Azure Media Service - 爲播放生成新的AES加密令牌

Question

自2015年以來，我正在開源社區項目Azure Media Services Upload and Play Videos in MVC。我之前沒有使用任何傳遞加密，因此我開始使用AES。

在Azure媒體服務團隊的所有源代碼/示例中，我注意到測試令牌是在上傳內容後立即生成的，這在我的情況下也很有效。但是，如何在下次播放時生成測試令牌？

我的理解是，每次播放器請求播放時我們都需要令牌。從技術上講，玩家創建關鍵服務提供商的請求並收到更新的令牌。因此，爲了獲得更新的令牌，我嘗試了幾種方法n無法解決這個問題，我看到包含相同類型的錯誤「ContentKey（Id ='...'，Type ='EnvelopeEncryption'）已鏈接到這個資產「。

這看起來像一個有效的錯誤消息，因爲類型EnvelopeEncryption的關鍵已添加和上傳內容後與資產相關聯，並在再次請求該彈出式。

下面給出的代碼是copied from here。

public ActionResult Index() 
    { 
     var model = new List<VideoViewModel>(); 

     var videos = db.Videos.OrderByDescending(o => o.Id).ToList(); 
     foreach (var video in videos) 
     { 
      var viewModel = new VideoViewModel(); 
      viewModel.Id = video.Id; 
      viewModel.EncodedAssetId = video.EncodedAssetId; 
      viewModel.IsEncrypted = video.IsEncrypted; 
      viewModel.LocatorUri = video.LocatorUri; 

      // If encrypted content, then get token to play 
      if (video.IsEncrypted) 
      { 
       IAsset asset = GetAssetById(video.EncodedAssetId); 
       IContentKey key = CreateEnvelopeTypeContentKey(asset); 
       viewModel.Token = GenerateToken(key); 
      } 

      model.Add(viewModel); 
     } 

     return View(model); 
    } 

上述方法調用媒體服務密鑰服務提供商。

我該如何解決這個問題？

Answer 1

你可以看看AMS explorer sources

當你創建一個限制策略喲正在做這樣的事情：

//Initilizing ContentKeyAuthorizationPolicyRestriction 
    ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction 
    { 
     Name = "Authorization Policy with Token Restriction", 
     KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted, 
     Requirements = TokenRestrictionTemplateSerializer.Serialize(restrictionTemplate)}; 

    restrictions.Add(restriction); 

    //Saving IContentKeyAuthorizationPolicyOption on server so it can be associated with IContentKeyAuthorizationPolicy 
    IContentKeyAuthorizationPolicyOption policyOption = objCloudMediaContext.ContentKeyAuthorizationPolicyOptions.Create("myDynamicEncryptionPolicy", ContentKeyDeliveryType.BaselineHttp, restrictions, String.Empty); 
    policy.Options.Add(policyOption); 

    //Saving Policy 
    policy.UpdateAsync(); 

這裏

重點領域是irements = TokenRestrictionTemplateSerializer.Serialize（restriction.Requirements）};

你需要根據你使用什麼的密鑰類型和加密

      if (tokenTemplate.PrimaryVerificationKey.GetType() == typeof(SymmetricVerificationKey)) 
          { 
           InMemorySymmetricSecurityKey tokenSigningKey = new InMemorySymmetricSecurityKey((tokenTemplate.PrimaryVerificationKey as SymmetricVerificationKey).KeyValue); 
           signingcredentials = new SigningCredentials(tokenSigningKey, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest); 
          } 
          else if (tokenTemplate.PrimaryVerificationKey.GetType() == typeof(X509CertTokenVerificationKey)) 
          { 
           if (signingcredentials == null) 
           { 
            X509Certificate2 cert = DynamicEncryption.GetCertificateFromFile(true).Certificate; 
            if (cert != null) signingcredentials = new X509SigningCredentials(cert); 
           } 
          } 
          JwtSecurityToken token = new JwtSecurityToken(issuer: tokenTemplate.Issuer, audience: tokenTemplate.Audience, notBefore: DateTime.Now.AddMinutes(-5), expires: DateTime.Now.AddMinutes(Properties.Settings.Default.DefaultTokenDuration), signingCredentials: signingcredentials, claims: myclaims); 
          JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler(); 
          string token = handler.WriteToken(token);