public function testCreateContentKeyAuthorizationPolicyOptionForWidevine()
{
// Setup Token
$widevine = new WidevineMessage();
$widevine->allowed_track_types = AllowedTrackTypes::SD_HD;
$contentKeySpecs = new ContentKeySpecs();
$contentKeySpecs->required_output_protection = new RequiredOutputProtection();
$contentKeySpecs->required_output_protection->hdcp = Hdcp::HDCP_NONE;
$contentKeySpecs->security_level = 1;
$contentKeySpecs->track_type = 'SD';
$widevine->content_key_specs = array($contentKeySpecs);
$policyOverrides = new \stdClass();
$policyOverrides->can_play = true;
$policyOverrides->can_persist = true;
$policyOverrides->can_renew = false;
$widevine->policy_overrides = $policyOverrides;
$jsonWidevine = WidevineMessageSerializer::serialize($widevine);
$template = new TokenRestrictionTemplate(TokenType::SWT);
$template->setPrimaryVerificationKey(new SymmetricVerificationKey());
$template->setAlternateVerificationKeys(array(new SymmetricVerificationKey()));
$template->setAudience('http://sampleaudience/');
$template->setIssuer('http://sampleissuerurl/');
$claims = array();
$claims[] = new TokenClaim(TokenClaim::CONTENT_KEY_ID_CLAIM_TYPE);
$claims[] = new TokenClaim('Rental', 'true');
$template->setRequiredClaims($claims);
$serializedTemplate = TokenRestrictionTemplateSerializer::serialize($template);
// Setup Options
$name = TestResources::MEDIA_SERVICES_CONTENT_KEY_AUTHORIZATION_OPTIONS_NAME . $this->createSuffix();
$restrictionName = TestResources::MEDIA_SERVICES_CONTENT_KEY_AUTHORIZATION_POLICY_RESTRICTION_NAME . $this->createSuffix();
$restriction = new ContentKeyAuthorizationPolicyRestriction();
$restriction->setName($restrictionName);
$restriction->setKeyRestrictionType(ContentKeyRestrictionType::TOKEN_RESTRICTED);
$restriction->setRequirements($serializedTemplate);
$restrictions = array($restriction);
$options = new ContentKeyAuthorizationPolicyOption();
$options->setName($name);
$options->setKeyDeliveryType(ContentKeyDeliveryType::WIDEVINE);
$options->setKeyDeliveryConfiguration($jsonWidevine);
$options->setRestrictions($restrictions);
// Test
$result = $this->createContentKeyAuthorizationPolicyOption($options);
// Retrieve the CKAPO again.
$result = $this->restProxy->getContentKeyAuthorizationPolicyOption($result->getId());
// Assert Options
$this->assertEquals($options->getName(), $result->getName());
$this->assertEquals($options->getKeyDeliveryType(), $result->getKeyDeliveryType());
$this->assertJsonStringEqualsJsonString($jsonWidevine, $result->getKeyDeliveryConfiguration());
$actualWidevine = WidevineMessageSerializer::deserialize($result->getKeyDeliveryConfiguration());
$this->assertEqualsWidevineMessage($widevine, $actualWidevine);
return $result->getId();
}
/**
* @param mixed $xmlElement
* @return TokenVerificationKey[]
*/
private static function deserializeAlternateVerificationKeys($xmlElement)
{
$result = array();
foreach ($xmlElement->children() as $child) {
$result[] = TokenRestrictionTemplateSerializer::deserializeTokenVerificationKey($child);
}
return $result;
}
public function testKnownGoodGenerateTestTokenJWT()
{
// Arrange
$expectedToken = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1cm46bWljcm9zb2Z0OmF6dXJlOm1lZGlhc2VydmljZXM6Y29udGVudGtleWlkZW50aWZpZXIiOiIwOTE0NDM1ZC0xNTAwLTgwYzQtNmMyYi1mMWU1MmZkYTQ3YWUiLCJpc3MiOiJodHRwczpcL1wvdHN0LmNvbnRvc28uY29tIiwiYXVkIjoidXJuOmNvbnRvc28iLCJleHAiOjE0NTE2MDY0MDAsIm5iZiI6MTQ1MTYwNjQwMH0.voBCckYtSgVq6Z1Y8gwOBJO8DfH4-dX9ACmvSSHADso';
$knownSymetricKey = '64bytes6RNhi8EsxcYsdYQ9zpFuNR1Ks9milykbxYWGILaK0LKzd5dCtYonsr456';
$knownGuid = '0914435d-1500-80c4-6c2b-f1e52fda47ae';
$knownExpireOn = 1451606400;
// 2016-01-01 as Unix Epoch;
$knownNotBefore = 1451606400;
// 2016-01-01 as Unix Epoch;
$knownAudience = 'urn:contoso';
$knownIssuer = 'https://tst.contoso.com';
$template = new TokenRestrictionTemplate(TokenType::JWT);
$key = new SymmetricVerificationKey();
$key->setKeyValue($knownSymetricKey);
$template->setPrimaryVerificationKey($key);
$template->setAudience($knownAudience);
$template->setIssuer($knownIssuer);
$template->setRequiredClaims(array(new TokenClaim(TokenClaim::CONTENT_KEY_ID_CLAIM_TYPE)));
// Act
$resultsToken = TokenRestrictionTemplateSerializer::generateTestToken($template, $key, $knownGuid, $knownExpireOn, $knownNotBefore);
// Assert
$this->assertEquals($expectedToken, $resultsToken);
}
function generateTestToken($tokenTemplateString, $contentKey)
{
$template = TokenRestrictionTemplateSerializer::deserialize($tokenTemplateString);
$contentKeyUUID = substr($contentKey->getId(), strlen("nb:kid:UUID:"));
$expiration = strtotime("+12 hour");
$token = TokenRestrictionTemplateSerializer::generateTestToken($template, null, $contentKeyUUID, $expiration);
echo "Token Type {$template->getTokenType()}\r\nBearer={$token}" . PHP_EOL;
}
function generateTestToken($tokenTemplateString, $contentKey)
{
$template = TokenRestrictionTemplateSerializer::deserialize($tokenTemplateString);
$contentKeyUUID = substr($contentKey->getId(), strlen('nb:kid:UUID:'));
$expiration = strtotime('+12 hour');
$token = TokenRestrictionTemplateSerializer::generateTestToken($template, null, $contentKeyUUID, $expiration);
return $token;
}
