public void TestFairPlayConfigurationSerialization()
{
var cert = new X509Certificate2("UnitTest.pfx", "", X509KeyStorageFlags.Exportable);
string password = "";
var passwordId = Guid.NewGuid();
var askId = Guid.NewGuid();
var iv = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 };
string configuration = FairPlayConfiguration.CreateSerializedFairPlayOptionConfiguration(
cert,
password,
passwordId,
askId,
iv);
var result = JsonConvert.DeserializeObject <FairPlayConfiguration>(configuration);
Assert.AreEqual(passwordId, result.FairPlayPfxPasswordId);
Assert.AreEqual(askId, result.ASkId);
Assert.AreEqual("0102030405060708090A0B0C0D0E0F10", result.ContentEncryptionIV);
var cert2 = new X509Certificate2(Convert.FromBase64String(result.FairPlayPfx));
Assert.AreEqual(cert.Thumbprint, cert2.Thumbprint);
}
public void TestCreateFairPlayAuthorizationPolicy()
{
Guid keyId = Guid.NewGuid();
byte[] contentKey = Guid.NewGuid().ToByteArray();
IContentKey key = _mediaContext.ContentKeys.Create(keyId, contentKey, "testKey", ContentKeyType.CommonEncryptionCbcs);
byte[] askBytes = Guid.NewGuid().ToByteArray();
var askId = Guid.NewGuid();
IContentKey askKey = _mediaContext.ContentKeys.Create(askId, askBytes, "askKey", ContentKeyType.FairPlayASk);
string pfxPassword = "******";
var pfxPasswordId = Guid.NewGuid();
byte[] pfxPasswordBytes = System.Text.Encoding.UTF8.GetBytes(pfxPassword);
IContentKey pfxPasswordKey = _mediaContext.ContentKeys.Create(pfxPasswordId, pfxPasswordBytes, "pfxPasswordKey", ContentKeyType.FairPlayPfxPassword);
byte[] iv = Guid.NewGuid().ToByteArray();
var restrictions = new List <ContentKeyAuthorizationPolicyRestriction>
{
new ContentKeyAuthorizationPolicyRestriction
{
Name = "Open",
KeyRestrictionType = (int)ContentKeyRestrictionType.Open,
Requirements = null
}
};
var appCert = new X509Certificate2("amscer.pfx", pfxPassword, X509KeyStorageFlags.Exportable);
string configuration = FairPlayConfiguration.CreateSerializedFairPlayOptionConfiguration(
appCert,
pfxPassword,
pfxPasswordId,
askId,
iv);
var policyOption = _mediaContext.ContentKeyAuthorizationPolicyOptions.Create(
"fairPlayTest",
ContentKeyDeliveryType.FairPlay,
restrictions,
configuration);
var contentKeyAuthorizationPolicy = _mediaContext.ContentKeyAuthorizationPolicies.CreateAsync("Key no restrictions").Result;
contentKeyAuthorizationPolicy.Options.Add(policyOption);
key.AuthorizationPolicyId = contentKeyAuthorizationPolicy.Id;
key = key.UpdateAsync().Result;
key.Delete();
pfxPasswordKey.Delete();
askKey.Delete();
contentKeyAuthorizationPolicy.Delete();
}
private static IContentKeyAuthorizationPolicyOption CreateFairPlayPolicyOption(byte[] iv)
{
var appCert = new X509Certificate2(pfxPath, pfxPassword, X509KeyStorageFlags.Exportable);
var pfxPasswordId = Guid.NewGuid();
byte[] pfxPasswordBytes = System.Text.Encoding.UTF8.GetBytes(pfxPassword);
IContentKey pfxPasswordKey = _mediaContext.ContentKeys.Create(pfxPasswordId, pfxPasswordBytes, "pfxPasswordKey", ContentKeyType.FairPlayPfxPassword);
var askId = Guid.NewGuid();
IContentKey askKey = _mediaContext.ContentKeys.Create(askId, askBytes, "askKey", ContentKeyType.FairPlayASk);
var restriction = new ContentKeyAuthorizationPolicyRestriction
{
Name = "Open",
KeyRestrictionType = (int)ContentKeyRestrictionType.Open,
Requirements = null
};
var restrictions = new List <ContentKeyAuthorizationPolicyRestriction> {
restriction
};
string configuration = FairPlayConfiguration.CreateSerializedFairPlayOptionConfiguration(
appCert,
pfxPassword,
pfxPasswordId,
askId,
iv);
var policyOption = _mediaContext.ContentKeyAuthorizationPolicyOptions.Create(
"fairPlayTest",
ContentKeyDeliveryType.FairPlay,
restrictions,
configuration);
return(policyOption);
}
private static async Task <FairPlayConfiguration> GetFairPlayConfigurationAsync(MediaContextBase context)
{
var previousAskKey = default(IContentKey);
var askKeyId = Guid.NewGuid();
var askKeyName = ConfigurationManager.AppSettings["FairPlayASKContentKeyName"];
var askBytes = HexadecimalStringToByteArray(ConfigurationManager.AppSettings["FairPlayASKHexadecimal"]);
var askKey = context.ContentKeys.Where(k => k.Name == askKeyName).FirstOrDefault();
if (askKey == null)
{
askKey = await context.ContentKeys.CreateAsync(askKeyId, askBytes, askKeyName, ContentKeyType.FairPlayASk);
}
else
{
if (!askBytes.SequenceEqual(await askKey.GetClearKeyValueAsync()) || (askKey.ContentKeyType != ContentKeyType.FairPlayASk))
{
previousAskKey = askKey;
askKey = await context.ContentKeys.CreateAsync(askKeyId, askBytes, askKeyName, ContentKeyType.FairPlayASk);
}
askKeyId = Guid.Parse(askKey.Id.Replace(ContentKeyPrefix, string.Empty));
}
var previousAppCertPasswordKey = default(IContentKey);
var appCertPasswordKeyId = Guid.NewGuid();
var appCertPasswordKeyName = ConfigurationManager.AppSettings["FairPlayAppCertPasswordContentKeyName"];
var appCertPassword = ConfigurationManager.AppSettings["FairPlayAppCertPassword"];
var appCertPasswordBytes = Encoding.UTF8.GetBytes(appCertPassword);
var appCertPasswordKey = context.ContentKeys.Where(k => k.Name == appCertPasswordKeyName).FirstOrDefault();
if (appCertPasswordKey == null)
{
appCertPasswordKey = await context.ContentKeys.CreateAsync(appCertPasswordKeyId, appCertPasswordBytes, appCertPasswordKeyName, ContentKeyType.FairPlayPfxPassword);
}
else
{
if (!appCertPasswordBytes.SequenceEqual(await appCertPasswordKey.GetClearKeyValueAsync()) || (appCertPasswordKey.ContentKeyType != ContentKeyType.FairPlayPfxPassword))
{
previousAppCertPasswordKey = appCertPasswordKey;
appCertPasswordKey = await context.ContentKeys.CreateAsync(appCertPasswordKeyId, appCertPasswordBytes, appCertPasswordKeyName, ContentKeyType.FairPlayPfxPassword);
}
appCertPasswordKeyId = Guid.Parse(appCertPasswordKey.Id.Replace(ContentKeyPrefix, string.Empty));
}
var contentEncryptionIv = Guid.NewGuid().ToByteArray();
var appCert = new X509Certificate2(ConfigurationManager.AppSettings["FairPlayAppCertPath"], appCertPassword, X509KeyStorageFlags.Exportable);
var configuration = FairPlayConfiguration.CreateSerializedFairPlayOptionConfiguration(
appCert,
appCertPassword,
appCertPasswordKeyId,
askKeyId,
contentEncryptionIv);
if (previousAskKey != null)
{
await previousAskKey.DeleteAsync();
}
if (previousAppCertPasswordKey != null)
{
await previousAppCertPasswordKey.DeleteAsync();
}
return(JsonConvert.DeserializeObject <FairPlayConfiguration>(configuration));
}