public function testCreateContentKeyAuthorizationPolicyOptionForWidevine() { // Setup Token $widevine = new WidevineMessage(); $widevine->allowed_track_types = AllowedTrackTypes::SD_HD; $contentKeySpecs = new ContentKeySpecs(); $contentKeySpecs->required_output_protection = new RequiredOutputProtection(); $contentKeySpecs->required_output_protection->hdcp = Hdcp::HDCP_NONE; $contentKeySpecs->security_level = 1; $contentKeySpecs->track_type = 'SD'; $widevine->content_key_specs = array($contentKeySpecs); $policyOverrides = new \stdClass(); $policyOverrides->can_play = true; $policyOverrides->can_persist = true; $policyOverrides->can_renew = false; $widevine->policy_overrides = $policyOverrides; $jsonWidevine = WidevineMessageSerializer::serialize($widevine); $template = new TokenRestrictionTemplate(TokenType::SWT); $template->setPrimaryVerificationKey(new SymmetricVerificationKey()); $template->setAlternateVerificationKeys(array(new SymmetricVerificationKey())); $template->setAudience('http://sampleaudience/'); $template->setIssuer('http://sampleissuerurl/'); $claims = array(); $claims[] = new TokenClaim(TokenClaim::CONTENT_KEY_ID_CLAIM_TYPE); $claims[] = new TokenClaim('Rental', 'true'); $template->setRequiredClaims($claims); $serializedTemplate = TokenRestrictionTemplateSerializer::serialize($template); // Setup Options $name = TestResources::MEDIA_SERVICES_CONTENT_KEY_AUTHORIZATION_OPTIONS_NAME . $this->createSuffix(); $restrictionName = TestResources::MEDIA_SERVICES_CONTENT_KEY_AUTHORIZATION_POLICY_RESTRICTION_NAME . $this->createSuffix(); $restriction = new ContentKeyAuthorizationPolicyRestriction(); $restriction->setName($restrictionName); $restriction->setKeyRestrictionType(ContentKeyRestrictionType::TOKEN_RESTRICTED); $restriction->setRequirements($serializedTemplate); $restrictions = array($restriction); $options = new ContentKeyAuthorizationPolicyOption(); $options->setName($name); $options->setKeyDeliveryType(ContentKeyDeliveryType::WIDEVINE); $options->setKeyDeliveryConfiguration($jsonWidevine); $options->setRestrictions($restrictions); // Test $result = $this->createContentKeyAuthorizationPolicyOption($options); // Retrieve the CKAPO again. $result = $this->restProxy->getContentKeyAuthorizationPolicyOption($result->getId()); // Assert Options $this->assertEquals($options->getName(), $result->getName()); $this->assertEquals($options->getKeyDeliveryType(), $result->getKeyDeliveryType()); $this->assertJsonStringEqualsJsonString($jsonWidevine, $result->getKeyDeliveryConfiguration()); $actualWidevine = WidevineMessageSerializer::deserialize($result->getKeyDeliveryConfiguration()); $this->assertEqualsWidevineMessage($widevine, $actualWidevine); return $result->getId(); }
/** * @param mixed $xmlElement * @return TokenVerificationKey[] */ private static function deserializeAlternateVerificationKeys($xmlElement) { $result = array(); foreach ($xmlElement->children() as $child) { $result[] = TokenRestrictionTemplateSerializer::deserializeTokenVerificationKey($child); } return $result; }
public function testKnownGoodGenerateTestTokenJWT() { // Arrange $expectedToken = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1cm46bWljcm9zb2Z0OmF6dXJlOm1lZGlhc2VydmljZXM6Y29udGVudGtleWlkZW50aWZpZXIiOiIwOTE0NDM1ZC0xNTAwLTgwYzQtNmMyYi1mMWU1MmZkYTQ3YWUiLCJpc3MiOiJodHRwczpcL1wvdHN0LmNvbnRvc28uY29tIiwiYXVkIjoidXJuOmNvbnRvc28iLCJleHAiOjE0NTE2MDY0MDAsIm5iZiI6MTQ1MTYwNjQwMH0.voBCckYtSgVq6Z1Y8gwOBJO8DfH4-dX9ACmvSSHADso'; $knownSymetricKey = '64bytes6RNhi8EsxcYsdYQ9zpFuNR1Ks9milykbxYWGILaK0LKzd5dCtYonsr456'; $knownGuid = '0914435d-1500-80c4-6c2b-f1e52fda47ae'; $knownExpireOn = 1451606400; // 2016-01-01 as Unix Epoch; $knownNotBefore = 1451606400; // 2016-01-01 as Unix Epoch; $knownAudience = 'urn:contoso'; $knownIssuer = 'https://tst.contoso.com'; $template = new TokenRestrictionTemplate(TokenType::JWT); $key = new SymmetricVerificationKey(); $key->setKeyValue($knownSymetricKey); $template->setPrimaryVerificationKey($key); $template->setAudience($knownAudience); $template->setIssuer($knownIssuer); $template->setRequiredClaims(array(new TokenClaim(TokenClaim::CONTENT_KEY_ID_CLAIM_TYPE))); // Act $resultsToken = TokenRestrictionTemplateSerializer::generateTestToken($template, $key, $knownGuid, $knownExpireOn, $knownNotBefore); // Assert $this->assertEquals($expectedToken, $resultsToken); }
function generateTestToken($tokenTemplateString, $contentKey) { $template = TokenRestrictionTemplateSerializer::deserialize($tokenTemplateString); $contentKeyUUID = substr($contentKey->getId(), strlen("nb:kid:UUID:")); $expiration = strtotime("+12 hour"); $token = TokenRestrictionTemplateSerializer::generateTestToken($template, null, $contentKeyUUID, $expiration); echo "Token Type {$template->getTokenType()}\r\nBearer={$token}" . PHP_EOL; }
function generateTestToken($tokenTemplateString, $contentKey) { $template = TokenRestrictionTemplateSerializer::deserialize($tokenTemplateString); $contentKeyUUID = substr($contentKey->getId(), strlen('nb:kid:UUID:')); $expiration = strtotime('+12 hour'); $token = TokenRestrictionTemplateSerializer::generateTestToken($template, null, $contentKeyUUID, $expiration); return $token; }