Пример #1
0
        private static ContentKeyPolicy EnsureContentKeyPolicyExists(IAzureMediaServicesClient client,
                                                                     string resourceGroup, string accountName, string contentKeyPolicyName)
        {
            ContentKeyPolicySymmetricTokenKey          primaryKey     = new ContentKeyPolicySymmetricTokenKey(TokenSigningKey);
            List <ContentKeyPolicyRestrictionTokenKey> alternateKeys  = null;
            List <ContentKeyPolicyTokenClaim>          requiredClaims = new List <ContentKeyPolicyTokenClaim>()
            {
                ContentKeyPolicyTokenClaim.ContentKeyIdentifierClaim
            };

            List <ContentKeyPolicyOption> options = new List <ContentKeyPolicyOption>()
            {
                new ContentKeyPolicyOption(
                    new ContentKeyPolicyClearKeyConfiguration(),
                    new ContentKeyPolicyTokenRestriction(Issuer, Audience, primaryKey,
                                                         ContentKeyPolicyRestrictionTokenType.Jwt, alternateKeys, requiredClaims))
            };

            // since we are randomly generating the signing key each time, make sure to create or update the policy each time.
            // Normally you would use a long lived key so you would just check for the policies existence with Get instead of
            // ensuring to create or update it each time.
            ContentKeyPolicy policy = client.ContentKeyPolicies.CreateOrUpdate(resourceGroup, accountName, contentKeyPolicyName, options);

            return(policy);
        }
        // </CreateMediaServicesClient>

        /// <summary>
        /// Create the content key policy that configures how the content key is delivered to end clients
        /// via the Key Delivery component of Azure Media Services.
        /// </summary>
        /// <param name="client">The Media Services client.</param>
        /// <param name="resourceGroupName">The name of the resource group within the Azure subscription.</param>
        /// <param name="accountName"> The Media Services account name.</param>
        /// <param name="contentKeyPolicyName">The name of the content key policy resource.</param>
        /// <returns></returns>
        // <GetOrCreateContentKeyPolicy>
        private static async Task <ContentKeyPolicy> GetOrCreateContentKeyPolicyAsync(
            IAzureMediaServicesClient client,
            string resourceGroupName,
            string accountName,
            string contentKeyPolicyName,
            byte[] tokenSigningKey)
        {
            ContentKeyPolicy policy = await client.ContentKeyPolicies.GetAsync(resourceGroupName, accountName, contentKeyPolicyName);

            if (policy == null)
            {
                ContentKeyPolicySymmetricTokenKey primaryKey     = new ContentKeyPolicySymmetricTokenKey(tokenSigningKey);
                List <ContentKeyPolicyTokenClaim> requiredClaims = new List <ContentKeyPolicyTokenClaim>()
                {
                    ContentKeyPolicyTokenClaim.ContentKeyIdentifierClaim
                };
                List <ContentKeyPolicyRestrictionTokenKey> alternateKeys = null;
                ContentKeyPolicyTokenRestriction           restriction
                    = new ContentKeyPolicyTokenRestriction(Issuer, Audience, primaryKey, ContentKeyPolicyRestrictionTokenType.Jwt, alternateKeys, requiredClaims);

                ContentKeyPolicyPlayReadyConfiguration playReadyConfig = ConfigurePlayReadyLicenseTemplate();
                ContentKeyPolicyWidevineConfiguration  widevineConfig  = ConfigureWidevineLicenseTempate();

                List <ContentKeyPolicyOption> options = new List <ContentKeyPolicyOption>();

                options.Add(
                    new ContentKeyPolicyOption()
                {
                    Configuration = playReadyConfig,
                    // If you want to set an open restriction, use
                    // Restriction = new ContentKeyPolicyOpenRestriction()
                    Restriction = restriction
                });

                options.Add(
                    new ContentKeyPolicyOption()
                {
                    Configuration = widevineConfig,
                    Restriction   = restriction
                });

                policy = await client.ContentKeyPolicies.CreateOrUpdateAsync(resourceGroupName, accountName, contentKeyPolicyName, options);
            }
            else
            {
                // Get the signing key from the existing policy.
                var policyProperties = await client.ContentKeyPolicies.GetPolicyPropertiesWithSecretsAsync(resourceGroupName, accountName, contentKeyPolicyName);

                var restriction = policyProperties.Options[0].Restriction as ContentKeyPolicyTokenRestriction;
                if (restriction != null)
                {
                    var signingKey = restriction.PrimaryVerificationKey as ContentKeyPolicySymmetricTokenKey;
                    if (signingKey != null)
                    {
                        TokenSigningKey = signingKey.KeyValue;
                    }
                }
            }
            return(policy);
        }
Пример #3
0
        // Create the content key policy that configures how the content key is delivered to end clients
        private static async Task <ContentKeyPolicy> GetOrCreateContentKeyPolicyAsync(
            IAzureMediaServicesClient client,
            string resourceGroupName,
            string accountName,
            string contentKeyPolicyName,
            byte[] tokenSigningKey)
        {
            ContentKeyPolicy policy = await client.ContentKeyPolicies.GetAsync(resourceGroupName, accountName, contentKeyPolicyName);

            if (policy == null)
            {
                ContentKeyPolicySymmetricTokenKey          primaryKey     = new ContentKeyPolicySymmetricTokenKey(TokenSigningKey);
                List <ContentKeyPolicyRestrictionTokenKey> alternateKeys  = null;
                List <ContentKeyPolicyTokenClaim>          requiredClaims = new List <ContentKeyPolicyTokenClaim>()
                {
                    ContentKeyPolicyTokenClaim.ContentKeyIdentifierClaim
                };

                List <ContentKeyPolicyOption> options = new List <ContentKeyPolicyOption>()
                {
                    new ContentKeyPolicyOption(
                        new ContentKeyPolicyClearKeyConfiguration(),
                        new ContentKeyPolicyTokenRestriction(Issuer, Audience, primaryKey,
                                                             ContentKeyPolicyRestrictionTokenType.Jwt, alternateKeys, requiredClaims))
                };

                policy = await client.ContentKeyPolicies.CreateOrUpdateAsync(resourceGroupName, accountName, contentKeyPolicyName, options);
            }

            return(policy);
        }
Пример #4
0
        private async Task <byte[]> GetOrCreateContentPolicy(string policyName)
        {
            var policy = await
                         _client.ContentKeyPolicies.GetAsync(_option.ResourceGroupName, _option.AccountName, policyName);

            if (policy == null)
            {
                var primaryKey     = new ContentKeyPolicySymmetricTokenKey(_option.TokenKey);
                var requiredClaims = new List <ContentKeyPolicyTokenClaim>()
                {
                    ContentKeyPolicyTokenClaim.ContentKeyIdentifierClaim
                };

                var restriction = new ContentKeyPolicyTokenRestriction(_option.Issuer, _option.Audience, primaryKey, ContentKeyPolicyRestrictionTokenType.Jwt, null, requiredClaims);

                var options = new List <ContentKeyPolicyOption>()
                {
                    new ContentKeyPolicyOption()
                    {
                        Name          = "playReady",
                        Configuration = ConfigurePlayReadyLicenseTemplate(),
                        Restriction   = restriction
                    },
                    new ContentKeyPolicyOption()
                    {
                        Name          = "winevine",
                        Configuration = ConfigureWidevineLicenseTemplate(),
                        Restriction   = restriction
                    }
                };

                await _client.ContentKeyPolicies.CreateOrUpdateAsync(_option.ResourceGroupName, _option.AccountName,
                                                                     policyName, options);
            }

            var policyProperties =
                await _client.ContentKeyPolicies.GetPolicyPropertiesWithSecretsAsync(_option.ResourceGroupName,
                                                                                     _option.AccountName, policyName);

            if (policyProperties.Options[0].Restriction is ContentKeyPolicyTokenRestriction restriction2)
            {
                if (restriction2.PrimaryVerificationKey is ContentKeyPolicySymmetricTokenKey signingKey)
                {
                    return(signingKey.KeyValue);
                }
            }

            return(_option.TokenKey);
        }
Пример #5
0
        public async Task CreateContentPolicyIfNotExists()
        {
            var policyName = _option.ContentPolicyOption.ContentPolicyName;
            var tokenKey   = Encoding.ASCII.GetBytes(_option.ContentPolicyOption.TokenValidateKey);

            var policy = await
                         _client.ContentKeyPolicies.GetAsync(_option.ResourceGroupName, _option.AccountName, policyName);

            if (policy == null)
            {
                var primaryKey     = new ContentKeyPolicySymmetricTokenKey(tokenKey);
                var requiredClaims = new List <ContentKeyPolicyTokenClaim>()
                {
                    ContentKeyPolicyTokenClaim.ContentKeyIdentifierClaim
                };

                var restriction = new ContentKeyPolicyTokenRestriction(_option.ContentPolicyOption.TokenIssuer,
                                                                       _option.ContentPolicyOption.TokenAudience, primaryKey, ContentKeyPolicyRestrictionTokenType.Jwt, null,
                                                                       requiredClaims);

                var options = new List <ContentKeyPolicyOption>()
                {
                    new ContentKeyPolicyOption()
                    {
                        Name          = "playReady",
                        Configuration = ConfigurePlayReadyLicenseTemplate(),
                        Restriction   = restriction
                    },
                    new ContentKeyPolicyOption()
                    {
                        Name          = "winevine",
                        Configuration = ConfigureWidevineLicenseTemplate(),
                        Restriction   = restriction
                    },
                    new ContentKeyPolicyOption(new ContentKeyPolicyClearKeyConfiguration(), restriction)
                    {
                        Name = "AES"
                    }
                };

                await _client.ContentKeyPolicies.CreateOrUpdateAsync(_option.ResourceGroupName, _option.AccountName,
                                                                     policyName, options);
            }
        }
        // </RunAsync>


        /// <summary>
        /// Create the content key policy that configures how the content key is delivered to end clients
        /// via the Key Delivery component of Azure Media Services.
        /// </summary>
        /// <param name="client">The Media Services client.</param>
        /// <param name="resourceGroupName">The name of the resource group within the Azure subscription.</param>
        /// <param name="accountName"> The Media Services account name.</param>
        /// <param name="contentKeyPolicyName">The name of the content key policy resource.</param>
        /// <returns></returns>
        // <GetOrCreateContentKeyPolicy>
        private static async Task <ContentKeyPolicy> GetOrCreateContentKeyPolicyAsync(
            IAzureMediaServicesClient client,
            string resourceGroupName,
            string accountName,
            string contentKeyPolicyName)
        {
            bool             createPolicy = false;
            ContentKeyPolicy policy       = null;

            try
            {
                policy = await client.ContentKeyPolicies.GetAsync(resourceGroupName, accountName, contentKeyPolicyName);
            }
            catch (ErrorResponseException ex) when(ex.Response.StatusCode == System.Net.HttpStatusCode.NotFound)
            {
                createPolicy = true;
            }

            if (createPolicy)
            {
                ContentKeyPolicySymmetricTokenKey          primaryKey     = new ContentKeyPolicySymmetricTokenKey(TokenSigningKey);
                List <ContentKeyPolicyRestrictionTokenKey> alternateKeys  = null;
                List <ContentKeyPolicyTokenClaim>          requiredClaims = new List <ContentKeyPolicyTokenClaim>()
                {
                    ContentKeyPolicyTokenClaim.ContentKeyIdentifierClaim
                };

                List <ContentKeyPolicyOption> options = new List <ContentKeyPolicyOption>()
                {
                    new ContentKeyPolicyOption(
                        new ContentKeyPolicyClearKeyConfiguration(),
                        new ContentKeyPolicyTokenRestriction(Issuer, Audience, primaryKey,
                                                             ContentKeyPolicyRestrictionTokenType.Jwt, alternateKeys, requiredClaims))
                };

                // Since we are randomly generating the signing key each time, make sure to create or update the policy each time.
                // Normally you would use a long lived key so you would just check for the policies existence with Get instead of
                // ensuring to create or update it each time.
                policy = await client.ContentKeyPolicies.CreateOrUpdateAsync(resourceGroupName, accountName, contentKeyPolicyName, options);
            }

            return(policy);
        }
        /// <summary>
        /// Checks if content key policy exists, if not, creates new one
        /// This code is based on https://github.com/Azure-Samples/media-services-v3-dotnet-core-tutorials/tree/master/NETCore/EncodeHTTPAndPublishAESEncrypted
        /// </summary>
        /// <param name="client">Azure Media Services instance client</param>
        /// <param name="resourceGroup">Azure resource group</param>
        /// <param name="accountName">Azure Media Services instance account name</param>
        /// <param name="contentKeyPolicyName">Content key policy name</param>
        /// <param name="tokenSigningKey">Token signing key</param>
        /// <param name="issuer">Token issuer</param>
        /// <param name="audience">Token audience</param>
        /// <returns></returns>
        public static async Task <ContentKeyPolicy> EnsureContentKeyPolicyExists(IAzureMediaServicesClient client, string resourceGroup, string accountName, string contentKeyPolicyName, byte[] tokenSigningKey, string issuer, string audience)
        {
            var primaryKey = new ContentKeyPolicySymmetricTokenKey(tokenSigningKey);
            List <ContentKeyPolicyRestrictionTokenKey> alternateKeys = null;
            var requiredClaims = new List <ContentKeyPolicyTokenClaim>()
            {
                ContentKeyPolicyTokenClaim.ContentKeyIdentifierClaim
            };

            var options = new List <ContentKeyPolicyOption>()
            {
                new ContentKeyPolicyOption(
                    new ContentKeyPolicyClearKeyConfiguration(),
                    new ContentKeyPolicyTokenRestriction(issuer, audience, primaryKey,
                                                         ContentKeyPolicyRestrictionTokenType.Jwt, alternateKeys, requiredClaims))
            };

            var policy = await client.ContentKeyPolicies.CreateOrUpdateAsync(resourceGroup, accountName, contentKeyPolicyName, options).ConfigureAwait(false);

            return(policy);
        }
Пример #8
0
        public void ContentKeyPolicyComboTest()
        {
            using (MockContext context = this.StartMockContextAndInitializeClients(this.GetType()))
            {
                try
                {
                    CreateMediaServicesAccount();

                    // List ContentKeyPolicies, which should be empty
                    var contentKeyPolicies = MediaClient.ContentKeyPolicies.List(ResourceGroup, AccountName);
                    Assert.Empty(contentKeyPolicies);

                    string policyName        = TestUtilities.GenerateName("ContentKeyPolicy");
                    string policyDescription = "Test policy";

                    // Try to get the policy, which should not exist
                    Assert.Equal(System.Net.HttpStatusCode.NotFound, Assert.Throws <ErrorResponseException>(() => MediaClient.ContentKeyPolicies.Get(ResourceGroup, AccountName, policyName)).Response.StatusCode);

                    // Create the policy
                    ContentKeyPolicyOption[] options = new ContentKeyPolicyOption[]
                    {
                        new ContentKeyPolicyOption(new ContentKeyPolicyClearKeyConfiguration(), new ContentKeyPolicyOpenRestriction())
                    };

                    ContentKeyPolicy createdPolicy = MediaClient.ContentKeyPolicies.CreateOrUpdate(ResourceGroup, AccountName, policyName, options, policyDescription);
                    ValidateContentKeyPolicy(createdPolicy, policyName, policyDescription, options);

                    // List ContentKeyPolicies and validate the created policy shows up
                    contentKeyPolicies = MediaClient.ContentKeyPolicies.List(ResourceGroup, AccountName);
                    Assert.Single(contentKeyPolicies);
                    ValidateContentKeyPolicy(createdPolicy, policyName, policyDescription, options);

                    // Get the newly created policy
                    ContentKeyPolicy contentKeyPolicy = MediaClient.ContentKeyPolicies.Get(ResourceGroup, AccountName, policyName);
                    Assert.NotNull(contentKeyPolicy);
                    ValidateContentKeyPolicy(createdPolicy, policyName, policyDescription, options);

                    // Update the policy
                    var primaryVerificationKey        = new ContentKeyPolicySymmetricTokenKey(new byte[32]);
                    ContentKeyPolicyOption[] options2 = new ContentKeyPolicyOption[]
                    {
                        new ContentKeyPolicyOption(new ContentKeyPolicyClearKeyConfiguration(),
                                                   new ContentKeyPolicyTokenRestriction(
                                                       "issuer",
                                                       "audience",
                                                       primaryVerificationKey,
                                                       ContentKeyPolicyRestrictionTokenType.Jwt,
                                                       requiredClaims: new ContentKeyPolicyTokenClaim[] { ContentKeyPolicyTokenClaim.ContentKeyIdentifierClaim }))
                    };

                    ContentKeyPolicy updatedByPutPolicy = MediaClient.ContentKeyPolicies.CreateOrUpdate(ResourceGroup, AccountName, policyName, options2, policyDescription);
                    ValidateContentKeyPolicy(updatedByPutPolicy, policyName, policyDescription, options2);

                    // List ContentKeyPolicies and validate the updated policy shows up as expected
                    contentKeyPolicies = MediaClient.ContentKeyPolicies.List(ResourceGroup, AccountName);
                    Assert.Single(contentKeyPolicies);
                    ValidateContentKeyPolicy(contentKeyPolicies.First(), policyName, policyDescription, options2);

                    // Get the newly updated policy
                    contentKeyPolicy = MediaClient.ContentKeyPolicies.Get(ResourceGroup, AccountName, policyName);
                    Assert.NotNull(contentKeyPolicy);
                    ValidateContentKeyPolicy(contentKeyPolicy, policyName, policyDescription, options2);

                    // Delete the policy
                    MediaClient.ContentKeyPolicies.Delete(ResourceGroup, AccountName, policyName);

                    // List ContentKeyPolicies, which should be empty again
                    contentKeyPolicies = MediaClient.ContentKeyPolicies.List(ResourceGroup, AccountName);
                    Assert.Empty(contentKeyPolicies);

                    // Try to get the policy, which should not exist
                    Assert.Equal(System.Net.HttpStatusCode.NotFound, Assert.Throws <ErrorResponseException>(() => MediaClient.ContentKeyPolicies.Get(ResourceGroup, AccountName, policyName)).Response.StatusCode);
                }
                finally
                {
                    DeleteMediaServicesAccount();
                }
            }
        }
        // </RunAsync>


        /// <summary>
        /// Create the content key policy that configures how the content key is delivered to end clients
        /// via the Key Delivery component of Azure Media Services.
        /// </summary>
        /// <param name="client">The Media Services client.</param>
        /// <param name="resourceGroupName">The name of the resource group within the Azure subscription.</param>
        /// <param name="accountName"> The Media Services account name.</param>
        /// <param name="contentKeyPolicyName">The name of the content key policy resource.</param>
        /// <returns></returns>
        // <GetOrCreateContentKeyPolicy>
        private static async Task <ContentKeyPolicy> GetOrCreateContentKeyPolicyAsync(
            IAzureMediaServicesClient client,
            string resourceGroupName,
            string accountName,
            string contentKeyPolicyName,
            byte[] tokenSigningKey)
        {
            bool             createPolicy = false;
            ContentKeyPolicy policy       = null;

            try
            {
                policy = await client.ContentKeyPolicies.GetAsync(resourceGroupName, accountName, contentKeyPolicyName);
            }
            catch (ErrorResponseException ex) when(ex.Response.StatusCode == System.Net.HttpStatusCode.NotFound)
            {
                createPolicy = true;
            }

            if (createPolicy)
            {
                ContentKeyPolicySymmetricTokenKey primaryKey     = new ContentKeyPolicySymmetricTokenKey(tokenSigningKey);
                List <ContentKeyPolicyTokenClaim> requiredClaims = new List <ContentKeyPolicyTokenClaim>()
                {
                    ContentKeyPolicyTokenClaim.ContentKeyIdentifierClaim
                };
                List <ContentKeyPolicyRestrictionTokenKey> alternateKeys = null;
                ContentKeyPolicyTokenRestriction           restriction
                    = new ContentKeyPolicyTokenRestriction(Issuer, Audience, primaryKey, ContentKeyPolicyRestrictionTokenType.Jwt, alternateKeys, requiredClaims);

                ContentKeyPolicyPlayReadyConfiguration playReadyConfig = ConfigurePlayReadyLicenseTemplate();
                ContentKeyPolicyWidevineConfiguration  widevineConfig  = ConfigureWidevineLicenseTemplate();
                // ContentKeyPolicyFairPlayConfiguration fairplayConfig = ConfigureFairPlayPolicyOptions();

                List <ContentKeyPolicyOption> options = new List <ContentKeyPolicyOption>();

                options.Add(
                    new ContentKeyPolicyOption()
                {
                    Configuration = playReadyConfig,
                    // If you want to set an open restriction, use
                    // Restriction = new ContentKeyPolicyOpenRestriction()
                    Restriction = restriction
                });

                options.Add(
                    new ContentKeyPolicyOption()
                {
                    Configuration = widevineConfig,
                    Restriction   = restriction
                });

                // add CBCS ContentKeyPolicyOption into the list
                //   options.Add(
                //       new ContentKeyPolicyOption()
                //       {
                //           Configuration = fairplayConfig,
                //           Restriction = restriction,
                //           Name = "ContentKeyPolicyOption_CBCS"
                //       });

                policy = await client.ContentKeyPolicies.CreateOrUpdateAsync(resourceGroupName, accountName, contentKeyPolicyName, options);
            }
            else
            {
                // Get the signing key from the existing policy.
                var policyProperties = await client.ContentKeyPolicies.GetPolicyPropertiesWithSecretsAsync(resourceGroupName, accountName, contentKeyPolicyName);

                if (policyProperties.Options[0].Restriction is ContentKeyPolicyTokenRestriction restriction)
                {
                    if (restriction.PrimaryVerificationKey is ContentKeyPolicySymmetricTokenKey signingKey)
                    {
                        TokenSigningKey = signingKey.KeyValue;
                    }
                }
            }
            return(policy);
        }