概觀
PlayReady Test Server 包含特殊 clientinfo 功能,可反映用戶端所產生的授權要求挑戰中授權伺服器可用的資訊。 這項功能可讓開發人員輕鬆地檢查哪些用戶端資訊會傳輸至授權伺服器,並根據用戶端功能建置適當的授權產生邏輯。
用戶端資訊功能
clientinfo使用 參數來檢查在授權要求中傳送的用戶端資訊:
測試伺服器 URL:
http://test.playready.microsoft.com/service/rightsmanager.asmx?cfg=(msg:clientinfo)
SOAP 動作:
http://schemas.microsoft.com/DRM/2007/03/protocols/AcquireLicense
範例要求結構
用戶端資訊功能會處理標準的 PlayReady 授權取得要求,並傳回用戶端的詳細資訊,而不是授權。 以下是一般要求的結構:
<?xml version="1.0" encoding="utf-8" ?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<AcquireLicense xmlns="http://schemas.microsoft.com/DRM/2007/03/protocols">
<challenge>
<Challenge xmlns="http://schemas.microsoft.com/DRM/2007/03/protocols/messages">
<LA xmlns="http://schemas.microsoft.com/DRM/2007/03/protocols"
Id="SignedData" xml:space="preserve">
<Version>1</Version>
<ContentHeader>
<WRMHEADER xmlns="http://schemas.microsoft.com/DRM/2007/03/PlayReadyHeader"
version="4.0.0.0">
<DATA>
<PROTECTINFO>
<KEYLEN>16</KEYLEN>
<ALGID>AESCTR</ALGID>
</PROTECTINFO>
<KID>JpbjtvscoUq8vU7xq6eEOg==</KID>
<LA_URL>http://test.playready.microsoft.com/service/rightsmanager.asmx</LA_URL>
<LUI_URL>http://test.playready.microsoft.com/service/getrights.html</LUI_URL>
</DATA>
</WRMHEADER>
</ContentHeader>
<CLIENTINFO>
<CLIENTVERSION>10.0.16384.10011</CLIENTVERSION>
</CLIENTINFO>
<RevocationLists>
<RevListInfo>
<ListID>ioydTlK2p0WXkWklprR5Hw==</ListID>
<Version>11</Version>
</RevListInfo>
<!-- Additional revocation lists... -->
</RevocationLists>
<LicenseNonce>YCBas7tAUmkjOcabdD4DuQ==</LicenseNonce>
<ClientTime>1488568844</ClientTime>
<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"
Type="http://www.w3.org/2001/04/xmlenc#Element">
<!-- Encrypted client data... -->
</EncryptedData>
</LA>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<!-- Digital signature... -->
</Signature>
</Challenge>
</challenge>
</AcquireLicense>
</soap:Body>
</soap:Envelope>
範例回應:Windows 10 Edge 瀏覽器
針對 Windows 10 上Microsoft Edge 所發出的挑戰:
Client Info:
Client Version: 10.0.16384.10011
Client Time: 10/01/2017 2:00:00 PM
Supported Features:
Receiver
AntiRollbackClock
RevocationLists
PlayReady3Features
Device Certificate Info (Cert 0):
Platform: WindowsOnX86
Type: Device
SecurityLevel: 2000
RobustnessVersion: 100925543
DigestValue: 04+2aK5sjv+m5/EUY9BIMFqe0ResBkL9wfuFepWDU9E=
IssuerKey: h/k8EU71zsgAqa0niR1TnpKDC6dyOEgUGjybc3+s/EnUJWpkMtOwygoyCPp1nuRCFDvfoaaI78kb2fqGBI0tWg==
Binding Key Type: 3
Certificate Chain:
↳ Cert 1:
ManufacturerName: Microsoft
ModelName: Windows
ModelNumber: 6.4.0.103
DigestValue: LLp1fynIs9tgDxDDU+8jFveBoQp+0x8fXnqyV9tk1Zc=
Platform: WindowsOnX86
↳ Cert 2:
ManufacturerName: Microsoft
ModelName: PlayReady SL2000 Device Port- Windows Lib Codebase Version CA
ModelNumber: 1.0.0.4
DigestValue: Y3C0kjOxz3h/njYBKeApsvfPscwLcV1qAiTfAXXSLw4=
↳ Cert 3:
ManufacturerName: Microsoft
ModelName: PlayReady SL2000 Device Port - Windows Platform CA for x86/amd64
ModelNumber: 1.0.0.3
DigestValue: L62pDo9+gkd6LoLDbQwgxwtYldcuhSEog7GcJwtJ3CE=
↳ Cert 4:
ManufacturerName: Microsoft
ModelName: PlayReady SL2000 Device Port + Link CA
ModelNumber: 1.0.0.1
DigestValue: 7Q8z1rSr8I3AGkcf0BNoDgwS46nO0wD5m0WvYfFoTWQ=
範例回應:PlayReady 3.2 SL3000 用戶端
如需 PlayReady 3.2 型 SL3000 用戶端所發出的挑戰:
Client Info:
Client Version: 3.2.0.4242
Client Time: 10/01/2017 2:00:00 PM
Supported Features:
SecureClock
RevocationLists
Receiver
Transmitter
PlayReady3Features
Device Certificate Info (Cert 0):
Platform: OEM
Type: Device
SecurityLevel: 3000
RobustnessVersion: 0
ManufacturerName: Contoso
ModelName: Cool Device Name
ModelNumber: Cool Device Name
DigestValue: IOSxDmGiRlX+dUf62sohHj/IB0qRKSkV7wz7sbZ3HSo=
IssuerKey: UlT6XXcgAMzaVAJN9JLJVomCFwppjoqgMMcT748yX27D053iiEP69pjEBnTxWiSEVXj76/e2wDImTgQDtbLTVg==
Binding Key Type: 3
Certificate Chain:
↳ Cert 1:
ManufacturerName: Contoso
ModelName: Cool Device Name
ModelNumber: ABC-XYZ-123
DigestValue: rmnxSlpuh9WTlXa6ACLcSJDnPVtoS5/2P1wa/kEgs1M=
↳ Cert 2:
ManufacturerName: Contoso
DigestValue: 5H3YVzR9EhHVnsseOJmO/ZCrX10Z8bOx9PDhKOhrxe4=
↳ Cert 3:
ManufacturerName: Microsoft
ModelName: PlayReady SL3000 Device Port + Link CA
ModelNumber: 1.0.0.1
DigestValue: bk7YOJRioSgnzjpZgLasowaL96LFIBHDx6B0z+JoDPE=
用戶端信息元素
基本客戶端資訊
| 領域 | 說明 | 範例值 |
|---|---|---|
| 用戶端版本 | PlayReady 用戶端版本 |
10.0.16384.10011、3.2.0.4242 |
| 客戶端時間 | 用戶端系統時間 | 10/01/2017 2:00:00 PM |
| 平台 | 用戶端平台標識碼 |
WindowsOnX86、OEM |
支援的功能
| 特徵 / 功能 | 說明 |
|---|---|
| 接收者 | 用戶端可以接收和解密內容 |
| 發射機 | 用戶端可以將內容傳輸至其他裝置 |
| AntiRollbackClock | 用戶端支援反回復時鐘功能 |
| RevocationLists | 用戶端支援撤銷清單處理 |
| PlayReady3Features | 用戶端支援 PlayReady 3.0+ 功能 |
| SecureClock | 用戶端支援安全時鐘功能 |
安全性層級資訊
| 安全性層級 | 說明 | 使用案例 |
|---|---|---|
| SL150 | 軟體型保護 | 基本內容保護 |
| SL2000 | 硬體型保護 | 標準進階內容 |
| SL3000 | 硬體安全模型 | Ultra-Premium 內容 |
憑證鏈結資訊
鏈結中的每個憑證都提供:
- ManufacturerName - 裝置製造商
- ModelName - 裝置型號標識符
- ModelNumber - 特定模型版本
- DigestValue - 憑證指紋
- 平臺 -硬體平台類型
測試案例
用戶端功能偵測
async function detectClientCapabilities() {
const clientInfoUrl = 'http://test.playready.microsoft.com/service/rightsmanager.asmx?cfg=(msg:clientinfo)';
try {
const response = await sendLicenseRequest(clientInfoUrl);
const clientInfo = parseClientInfoResponse(response);
return {
version: clientInfo.clientVersion,
securityLevel: clientInfo.deviceCert.securityLevel,
features: clientInfo.supportedFeatures,
platform: clientInfo.deviceCert.platform,
manufacturer: clientInfo.certificateChain[0].manufacturerName
};
} catch (error) {
console.error('Failed to detect client capabilities:', error);
return null;
}
}
安全性層級驗證
async function validateSecurityLevel(requiredLevel) {
const clientInfo = await detectClientCapabilities();
if (!clientInfo) {
return { valid: false, reason: 'Could not detect client capabilities' };
}
const clientLevel = parseInt(clientInfo.securityLevel);
const required = parseInt(requiredLevel);
return {
valid: clientLevel >= required,
clientLevel: clientLevel,
requiredLevel: required,
reason: clientLevel >= required ? 'Security level sufficient' : 'Security level insufficient'
};
}
功能相容性測試
async function testFeatureCompatibility(requiredFeatures) {
const clientInfo = await detectClientCapabilities();
if (!clientInfo) {
return { compatible: false, reason: 'Could not detect client features' };
}
const missingFeatures = requiredFeatures.filter(
feature => !clientInfo.features.includes(feature)
);
return {
compatible: missingFeatures.length === 0,
supportedFeatures: clientInfo.features,
missingFeatures: missingFeatures,
requiredFeatures: requiredFeatures
};
}
授權伺服器實作
使用用戶端資訊進行授權決策
public class ClientInfoBasedLicenseHandler
{
public LicenseResponse GenerateLicense(LicenseRequest request)
{
var clientInfo = ExtractClientInfo(request.Challenge);
// Determine security level
var securityLevel = GetSecurityLevel(clientInfo);
// Check feature support
var supportedFeatures = GetSupportedFeatures(clientInfo);
// Build license based on client capabilities
var license = new LicenseBuilder()
.WithSecurityLevel(securityLevel)
.WithFeatures(supportedFeatures)
.WithOutputProtections(GetOutputProtections(securityLevel))
.Build();
return new LicenseResponse(license);
}
private SecurityLevel GetSecurityLevel(ClientInfo clientInfo)
{
switch (clientInfo.DeviceCertificate.SecurityLevel)
{
case 3000:
return SecurityLevel.SL3000;
case 2000:
return SecurityLevel.SL2000;
default:
return SecurityLevel.SL150;
}
}
private List<string> GetSupportedFeatures(ClientInfo clientInfo)
{
var features = new List<string>();
if (clientInfo.SupportedFeatures.Contains("PlayReady3Features"))
{
features.Add("AdvancedOutputProtection");
features.Add("SecureStop");
}
if (clientInfo.SupportedFeatures.Contains("SecureClock"))
{
features.Add("AntiRollback");
}
return features;
}
}
Platform-Specific 授權邏輯
public OutputProtectionLevels DetermineOutputProtections(ClientInfo clientInfo)
{
var protections = new OutputProtectionLevels();
// Adjust based on platform
switch (clientInfo.Platform.ToLower())
{
case "windowsonx86":
case "windowsonx64":
protections.CompressedDigitalVideo = 270;
protections.UncompressedDigitalVideo = 270;
break;
case "oem":
// Custom OEM device - check manufacturer
if (IsHighSecurityOEM(clientInfo.ManufacturerName))
{
protections.CompressedDigitalVideo = 270;
protections.UncompressedDigitalVideo = 270;
}
else
{
protections.CompressedDigitalVideo = 200;
protections.UncompressedDigitalVideo = 200;
}
break;
default:
// Conservative defaults for unknown platforms
protections.CompressedDigitalVideo = 150;
protections.UncompressedDigitalVideo = 150;
break;
}
return protections;
}
用戶端資訊分析
Windows 平臺分析
Windows 10 Edge 用戶端特性:
- 平臺:
WindowsOnX86 - 安全性等級:
2000(SL2000) - 健全性版本:硬體特定值
- 憑證鏈結:Microsoft發行的憑證
- 功能:標準 PlayReady 3.0 功能集
OEM 裝置分析
自訂 OEM 用戶端特性:
- 平臺:
OEM - 安全性等級:
3000(SL3000) - 製造商:自定義 OEM 名稱
- 憑證鏈結:OEM + Microsoft憑證
- 功能:進階 PlayReady 3.0+ 功能
最佳做法
用戶端資訊使用方式
- 安全性層級驗證 - 確認用戶端符合內容安全性需求
- 功能偵測 - 根據支援的功能調整授權
- 平台優化 - 優化特定平台的設定
- 憑證驗證 - 驗證憑證鏈結完整性
- 功能比對 - 比對內容需求與用戶端功能
授權產生策略
- 保守的預設值 - 針對未知用戶端使用安全預設值
- 漸進式增強 - 根據用戶端功能新增功能
- 安全性優先 - 優先處理功能的安全性
- 平臺感知 - 考慮平臺特定限制
- 未來相容性 - 針對向前相容性設計
相關文件
- PlayReady Test Server 服務 - 主要測試伺服器功能
- 查詢字串語法 - 參數語法參考
- 測試輸出保護 - 輸出 保護測試
- PlayReady 測試伺服器 - 完整伺服器檔
支援資源
商務查詢
- 電子郵件: playready@microsoft.com
作業查詢
- 網站: http://wmlalicensing.com/
- 電子郵件: ipla@microsoft.com
技術支援
- 支援入口網站: PlayReady 技術支援
訓練資訊
- 電子郵件: plyrdyev@microsoft.com