locked
what's the application certificate refers to in IMFMediaEngineProtectedContent::SetApplicationCertificate function?

    Question

  • hi, all:

    we're working on protected contents playback with media engine. 

    we can query IMFMediaEngineProtectedContent interface from media engine.  (http://msdn.microsoft.com/en-us/library/windows/apps/hh447964.aspx)

    we can create one instance of MediaProtectionManager, and set it to SetContentProtectionManager() function.

    we can play protected audio ( pya format, playready test server content ).

    but we failed to play protected video ( pyv format ).

    we think we should SetApplicationCertificate() first,  but we don't know what the application certificate is.

    -- we now create new certificate from visual studio, which name is METest_TemporaryKey.pfx,  we can apply this certificate to our application package, and is now on studying how to query public key and private key from this certificate.

    -- can anybody drop a hint here if this is right direction or not?   it can save us some time,  thanks.

    other referrence information.

    -- while we check GetRequiredProtections() function, it always return 0. 

    -- while we check ShareResources() function with D3D device context,  it returns E_UNEXPECTED.  ( 0x8000FFFF ).  we think maybe need set application certification first before call this function.

    -- we didn't check SetOPMWindow() function,   we regard it as  function for desktop application. 

      

    can anybody drop some hints here?  

    thank you very much.

          


    ----------------------- JohnYe from SHANGHAI. ------------------email: yechzh@126.com--------------------


    • Edited by JohnYe Tuesday, April 10, 2012 6:42 AM
    Tuesday, April 10, 2012 6:40 AM

Answers

  • Hello John,

    From what I understand you are correct. You do need to set your application certificate before you can use PlayReady with an applicaiton that uses the MediaEngine in frame server mode. How are you signing the cert?

    While it is certainly possible to do this it is not recommended. We recommend that you use a higher level media construct for playing protected content such as the MediaElement. Is there a specific and compelling reason why you are trying to get the MediaEngine to work with protected content in your Metro style applicaiton?

    -James


    Windows Media SDK Technologies - Microsoft Developer Services - http://blogs.msdn.com/mediasdkstuff/

    Wednesday, April 11, 2012 11:36 PM
    Moderator

All replies

  • Hello,

    Based on this document
    http://msdn.microsoft.com/en-us/library/windows/desktop/hh447966(v=vs.85).aspx

    A pointer to a buffer that contains the certificate in X.509 format, followed by the application identifier signed with a SHA-256 signature using the private key from the certificate.

    Best regards,
    Jesse


    Jesse Jiang [MSFT]
    MSDN Community Support | Feedback to us

    Wednesday, April 11, 2012 8:41 AM
  • Hello John,

    From what I understand you are correct. You do need to set your application certificate before you can use PlayReady with an applicaiton that uses the MediaEngine in frame server mode. How are you signing the cert?

    While it is certainly possible to do this it is not recommended. We recommend that you use a higher level media construct for playing protected content such as the MediaElement. Is there a specific and compelling reason why you are trying to get the MediaEngine to work with protected content in your Metro style applicaiton?

    -James


    Windows Media SDK Technologies - Microsoft Developer Services - http://blogs.msdn.com/mediasdkstuff/

    Wednesday, April 11, 2012 11:36 PM
    Moderator
  • hello, James:

    thanks for your information.

    1) we're now studying certificate related information.

    1.1) we found Microsoft sample ("CryptoWinRT sample"),  there is an function SampleSignatureAlgorithm(String algName, UInt32 KeySize) to demo how to sign, we will follow routine.

    1.1.2) we extract Appid from package.appmanifest ,  in our test program, it's  (Application Id="App").     

    1.1.2.1) should we use Package name,  which is ( "Microsoft.SDKSamples.MEPlaybackNative.Playready.11" ) in our test program?  if it's, please help correct us.

    1.1.3) we will convert appid from string to binary, and then sign with private key.

    1.2) we're now on study how to import pfx file and export public key in x.509 format, and export private key.

    1.2.1) in our plan,  we will install pfx file to OS, and use OS's certmgr.msc to export  x.509 format certificate which is in base64 format.

    1.2.2) we will copy this base64 format certificate to resource file,  and read it from resource file.

    1.2.3) we will convert it to binary after we extract this base64 format,  we assume this is x.509 format binary date.   am I right?

    1.3) we're now on study how to export private key from pfx file,   no clue yet. 

    1.3.1) once we got this private key, we will use it to sign our app id.

    1.4) we will append the signed content to  x.509 format binary date,  and set it as the first parameter of  IMFMediaEngineProtectedContent::SetApplicationCertificate([in]  const BYTE *pbBlob,  [in]  DWORD cbBlob);

    does this solution work?

    if there is any information to confirm or suggestion,  very appeciated.

    thanks.


    ---------------------------------------------- JohnYe from SHANGHAI. email: yechzh@126.com

    Thursday, April 12, 2012 7:23 AM
  • hello, James:

    let me answer the reason why we choose media engine instead of media element here.

    2) the reason why we prefer media engine.

    2.1) media element use software render to render video content inside media control.  media engine can use D3D device as hardware accumulated video render.

    2.2) media element doesn't have the function to capture a frame,  while we can add this function in media engine.

    2.3) media element doesn't support  video effect with shader,   while it's possible to support it in media engine.  ( on studying ).

    2.4) it's more convenient to control codec behavior inside media engine,  such as to support more media format, to provide customalized byte stream etc.

    these are our comments,  if our understanding is not right,  or even is not accurate,  please point it out,  it helps us to understanding more.

    and to say frankly, to change solution at this stage is possible,  if we have to change solution after windows 8 RC version, it's later.

    yours

    JohnYe 


    ---------------------------------------------- JohnYe from SHANGHAI. email: yechzh@126.com

    Thursday, April 12, 2012 7:49 AM
  • Hello John,

    Thank you for getting back to me. Unfortunately your assumptions are not entirely accurate. Let me try to clear things up.

    2.1) The Media Element does use hardware decoding to render video content via D3D since the XAML stack is all based on D3D.
    2.2) The Media Element can be extended by a simple plug-in to give you frame capture capability.
    2.3) The Media Element can be extended by a simple plug-in to enable hardware accelerated video shader functionality.
    2.4) You can easily extend the formats and codecs used by the Media Element by writing simple plug-ins.

    Keep in mind that you will not be able to use content protection of any type if you want to enable the functionality specified in item 2.2 - 2.4. This is due to the way that the protected media process works in conjunction with playback of protected content. This is true when using both the Media Element and the Media Engine itself. To preserve the integrity of the premium content ecosystem we do not allow unsigned 3rd party components to be loaded into the protected process.

    PS Does your company have an OEM or Premier contract with Microsoft?

    I hope this helps,

    James


    Windows Media SDK Technologies - Microsoft Developer Services - http://blogs.msdn.com/mediasdkstuff/

    • Marked as answer by JohnYe Friday, April 13, 2012 4:10 AM
    • Unmarked as answer by JohnYe Friday, April 13, 2012 4:13 AM
    Thursday, April 12, 2012 10:20 PM
    Moderator
  • hi, James:  thanks for the information.

    below is our comments.

    2.1) we know Media Element use hardware video decoder,  we guess media element attach image source to video frame,  and draw this image inside XAML control, ( we regard it as software render ),  as a compare, in Media Engine sample,  there is an solution to render video frame  directly to D3D surface under XAML surface, which is full screen,  we think it's more efficient.

    2.2) as experience before in desktop mode,   if video decoder is in hardware decode model,  you cannot capture video frame with an plug in; but if video decoder is in software decode model, you can capture video frame with an plugin.  so here introduce a limitation.  as a compare,  in media engine frame server model, we can capture video frame from d3d surface,  it has nothing with video decoder, so it's more general.  

    2.3) as information from coworker's test result,  once apply plug in with media element, the effect inside shader lost,  so we're now on discussing to use media engine to support video effect inside shader.  we will check later if it's possible for us to write a test sample to verify this.

    2.4) surely, media element support media extension,  it's just engineers' feeling that media engine will be more conveninet especially in such a environment that component engineers are familiar with C++, and application engineers are familiar with C#.   

    3) we have contract before with microsoft on media foundation protected environment ( desktop environment ),  we have no contract with microsoft on metro environment protected playback,  we will ask company to contact microsoft later.   

           

    as a summurize,  we need do some homework on 2.2), 2.3) and 3) and it take some time.

    so I'll temorarily mark your comments as answer, please drop your comments here to correct our understanding, it helps much.  

    thanks.

     


    ---------------------------------------------- JohnYe from SHANGHAI. email: yechzh@126.com

    Friday, April 13, 2012 4:10 AM
  • Hello John,

    2.1) Again, your assumption seems to be incorrect. The Media Element does use hardware decoding to render video content via D3D since the XAML stack is all based on D3D. In other words the Media Engine renders the video frame directly to the D3D surface that is then used by XAML. The bits do not cross the bus multiple times as you suggest.

    2.2) Again, this assumption is incorrect. A properly written plug-in or sink should be able to obtain the D3D surface directly. Please keep in mind that, capturing a decoded video frame from the D3D surface's front buffer can be a very expensive operation and you should avoid this if possible.

    2.4) I apologize but I don't fully understand. You can't use the Media Engine from C#. If you use the MediaElement's plug-in architecture you will still need to leverage C++ to write all of the low level plug-ins.

    In summary, if you are planning to support DRM protected content and expect to modify the media pipeline with custom components it is going to be very difficult. This will be much easier for you to facilitate if you use the MediaElement and write plug-ins rather than trying to use the Media Engine directly.

    The extreme complexity and license restrictions for the DRM subsystem will limit the help you will be able to get from us via the forum. If you feel that you need additional assistance, I would recommend that you contact us directly through your Microsoft premier account representative.

    Thanks,

    James


    Windows Media SDK Technologies - Microsoft Developer Services - http://blogs.msdn.com/mediasdkstuff/

    Monday, April 16, 2012 10:13 PM
    Moderator