Azure媒体服务 - 生成新的AES加密令牌以进行播放

Question

I am working on open source community project Azure Media Services Upload and Play Videos in MVC since 2015. I was not using any delivery encryption earlier, so I started working on AES. 我从2015年开始研究MVC中的开源社区项目Azure Media Services上传和播放视频。我之前没有使用任何交付加密，所以我开始研究AES。

In all the source code/samples by Azure Media Services Team, i noticed test token was being generated just after uploading the content and this works well in my case too. 在Azure媒体服务团队的所有源代码/示例中，我注意到在上传内容后正在生成测试令牌，这在我的情况下也很有效。 But, how do I generate test token next time onward for playback? 但是，下一次如何生成测试令牌以进行播放？

What I understood is that, we need token each time player requests playback. 我的理解是，每次玩家请求播放时我们都需要令牌。 Technically, player creates a request to key service provider and received updated token. 从技术上讲，播放器向关键服务提供商创建请求并接收更新的令牌。

So to get updated token, I tried couple of ways n not able to fix this, i see error "A ContentKey (Id = '...', Type = 'EnvelopeEncryption') which contains the same type already links to this asset". 因此，为了获得更新的令牌，我尝试了几种无法解决此问题的方法，我看到错误“A ContentKey（Id ='...'，Type ='EnvelopeEncryption'），其中包含已链接到此资产的相同类型” 。

This looks like a valid error message because key of type EnvelopeEncryption was already added and associated with asset after uploading content, and upon requesting again this pops-up. 这看起来像是一个有效的错误消息，因为EnvelopeEncryption类型的密钥已经添加并在上传内容后与资产相关联，并再次请求此弹出窗口。

The code given below is copied from here . 下面给出的代码是从这里复制的。

    public ActionResult Index()
    {
        var model = new List<VideoViewModel>();

        var videos = db.Videos.OrderByDescending(o => o.Id).ToList();
        foreach (var video in videos)
        {
            var viewModel = new VideoViewModel();
            viewModel.Id = video.Id;
            viewModel.EncodedAssetId = video.EncodedAssetId;
            viewModel.IsEncrypted = video.IsEncrypted;
            viewModel.LocatorUri = video.LocatorUri;

            // If encrypted content, then get token to play
            if (video.IsEncrypted)
            {
                IAsset asset = GetAssetById(video.EncodedAssetId);
                IContentKey key = CreateEnvelopeTypeContentKey(asset);
                viewModel.Token = GenerateToken(key);
            }

            model.Add(viewModel);
        }

        return View(model);
   }

Above method calls media service key service provider. 上述方法调用媒体服务密钥服务提供商。

How do I fix this? 我该如何解决？

Answer 1

You can look into AMS explorer sources 您可以查看AMS资源管理器来源

when you creating a restriction policy yo are doing something like this: 当您创建限制策略时，您正在执行以下操作：

//Initilizing ContentKeyAuthorizationPolicyRestriction
  ContentKeyAuthorizationPolicyRestriction restriction = new ContentKeyAuthorizationPolicyRestriction
  {
      Name = "Authorization Policy with Token Restriction",
      KeyRestrictionType = (int)ContentKeyRestrictionType.TokenRestricted,
      Requirements = TokenRestrictionTemplateSerializer.Serialize(restrictionTemplate)};

  restrictions.Add(restriction);

  //Saving IContentKeyAuthorizationPolicyOption on server so it can be associated with IContentKeyAuthorizationPolicy
  IContentKeyAuthorizationPolicyOption policyOption = objCloudMediaContext.ContentKeyAuthorizationPolicyOptions.Create("myDynamicEncryptionPolicy", ContentKeyDeliveryType.BaselineHttp, restrictions, String.Empty);
  policy.Options.Add(policyOption);

  //Saving Policy
  policy.UpdateAsync();

Key field here is irements = TokenRestrictionTemplateSerializer.Serialize(restriction.Requirements)}; 这里的关键字段是irements = TokenRestrictionTemplateSerializer.Serialize（restriction.Requirements）};

You need to fetch corresponding asset restriction you created first place and desirialize TokenRestriction Template back with 您需要获取您首先创建的相应资产限制并重新使用TokenRestriction Template

TokenRestrictionTemplate tokenTemplate = TokenRestrictionTemplateSerializer.Deserialize(tokenTemplateString);

Based on what type of key and encryption you use 根据您使用的密钥和加密类型

                            if (tokenTemplate.PrimaryVerificationKey.GetType() == typeof(SymmetricVerificationKey))
                            {
                                InMemorySymmetricSecurityKey tokenSigningKey = new InMemorySymmetricSecurityKey((tokenTemplate.PrimaryVerificationKey as SymmetricVerificationKey).KeyValue);
                                signingcredentials = new SigningCredentials(tokenSigningKey, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest);
                            }
                            else if (tokenTemplate.PrimaryVerificationKey.GetType() == typeof(X509CertTokenVerificationKey))
                            {
                                if (signingcredentials == null)
                                {
                                    X509Certificate2 cert = DynamicEncryption.GetCertificateFromFile(true).Certificate;
                                    if (cert != null) signingcredentials = new X509SigningCredentials(cert);
                                }
                            }
                            JwtSecurityToken token = new JwtSecurityToken(issuer: tokenTemplate.Issuer, audience: tokenTemplate.Audience, notBefore: DateTime.Now.AddMinutes(-5), expires: DateTime.Now.AddMinutes(Properties.Settings.Default.DefaultTokenDuration), signingCredentials: signingcredentials, claims: myclaims);
                            JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
                            string token = handler.WriteToken(token);

Azure媒体服务 - 生成新的AES加密令牌以进行播放

问题描述

1 个解决方案

解决方案1
0 已采纳 2017-03-02 02:07:36

Azure媒体服务 - 生成新的AES加密令牌以进行播放

问题描述

1 个解决方案

解决方案1 0 已采纳 2017-03-02 02:07:36

解决方案1
0 已采纳 2017-03-02 02:07:36