public void EncryptContentKeyToCertRoundTripTest() { var cert = new X509Certificate2("UnitTest.pfx"); var dataContextMock = new Mock<IMediaDataServiceContext>(); string testKey = "1234567890123456"; var fakeResponse = new string[] { Convert.ToBase64String(new System.Text.UTF8Encoding().GetBytes(testKey)) }; dataContextMock.Setup((ctxt) => ctxt .Execute<string>(It.IsAny<Uri>())) .Returns(() => { return fakeResponse; }); _mediaContext.MediaServicesClassFactory = new TestMediaServicesClassFactory(dataContextMock.Object); var contentKey = new ContentKeyData { Name = "testData", Id = "id" }; contentKey.SetMediaContext(_mediaContext); byte[] encryptedKeyValue = contentKey.GetEncryptedKeyValue(cert); byte[] encryptedContentKey = CommonEncryption.EncryptContentKeyToCertificate(cert, encryptedKeyValue); byte[] decryptedContentKey = EncryptionUtils.DecryptSymmetricKey(cert, encryptedContentKey); Assert.IsTrue(encryptedKeyValue.SequenceEqual(decryptedContentKey)); }
/// <summary> /// Creates an envelope encryption content key. /// </summary> /// <param name="keyId">The key id.</param> /// <param name="contentKey">The content key data.</param> /// <param name="name">The name.</param> /// <param name="cert">The cert.</param> /// <returns>The content key.</returns> internal static ContentKeyData InitializeEnvelopeContentKey(Guid keyId, byte[] contentKey, string name, X509Certificate2 cert) { if (cert == null) { throw new ArgumentNullException("cert"); } if (contentKey == null) { throw new ArgumentNullException("contentKey"); } if (contentKey.Length != EncryptionUtils.KeySizeInBytesForAes128) { throw new ArgumentOutOfRangeException("contentKey", "Envelope Encryption content keys are 128-bits (16 bytes) in length."); } byte[] encryptedContentKey = EncryptionUtils.EncryptSymmetricKeyData(cert, contentKey); ContentKeyData contentKeyData = new ContentKeyData { Id = EncryptionUtils.GetKeyIdentifierAsString(keyId), EncryptedContentKey = Convert.ToBase64String(encryptedContentKey), ContentKeyType = (int)ContentKeyType.EnvelopeEncryption, ProtectionKeyId = cert.Thumbprint, ProtectionKeyType = (int)ProtectionKeyType.X509CertificateThumbprint, Name = name, Checksum = EncryptionUtils.CalculateChecksum(contentKey, keyId) }; return(contentKeyData); }
/// <summary> /// Asynchronously creates a content key with the specifies key identifier and value. /// </summary> /// <param name="keyId">The key identifier.</param> /// <param name="contentKey">The value of the content key.</param> /// <param name="name">A friendly name for the content key.</param> /// <param name="contentKeyType">Type of content key to create.</param> /// <returns> /// A function delegate that returns the future result to be available through the Task<IContentKey>. /// </returns> public override Task <IContentKey> CreateAsync(Guid keyId, byte[] contentKey, string name, ContentKeyType contentKeyType) { if ((contentKeyType != ContentKeyType.CommonEncryption) && (contentKeyType != ContentKeyType.EnvelopeEncryption)) { throw new ArgumentException(StringTable.ErrorUnsupportedContentKeyType, "contentKey"); } if (keyId == Guid.Empty) { throw new ArgumentException(StringTable.ErrorCreateKey_EmptyGuidNotAllowed, "keyId"); } if (contentKey == null) { throw new ArgumentNullException("contentKey"); } if (contentKey.Length != EncryptionUtils.KeySizeInBytesForAes128) { throw new ArgumentException(StringTable.ErrorCommonEncryptionKeySize, "contentKey"); } IMediaDataServiceContext dataContext = this.MediaContext.MediaServicesClassFactory.CreateDataServiceContext(); X509Certificate2 certToUse = GetCertificateToEncryptContentKey(MediaContext, ContentKeyType.CommonEncryption); ContentKeyData contentKeyData = null; if (contentKeyType == ContentKeyType.CommonEncryption) { contentKeyData = InitializeCommonContentKey(keyId, contentKey, name, certToUse); } else if (contentKeyType == ContentKeyType.EnvelopeEncryption) { contentKeyData = InitializeEnvelopeContentKey(keyId, contentKey, name, certToUse); } dataContext.AddObject(ContentKeySet, contentKeyData); MediaRetryPolicy retryPolicy = this.MediaContext.MediaServicesClassFactory.GetSaveChangesRetryPolicy(dataContext as IRetryPolicyAdapter); return(retryPolicy.ExecuteAsync <IMediaDataServiceResponse>(() => dataContext.SaveChangesAsync(contentKeyData)) .ContinueWith <IContentKey>( t => { t.ThrowIfFaulted(); return (ContentKeyData)t.Result.AsyncState; }, TaskContinuationOptions.ExecuteSynchronously)); }
/// <summary> /// Creates the storage content key. /// </summary> /// <param name="fileEncryption">The file encryption.</param> /// <param name="cert">The cert.</param> /// <returns>The content key.</returns> internal static ContentKeyData CreateStorageContentKey(FileEncryption fileEncryption, X509Certificate2 cert) { byte[] encryptedContentKey = fileEncryption.EncryptContentKeyToCertificate(cert); ContentKeyData contentKeyData = new ContentKeyData { Id = fileEncryption.GetKeyIdentifierAsString(), EncryptedContentKey = Convert.ToBase64String(encryptedContentKey), ContentKeyType = (int)ContentKeyType.StorageEncryption, ProtectionKeyId = cert.Thumbprint, ProtectionKeyType = (int)ProtectionKeyType.X509CertificateThumbprint, Checksum = fileEncryption.GetChecksum() }; return(contentKeyData); }
/// <summary> /// Creates the configuration content key. /// </summary> /// <param name="configEncryption">The config encryption.</param> /// <param name="cert">The cert.</param> /// <returns>The content key.</returns> internal static ContentKeyData InitializeConfigurationContentKey(ConfigurationEncryption configEncryption, X509Certificate2 cert) { byte[] encryptedContentKey = configEncryption.EncryptContentKeyToCertificate(cert); ContentKeyData contentKeyData = new ContentKeyData { Id = configEncryption.GetKeyIdentifierAsString(), EncryptedContentKey = Convert.ToBase64String(encryptedContentKey), ContentKeyType = (int)ContentKeyType.ConfigurationEncryption, ProtectionKeyId = cert.Thumbprint, ProtectionKeyType = (int)ProtectionKeyType.X509CertificateThumbprint, Checksum = configEncryption.GetChecksum() }; return(contentKeyData); }
/// <summary> /// Creates the common content key. /// </summary> /// <param name="keyId">The key id.</param> /// <param name="contentKey">The content key data.</param> /// <param name="name">The name.</param> /// <param name="cert">The cert.</param> /// <returns>The content key.</returns> internal static ContentKeyData CreateCommonContentKey(Guid keyId, byte[] contentKey, string name, X509Certificate2 cert) { byte[] encryptedContentKey = CommonEncryption.EncryptContentKeyToCertificate(cert, contentKey); ContentKeyData contentKeyData = new ContentKeyData { Id = EncryptionUtils.GetKeyIdentifierAsString(keyId), EncryptedContentKey = Convert.ToBase64String(encryptedContentKey), ContentKeyType = (int)ContentKeyType.CommonEncryption, ProtectionKeyId = cert.Thumbprint, ProtectionKeyType = (int)ProtectionKeyType.X509CertificateThumbprint, Name = name, Checksum = EncryptionUtils.CalculateChecksum(contentKey, keyId) }; return(contentKeyData); }
private static ContentKeyData CreateStorageContentKey(AssetData tempAsset, NullableFileEncryption fileEncryption, DataServiceContext dataContext) { // Create the content key. fileEncryption.Init(); // Encrypt it for delivery to Nimbus. X509Certificate2 certToUse = ContentKeyCollection.GetCertificateToEncryptContentKey(dataContext, ContentKeyType.StorageEncryption); ContentKeyData contentKeyData = ContentKeyBaseCollection.CreateStorageContentKey(fileEncryption.FileEncryption, certToUse); dataContext.AddObject(ContentKeyCollection.ContentKeySet, contentKeyData); dataContext.SaveChanges(); // Associate it with the asset. ((IAsset)tempAsset).ContentKeys.Add(contentKeyData); return(contentKeyData); }
/// <summary> /// Creates FairPlay Pfx Password. /// </summary> /// <param name="keyId">The key id.</param> /// <param name="contentKey">The content key data.</param> /// <param name="name">The name.</param> /// <param name="cert">The cert.</param> /// <returns>The content key.</returns> internal static ContentKeyData InitializeFairPlayPfxPassword(Guid keyId, byte[] contentKey, string name, X509Certificate2 cert) { RSACryptoServiceProvider rsaPublicKey = cert.PublicKey.Key as RSACryptoServiceProvider; RSAOAEPKeyExchangeFormatter keyFormatter = new RSAOAEPKeyExchangeFormatter(rsaPublicKey); byte[] encryptedContentKey = keyFormatter.CreateKeyExchange(contentKey); ContentKeyData contentKeyData = new ContentKeyData { Id = EncryptionUtils.GetKeyIdentifierAsString(keyId), EncryptedContentKey = Convert.ToBase64String(encryptedContentKey), ContentKeyType = (int)ContentKeyType.FairPlayPfxPassword, ProtectionKeyId = cert.Thumbprint, ProtectionKeyType = (int)ProtectionKeyType.X509CertificateThumbprint, Name = name, }; return(contentKeyData); }
private ContentKeyData CreateStorageContentKey(AssetData tempAsset, NullableFileEncryption fileEncryption, IMediaDataServiceContext dataContext) { // Create the content key. fileEncryption.Init(); // Encrypt it for delivery to Nimbus. X509Certificate2 certToUse = ContentKeyCollection.GetCertificateToEncryptContentKey(MediaContext, ContentKeyType.StorageEncryption); ContentKeyData contentKeyData = ContentKeyBaseCollection.InitializeStorageContentKey(fileEncryption.FileEncryption, certToUse); dataContext.AddObject(ContentKeyBaseCollection.ContentKeySet, contentKeyData); MediaRetryPolicy retryPolicy = this.MediaContext.MediaServicesClassFactory.GetSaveChangesRetryPolicy(dataContext as IRetryPolicyAdapter); retryPolicy.ExecuteAction <IMediaDataServiceResponse>(() => dataContext.SaveChanges()); // Associate it with the asset. ((IAsset)tempAsset).ContentKeys.Add(contentKeyData); return(contentKeyData); }
private void ProtectTaskConfiguration(TaskTemplateData taskTemplate, ref X509Certificate2 certToUse, IMediaDataServiceContext dataContext) { using (ConfigurationEncryption configEncryption = new ConfigurationEncryption()) { // Update the task template with the required data. taskTemplate.Configuration = configEncryption.Encrypt(taskTemplate.Configuration); taskTemplate.EncryptionKeyId = configEncryption.GetKeyIdentifierAsString(); taskTemplate.EncryptionScheme = ConfigurationEncryption.SchemeName; taskTemplate.EncryptionVersion = ConfigurationEncryption.SchemeVersion; taskTemplate.InitializationVector = configEncryption.GetInitializationVectorAsString(); if (certToUse == null) { // Get the certificate to use to encrypt the configuration encryption key. certToUse = ContentKeyBaseCollection.GetCertificateToEncryptContentKey(GetMediaContext(), ContentKeyType.ConfigurationEncryption); } // Create a content key object to hold the encryption key. ContentKeyData contentKeyData = ContentKeyBaseCollection.InitializeConfigurationContentKey(configEncryption, certToUse); dataContext.AddObject(ContentKeyBaseCollection.ContentKeySet, contentKeyData); } }
/// <summary> /// Asynchronously creates a content key with the specifies key identifier and value. /// </summary> /// <param name="keyId">The key identifier.</param> /// <param name="contentKey">The value of the content key.</param> /// <param name="name">A friendly name for the content key.</param> /// <returns> /// A function delegate that returns the future result to be available through the Task<IContentKey>. /// </returns> public override Task <IContentKey> CreateAsync(Guid keyId, byte[] contentKey, string name) { if (keyId == Guid.Empty) { throw new ArgumentException(StringTable.ErrorCreateKey_EmptyGuidNotAllowed, "keyId"); } if (contentKey == null) { throw new ArgumentNullException("contentKey"); } if (contentKey.Length != EncryptionUtils.KeySizeInBytesForAes128) { throw new ArgumentException(StringTable.ErrorCommonEncryptionKeySize, "contentKey"); } DataServiceContext dataContext = this._cloudMediaContext.DataContextFactory.CreateDataServiceContext(); X509Certificate2 certToUse = ContentKeyBaseCollection.GetCertificateToEncryptContentKey(dataContext, ContentKeyType.CommonEncryption); ContentKeyData contentKeyData = CreateCommonContentKey(keyId, contentKey, name, certToUse); contentKeyData.InitCloudMediaContext(this._cloudMediaContext); dataContext.AddObject(ContentKeySet, contentKeyData); return(dataContext .SaveChangesAsync(contentKeyData) .ContinueWith <IContentKey>( t => { t.ThrowIfFaulted(); return (ContentKeyData)t.AsyncState; }, TaskContinuationOptions.ExecuteSynchronously)); }