/**
* @covers WindowsAzure\MediaServices\Templates\TokenRestrictionTemplate::getOpenIdConnectDiscoveryDocument
* @covers WindowsAzure\MediaServices\Templates\TokenRestrictionTemplate::setOpenIdConnectDiscoveryDocument
*/
public function testGetSetOpenIdConnectDiscoveryDocument()
{
// Setup
$entity = new TokenRestrictionTemplate();
$payload = new OpenIdConnectDiscoveryDocument();
// Test
$entity->setOpenIdConnectDiscoveryDocument($payload);
$result = $entity->getOpenIdConnectDiscoveryDocument();
// Assert
$this->assertEquals($payload, $result);
}
public function testCreateContentKeyAuthorizationPolicyOptionForWidevine()
{
// Setup Token
$widevine = new WidevineMessage();
$widevine->allowed_track_types = AllowedTrackTypes::SD_HD;
$contentKeySpecs = new ContentKeySpecs();
$contentKeySpecs->required_output_protection = new RequiredOutputProtection();
$contentKeySpecs->required_output_protection->hdcp = Hdcp::HDCP_NONE;
$contentKeySpecs->security_level = 1;
$contentKeySpecs->track_type = 'SD';
$widevine->content_key_specs = array($contentKeySpecs);
$policyOverrides = new \stdClass();
$policyOverrides->can_play = true;
$policyOverrides->can_persist = true;
$policyOverrides->can_renew = false;
$widevine->policy_overrides = $policyOverrides;
$jsonWidevine = WidevineMessageSerializer::serialize($widevine);
$template = new TokenRestrictionTemplate(TokenType::SWT);
$template->setPrimaryVerificationKey(new SymmetricVerificationKey());
$template->setAlternateVerificationKeys(array(new SymmetricVerificationKey()));
$template->setAudience('http://sampleaudience/');
$template->setIssuer('http://sampleissuerurl/');
$claims = array();
$claims[] = new TokenClaim(TokenClaim::CONTENT_KEY_ID_CLAIM_TYPE);
$claims[] = new TokenClaim('Rental', 'true');
$template->setRequiredClaims($claims);
$serializedTemplate = TokenRestrictionTemplateSerializer::serialize($template);
// Setup Options
$name = TestResources::MEDIA_SERVICES_CONTENT_KEY_AUTHORIZATION_OPTIONS_NAME . $this->createSuffix();
$restrictionName = TestResources::MEDIA_SERVICES_CONTENT_KEY_AUTHORIZATION_POLICY_RESTRICTION_NAME . $this->createSuffix();
$restriction = new ContentKeyAuthorizationPolicyRestriction();
$restriction->setName($restrictionName);
$restriction->setKeyRestrictionType(ContentKeyRestrictionType::TOKEN_RESTRICTED);
$restriction->setRequirements($serializedTemplate);
$restrictions = array($restriction);
$options = new ContentKeyAuthorizationPolicyOption();
$options->setName($name);
$options->setKeyDeliveryType(ContentKeyDeliveryType::WIDEVINE);
$options->setKeyDeliveryConfiguration($jsonWidevine);
$options->setRestrictions($restrictions);
// Test
$result = $this->createContentKeyAuthorizationPolicyOption($options);
// Retrieve the CKAPO again.
$result = $this->restProxy->getContentKeyAuthorizationPolicyOption($result->getId());
// Assert Options
$this->assertEquals($options->getName(), $result->getName());
$this->assertEquals($options->getKeyDeliveryType(), $result->getKeyDeliveryType());
$this->assertJsonStringEqualsJsonString($jsonWidevine, $result->getKeyDeliveryConfiguration());
$actualWidevine = WidevineMessageSerializer::deserialize($result->getKeyDeliveryConfiguration());
$this->assertEqualsWidevineMessage($widevine, $actualWidevine);
return $result->getId();
}
function generateTokenRequirements($tokenType)
{
$template = new TokenRestrictionTemplate($tokenType);
$template->setPrimaryVerificationKey(new SymmetricVerificationKey());
$template->setAudience("urn:contoso");
$template->setIssuer("https://sts.contoso.com");
$claims = array();
$claims[] = new TokenClaim(TokenClaim::CONTENT_KEY_ID_CLAIM_TYPE);
$template->setRequiredClaims($claims);
return TokenRestrictionTemplateSerializer::serialize($template);
}
/**
* Serialize a TokenRestrictionTemplate object into a TokenRestrictionTemplate XML
* @param TokenRestrictionTemplate $tokenRestriction
* @return string The TokenRestrictionTemplate XML
*/
public static function serialize($tokenRestriction)
{
if (empty($tokenRestriction->getPrimaryVerificationKey()) && ($tokenRestriction->getOpenIdConnectDiscoveryDocument() == null || empty($tokenRestriction->getOpenIdConnectDiscoveryDocument()->getOpenIdDiscoveryUri()))) {
throw new \RuntimeException("Both PrimaryVerificationKey and OpenIdConnectDiscoveryDocument are null");
}
if (empty($tokenRestriction->getAudience())) {
throw new \RuntimeException("TokenRestrictionTemplate Serialize: Audience is required");
}
if (empty($tokenRestriction->getIssuer())) {
throw new \RuntimeException("TokenRestrictionTemplate Serialize: Issuer is required");
}
$writer = new \XMLWriter();
$writer->openMemory();
$writer->startElementNS(null, 'TokenRestrictionTemplate', Resources::TRT_XML_NAMESPACE);
$writer->writeAttributeNS('xmlns', 'i', null, Resources::XSI_XML_NAMESPACE);
if (!empty($tokenRestriction->getAlternateVerificationKeys())) {
TokenRestrictionTemplateSerializer::serializeAlternateVerificationKeys($writer, $tokenRestriction->getAlternateVerificationKeys());
}
$writer->writeElement("Audience", $tokenRestriction->getAudience());
$writer->writeElement("Issuer", $tokenRestriction->getIssuer());
if (!empty($tokenRestriction->getPrimaryVerificationKey())) {
$writer->startElement('PrimaryVerificationKey');
TokenRestrictionTemplateSerializer::serializeTokenVerificationKey($writer, $tokenRestriction->getPrimaryVerificationKey());
$writer->endElement();
}
if (!empty($tokenRestriction->getRequiredClaims())) {
TokenRestrictionTemplateSerializer::serializeRequiredClaims($writer, $tokenRestriction->getRequiredClaims());
}
if (!empty($tokenRestriction->getTokenType())) {
$writer->writeElement('TokenType', $tokenRestriction->getTokenType());
}
if (!empty($tokenRestriction->getOpenIdConnectDiscoveryDocument())) {
TokenRestrictionTemplateSerializer::serializeOpenIdConnectDiscoveryDocument($writer, $tokenRestriction->getOpenIdConnectDiscoveryDocument());
}
$writer->endElement();
return $writer->outputMemory();
}
public function testKnownGoodGenerateTestTokenJWT()
{
// Arrange
$expectedToken = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1cm46bWljcm9zb2Z0OmF6dXJlOm1lZGlhc2VydmljZXM6Y29udGVudGtleWlkZW50aWZpZXIiOiIwOTE0NDM1ZC0xNTAwLTgwYzQtNmMyYi1mMWU1MmZkYTQ3YWUiLCJpc3MiOiJodHRwczpcL1wvdHN0LmNvbnRvc28uY29tIiwiYXVkIjoidXJuOmNvbnRvc28iLCJleHAiOjE0NTE2MDY0MDAsIm5iZiI6MTQ1MTYwNjQwMH0.voBCckYtSgVq6Z1Y8gwOBJO8DfH4-dX9ACmvSSHADso';
$knownSymetricKey = '64bytes6RNhi8EsxcYsdYQ9zpFuNR1Ks9milykbxYWGILaK0LKzd5dCtYonsr456';
$knownGuid = '0914435d-1500-80c4-6c2b-f1e52fda47ae';
$knownExpireOn = 1451606400;
// 2016-01-01 as Unix Epoch;
$knownNotBefore = 1451606400;
// 2016-01-01 as Unix Epoch;
$knownAudience = 'urn:contoso';
$knownIssuer = 'https://tst.contoso.com';
$template = new TokenRestrictionTemplate(TokenType::JWT);
$key = new SymmetricVerificationKey();
$key->setKeyValue($knownSymetricKey);
$template->setPrimaryVerificationKey($key);
$template->setAudience($knownAudience);
$template->setIssuer($knownIssuer);
$template->setRequiredClaims(array(new TokenClaim(TokenClaim::CONTENT_KEY_ID_CLAIM_TYPE)));
// Act
$resultsToken = TokenRestrictionTemplateSerializer::generateTestToken($template, $key, $knownGuid, $knownExpireOn, $knownNotBefore);
// Assert
$this->assertEquals($expectedToken, $resultsToken);
}