/** * @covers WindowsAzure\MediaServices\Templates\TokenRestrictionTemplate::getOpenIdConnectDiscoveryDocument * @covers WindowsAzure\MediaServices\Templates\TokenRestrictionTemplate::setOpenIdConnectDiscoveryDocument */ public function testGetSetOpenIdConnectDiscoveryDocument() { // Setup $entity = new TokenRestrictionTemplate(); $payload = new OpenIdConnectDiscoveryDocument(); // Test $entity->setOpenIdConnectDiscoveryDocument($payload); $result = $entity->getOpenIdConnectDiscoveryDocument(); // Assert $this->assertEquals($payload, $result); }
public function testCreateContentKeyAuthorizationPolicyOptionForWidevine() { // Setup Token $widevine = new WidevineMessage(); $widevine->allowed_track_types = AllowedTrackTypes::SD_HD; $contentKeySpecs = new ContentKeySpecs(); $contentKeySpecs->required_output_protection = new RequiredOutputProtection(); $contentKeySpecs->required_output_protection->hdcp = Hdcp::HDCP_NONE; $contentKeySpecs->security_level = 1; $contentKeySpecs->track_type = 'SD'; $widevine->content_key_specs = array($contentKeySpecs); $policyOverrides = new \stdClass(); $policyOverrides->can_play = true; $policyOverrides->can_persist = true; $policyOverrides->can_renew = false; $widevine->policy_overrides = $policyOverrides; $jsonWidevine = WidevineMessageSerializer::serialize($widevine); $template = new TokenRestrictionTemplate(TokenType::SWT); $template->setPrimaryVerificationKey(new SymmetricVerificationKey()); $template->setAlternateVerificationKeys(array(new SymmetricVerificationKey())); $template->setAudience('http://sampleaudience/'); $template->setIssuer('http://sampleissuerurl/'); $claims = array(); $claims[] = new TokenClaim(TokenClaim::CONTENT_KEY_ID_CLAIM_TYPE); $claims[] = new TokenClaim('Rental', 'true'); $template->setRequiredClaims($claims); $serializedTemplate = TokenRestrictionTemplateSerializer::serialize($template); // Setup Options $name = TestResources::MEDIA_SERVICES_CONTENT_KEY_AUTHORIZATION_OPTIONS_NAME . $this->createSuffix(); $restrictionName = TestResources::MEDIA_SERVICES_CONTENT_KEY_AUTHORIZATION_POLICY_RESTRICTION_NAME . $this->createSuffix(); $restriction = new ContentKeyAuthorizationPolicyRestriction(); $restriction->setName($restrictionName); $restriction->setKeyRestrictionType(ContentKeyRestrictionType::TOKEN_RESTRICTED); $restriction->setRequirements($serializedTemplate); $restrictions = array($restriction); $options = new ContentKeyAuthorizationPolicyOption(); $options->setName($name); $options->setKeyDeliveryType(ContentKeyDeliveryType::WIDEVINE); $options->setKeyDeliveryConfiguration($jsonWidevine); $options->setRestrictions($restrictions); // Test $result = $this->createContentKeyAuthorizationPolicyOption($options); // Retrieve the CKAPO again. $result = $this->restProxy->getContentKeyAuthorizationPolicyOption($result->getId()); // Assert Options $this->assertEquals($options->getName(), $result->getName()); $this->assertEquals($options->getKeyDeliveryType(), $result->getKeyDeliveryType()); $this->assertJsonStringEqualsJsonString($jsonWidevine, $result->getKeyDeliveryConfiguration()); $actualWidevine = WidevineMessageSerializer::deserialize($result->getKeyDeliveryConfiguration()); $this->assertEqualsWidevineMessage($widevine, $actualWidevine); return $result->getId(); }
function generateTokenRequirements($tokenType) { $template = new TokenRestrictionTemplate($tokenType); $template->setPrimaryVerificationKey(new SymmetricVerificationKey()); $template->setAudience("urn:contoso"); $template->setIssuer("https://sts.contoso.com"); $claims = array(); $claims[] = new TokenClaim(TokenClaim::CONTENT_KEY_ID_CLAIM_TYPE); $template->setRequiredClaims($claims); return TokenRestrictionTemplateSerializer::serialize($template); }
/** * Serialize a TokenRestrictionTemplate object into a TokenRestrictionTemplate XML * @param TokenRestrictionTemplate $tokenRestriction * @return string The TokenRestrictionTemplate XML */ public static function serialize($tokenRestriction) { if (empty($tokenRestriction->getPrimaryVerificationKey()) && ($tokenRestriction->getOpenIdConnectDiscoveryDocument() == null || empty($tokenRestriction->getOpenIdConnectDiscoveryDocument()->getOpenIdDiscoveryUri()))) { throw new \RuntimeException("Both PrimaryVerificationKey and OpenIdConnectDiscoveryDocument are null"); } if (empty($tokenRestriction->getAudience())) { throw new \RuntimeException("TokenRestrictionTemplate Serialize: Audience is required"); } if (empty($tokenRestriction->getIssuer())) { throw new \RuntimeException("TokenRestrictionTemplate Serialize: Issuer is required"); } $writer = new \XMLWriter(); $writer->openMemory(); $writer->startElementNS(null, 'TokenRestrictionTemplate', Resources::TRT_XML_NAMESPACE); $writer->writeAttributeNS('xmlns', 'i', null, Resources::XSI_XML_NAMESPACE); if (!empty($tokenRestriction->getAlternateVerificationKeys())) { TokenRestrictionTemplateSerializer::serializeAlternateVerificationKeys($writer, $tokenRestriction->getAlternateVerificationKeys()); } $writer->writeElement("Audience", $tokenRestriction->getAudience()); $writer->writeElement("Issuer", $tokenRestriction->getIssuer()); if (!empty($tokenRestriction->getPrimaryVerificationKey())) { $writer->startElement('PrimaryVerificationKey'); TokenRestrictionTemplateSerializer::serializeTokenVerificationKey($writer, $tokenRestriction->getPrimaryVerificationKey()); $writer->endElement(); } if (!empty($tokenRestriction->getRequiredClaims())) { TokenRestrictionTemplateSerializer::serializeRequiredClaims($writer, $tokenRestriction->getRequiredClaims()); } if (!empty($tokenRestriction->getTokenType())) { $writer->writeElement('TokenType', $tokenRestriction->getTokenType()); } if (!empty($tokenRestriction->getOpenIdConnectDiscoveryDocument())) { TokenRestrictionTemplateSerializer::serializeOpenIdConnectDiscoveryDocument($writer, $tokenRestriction->getOpenIdConnectDiscoveryDocument()); } $writer->endElement(); return $writer->outputMemory(); }
public function testKnownGoodGenerateTestTokenJWT() { // Arrange $expectedToken = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1cm46bWljcm9zb2Z0OmF6dXJlOm1lZGlhc2VydmljZXM6Y29udGVudGtleWlkZW50aWZpZXIiOiIwOTE0NDM1ZC0xNTAwLTgwYzQtNmMyYi1mMWU1MmZkYTQ3YWUiLCJpc3MiOiJodHRwczpcL1wvdHN0LmNvbnRvc28uY29tIiwiYXVkIjoidXJuOmNvbnRvc28iLCJleHAiOjE0NTE2MDY0MDAsIm5iZiI6MTQ1MTYwNjQwMH0.voBCckYtSgVq6Z1Y8gwOBJO8DfH4-dX9ACmvSSHADso'; $knownSymetricKey = '64bytes6RNhi8EsxcYsdYQ9zpFuNR1Ks9milykbxYWGILaK0LKzd5dCtYonsr456'; $knownGuid = '0914435d-1500-80c4-6c2b-f1e52fda47ae'; $knownExpireOn = 1451606400; // 2016-01-01 as Unix Epoch; $knownNotBefore = 1451606400; // 2016-01-01 as Unix Epoch; $knownAudience = 'urn:contoso'; $knownIssuer = 'https://tst.contoso.com'; $template = new TokenRestrictionTemplate(TokenType::JWT); $key = new SymmetricVerificationKey(); $key->setKeyValue($knownSymetricKey); $template->setPrimaryVerificationKey($key); $template->setAudience($knownAudience); $template->setIssuer($knownIssuer); $template->setRequiredClaims(array(new TokenClaim(TokenClaim::CONTENT_KEY_ID_CLAIM_TYPE))); // Act $resultsToken = TokenRestrictionTemplateSerializer::generateTestToken($template, $key, $knownGuid, $knownExpireOn, $knownNotBefore); // Assert $this->assertEquals($expectedToken, $resultsToken); }