption);
policy.UpdateAsync();
}
// Add ContentKeyAutorizationPolicy to ContentKey
objIContentKey.AuthorizationPolicyId = policy.Id;
IContentKey IContentKeyUpdated = objIContentKey.UpdateAsync().Result;
return IContentKeyUpdated;
}
static public IAssetDeliveryPolicy CreateAssetDeliveryPolicyAES(IAsset asset, IContentKey key, AssetDeliveryProtocol assetdeliveryprotocol, string name, CloudMediaContext _context, Uri keyAcquisitionUri)
{
// if user does not specify a custom LA URL, let's use the AES key server from Azure Media Services
if (keyAcquisitionUri == null)
keyAcquisitionUri = key.GetKeyDeliveryUrl(ContentKeyDeliveryType.BaselineHttp);
string envelopeEncryptionIV = Convert.ToBase64String(GetRandomBuffer(16));
// The following policy configuration specifies:
// key url that will have KID=<Guid> appended to the envelope and
// the Initialization Vector (IV) to use for the envelope encryption.
Dictionary<AssetDeliveryPolicyConfigurationKey, string> assetDeliveryPolicyConfiguration =
new Dictionary<AssetDeliveryPolicyConfigurationKey, string>
{
{AssetDeliveryPolicyConfigurationKey.EnvelopeKeyAcquisitionUrl, keyAcquisitionUri.ToString()},
{AssetDeliveryPolicyConfigurationKey.EnvelopeEncryptionIVAsBase64, envelopeEncryptionIV}
};
IAssetDeliveryPolicy assetDeliveryPolicy =
_context.AssetDeliveryPolicies.Create(
name,
AssetDeliveryPolicyType.DynamicEnvelopeEncryption,
assetdeliveryprotocol,
assetDeliveryPolicyConfiguration);
// Add AssetDelivery Policy to the asset
asset.DeliveryPolicies.Add(assetDeliveryPolicy);
return assetDeliveryPolicy;
}
public static IContentKeyAuthorizationPolicyOption AddTokenRestrictedAuthorizationPolicyPlayReady(IContentKey contentKey, string Audience, string Issuer, IList<TokenClaim> tokenclaimslist, bool AddContentKeyIdentifierClaim, TokenType tokentype, bool IsJWTKeySymmetric, TokenVerificationKey mytokenverificationkey, CloudMediaContext _context, string newLicenseTemplate)
{
string tokenTemplateString = GenerateTokenRequirements(tokentype, Audience, Issuer, tokenclaimslist, AddContentKeyIdentifierClaim, mytokenverificationkey);
string tname = ((IsJWTKeySymmetric) ? "Sym " : "Asym ") + ((tokentype == TokenType.SWT) ? "SWT " : " JWT ");
List<ContentKeyAuthorizationPolicyRestriction> restrictions = new List<ContentKeyAuthorizationPolicyRestriction>
{
new ContentKeyAuthorizationPolicyRestriction
{
Name = tname+ "Token Authorization Policy",
KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted,
Requirements = tokenTemplateString,
}
};
IContentKeyAuthorizationPolicyOption policyOption =
_context.ContentKeyAuthorizationPolicyOptions.Create(tname + "Token option",
ContentKeyDeliveryType.PlayReadyLicense,
restrictions, newLicenseTemplate);
IContentKeyAuthorizationPolicy contentKeyAuthorizationPolicy = _context.
ContentKeyAuthorizationPolicies.
CreateAsync("Deliver Common Content Key with no restrictions").
Result;
return policyOption;
}
private static void UpdateDeleteContentKey(IContentKey key)
{
key.AuthorizationPolicyId = Guid.NewGuid().ToString();
key.Update();
key.AuthorizationPolicyId = Guid.NewGuid().ToString();
key.UpdateAsync();
key.Delete();
}
