public function testBulkIngestEncryptedAsset() { // Setup $asset = new Asset(Asset::OPTIONS_STORAGE_ENCRYPTED); $asset->setName(TestResources::MEDIA_SERVICES_ASSET_NAME . $this->createSuffix()); $asset = $this->createAsset($asset); $aesKey = Utilities::generateCryptoKey(32); $protectionKeyId = $this->restProxy->getProtectionKeyId(ProtectionKeyTypes::X509_CERTIFICATE_THUMBPRINT); $protectionKey = $this->restProxy->getProtectionKey($protectionKeyId); $contentKey = new ContentKey(); $contentKey->setContentKey($aesKey, $protectionKey); $contentKey->setProtectionKeyId($protectionKeyId); $contentKey->setProtectionKeyType(ProtectionKeyTypes::X509_CERTIFICATE_THUMBPRINT); $contentKey->setContentKeyType(ContentKeyTypes::STORAGE_ENCRYPTION); $contentKey = $this->createContentKey($contentKey); $this->restProxy->linkContentKeyToAsset($asset, $contentKey); $fileName = TestResources::MEDIA_SERVICES_DUMMY_FILE_NAME; $otherFileName = TestResources::MEDIA_SERVICES_DUMMY_FILE_NAME_1; $manifest = new IngestManifest(); $manifest->setName('IngestManifest' . $this->createSuffix()); $manifest = $this->createIngestManifest($manifest); $manifestAsset = new IngestManifestAsset($manifest->getId()); $manifestAsset = $this->createIngestManifestAsset($manifestAsset, $asset); $manifestFile1 = new IngestManifestFile($fileName, $manifest->getId(), $manifestAsset->getId()); $manifestFile2 = new IngestManifestFile($otherFileName, $manifest->getId(), $manifestAsset->getId()); $initializationVector1 = base64_encode(Utilities::generateCryptoKey(8)); $initializationVector2 = base64_encode(Utilities::generateCryptoKey(8)); $manifestFile1->setIsEncrypted(true); $manifestFile1->setEncryptionKeyId($contentKey->getId()); $manifestFile1->setEncryptionScheme(EncryptionSchemes::STORAGE_ENCRYPTION); $manifestFile1->setEncryptionVersion(Resources::MEDIA_SERVICES_ENCRYPTION_VERSION); $manifestFile1->setInitializationVector($initializationVector1); $manifestFile2->setIsEncrypted(true); $manifestFile2->setEncryptionKeyId($contentKey->getId()); $manifestFile2->setEncryptionScheme(EncryptionSchemes::STORAGE_ENCRYPTION); $manifestFile2->setEncryptionVersion(Resources::MEDIA_SERVICES_ENCRYPTION_VERSION); $manifestFile2->setInitializationVector($initializationVector2); $manifestFile1 = $this->createIngestManifestFile($manifestFile1); $manifestFile2 = $this->createIngestManifestFile($manifestFile2); $initialStat = $this->restProxy->getIngestManifest($manifest); $blobUrl = $manifest->getBlobStorageUriForUpload(); $blobUrlParts = explode('/', $blobUrl); $blob = array_pop($blobUrlParts); $blobRestProxy = $this->builder->createBlobService($this->connectionString); $blobRestProxy->createBlockBlob($blob, $fileName, TestResources::MEDIA_SERVICES_DUMMY_FILE_CONTENT); $this->waitIngestManifestFinishedFiles($manifest, 1); $finishedFirstStat = $this->restProxy->getIngestManifest($manifest); $blobRestProxy->createBlockBlob($blob, $otherFileName, TestResources::MEDIA_SERVICES_DUMMY_FILE_CONTENT_1); $this->waitIngestManifestFinishedFiles($manifest, 2); $finishedSecondStat = $this->restProxy->getIngestManifest($manifest); // Test // Assert $contentKeysFromAsset = $this->restProxy->getAssetContentKeys($asset); $assetFiles = $this->restProxy->getAssetAssetFileList($asset); $this->assertEquals(0, $initialStat->getStatistics()->getFinishedFilesCount()); $this->assertEquals(1, $finishedFirstStat->getStatistics()->getFinishedFilesCount()); $this->assertEquals(2, $finishedSecondStat->getStatistics()->getFinishedFilesCount()); $this->assertEquals($contentKey->getId(), $contentKeysFromAsset[0]->getId()); $this->assertEquals($contentKey->getId(), $manifestFile1->getEncryptionKeyId()); $this->assertEquals('true', $manifestFile1->getIsEncrypted()); $this->assertEquals(EncryptionSchemes::STORAGE_ENCRYPTION, $manifestFile1->getEncryptionScheme()); $this->assertEquals($initializationVector1, $manifestFile1->getInitializationVector()); $this->assertEquals(Resources::MEDIA_SERVICES_ENCRYPTION_VERSION, $manifestFile1->getEncryptionVersion()); $this->assertEquals($contentKey->getId(), $manifestFile2->getEncryptionKeyId()); $this->assertEquals('true', $manifestFile2->getIsEncrypted()); $this->assertEquals(EncryptionSchemes::STORAGE_ENCRYPTION, $manifestFile2->getEncryptionScheme()); $this->assertEquals($initializationVector2, $manifestFile2->getInitializationVector()); $this->assertEquals(Resources::MEDIA_SERVICES_ENCRYPTION_VERSION, $manifestFile2->getEncryptionVersion()); // Files order is not static, so we don't know the index of each file and need to serve them as a set $resultFileNames = array($assetFiles[0]->getName(), $assetFiles[1]->getName()); $this->assertContains($otherFileName, $resultFileNames); $this->assertEquals($asset->getId(), $assetFiles[0]->getParentAssetId()); $this->assertContains($fileName, $resultFileNames); $this->assertEquals($asset->getId(), $assetFiles[1]->getParentAssetId()); }
/** * Create ContentKey from array * * @param array $options Array containing values for object properties * * @return WindowsAzure\MediaServices\Models\ContentKey */ public static function createFromOptions($options) { $contentKey = new ContentKey(); $contentKey->fromArray($options); return $contentKey; }
/** * Get ContentKey. * * @param Models\ContentKey|string $contentKey An ContentKey data or * ContentKey Id * * @return Models\ContentKey */ public function getContentKey($contentKey) { $contentKeyId = Utilities::getEntityId($contentKey, 'WindowsAzure\\Mediaservices\\Models\\ContentKey'); return ContentKey::createFromOptions($this->_getEntity("ContentKeys('{$contentKeyId}')")); }
/** * @covers WindowsAzure\MediaServices\MediaServicesRestProxy::removeContentKeyFromAsset */ public function testRemoveContentKeyFromAsset() { // Setup $aesKey = Utilities::generateCryptoKey(32); $protectionKeyId = $this->restProxy->getProtectionKeyId(ContentKeyTypes::COMMON_ENCRYPTION); $protectionKey = $this->restProxy->getProtectionKey($protectionKeyId); $contentKey = new ContentKey(); $contentKey->setContentKey($aesKey, $protectionKey); $contentKey->setProtectionKeyId($protectionKeyId); $contentKey->setProtectionKeyType(ProtectionKeyTypes::X509_CERTIFICATE_THUMBPRINT); $contentKey->setContentKeyType(ContentKeyTypes::COMMON_ENCRYPTION); $contentKey = $this->createContentKey($contentKey); $asset = new Asset(Asset::OPTIONS_COMMON_ENCRYPTION_PROTECTED); $asset->setName(TestResources::MEDIA_SERVICES_ASSET_NAME . $this->createSuffix()); $asset = $this->createAsset($asset); $this->restProxy->linkContentKeyToAsset($asset, $contentKey); // Test $this->restProxy->removeContentKeyFromAsset($asset, $contentKey); // Assert $contentKeyFromAsset = $this->restProxy->getAssetContentKeys($asset); $this->assertEmpty($contentKeyFromAsset); }
function createFairPlayPfxPasswordTypeContentKey($restProxy, $fairPlayPfxPassword) { // 3.1 Get the protection key id for ContentKey $protectionKeyId = $restProxy->getProtectionKeyId(ContentKeyTypes::FAIRPLAY_PFXPASSWORD); $protectionKey = $restProxy->getProtectionKey($protectionKeyId); // 3.2 Prepare the content key $contentKey = new ContentKey(); $contentKey->setContentKey($fairPlayPfxPassword, $protectionKey, TRUE); $contentKey->setProtectionKeyId($protectionKeyId); $contentKey->setProtectionKeyType(ProtectionKeyTypes::X509_CERTIFICATE_THUMBPRINT); $contentKey->setContentKeyType(ContentKeyTypes::FAIRPLAY_PFXPASSWORD); // 3.3 Create the ContentKey $contentKey = $restProxy->createContentKey($contentKey); echo "FairPlay PFX Password Content Key id={$contentKey->getId()}" . PHP_EOL; return $contentKey; }
function createEnvelopeTypeContentKey($restProxy, $encodedAsset) { // 3.1 Generate a new key $aesKey = Utilities::generateCryptoKey(16); // 3.2 Get the protection key id for ContentKey $protectionKeyId = $restProxy->getProtectionKeyId(ContentKeyTypes::ENVELOPE_ENCRYPTION); $protectionKey = $restProxy->getProtectionKey($protectionKeyId); $contentKey = new ContentKey(); $contentKey->setContentKey($aesKey, $protectionKey); $contentKey->setProtectionKeyId($protectionKeyId); $contentKey->setProtectionKeyType(ProtectionKeyTypes::X509_CERTIFICATE_THUMBPRINT); $contentKey->setContentKeyType(ContentKeyTypes::ENVELOPE_ENCRYPTION); // 3.3 Create the ContentKey $contentKey = $restProxy->createContentKey($contentKey); print "Content Key id={$contentKey->getId()}\r\n"; // 3.4 Associate the ContentKey with the Asset $restProxy->linkContentKeyToAsset($encodedAsset, $contentKey); return $contentKey; }
if ($result != 3) { print "The job has finished with a wrong status: {$result}\r\n"; return; } print "Job Finished!\r\n"; // 2.4 Get output asset $outputAssets = $restProxy->getJobOutputMediaAssets($job); $encodedAsset = $outputAssets[0]; print "Encoded Asset name={$encodedAsset->getName()} id={$encodedAsset->getId()}\r\n"; // Phase 3 - Create Content Key // 3.1 Generate a new key $aesKey = Utilities::generateCryptoKey(16); // 3.2 Get the protection key id for ContentKey $protectionKeyId = $restProxy->getProtectionKeyId(ContentKeyTypes::ENVELOPE_ENCRYPTION); $protectionKey = $restProxy->getProtectionKey($protectionKeyId); $contentKey = new ContentKey(); $contentKey->setContentKey($aesKey, $protectionKey); $contentKey->setProtectionKeyId($protectionKeyId); $contentKey->setProtectionKeyType(ProtectionKeyTypes::X509_CERTIFICATE_THUMBPRINT); $contentKey->setContentKeyType(ContentKeyTypes::ENVELOPE_ENCRYPTION); // 3.3 Create the ContentKey $contentKey = $restProxy->createContentKey($contentKey); print "Content Key id={$contentKey->getId()}\r\n"; // 3.4 Associate the ContentKey with the Asset $restProxy->linkContentKeyToAsset($encodedAsset, $contentKey); // Phase 4 - Create the ContentKey Authorization Policy // 4.1 Create ContentKeyAuthorizationPolicyRestriction (Open) $restriction = new ContentKeyAuthorizationPolicyRestriction(); $restriction->setName('ContentKey Authorization Policy Restriction'); $restriction->setKeyRestrictionType(ContentKeyRestrictionType::OPEN); // 4.2 Create ContentKeyAuthorizationPolicyOption (AES)
/** * @covers WindowsAzure\MediaServices\Models\ContentKey::setContentKey * @covers WindowsAzure\MediaServices\Models\ContentKey::_generateChecksum * @covers WindowsAzure\MediaServices\Models\ContentKey::_generateEncryptedContentKey */ public function testSetContentKey() { // Setup $protectionKey = '-----BEGIN CERTIFICATE----- MIICWDCCAcGgAwIBAgIJAMoW3Bym8NviMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQwHhcNMTQwMzA0MTExNTMxWhcNMTQwNDAzMTExNTMxWjBF MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB gQCnUuC20WGTH8iBp/CcHOthHN/RodGDfiUmtGVAH60toze4lNkdy3xstHrdIkWY YOc3bTtiOLcl78YXkslkRTwKERCwLYsSQgZZK+bUE17oYpKgxKvW3Zrni8eQVzue KEjQGyGpdJw7C2RCtx31e941RVlXh2kda1KmF66EUrRywwIDAQABo1AwTjAdBgNV HQ4EFgQUUeTVs4bfDo7Ap/nWHvBbaPlcMjIwHwYDVR0jBBgwFoAUUeTVs4bfDo7A p/nWHvBbaPlcMjIwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCQvweb V2mQn2pGNuquGkStf+AYEPB4kxqRBBcbxOiWtHZsr/K0zIe0fWEiMKE/7X6CAgtJ JeryWs9JlCjCqU6O2WMxuOI2JRneprs78/3jieYbAAgpEK9LyhZC6QCT3WKrvh+j 3uVcuoKBfVUFTvVtpSVttL7cNULIGYpP/V1yVg== -----END CERTIFICATE-----'; $private = '-----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCnUuC20WGTH8iBp/CcHOthHN/RodGDfiUmtGVAH60toze4lNkd y3xstHrdIkWYYOc3bTtiOLcl78YXkslkRTwKERCwLYsSQgZZK+bUE17oYpKgxKvW 3Zrni8eQVzueKEjQGyGpdJw7C2RCtx31e941RVlXh2kda1KmF66EUrRywwIDAQAB AoGAJWAG3+9PO1zbHdMUlNqE3VFk0V+y/As+YzHid/tbZJlTxgBBqz0b0vBRjXmt UAc9Po1AuYTvrCKt/fAE2kf4y+5dw6UeUpsfWbmDbFY1BPbgeETFXDE7DEXb7IJg YlDKOq7XwdQBUe1s2P7yAhfLggyjnnJKi6i/ZSrWYmrvCGkCQQDTsof9FmFZkrNK ZjoxFGOl5+2ZzW+3nZUKdiWKRHqZADMrajCtGJqSIFoZMuItiKxy8CXgTlNYxxXu 5wFjmxjFAkEAylcTCAruZ2T+/+2WBpJNRLHZh+ivrSV/9PWr0GUSKBSG4iN/f6w7 7MHCUqJlhLE95xq+TnpcDaFWKqQPTQRF5wJAEZhKEy/0AWTe//UFKyUdryFaryjS +zjetVLihd5xLhxFJHub9hcQacrEkkmXYN92Lctl6oG4Da3mVcffZq7yXQJBAIYh Oqh2Npurw658HJu2mCoVi5IgmXQ6C5yizoaSuXqAQPnfdkF4NzE3ME3/ATT5GYP9 onH7gtI2RRx3LP1s+7kCQDa5BheXwTt/yVachh3+eYlWszGbFxbOlFKn20wy68bZ hfb0RVoAxC2qqoNJKMNuN2Rct/j1Gk8qKp5YtaW12+M= -----END RSA PRIVATE KEY-----'; $contentKey = new ContentKey(); $contentKey->setId('content-key-id-156k'); $aesKey = base64_decode('KbOoNIjrQONfuyU86hA8mCFNq0sFoZHx0tTFopo+/mg='); $checksum = '/IJUKYWw980='; // Test $contentKey->setContentKey($aesKey, $protectionKey); // Assert openssl_private_decrypt(base64_decode($contentKey->getEncryptedContentKey()), $decryptedContentKey, openssl_get_privatekey($private), OPENSSL_PKCS1_OAEP_PADDING); $this->assertEquals($decryptedContentKey, $aesKey); $this->assertEquals($checksum, $contentKey->getChecksum()); }