通过存储加密来加密内容Encrypting your content with storage encryption

媒体服务徽标media services logo


备注

要完成本教程,需要一个 Azure 帐户。To complete this tutorial, you need an Azure account. 有关详细信息,请参阅试用For details, see Azure trial. 不会向媒体服务 v2 添加任何新特性或新功能。No new features or functionality are being added to Media Services v2.
查看最新版本:媒体服务 v3Check out the latest version, Media Services v3. 另请参阅从 v2 到 v3 的迁移指南Also, see migration guidance from v2 to v3

本文概述了 AMS 存储空间加密并演示了如何上传存储空间加密的内容:This article gives an overview of AMS storage encryption and shows you how to upload the storage encrypted content:

  • 创建内容密钥。Create a content key.

  • 创建资产。Create an Asset. 创建资产时,请将 AssetCreationOption 设置为 StorageEncryption。Set the AssetCreationOption to StorageEncryption when creating the Asset.

    加密的资产将与内容密钥相关联。Encrypted assets are associated with content keys.

  • 将内容密钥链接到资产。Link the content key to the asset.

  • 对 AssetFile 实体设置加密相关的参数。Set the encryption-related parameters on the AssetFile entities.

注意事项Considerations

如果要传送存储加密资产,则必须配置资产的传送策略。If you want to deliver a storage encrypted asset, you must configure the asset’s delivery policy. 在流式传输资产之前,流式处理服务器会删除存储加密,然后再使用指定的传送策略流式传输内容。Before your asset can be streamed, the streaming server removes the storage encryption and streams your content using the specified delivery policy. 有关详细信息,请参阅配置资产传送策略For more information, see Configuring Asset Delivery Policies.

访问媒体服务中的实体时,必须在 HTTP 请求中设置特定标头字段和值。When accessing entities in Media Services, you must set specific header fields and values in your HTTP requests. 有关详细信息,请参阅媒体服务 REST API 开发的设置For more information, see Setup for Media Services REST API Development.

存储端加密Storage side encryption

加密选项Encryption option 说明Description 媒体服务 v2Media Services v2 媒体服务 v3Media Services v3
媒体服务存储加密Media Services Storage Encryption AES-256 加密,媒体服务管理的密钥AES-256 encryption, key managed by Media Services 支持(1)Supported(1) 不支持(2)Not supported(2)
静态数据的存储服务加密Storage Service Encryption for Data at Rest 由 Azure 存储提供的服务器端加密,由 Azure 或客户管理的密钥Server-side encryption offered by Azure Storage, key managed by Azure or by customer 支持Supported 支持Supported
存储客户端加密Storage Client-Side Encryption 由 Azure 存储提供的客户端加密,由 Key Vault 中的客户管理的密钥Client-side encryption offered by Azure storage, key managed by customer in Key Vault 不支持Not supported 不支持Not supported

1 虽然媒体服务确实支持处理明文形式(未经过任何形式的加密)的内容,但不建议这样做。1 While Media Services does support handling of content in the clear/without any form of encryption, doing so is not recommended.

2 在媒体服务 v3 中,仅当资产是使用媒体服务 v2 创建的时才支持存储加密(AES-256 加密)以实现向后兼容性。2 In Media Services v3, storage encryption (AES-256 encryption) is only supported for backwards compatibility when your Assets were created with Media Services v2. 这意味着 v3 会处理现有的存储加密资产,但不会允许创建新资产。Meaning v3 works with existing storage encrypted assets but will not allow creation of new ones.

连接到媒体服务Connect to Media Services

若要了解如何连接到 AMS API,请参阅通过 Azure AD 身份验证访问 Azure 媒体服务 APIFor information on how to connect to the AMS API, see Access the Azure Media Services API with Azure AD authentication.

存储空间加密概述Storage encryption overview

AMS 存储加密将 AES-CTR 模式加密应用于整个文件。The AMS storage encryption applies AES-CTR mode encryption to the entire file. AES-CTR 模式是一分组加密,无需填充便可对任意长度的数据进行加密。AES-CTR mode is a block cipher that can encrypt arbitrary length data without need for padding. 它采用 AES 算法加密计数器分组,并使用要加密或解密的数据对 AES 的输出执行异或运算。It operates by encrypting a counter block with the AES algorithm and then XOR-ing the output of AES with the data to encrypt or decrypt. 通过将 InitializationVector 的值复制到计数器值的 0 到 7 字节来构造所用的计数器分组,而计数器值的 8 到 15 字节设置为零。The counter block used is constructed by copying the value of the InitializationVector to bytes 0 to 7 of the counter value and bytes 8 to 15 of the counter value are set to zero. 在长度为 16 字节的计数器分组中,8 到 15 字节(即,最少有效字节)用作简单的 64 位无符号整数,对于所处理数据的每个后续分组,该整数都会递增 1 并保留网络字节顺序。Of the 16-byte counter block, bytes 8 to 15 (that is, the least significant bytes) are used as a simple 64-bit unsigned integer that is incremented by one for each subsequent block of data processed and is kept in network byte order. 如果此整数达到最大值 (0xFFFFFFFFFFFFFFFF),则递增会将分组计数器重置为零(8 到 15 字节),且不会影响其他 64 位计数器(即 0 到 7 字节)。If this integer reaches the maximum value (0xFFFFFFFFFFFFFFFF), then incrementing it resets the block counter to zero (bytes 8 to 15) without affecting the other 64 bits of the counter (that is, bytes 0 to 7). 为了维护 AES-CTR 模式加密的安全性,每个内容密钥的给定密钥标识符的 InitializationVector 值对每个文件必须是唯一的,且文件长度应小于 2^64 分组。In order to maintain the security of the AES-CTR mode encryption, the InitializationVector value for a given Key Identifier for each content key shall be unique for each file and files shall be less than 2^64 blocks in length. 此值唯一是为了确保计数器值永远不会重复用于给定密钥。This unique value is to ensure that a counter value is never reused with a given key. 有关 CTR 模式的详细信息,请参阅此 wiki 页(此 wiki 文章使用术语“Nonce”取代“InitializationVector”)。For more information about the CTR mode, see this wiki page (the wiki article uses the term "Nonce" instead of "InitializationVector").

使用存储加密通过 AES-256 位加密在本地加密明文内容,然后将其上传到 Azure 存储以加密形式静态存储相关内容。Use Storage Encryption to encrypt your clear content locally using AES-256 bit encryption and then upload it to Azure Storage where it is stored encrypted at rest. 受存储加密保护的资产会在编码前自动解密并放入经过加密的文件系统中,并可选择在重新上传为新的输出资产前重新加密。Assets protected with storage encryption are automatically unencrypted and placed in an encrypted file system prior to encoding, and optionally re-encrypted prior to uploading back as a new output asset. 存储加密的主要用例是在磁盘上通过静态增强加密来保护高品质的输入媒体文件。The primary use case for storage encryption is when you want to secure your high-quality input media files with strong encryption at rest on disk.

要传送存储加密资产,必须配置资产的传送策略,以使媒体服务了解要如何传送内容。In order to deliver a storage encrypted asset, you must configure the asset’s delivery policy so Media Services knows how you want to deliver your content. 在流式传输资产之前,流式处理服务器会删除存储加密,然后再使用指定的传传送策略(例如 AES、通用加密或无加密)流式传输内容。Before your asset can be streamed, the streaming server removes the storage encryption and streams your content using the specified delivery policy (for example, AES, common encryption, or no encryption).

创建用于加密的 ContentKeyCreate ContentKeys used for encryption

加密的资产将与存储加密密钥相关联。Encrypted assets are associated with Storage Encryption keys. 创建资产文件前,请创建用于加密的内容密钥。Create the content key to be used for encryption before creating the asset files. 本节介绍如何创建内容密钥。This section describes how to create a content key.

以下是用于生成内容密钥的常规步骤,你会将这些内容密钥与想要进行加密的资产关联。The following are general steps for generating content keys that you associate with assets that you want to be encrypted.

  1. 对于存储空间加密,随机生成一个 32 字节的 AES 密钥。For storage encryption, randomly generate a 32-byte AES key.

    这个 32 字节的 AES 密钥是资产的内容密钥,这意味着该资产的所有关联文件在解密过程中需要使用同一内容密钥。The 32-byte AES Key is the content key for your asset, which means all files associated with that asset need to use the same content key during decryption.

  2. 调用 GetProtectionKeyIdGetProtectionKey 方法来获取正确的 X.509 证书,必须使用该证书加密内容密钥。Call the GetProtectionKeyId and GetProtectionKey methods to get the correct X.509 Certificate that must be used to encrypt your content key.

  3. 使用 X.509 证书的公钥来加密内容密钥。Encrypt your content key with the public key of the X.509 Certificate.

    媒体服务 .NET SDK 在加密时使用 RSA 和 OAEP。Media Services .NET SDK uses RSA with OAEP when doing the encryption. 可以参阅 EncryptSymmetricKeyData 函数中的 .NET 示例。You can see a .NET example in the EncryptSymmetricKeyData function.

  4. 创建使用密钥标识符和内容密钥计算的校验和值。Create a checksum value calculated using the key identifier and content key. 下面的 .NET 示例将使用密钥标识符和明文内容密钥的 GUID 部分计算校验和。The following .NET example calculates the checksum using the GUID part of the key identifier and the clear content key.

    public static string CalculateChecksum(byte[] contentKey, Guid keyId)
    {
        const int ChecksumLength = 8;
        const int KeyIdLength = 16;
    
        byte[] encryptedKeyId = null;
    
        // Checksum is computed by AES-ECB encrypting the KID
        // with the content key.
        using (AesCryptoServiceProvider rijndael = new AesCryptoServiceProvider())
        {
            rijndael.Mode = CipherMode.ECB;
            rijndael.Key = contentKey;
            rijndael.Padding = PaddingMode.None;
    
            ICryptoTransform encryptor = rijndael.CreateEncryptor();
            encryptedKeyId = new byte[KeyIdLength];
            encryptor.TransformBlock(keyId.ToByteArray(), 0, KeyIdLength, encryptedKeyId, 0);
        }
    
        byte[] retVal = new byte[ChecksumLength];
        Array.Copy(encryptedKeyId, retVal, ChecksumLength);
    
        return Convert.ToBase64String(retVal);
    }
    
  5. 使用前面步骤中收到的 EncryptedContentKey(转换为 base64 编码的字符串)、ProtectionKeyIdProtectionKeyTypeContentKeyTypeChecksum 值创建内容密钥。Create the Content key with the EncryptedContentKey (converted to base64-encoded string), ProtectionKeyId, ProtectionKeyType, ContentKeyType, and Checksum values you have received in previous steps.

    对于存储空间加密,应在请求正文中包括以下属性。For storage encryption, the following properties should be included in the request body.

    请求正文属性Request body property 说明Description
    IDId 使用以下格式生成 ContentKey ID:“nb:kid:UUID:<NEW GUID>”。The ContentKey ID is generated using the following format, “nb:kid:UUID:<NEW GUID>”.
    ContentKeyTypeContentKeyType 内容密钥类型是一个整数,用于定义密钥。The content key type is an integer that defines the key. 存储加密格式的值为 1。For storage encryption format, the value is 1.
    EncryptedContentKeyEncryptedContentKey 我们创建一个新的内容密钥值,这是一个 256 位(32 字节)的值。We create a new content key value that is a 256-bit (32 bytes) value. 此密钥使用存储加密 X.509 证书进行加密,该证书是我们通过执行 GetProtectionKeyId 和 GetProtectionKey 方法的 HTTP GET 请求从 Microsoft Azure 媒体服务中检索到的。The key is encrypted using the storage encryption X.509 certificate that we retrieve from Microsoft Azure Media Services by executing an HTTP GET request for the GetProtectionKeyId and GetProtectionKey Methods. 有关示例,请参阅下面的 .NET 代码:此处定义的 EncryptSymmetricKeyData 方法。As an example, see the following .NET code: the EncryptSymmetricKeyData method defined here.
    ProtectionKeyIdProtectionKeyId 这是存储空间加密 X.509 证书的保护密钥 ID,用于加密内容密钥。This is the protection key ID for the storage encryption X.509 certificate that was used to encrypt our content key.
    ProtectionKeyTypeProtectionKeyType 这是用于加密内容密钥的保护密钥的加密类型。This is the encryption type for the protection key that was used to encrypt the content key. 对于我们的示例,此值为 StorageEncryption(1)。This value is StorageEncryption(1) for our example.
    校验和Checksum 内容密钥的 MD5 计算的校验和。The MD5 calculated checksum for the content key. 它通过使用内容密钥加密内容 ID 计算得出。It is computed by encrypting the content ID with the content key. 此示例代码演示了如何计算校验和。The example code demonstrates how to calculate the checksum.

检索 ProtectionKeyIdRetrieve the ProtectionKeyId

以下示例演示了如何检索证书的证书指纹 ProtectionKeyId,在加密内容密钥时必须使用此指纹。The following example shows how to retrieve the ProtectionKeyId, a certificate thumbprint, for the certificate you must use when encrypting your content key. 执行此步骤以确保计算机已具备适当的证书。Do this step to make sure that you already have the appropriate certificate on your machine.

请求:Request:

GET https://media.chinacloudapi.cn/api/GetProtectionKeyId?contentKeyType=0 HTTP/1.1
MaxDataServiceVersion: 3.0;NetFx
Accept: application/json
Accept-Charset: UTF-8
User-Agent: Microsoft ADO.NET Data Services
Authorization: Bearer <ENCODED JWT TOKEN>
x-ms-version: 2.19
Host: media.chinacloudapi.cn

响应:Response:

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 139
Content-Type: application/json;odata=minimalmetadata;streaming=true;charset=utf-8
Server: Microsoft-IIS/8.5
request-id: 2b6aa7a4-3a09-4b08-b581-26b55667f817
x-ms-request-id: 2b6aa7a4-3a09-4b08-b581-26b55667f817
X-Content-Type-Options: nosniff
DataServiceVersion: 3.0;
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Wed, 04 Feb 2015 02:42:52 GMT

{"odata.metadata":"https://wamsbayclus001rest-hs.chinacloudapp.cn/api/$metadata#Edm.String","value":"7D9BB04D9D0A4A24800CADBFEF232689E048F69C"}

检索 ProtectionKeyId 的 ProtectionKeyRetrieve the ProtectionKey for the ProtectionKeyId

以下示例演示如何使用在上一步中收到的 ProtectionKeyId 来检索 X.509 证书。The following example shows how to retrieve the X.509 certificate using the ProtectionKeyId you received in the previous step.

请求:Request:

GET https://media.chinacloudapi.cn/api/GetProtectionKey?ProtectionKeyId='7D9BB04D9D0A4A24800CADBFEF232689E048F69C' HTTP/1.1
MaxDataServiceVersion: 3.0;NetFx
Accept: application/json
Accept-Charset: UTF-8
User-Agent: Microsoft ADO.NET Data Services
Authorization: Bearer <ENCODED JWT TOKEN> 
x-ms-version: 2.19
x-ms-client-request-id: 78d1247a-58d7-40e5-96cc-70ff0dfa7382
Host: media.chinacloudapi.cn

响应:Response:

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 1227
Content-Type: application/json;odata=minimalmetadata;streaming=true;charset=utf-8
Server: Microsoft-IIS/8.5
x-ms-client-request-id: 78d1247a-58d7-40e5-96cc-70ff0dfa7382
request-id: 1523e8f3-8ed2-40fe-8a9a-5d81eb572cc8
x-ms-request-id: 1523e8f3-8ed2-40fe-8a9a-5d81eb572cc8
X-Content-Type-Options: nosniff
DataServiceVersion: 3.0;
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Thu, 05 Feb 2015 07:52:30 GMT

{"odata.metadata":"https://wamsbayclus001rest-hs.chinacloudapp.cn/api/$metadata#Edm.String",
"value":"MIIDSTCCAjGgAwIBAgIQqf92wku/HLJGCbMAU8GEnDANBgkqhkiG9w0BAQQFADAuMSwwKgYDVQQDEyN3YW1zYmx1cmVnMDAxZW5jcnlwdGFsbHNlY3JldHMtY2VydDAeFw0xMjA1MjkwNzAwMDBaFw0zMjA1MjkwNzAwMDBaMC4xLDAqBgNVBAMTI3dhbXNibHVyZWcwMDFlbmNyeXB0YWxsc2VjcmV0cy1jZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzR0SEbXefvUjb9wCUfkEiKtGQ5Gc328qFPrhMjSo+YHe0AVviZ9YaxPPb0m1AaaRV4dqWpST2+JtDhLOmGpWmmA60tbATJDdmRzKi2eYAyhhE76MgJgL3myCQLP42jDusWXWSMabui3/tMDQs+zfi1sJ4Ch/lm5EvksYsu6o8sCv29VRwxfDLJPBy2NlbV4GbWz5Qxp2tAmHoROnfaRhwp6WIbquk69tEtu2U50CpPN2goLAqx2PpXAqA+prxCZYGTHqfmFJEKtZHhizVBTFPGS3ncfnQC9QIEwFbPw6E5PO5yNaB68radWsp5uvDg33G1i8IT39GstMW6zaaG7cNQIDAQABo2MwYTBfBgNVHQEEWDBWgBCOGT2hPhsvQioZimw8M+jOoTAwLjEsMCoGA1UEAxMjd2Ftc2JsdXJlZzAwMWVuY3J5cHRhbGxzZWNyZXRzLWNlcnSCEKn/dsJLvxyyRgmzAFPBhJwwDQYJKoZIhvcNAQEEBQADggEBABcrQPma2ekNS3Wc5wGXL/aHyQaQRwFGymnUJ+VR8jVUZaC/U/f6lR98eTlwycjVwRL7D15BfClGEHw66QdHejaViJCjbEIJJ3p2c9fzBKhjLhzB3VVNiLIaH6RSI1bMPd2eddSCqhDIn3VBN605GcYXMzhYp+YA6g9+YMNeS1b+LxX3fqixMQIxSHOLFZ1G/H2xfNawv0VikH3djNui3EKT1w/8aRkUv/AAV0b3rYkP/jA1I0CPn0XFk7STYoiJ3gJoKq9EMXhit+Iwfz0sMkfhWG12/XO+TAWqsK1ZxEjuC9OzrY7pFnNxs4Mu4S8iinehduSpY+9mDd3dHynNwT4="}

创建内容密钥Create the content key

检索到 X.509 证书并使用其公钥加密内容密钥后,可创建 ContentKey 实体并设置相应属性值。After you have retrieved the X.509 certificate and used its public key to encrypt your content key, create a ContentKey entity and set its property values accordingly.

创建内容密钥时必须设置的值之一是内容密钥类型。One of the values that you must set when create the content key is the type. 使用存储加密时,该值应设置为“1”。When using storage encryption, the value should be set to '1'.

以下示例演示了如何创建 ContentKey,其中 ContentKeyType 设置为存储加密(“1”)且 ProtectionKeyType 设置为“0”,以指示保护密钥 ID 是 X.509 证书指纹。The following example shows how to create a ContentKey with a ContentKeyType set for storage encryption ("1") and the ProtectionKeyType set to "0" to indicate that the protection key ID is the X.509 certificate thumbprint.

请求Request

POST https://media.chinacloudapi.cn/api/ContentKeys HTTP/1.1
Content-Type: application/json
DataServiceVersion: 1.0;NetFx
MaxDataServiceVersion: 3.0;NetFx
Accept: application/json
Accept-Charset: UTF-8
User-Agent: Microsoft ADO.NET Data Services
Authorization: Bearer <ENCODED JWT TOKEN>
x-ms-version: 2.19
Host: media.chinacloudapi.cn
{
"Name":"ContentKey",
"ProtectionKeyId":"7D9BB04D9D0A4A24800CADBFEF232689E048F69C", 
"ContentKeyType":"1", 
"ProtectionKeyType":"0",
"EncryptedContentKey":"your encrypted content key",
"Checksum":"calculated checksum"
}

响应:Response:

HTTP/1.1 201 Created
Cache-Control: no-cache
Content-Length: 777
Content-Type: application/json;odata=minimalmetadata;streaming=true;charset=utf-8
Location: https://media.chinacloudapi.cn/api/ContentKeys('nb%3Akid%3AUUID%3A9c8ea9c6-52bd-4232-8a43-8e43d8564a99')
Server: Microsoft-IIS/8.5
request-id: 76e85e0f-5cf1-44cb-b689-b3455888682c
x-ms-request-id: 76e85e0f-5cf1-44cb-b689-b3455888682c
X-Content-Type-Options: nosniff
DataServiceVersion: 3.0;
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Wed, 04 Feb 2015 02:37:46 GMT

{"odata.metadata":"https://wamsbayclus001rest-hs.chinacloudapp.cn/api/$metadata#ContentKeys/@Element",
"Id":"nb:kid:UUID:9c8ea9c6-52bd-4232-8a43-8e43d8564a99","Created":"2015-02-04T02:37:46.9684379Z",
"LastModified":"2015-02-04T02:37:46.9684379Z",
"ContentKeyType":1,
"EncryptedContentKey":"your encrypted content key",
"Name":"ContentKey",
"ProtectionKeyId":"7D9BB04D9D0A4A24800CADBFEF232689E048F69C",
"ProtectionKeyType":0,
"Checksum":"calculated checksum"}

创建资产Create an asset

以下示例说明了如何创建资产。The following example shows how to create an asset.

HTTP 请求HTTP Request

POST https://media.chinacloudapi.cn/api/Assets HTTP/1.1
Content-Type: application/json
DataServiceVersion: 1.0;NetFx
MaxDataServiceVersion: 3.0;NetFx
Accept: application/json
Accept-Charset: UTF-8
Authorization: Bearer <ENCODED JWT TOKEN>
x-ms-version: 2.19
Host: media.chinacloudapi.cn

{"Name":"BigBuckBunny" "Options":1}

HTTP 响应HTTP Response

如果成功,将返回以下响应:If successful, the following response is returned:

HTP/1.1 201 Created
Cache-Control: no-cache
Content-Length: 452
Content-Type: application/json;odata=minimalmetadata;streaming=true;charset=utf-8
Location: https://wamsbayclus001rest-hs.chinacloudapp.cn/api/Assets('nb%3Acid%3AUUID%3A9bc8ff20-24fb-4fdb-9d7c-b04c7ee573a1')
Server: Microsoft-IIS/8.5
x-ms-client-request-id: c59de965-bc89-4295-9a57-75d897e5221e
request-id: e98be122-ae09-473a-8072-0ccd234a0657
x-ms-request-id: e98be122-ae09-473a-8072-0ccd234a0657
X-Content-Type-Options: nosniff
DataServiceVersion: 3.0;
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Sun, 18 Jan 2015 22:06:40 GMT
{  
   "odata.metadata":"https://wamsbayclus001rest-hs.chinacloudapp.cn/api/$metadata#Assets/@Element",
   "Id":"nb:cid:UUID:9bc8ff20-24fb-4fdb-9d7c-b04c7ee573a1",
   "State":0,
   "Created":"2015-01-18T22:06:40.6010903Z",
   "LastModified":"2015-01-18T22:06:40.6010903Z",
   "AlternateId":null,
   "Name":"BigBuckBunny.mp4",
   "Options":1,
   "Uri":"https://storagetestaccount001.blob.core.chinacloudapi.cn/asset-9bc8ff20-24fb-4fdb-9d7c-b04c7ee573a1",
   "StorageAccountName":"storagetestaccount001"
}

将 ContentKey 与资产关联Associate the ContentKey with an Asset

创建 ContentKey 后,使用 $links 操作将其与资产关联,如以下示例所示:After creating the ContentKey, associate it with your Asset using the $links operation, as shown in the following example:

请求:Request:

POST https://media.chinacloudapi.cn/api/Assets('nb%3Acid%3AUUID%3Afbd7ce05-1087-401b-aaae-29f16383c801')/$links/ContentKeys HTTP/1.1
DataServiceVersion: 1.0;NetFx
MaxDataServiceVersion: 3.0;NetFx
Accept: application/json
Accept-Charset: UTF-8
Content-Type: application/json
Authorization: Bearer <ENCODED JWT TOKEN>
x-ms-version: 2.19
Host: media.chinacloudapi.cn

{"uri":"https://wamsbayclus001rest-hs.chinacloudapp.cn/api/ContentKeys('nb%3Akid%3AUUID%3A01e6ea36-2285-4562-91f1-82c45736047c')"}

响应:Response:

HTTP/1.1 204 No Content 

创建 AssetFileCreate an AssetFile

AssetFile 实体表示 blob 容器中存储的视频或音频文件。The AssetFile entity represents a video or audio file that is stored in a blob container. 一个资产文件始终与一个资产关联,而一个资产则可能包含一个或多个资产文件。An asset file is always associated with an asset, and an asset may contain one or many asset files. 如果资产文件对象未与 blob 容器中的数字文件关联,则媒体服务编码器任务将失败。The Media Services Encoder task fails if an asset file object is not associated with a digital file in a blob container.

AssetFile 实例和实际媒体文件是两个不同的对象。The AssetFile instance and the actual media file are two distinct objects. AssetFile 实例包含有关媒体文件的元数据,而媒体文件包含实际媒体内容。The AssetFile instance contains metadata about the media file, while the media file contains the actual media content.

将数字媒体文件上传到 blob 容器后,需要使用 MERGE HTTP 请求来更新 AssetFile 中有关媒体文件的信息(本文中未展示)****。After you upload your digital media file into a blob container, you will use the MERGE HTTP request to update the AssetFile with information about your media file (not shown in this article).

HTTP 请求HTTP Request

POST https://media.chinacloudapi.cn/api/Files HTTP/1.1
Content-Type: application/json
DataServiceVersion: 1.0;NetFx
MaxDataServiceVersion: 3.0;NetFx
Accept: application/json
Accept-Charset: UTF-8
Authorization: Bearer <ENCODED JWT TOKEN>
x-ms-version: 2.19
Host: media.chinacloudapi.cn
Content-Length: 164

{  
   "IsEncrypted":"true",
   "EncryptionScheme" : "StorageEncryption", 
   "EncryptionVersion" : "1.0",       
   "EncryptionKeyId" : "nb:kid:UUID:32e6efaf-5fba-4538-b115-9d1cefe43510",
   "InitializationVector" : "397304628502661816</d:InitializationVector",
   "Options":0,
   "IsPrimary":"false",
   "MimeType":"video/mp4",
   "Name":"BigBuckBunny.mp4",
   "ParentAssetId":"nb:cid:UUID:9bc8ff20-24fb-4fdb-9d7c-b04c7ee573a1"
}

HTTP 响应HTTP Response

HTTP/1.1 201 Created
Cache-Control: no-cache
Content-Length: 535
Content-Type: application/json;odata=minimalmetadata;streaming=true;charset=utf-8
Location: https://wamsbayclus001rest-hs.chinacloudapp.cn/api/Files('nb%3Acid%3AUUID%3Af13a0137-0a62-9d4c-b3b9-ca944b5142c5')
Server: Microsoft-IIS/8.5
request-id: 98a30e2d-f379-4495-988e-0b79edc9b80e
x-ms-request-id: 98a30e2d-f379-4495-988e-0b79edc9b80e
X-Content-Type-Options: nosniff
DataServiceVersion: 3.0;
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Mon, 19 Jan 2015 00:34:07 GMT

{  
   "odata.metadata":"https://wamsbayclus001rest-hs.chinacloudapp.cn/api/$metadata#Files/@Element",
   "Id":"nb:cid:UUID:f13a0137-0a62-9d4c-b3b9-ca944b5142c5",
   "Name":"BigBuckBunny.mp4",
   "ContentFileSize":"0",
   "ParentAssetId":"nb:cid:UUID:9bc8ff20-24fb-4fdb-9d7c-b04c7ee573a1",
   "EncryptionVersion": "1.0",
   "EncryptionScheme": "StorageEncryption",
   "IsEncrypted":true,
   "EncryptionKeyId":"nb:kid:UUID:32e6efaf-5fba-4538-b115-9d1cefe43510",
   "InitializationVector":"397304628502661816</d:InitializationVector",
   "IsPrimary":false,
   "LastModified":"2015-01-19T00:34:08.1934137Z",
   "Created":"2015-01-19T00:34:08.1934137Z",
   "MimeType":"video/mp4",
   "ContentChecksum":null
}