def _generate_content_key_policy_option(
policy_option_name, clear_key_configuration, open_restriction, issuer,
audience, token_key, token_key_type, alt_symmetric_token_keys,
alt_rsa_token_keys, alt_x509_token_keys, token_claims, token_type,
open_id_connect_discovery_document, widevine_template, ask,
fair_play_pfx_password, fair_play_pfx, rental_and_lease_key_type,
rental_duration, play_ready_template):
configuration = None
restriction = None
valid_token_restriction = _valid_token_restriction(token_key,
token_key_type,
token_type, issuer,
audience)
valid_fairplay_configuration = _valid_fairplay_configuration(
ask, fair_play_pfx_password, fair_play_pfx, rental_and_lease_key_type,
rental_duration)
valid_playready_configuration = _valid_playready_configuration(
play_ready_template)
if _count_truthy([open_restriction, valid_token_restriction]) != 1:
raise CLIError('You should use exactly one restriction type.')
if _count_truthy([
clear_key_configuration, widevine_template,
valid_fairplay_configuration, valid_playready_configuration
]) != 1:
raise CLIError('You should use exactly one configuration type.')
if clear_key_configuration:
configuration = ContentKeyPolicyClearKeyConfiguration()
if widevine_template:
configuration = ContentKeyPolicyWidevineConfiguration(
widevine_template=widevine_template)
if valid_fairplay_configuration:
configuration = ContentKeyPolicyFairPlayConfiguration(
ask=bytearray(ask, 'utf-8'),
fair_play_pfx_password=fair_play_pfx_password,
fair_play_pfx=_b64_to_str(
_read_binary(fair_play_pfx)).decode('ascii'),
rental_and_lease_key_type=rental_and_lease_key_type,
rental_duration=rental_duration)
if valid_playready_configuration:
configuration = _play_ready_configuration_factory(
json.loads(play_ready_template))
if open_restriction:
restriction = ContentKeyPolicyOpenRestriction()
if valid_token_restriction:
primary_verification_key = None
alternate_keys = []
_token_claims = []
if token_key is not None:
if token_key_type == 'Symmetric':
primary_verification_key = _symmetric_token_key_factory(
token_key)
elif token_key_type == 'RSA':
primary_verification_key = _rsa_token_key_factory(token_key)
elif token_key_type == 'X509':
primary_verification_key = _x509_token_key_factory(token_key)
for key in _coalesce_lst(alt_symmetric_token_keys):
alternate_keys.append(_symmetric_token_key_factory(key))
for key in _coalesce_lst(alt_rsa_token_keys):
alternate_keys.append(_rsa_token_key_factory(key))
for key in _coalesce_lst(alt_x509_token_keys):
alternate_keys.append(_x509_token_key_factory(key))
if token_claims is not None:
for key in token_claims:
claim = ContentKeyPolicyTokenClaim(
claim_type=key, claim_value=token_claims[key])
_token_claims.append(claim)
restriction = ContentKeyPolicyTokenRestriction(
issuer=issuer,
audience=audience,
primary_verification_key=primary_verification_key,
alternate_verification_keys=alternate_keys,
required_claims=_token_claims,
restriction_token_type=token_type,
open_id_connect_discovery_document=
open_id_connect_discovery_document)
return ContentKeyPolicyOption(name=policy_option_name,
configuration=configuration,
restriction=restriction)
def update_content_key_policy_option(client,
resource_group_name,
account_name,
content_key_policy_name,
policy_option_id,
policy_option_name=None,
issuer=None,
audience=None,
token_key=None,
token_key_type=None,
add_alt_token_key=None,
add_alt_token_key_type=None,
token_claims=None,
token_type=None,
open_id_connect_discovery_document=None,
widevine_template=None,
ask=None,
fair_play_pfx_password=None,
fair_play_pfx=None,
rental_and_lease_key_type=None,
rental_duration=None,
play_ready_template=None):
policy = client.get_policy_properties_with_secrets(
resource_group_name=resource_group_name,
account_name=account_name,
content_key_policy_name=content_key_policy_name)
policy_option = next((option for option in policy.options
if option.policy_option_id == policy_option_id),
None)
if policy_option is None:
raise CLIError('Policy option with id "' + policy_option_id +
'" was not found.')
if policy_option_name is not None:
policy_option.name = policy_option_name
if isinstance(policy_option.restriction, ContentKeyPolicyTokenRestriction):
if issuer is not None:
policy_option.restriction.issuer = issuer
if audience is not None:
policy_option.restriction.audience = audience
if token_key is not None and token_key_type is not None:
if token_key_type == 'Symmetric':
policy_option.restriction.primary_verification_key = _symmetric_token_key_factory(
token_key)
elif token_key_type == 'RSA':
policy_option.restriction.primary_verification_key = _rsa_token_key_factory(
token_key)
elif token_key_type == 'X509':
policy_option.restriction.primary_verification_key = _x509_token_key_factory(
token_key)
if add_alt_token_key is not None and add_alt_token_key_type is not None:
if add_alt_token_key_type == 'Symmetric':
policy_option.restriction.alternate_verification_keys.append(
_symmetric_token_key_factory(add_alt_token_key))
elif add_alt_token_key_type == 'RSA':
policy_option.restriction.alternate_verification_keys.append(
_rsa_token_key_factory(add_alt_token_key))
elif add_alt_token_key_type == 'X509':
policy_option.restriction.alternate_verification_keys.append(
_x509_token_key_factory(add_alt_token_key))
if token_claims is not None:
policy_option.restriction.token_claims = []
for key in token_claims:
claim = ContentKeyPolicyTokenClaim(
claim_type=key, claim_value=token_claims[key])
policy_option.restriction.token_claims.append(claim)
if token_type is not None:
policy_option.restriction.restriction_token_type = token_type
if open_id_connect_discovery_document is not None:
policy_option.restriction.open_id_connect_discovery_document = open_id_connect_discovery_document
if isinstance(policy_option.configuration,
ContentKeyPolicyWidevineConfiguration):
if widevine_template is not None:
policy_option.configuration = ContentKeyPolicyWidevineConfiguration(
widevine_template=widevine_template)
elif isinstance(policy_option.configuration,
ContentKeyPolicyFairPlayConfiguration):
if ask is not None:
policy_option.configuration.ask = bytearray(ask, 'utf-8')
if fair_play_pfx_password is not None:
policy_option.configuration.fair_play_pfx_password = fair_play_pfx_password
if fair_play_pfx is not None:
policy_option.configuration.fair_play_pfx = _b64_to_str(
_read_binary(fair_play_pfx)).decode('ascii')
if rental_and_lease_key_type is not None:
policy_option.configuration.rental_and_lease_key_type = rental_and_lease_key_type
if rental_duration is not None:
policy_option.configuration.rental_duration = rental_duration
elif isinstance(policy_option.configuration,
ContentKeyPolicyPlayReadyConfiguration):
if play_ready_template is not None and _valid_playready_configuration(
play_ready_template):
_play_ready_configuration_factory(json.loads(play_ready_template))
return client.update(resource_group_name, account_name,
content_key_policy_name, policy.options,
policy.description)
