private void DoDynamicEncryptionAndKeyDeliveryWithCENC(List<IAsset> SelectedAssets, AddDynamicEncryptionFrame1 form1, AddDynamicEncryptionFrame2_CENCKeyConfig form2_CENC, AddDynamicEncryptionFrame3_CENCDelivery form3_CENC, List<AddDynamicEncryptionFrame4> form4list, List<AddDynamicEncryptionFrame5_PlayReadyLicense> form5PlayReadyLicenseList, List<AddDynamicEncryptionFrame6_WidevineLicense> form6WidevineLicenseList, bool DisplayUI)
{
bool ErrorCreationKey = false;
bool reusekey = false;
bool firstkeycreation = true;
IContentKey formerkey = null;
if (!form2_CENC.ContentKeyRandomGeneration && (form2_CENC.KeyId != null)) // user want to manually enter the cryptography data and key if providedd
{
// if the key already exists in the account (same key id), let's
formerkey = SelectedAssets.FirstOrDefault().GetMediaContext().ContentKeys.Where(c => c.Id == Constants.ContentKeyIdPrefix + form2_CENC.KeyId.ToString()).FirstOrDefault();
if (formerkey != null)
{
if (DisplayUI && MessageBox.Show("A Content key with the same Key Id exists already in the account.\nDo you want to try to replace it?\n(If not, the existing key will be used)", "Content key Id", MessageBoxButtons.YesNo, MessageBoxIcon.Question) == DialogResult.Yes)
{
// user wants to replace the key
try
{
formerkey.Delete();
}
catch (Exception e)
{
// Add useful information to the exception
TextBoxLogWriteLine("There is a problem when deleting the content key {0}.", formerkey.Id, true);
TextBoxLogWriteLine(e);
TextBoxLogWriteLine("The former key will be reused.", true);
reusekey = true;
}
}
else
{
reusekey = true;
}
}
}
foreach (IAsset AssetToProcess in SelectedAssets)
{
if (AssetToProcess != null)
{
IContentKey contentKey = null;
var contentkeys = AssetToProcess.ContentKeys.Where(c => c.ContentKeyType == form1.GetContentKeyType);
// special case, no dynamic encryption, goal is to setup key auth policy. CENC key is selected
if (contentkeys.Count() == 0) // no content key existing so we need to create one
{
ErrorCreationKey = false;
// if ((form3_CENC.GetNumberOfAuthorizationPolicyOptionsPlayReady + form3_CENC.GetNumberOfAuthorizationPolicyOptionsWidevine) > 0 && form2_CENC.ContentKeyRandomGeneration)
//// Azure will deliver the PR or WV license and user wants to auto generate the key, so we can create a key with a random content key
if (!reusekey && ((form3_CENC.GetNumberOfAuthorizationPolicyOptionsPlayReady + form3_CENC.GetNumberOfAuthorizationPolicyOptionsWidevine) > 0 || form2_CENC.ContentKeyRandomGeneration))
// Azure will deliver the PR or WV license or user wants to auto generate the key, so we can create a key with a random content key
{
try
{
contentKey = DynamicEncryption.CreateCommonTypeContentKey(AssetToProcess, _context);
}
catch (Exception e)
{
// Add useful information to the exception
TextBoxLogWriteLine("There is a problem when creating the content key for '{0}'.", AssetToProcess.Name, true);
TextBoxLogWriteLine(e);
ErrorCreationKey = true;
}
if (!ErrorCreationKey)
{
TextBoxLogWriteLine("Created key {0} for asset '{1}'.", contentKey.Id, AssetToProcess.Name);
}
}
else // user wants to deliver with an external PlayReady or Widevine server or want to provide the key, so let's create the key based on what the user input
{
// if the key does not exist in the account (same key id), let's create it
if ((firstkeycreation && !reusekey) || form2_CENC.KeyId == null) // if we need to generate a new key id for each asset
{
if (form2_CENC.KeySeed != null) // seed has been given
{
Guid keyid = (form2_CENC.KeyId == null) ? Guid.NewGuid() : (Guid)form2_CENC.KeyId;
byte[] bytecontentkey = CommonEncryption.GeneratePlayReadyContentKey(Convert.FromBase64String(form2_CENC.KeySeed), keyid);
try
{
contentKey = DynamicEncryption.CreateCommonTypeContentKey(AssetToProcess, _context, keyid, bytecontentkey);
}
catch (Exception e)
{
// Add useful information to the exception
TextBoxLogWriteLine("There is a problem when creating the content key for '{0}'.", AssetToProcess.Name, true);
TextBoxLogWriteLine(e);
ErrorCreationKey = true;
}
if (!ErrorCreationKey)
{
TextBoxLogWriteLine("Created key {0} for the asset {1} ", contentKey.Id, AssetToProcess.Name);
}
}
else // no seed given, so content key has been setup
{
try
{
contentKey = DynamicEncryption.CreateCommonTypeContentKey(AssetToProcess, _context, (Guid)form2_CENC.KeyId, Convert.FromBase64String(form2_CENC.CENCContentKey));
}
catch (Exception e)
{
// Add useful information to the exception
TextBoxLogWriteLine("There is a problem when creating the content key for asset '{0}'.", AssetToProcess.Name, true);
TextBoxLogWriteLine(e);
ErrorCreationKey = true;
}
if (!ErrorCreationKey)
{
TextBoxLogWriteLine("Created key {0} for asset '{1}'.", contentKey.Id, AssetToProcess.Name);
}
}
formerkey = contentKey;
firstkeycreation = false;
}
else
{
contentKey = formerkey;
AssetToProcess.ContentKeys.Add(contentKey);
AssetToProcess.Update();
TextBoxLogWriteLine("Reusing key {0} for the asset {1} ", contentKey.Id, AssetToProcess.Name);
}
}
}
else if (false)//form1.PlayReadyPackaging form3_CENC.GetNumberOfAuthorizationPolicyOptionsPlayReady == 0 || form3_CENC.GetNumberOfAuthorizationPolicyOptionsWidevine == 0)
// TO DO ? : if user wants to deliver license from external servers
// user wants to deliver license with an external PlayReady and/or Widevine server but the key exists already !
{
TextBoxLogWriteLine("Warning for asset '{0}'. A CENC key already exists. You need to make sure that your external PlayReady or Widevine server can deliver the license for this asset.", AssetToProcess.Name, true);
}
else // let's use existing content key
{
contentKey = contentkeys.FirstOrDefault();
TextBoxLogWriteLine("Existing key '{0}' will be used for asset '{1}'.", contentKey.Id, AssetToProcess.Name);
}
if ((form3_CENC.GetNumberOfAuthorizationPolicyOptionsPlayReady + form3_CENC.GetNumberOfAuthorizationPolicyOptionsWidevine) > 0) // PlayReady/Widevine license and delivery from Azure Media Services
{
// let's create the Authorization Policy
IContentKeyAuthorizationPolicy contentKeyAuthorizationPolicy = _context.
ContentKeyAuthorizationPolicies.
CreateAsync("Authorization Policy").Result;
// Associate the content key authorization policy with the content key.
contentKey.AuthorizationPolicyId = contentKeyAuthorizationPolicy.Id;
contentKey = contentKey.UpdateAsync().Result;
foreach (var form4 in form4list)
{ // for each option
string PlayReadyLicenseDeliveryConfig = null;
string WidevineLicenseDeliveryConfig = null;
bool ItIsAPlayReadyOption = form4list.IndexOf(form4) < form3_CENC.GetNumberOfAuthorizationPolicyOptionsPlayReady;
if (ItIsAPlayReadyOption)
{ // user wants to define a PlayReady license for this option
// let's build the PlayReady license template
ErrorCreationKey = false;
try
{
PlayReadyLicenseDeliveryConfig = form5PlayReadyLicenseList[form4list.IndexOf(form4)].GetLicenseTemplate;
}
catch (Exception e)
{
// Add useful information to the exception
TextBoxLogWriteLine("There is a problem when configuring the PlayReady license template.", true);
TextBoxLogWriteLine(e);
ErrorCreationKey = true;
}
}
else
{ // user wants to define a Widevine license for this option
WidevineLicenseDeliveryConfig =
form6WidevineLicenseList[form4list.IndexOf(form4) - form3_CENC.GetNumberOfAuthorizationPolicyOptionsPlayReady]
.GetWidevineConfiguration(contentKey.GetKeyDeliveryUrl(ContentKeyDeliveryType.Widevine).ToString());
}
if (!ErrorCreationKey)
{
IContentKeyAuthorizationPolicyOption policyOption = null;
try
{
switch (form4.GetKeyRestrictionType)
{
case ContentKeyRestrictionType.Open:
if (ItIsAPlayReadyOption)
{
policyOption = DynamicEncryption.AddOpenAuthorizationPolicyOption(contentKey, ContentKeyDeliveryType.PlayReadyLicense, PlayReadyLicenseDeliveryConfig, _context);
TextBoxLogWriteLine("Created PlayReady Open authorization policy for the asset '{0}' ", AssetToProcess.Name);
contentKeyAuthorizationPolicy.Options.Add(policyOption);
}
else // widevine
{
policyOption = DynamicEncryption.AddOpenAuthorizationPolicyOption(contentKey, ContentKeyDeliveryType.Widevine, WidevineLicenseDeliveryConfig, _context);
TextBoxLogWriteLine("Created Widevine Open authorization policy for the asset '{0}' ", AssetToProcess.Name);
contentKeyAuthorizationPolicy.Options.Add(policyOption);
}
break;
case ContentKeyRestrictionType.TokenRestricted:
TokenVerificationKey mytokenverifkey = null;
string OpenIdDoc = null;
switch (form4.GetDetailedTokenType)
{
case ExplorerTokenType.SWT:
case ExplorerTokenType.JWTSym:
mytokenverifkey = new SymmetricVerificationKey(Convert.FromBase64String(form4.SymmetricKey));
break;
case ExplorerTokenType.JWTOpenID:
OpenIdDoc = form4.GetOpenIdDiscoveryDocument;
break;
case ExplorerTokenType.JWTX509:
mytokenverifkey = new X509CertTokenVerificationKey(form4.GetX509Certificate);
break;
}
if (ItIsAPlayReadyOption)
{
policyOption = DynamicEncryption.AddTokenRestrictedAuthorizationPolicyCENC(ContentKeyDeliveryType.PlayReadyLicense, contentKey, form4.GetAudience, form4.GetIssuer, form4.GetTokenRequiredClaims, form4.AddContentKeyIdentifierClaim, form4.GetTokenType, form4.GetDetailedTokenType, mytokenverifkey, _context, PlayReadyLicenseDeliveryConfig, OpenIdDoc);
TextBoxLogWriteLine("Created Token PlayReady authorization policy for the asset '{0}'.", AssetToProcess.Name);
}
else //widevine
{
policyOption = DynamicEncryption.AddTokenRestrictedAuthorizationPolicyCENC(ContentKeyDeliveryType.Widevine, contentKey, form4.GetAudience, form4.GetIssuer, form4.GetTokenRequiredClaims, form4.AddContentKeyIdentifierClaim, form4.GetTokenType, form4.GetDetailedTokenType, mytokenverifkey, _context, WidevineLicenseDeliveryConfig, OpenIdDoc);
TextBoxLogWriteLine("Created Token Widevine authorization policy for the asset '{0}'", AssetToProcess.Name);
}
contentKeyAuthorizationPolicy.Options.Add(policyOption);
if (form4.GetDetailedTokenType != ExplorerTokenType.JWTOpenID) // not possible to create a test token if OpenId is used
{
// let display a test token
X509SigningCredentials signingcred = null;
if (form4.GetDetailedTokenType == ExplorerTokenType.JWTX509)
{
signingcred = new X509SigningCredentials(form4.GetX509Certificate);
}
_context = Program.ConnectAndGetNewContext(_credentials); // otherwise cache issues with multiple options
DynamicEncryption.TokenResult testToken = DynamicEncryption.GetTestToken(AssetToProcess, _context, form1.GetContentKeyType, signingcred, policyOption.Id);
TextBoxLogWriteLine("The authorization test token for option #{0} ({1} with Bearer) is:\n{2}", form4list.IndexOf(form4), form4.GetTokenType.ToString(), Constants.Bearer + testToken.TokenString);
System.Windows.Forms.Clipboard.SetText(Constants.Bearer + testToken.TokenString);
}
break;
default:
break;
}
}
catch (Exception e)
{
// Add useful information to the exception
TextBoxLogWriteLine("There is a problem when creating the authorization policy for '{0}'.", AssetToProcess.Name, true);
TextBoxLogWriteLine(e);
ErrorCreationKey = true;
}
}
}
contentKeyAuthorizationPolicy.Update();
}
// Let's create the Asset Delivery Policy now
if (form1.GetDeliveryPolicyType != AssetDeliveryPolicyType.None && form1.EnableDynEnc)
{
IAssetDeliveryPolicy DelPol = null;
var assetDeliveryProtocol = form1.GetAssetDeliveryProtocol;
if (!form1.PlayReadyPackaging && form1.WidevinePackaging)
{
assetDeliveryProtocol = AssetDeliveryProtocol.Dash; // only DASH
}
string name = string.Format("AssetDeliveryPolicy {0} ({1})", form1.GetContentKeyType.ToString(), assetDeliveryProtocol.ToString());
ErrorCreationKey = false;
try
{
DelPol = DynamicEncryption.CreateAssetDeliveryPolicyCENC(
AssetToProcess,
contentKey,
form1,
name,
_context,
playreadyAcquisitionUrl: form3_CENC.GetNumberOfAuthorizationPolicyOptionsPlayReady > 0 ? null : form3_CENC.PlayReadyLAurl,
playreadyEncodeLAURLForSilverlight: form3_CENC.GetNumberOfAuthorizationPolicyOptionsPlayReady > 0 ? false : form3_CENC.PlayReadyLAurlEncodeForSL,
widevineAcquisitionUrl: form3_CENC.GetNumberOfAuthorizationPolicyOptionsWidevine > 0 ? null : form3_CENC.WidevineLAurl
);
TextBoxLogWriteLine("Created asset delivery policy '{0}' for asset '{1}'.", DelPol.AssetDeliveryPolicyType, AssetToProcess.Name);
}
catch (Exception e)
{
TextBoxLogWriteLine("There is a problem when creating the delivery policy for '{0}'.", AssetToProcess.Name, true);
TextBoxLogWriteLine(e);
ErrorCreationKey = true;
}
}
}
}
}
private bool SetupDynamicEncryption(List<IAsset> SelectedAssets, bool forceusertoprovidekey)
{
if (SelectedAssets.Count == 0) return false;
string labelAssetName;
bool oktoproceed = false;
// check if assets are published
var publishedAssets = SelectedAssets.Where(a => a.Locators.Count > 0).ToList();
if (publishedAssets.Count > 0)
{
if (MessageBox.Show("Some selected asset(s) are published.\nYou need to unpublish them before doing any dynamic encryption change.\n\nOk to unpublish (delete locators) ?", "Published assets", MessageBoxButtons.YesNo, MessageBoxIcon.Question) == DialogResult.Yes)
{
DoDeleteAllLocatorsOnAssets(publishedAssets, true);
}
else
{
return false;
}
}
labelAssetName = "Dynamic encryption will be applied for Asset '" + SelectedAssets.FirstOrDefault().Name + "'.";
if (SelectedAssets.Count > 1)
{
labelAssetName = "Dynamic encryption will applied to the " + SelectedAssets.Count.ToString() + " selected assets.";
}
AddDynamicEncryptionFrame1 form1 = new AddDynamicEncryptionFrame1(_context);
if (form1.ShowDialog() == DialogResult.OK)
{
switch (form1.GetDeliveryPolicyType)
{
///////////////////////////////////////////// CENC Dynamic Encryption
case AssetDeliveryPolicyType.DynamicCommonEncryption:
case AssetDeliveryPolicyType.None: // in that case, user want to configure license delivery on an asset already encrypted
AddDynamicEncryptionFrame2_CENCKeyConfig form2_CENC = new AddDynamicEncryptionFrame2_CENCKeyConfig(
forceusertoprovidekey)
// !NeedToDisplayPlayReadyLicense,
// ((form1.GetAssetDeliveryProtocol & AssetDeliveryProtocol.Dash) == AssetDeliveryProtocol.Dash) && (form1.GetDeliveryPolicyType == AssetDeliveryPolicyType.DynamicCommonEncryption))
{ Left = form1.Left, Top = form1.Top };
if (form2_CENC.ShowDialog() == DialogResult.OK)
{
var form3_CENC = new AddDynamicEncryptionFrame3_CENCDelivery(_context, form1.PlayReadyPackaging, form1.WidevinePackaging);
if (form3_CENC.ShowDialog() == DialogResult.OK)
{
bool NeedToDisplayPlayReadyLicense = form3_CENC.GetNumberOfAuthorizationPolicyOptionsPlayReady > 0;
bool NeedToDisplayWidevineLicense = form3_CENC.GetNumberOfAuthorizationPolicyOptionsWidevine > 0;
List<AddDynamicEncryptionFrame4> form4list = new List<AddDynamicEncryptionFrame4>();
List<AddDynamicEncryptionFrame5_PlayReadyLicense> form5list = new List<AddDynamicEncryptionFrame5_PlayReadyLicense>();
List<AddDynamicEncryptionFrame6_WidevineLicense> form6list = new List<AddDynamicEncryptionFrame6_WidevineLicense>();
bool usercancelledform4or5 = false;
bool usercancelledform4or6 = false;
int step = 3;
string tokensymmetrickey = null;
for (int i = 0; i < form3_CENC.GetNumberOfAuthorizationPolicyOptionsPlayReady; i++)
{
AddDynamicEncryptionFrame4 form4 = new AddDynamicEncryptionFrame4(_context, step, i + 1, "PlayReady", tokensymmetrickey, false) { Left = form2_CENC.Left, Top = form2_CENC.Top };
if (form4.ShowDialog() == DialogResult.OK)
{
step++;
form4list.Add(form4);
tokensymmetrickey = form4.SymmetricKey;
AddDynamicEncryptionFrame5_PlayReadyLicense form5_PlayReadyLicense = new AddDynamicEncryptionFrame5_PlayReadyLicense(step, i + 1, i == (form3_CENC.GetNumberOfAuthorizationPolicyOptionsPlayReady - 1)) { Left = form3_CENC.Left, Top = form3_CENC.Top };
//AddDynamicEncryptionFrame6_WidevineLicense form6_WidevineLicense = new AddDynamicEncryptionFrame6_WidevineLicense(step, i + 1, i == (form3_CENC.GetNumberOfAuthorizationPolicyOptionsPlayReady - 1)) { Left = form3_CENC.Left, Top = form3_CENC.Top };
step++;
if (NeedToDisplayPlayReadyLicense) // it's a PlayReady license and user wants to deliver the license from Azure Media Services
{
if (form5_PlayReadyLicense.ShowDialog() == DialogResult.OK) // let's display the dialog box to configure the playready license
{
form5list.Add(form5_PlayReadyLicense);
}
else
{
usercancelledform4or5 = true;
}
}
}
else
{
usercancelledform4or5 = true;
}
}
// widevine
for (int i = 0; i < form3_CENC.GetNumberOfAuthorizationPolicyOptionsWidevine; i++)
{
AddDynamicEncryptionFrame4 form4 = new AddDynamicEncryptionFrame4(_context, step, i + 1, "Widevine", tokensymmetrickey, false) { Left = form2_CENC.Left, Top = form2_CENC.Top };
if (form4.ShowDialog() == DialogResult.OK)
{
step++;
form4list.Add(form4);
tokensymmetrickey = form4.SymmetricKey;
AddDynamicEncryptionFrame6_WidevineLicense form6_WidevineLicense = new AddDynamicEncryptionFrame6_WidevineLicense(Constants.TemporaryWidevineLicenseServer, step, i + 1, i == (form3_CENC.GetNumberOfAuthorizationPolicyOptionsWidevine - 1)) { Left = form3_CENC.Left, Top = form3_CENC.Top };
step++;
if (form6_WidevineLicense.ShowDialog() == DialogResult.OK) // let's display the dialog box to configure the playready license
{
form6list.Add(form6_WidevineLicense);
}
else
{
usercancelledform4or6 = true;
}
}
else
{
usercancelledform4or6 = true;
}
}
if (!usercancelledform4or5 && !usercancelledform4or6)
{
DoDynamicEncryptionAndKeyDeliveryWithCENC(SelectedAssets, form1, form2_CENC, form3_CENC, form4list, form5list, form6list, true);
oktoproceed = true;
dataGridViewAssetsV.PurgeCacheAssets(SelectedAssets);
dataGridViewAssetsV.AnalyzeItemsInBackground();
}
}
}
break;
///////////////////////////////////////////// AES Dynamic Encryption
case AssetDeliveryPolicyType.DynamicEnvelopeEncryption:
AddDynamicEncryptionFrame2_AESKeyConfig form2_AES =
new AddDynamicEncryptionFrame2_AESKeyConfig(forceusertoprovidekey) { Left = form1.Left, Top = form1.Top };
if (form2_AES.ShowDialog() == DialogResult.OK)
{
var form3_AES = new AddDynamicEncryptionFrame3_AESDelivery(_context);
if (form3_AES.ShowDialog() == DialogResult.OK)
{
List<AddDynamicEncryptionFrame4> form4list = new List<AddDynamicEncryptionFrame4>();
bool usercancelledform4 = false;
string tokensymmetrickey = null;
for (int i = 0; i < form3_AES.GetNumberOfAuthorizationPolicyOptions; i++)
{
AddDynamicEncryptionFrame4 form4 = new AddDynamicEncryptionFrame4(_context, i + 3, i + 1, "AES", tokensymmetrickey, true) { Left = form2_AES.Left, Top = form2_AES.Top };
if (form4.ShowDialog() == DialogResult.OK)
{
form4list.Add(form4);
tokensymmetrickey = form4.SymmetricKey;
}
else
{
usercancelledform4 = true;
}
}
if (!usercancelledform4)
{
DoDynamicEncryptionWithAES(SelectedAssets, form1, form2_AES, form3_AES, form4list, true);
oktoproceed = true;
dataGridViewAssetsV.PurgeCacheAssets(SelectedAssets);
dataGridViewAssetsV.AnalyzeItemsInBackground();
}
}
}
break;
///////////////////////////////////////////// Decrypt storage protected content
case AssetDeliveryPolicyType.NoDynamicEncryption:
AddDynDecryption(SelectedAssets, form1, _context);
oktoproceed = true;
dataGridViewAssetsV.PurgeCacheAssets(SelectedAssets);
dataGridViewAssetsV.AnalyzeItemsInBackground();
break;
default:
break;
}
}
return oktoproceed;
}