Пример #1
0
def _generate_content_key_policy_option(
        policy_option_name, clear_key_configuration, open_restriction, issuer,
        audience, token_key, token_key_type, alt_symmetric_token_keys,
        alt_rsa_token_keys, alt_x509_token_keys, token_claims, token_type,
        open_id_connect_discovery_document, widevine_template, ask,
        fair_play_pfx_password, fair_play_pfx, rental_and_lease_key_type,
        rental_duration, play_ready_template):

    configuration = None
    restriction = None

    valid_token_restriction = _valid_token_restriction(token_key,
                                                       token_key_type,
                                                       token_type, issuer,
                                                       audience)

    valid_fairplay_configuration = _valid_fairplay_configuration(
        ask, fair_play_pfx_password, fair_play_pfx, rental_and_lease_key_type,
        rental_duration)

    valid_playready_configuration = _valid_playready_configuration(
        play_ready_template)

    if _count_truthy([open_restriction, valid_token_restriction]) != 1:
        raise CLIError('You should use exactly one restriction type.')

    if _count_truthy([
            clear_key_configuration, widevine_template,
            valid_fairplay_configuration, valid_playready_configuration
    ]) != 1:
        raise CLIError('You should use exactly one configuration type.')

    if clear_key_configuration:
        configuration = ContentKeyPolicyClearKeyConfiguration()

    if widevine_template:
        configuration = ContentKeyPolicyWidevineConfiguration(
            widevine_template=widevine_template)

    if valid_fairplay_configuration:
        configuration = ContentKeyPolicyFairPlayConfiguration(
            ask=bytearray(ask, 'utf-8'),
            fair_play_pfx_password=fair_play_pfx_password,
            fair_play_pfx=_b64_to_str(
                _read_binary(fair_play_pfx)).decode('ascii'),
            rental_and_lease_key_type=rental_and_lease_key_type,
            rental_duration=rental_duration)

    if valid_playready_configuration:
        configuration = _play_ready_configuration_factory(
            json.loads(play_ready_template))

    if open_restriction:
        restriction = ContentKeyPolicyOpenRestriction()

    if valid_token_restriction:
        primary_verification_key = None
        alternate_keys = []
        _token_claims = []

        if token_key is not None:
            if token_key_type == 'Symmetric':
                primary_verification_key = _symmetric_token_key_factory(
                    token_key)
            elif token_key_type == 'RSA':
                primary_verification_key = _rsa_token_key_factory(token_key)
            elif token_key_type == 'X509':
                primary_verification_key = _x509_token_key_factory(token_key)

        for key in _coalesce_lst(alt_symmetric_token_keys):
            alternate_keys.append(_symmetric_token_key_factory(key))

        for key in _coalesce_lst(alt_rsa_token_keys):
            alternate_keys.append(_rsa_token_key_factory(key))

        for key in _coalesce_lst(alt_x509_token_keys):
            alternate_keys.append(_x509_token_key_factory(key))

        if token_claims is not None:
            for key in token_claims:
                claim = ContentKeyPolicyTokenClaim(
                    claim_type=key, claim_value=token_claims[key])
                _token_claims.append(claim)

        restriction = ContentKeyPolicyTokenRestriction(
            issuer=issuer,
            audience=audience,
            primary_verification_key=primary_verification_key,
            alternate_verification_keys=alternate_keys,
            required_claims=_token_claims,
            restriction_token_type=token_type,
            open_id_connect_discovery_document=
            open_id_connect_discovery_document)

    return ContentKeyPolicyOption(name=policy_option_name,
                                  configuration=configuration,
                                  restriction=restriction)
Пример #2
0
def update_content_key_policy_option(client,
                                     resource_group_name,
                                     account_name,
                                     content_key_policy_name,
                                     policy_option_id,
                                     policy_option_name=None,
                                     issuer=None,
                                     audience=None,
                                     token_key=None,
                                     token_key_type=None,
                                     add_alt_token_key=None,
                                     add_alt_token_key_type=None,
                                     token_claims=None,
                                     token_type=None,
                                     open_id_connect_discovery_document=None,
                                     widevine_template=None,
                                     ask=None,
                                     fair_play_pfx_password=None,
                                     fair_play_pfx=None,
                                     rental_and_lease_key_type=None,
                                     rental_duration=None,
                                     play_ready_template=None):
    policy = client.get_policy_properties_with_secrets(
        resource_group_name=resource_group_name,
        account_name=account_name,
        content_key_policy_name=content_key_policy_name)

    policy_option = next((option for option in policy.options
                          if option.policy_option_id == policy_option_id),
                         None)

    if policy_option is None:
        raise CLIError('Policy option with id "' + policy_option_id +
                       '" was not found.')

    if policy_option_name is not None:
        policy_option.name = policy_option_name

    if isinstance(policy_option.restriction, ContentKeyPolicyTokenRestriction):
        if issuer is not None:
            policy_option.restriction.issuer = issuer

        if audience is not None:
            policy_option.restriction.audience = audience

        if token_key is not None and token_key_type is not None:
            if token_key_type == 'Symmetric':
                policy_option.restriction.primary_verification_key = _symmetric_token_key_factory(
                    token_key)
            elif token_key_type == 'RSA':
                policy_option.restriction.primary_verification_key = _rsa_token_key_factory(
                    token_key)
            elif token_key_type == 'X509':
                policy_option.restriction.primary_verification_key = _x509_token_key_factory(
                    token_key)

        if add_alt_token_key is not None and add_alt_token_key_type is not None:
            if add_alt_token_key_type == 'Symmetric':
                policy_option.restriction.alternate_verification_keys.append(
                    _symmetric_token_key_factory(add_alt_token_key))
            elif add_alt_token_key_type == 'RSA':
                policy_option.restriction.alternate_verification_keys.append(
                    _rsa_token_key_factory(add_alt_token_key))
            elif add_alt_token_key_type == 'X509':
                policy_option.restriction.alternate_verification_keys.append(
                    _x509_token_key_factory(add_alt_token_key))

        if token_claims is not None:
            policy_option.restriction.token_claims = []
            for key in token_claims:
                claim = ContentKeyPolicyTokenClaim(
                    claim_type=key, claim_value=token_claims[key])
                policy_option.restriction.token_claims.append(claim)

        if token_type is not None:
            policy_option.restriction.restriction_token_type = token_type

        if open_id_connect_discovery_document is not None:
            policy_option.restriction.open_id_connect_discovery_document = open_id_connect_discovery_document

    if isinstance(policy_option.configuration,
                  ContentKeyPolicyWidevineConfiguration):
        if widevine_template is not None:
            policy_option.configuration = ContentKeyPolicyWidevineConfiguration(
                widevine_template=widevine_template)
    elif isinstance(policy_option.configuration,
                    ContentKeyPolicyFairPlayConfiguration):
        if ask is not None:
            policy_option.configuration.ask = bytearray(ask, 'utf-8')

        if fair_play_pfx_password is not None:
            policy_option.configuration.fair_play_pfx_password = fair_play_pfx_password

        if fair_play_pfx is not None:
            policy_option.configuration.fair_play_pfx = _b64_to_str(
                _read_binary(fair_play_pfx)).decode('ascii')

        if rental_and_lease_key_type is not None:
            policy_option.configuration.rental_and_lease_key_type = rental_and_lease_key_type

        if rental_duration is not None:
            policy_option.configuration.rental_duration = rental_duration
    elif isinstance(policy_option.configuration,
                    ContentKeyPolicyPlayReadyConfiguration):
        if play_ready_template is not None and _valid_playready_configuration(
                play_ready_template):
            _play_ready_configuration_factory(json.loads(play_ready_template))

    return client.update(resource_group_name, account_name,
                         content_key_policy_name, policy.options,
                         policy.description)