MediaSecurity AddOn Package (SecureToken, RTMP & RTSP Authentication and more)

Wowza Developer Dojo
61

My conf/application.xml works with this:

true

live

${com.wowza.wms.context.VHostConfigHome}/content

${com.wowza.wms.context.VHostConfigHome}/keys

cupertinostreaming,smoothstreaming

-1

*

*

*

*

digest

digest

senderreport

12000

*

base

Base

com.wowza.wms.module.ModuleCore

properties

Properties

com.wowza.wms.module.ModuleProperties

logging

Client Logging

com.wowza.wms.module.ModuleClientLogging

flvplayback

FLVPlayback

com.wowza.wms.module.ModuleFLVPlayback

ModuleMediaCasterStreamManager

ModuleMediaCasterStreamManager

com.wowza.wms.plugin.mediacasterstreammanager.ModuleMediaCasterStreamManager

streamcontroller

ModuleStreamControl

com.wowza.wms.plugin.collection.module.ModuleStreamControl

ModuleRTMPAuthenticate

ModuleRTMPAuthenticate

com.wowza.wms.plugin.security.ModuleRTMPAuthenticate

ModuleLiveStreamRecord

ModuleLiveStreamRecord

com.wowza.wms.plugin.livestreamrecord.ModuleLiveStreamRecord

mediaCasterStreamManagerPassword

1234567

FeatureBreak

10000

but if I change it to this so that I can use secure token it keeps coming up this an error:

true

live

${com.wowza.wms.context.VHostConfigHome}/content

${com.wowza.wms.context.VHostConfigHome}/keys

cupertinostreaming,smoothstreaming

-1

*

*

*

*

digest

digest

senderreport

12000

*

base

Base

com.wowza.wms.module.ModuleCore

properties

Properties

com.wowza.wms.module.ModuleProperties

logging

Client Logging

com.wowza.wms.module.ModuleClientLogging

flvplayback

FLVPlayback

com.wowza.wms.module.ModuleFLVPlayback

ModuleMediaCasterStreamManager

ModuleMediaCasterStreamManager

com.wowza.wms.plugin.mediacasterstreammanager.ModuleMediaCasterStreamManager

streamcontroller

ModuleStreamControl

com.wowza.wms.plugin.collection.module.ModuleStreamControl

ModuleRTMPAuthenticate

ModuleRTMPAuthenticate

com.wowza.wms.plugin.security.ModuleRTMPAuthenticate

ModuleLiveStreamRecord

ModuleLiveStreamRecord

com.wowza.wms.plugin.livestreamrecord.ModuleLiveStreamRecord

ModuleSecureToken

ModuleSecureToken

com.wowza.wms.plugin.security.ModuleSecureToken

mediaCasterStreamManagerPassword

1234567

secureTokenSharedSecret

#ed%h0#w@1

requireSecureConnection

true

Boolean

FeatureBreak

10000

I have looked inside the “lib” folder I can see the wms.plugin-security.jar but can not see anything about com.wowza.wms.plugin.security.ModuleSecureToken. May be am missing something.

Thanks for your kind help

62

Still can not get this to work. My live stream works quite well until I add "

secureTokenSharedSecret

##*()!"£$

requireSecureConnection

true

Boolean

The complete app.xml looks like this:

true

live

${com.wowza.wms.context.VHostConfigHome}/content

${com.wowza.wms.context.VHostConfigHome}/keys

cupertinostreaming,smoothstreaming

-1

*

*

*

*

digest

digest

senderreport

12000

base

Base

com.wowza.wms.module.ModuleCore

properties

Properties

com.wowza.wms.module.ModuleProperties

logging

Client Logging

com.wowza.wms.module.ModuleClientLogging

flvplayback

FLVPlayback

com.wowza.wms.module.ModuleFLVPlayback

ModuleMediaCasterStreamManager

ModuleMediaCasterStreamManager

com.wowza.wms.plugin.mediacasterstreammanager.ModuleMediaCasterStreamManager

streamcontroller

ModuleStreamControl

com.wowza.wms.plugin.collection.module.ModuleStreamControl

ModuleLiveStreamRecord

ModuleLiveStreamRecord

com.wowza.wms.plugin.livestreamrecord.ModuleLiveStreamRecord

ModuleRTMPAuthenticate

ModuleRTMPAuthenticate

com.wowza.wms.plugin.security.ModuleRTMPAuthenticate

secureTokenSharedSecret

##*()!"£$

requireSecureConnection

true

Boolean

mediaCasterStreamManagerPassword

Samuel001

Thanks.

63

I have not even got to the extent of using the Player. I have noticed that when I add:

secureTokenSharedSecret

##*()!"£$

requireSecureConnection

true

Boolean

then these errors begins to show up

Missing function: createStream

WARN server comment 2010-01-25 21:14:21 - - - - - 105.238 - - - - - - - - Missing function: deleteStream

WARN server comment 2010-01-25 21:14:24 - - - - - 108.172 - - - - - - - - Missing function: releaseStream

WARN server comment 2010-01-25 21:14:24 - - - - - 108.172 - - - - - - - - Missing function: FCPublish

WARN server comment 2010-01-25 21:14:24 - - - - - 108.173 - - - - - - - - Missing function: createStream

WARN server comment 2010-01-25 21:14:34 - - - - - 118.404 - - - - - - - - Missing function: deleteStream

WARN server comment 2010-01-25 21:14:37 - - - - - 121.344 - - - - - - - - Missing function: releaseStream

WARN server comment 2010-01-25 21:14:37 - - - - - 121.344 - - - - - - - - Missing function: FCPublish

WARN server comment 2010-01-25 21:14:37 - - - - - 121.345 - - - - - - - - Missing function: createStream

The error is coming up because Wirecast is no longer able to publish to WMS. If I delete the added “properties” then it will begin again to publish to WMS and the error goes away.

Thanks.

64

Thanks for your help.

I doubt if the issue is do with the app.xml. I have added a new one which now looks like this:

true

live

${com.wowza.wms.context.VHostConfigHome}/content

${com.wowza.wms.context.VHostConfigHome}/keys

cupertinostreaming,smoothstreaming

-1

*

*

*

*

digest

digest

senderreport

12000

*

base

Base

com.wowza.wms.module.ModuleCore

properties

Properties

com.wowza.wms.module.ModuleProperties

logging

Client Logging

com.wowza.wms.module.ModuleClientLogging

flvplayback

FLVPlayback

com.wowza.wms.module.ModuleFLVPlayback

ModuleRTMPAuthenticate

ModuleRTMPAuthenticate

com.wowza.wms.plugin.security.ModuleRTMPAuthenticate

secureTokenSharedSecret

sam%^&*()!"£$

requireSecureConnection

true

Boolean

The only property(s) I added to a new one are in Bold except also that I changed stream type to “live”. Perhaps if possible you may kindly send me one.

Thanks.

65

Thanks Richard. That is spot on. It turns out that WMS did not like the token I was using. Changed it as suggested to “s#a#m%###” and that worked. Now the attention will be shifted to the player so that it can use the token and “rtmpe” using flowplayer.

I know compiling flowplayer is not the easiest but I will try it nonetheless. Changing the BuiltInConfig.as as follows has been suggested:

package {

import org.flowplayer.rtmp.RTMPStreamProvider;

import org.flowplayer.securestreaming.SecureStreaming;

public class BuiltInConfig {

private var rtmp:org.flowplayer.rtmp.RTMPStreamProvider;

private var secure:org.flowplayer.securestreaming.SecureStreaming;

public static const config:Object = {

plugins:{

rtmp: {

url: ‘org.flowplayer.rtmp.RTMPStreamProvider’,

// change this to your server RTMP url

netConnectionUrl: ‘rtmp://my.netdna.com/live’

},

secure: {

url: ‘org.flowplayer.securestreaming.SecureStreaming’,

// the shared secret value as configured for wowza

token: ‘somethibng’

}

},

clip: {

// hardcode the clip URL

url: ‘live’,

// use secure streaming

connectionProvider: ‘secure’

},

logo: {

// URL pointing to the logo in my server

url: ‘http://mydomain.com/logo.jpg’,

// top, right corner

top: 10,

right: 10,

// show always

fullscreenOnly: false

}

}

}

}

I know you suggested this code here - https://www.wowza.com/forums/showthread.php?t=6196#4:

override protected function onConnectionStatus(event:NetStatusEvent):void {

log.debug("received connection status " + event.info.code);

if (event.info.code == “NetConnection.Connect.Success”)

{

if (event.info.secureToken != undefined) {

log.debug(“received secure token”);

var secureResult:Object = new Object();

secureResult.onResult = function(isSuccessful:Boolean):void {

log.info("secureTokenResponse: " + isSuccessful);

if (! isSuccessful) {

log.error(“secure token not accepted.”);

handleError(“secure token was not accepted by the server”);

}

};

// Secure ONLY (also uncomment 3 lines below to use this)

//connection.call(“secureTokenResponse”, new Responder(secureResult.onResult as Function), TEA.decrypt(event.info.secureToken, “YourSecureTokenHERE”));

//Secure or Unsecure

connection.call(“secureTokenResponse”, null, TEA.decrypt(event.info.secureToken, “YourSecureTokenHERE”));

// ucomment these for Secure Only

// } else {

// log.error(“secure token was not received from the server”);

// handleError(“secure token not received from server”);

}

}

}

I will try both codes but I will want to use secure connections without any option for unsecure connection

Thanks

66

Not really sure what the issue is when I try this with “live” it does not work with secure relaying. It keeps saying that the clip is missing. - http://www.cjastream.com/flowplayer/securess.html. If i remove sure relaying code it can see the clip. There are no errors in the log file of WMS.

Thanks for any help

67

I have tried same and got the same error but when I deleted

secureTokenSharedSecret

1gt345

requireSecureConnection

true

Boolean

I will think the problem is not with the application because when the above properties are remove, same works and only stopped working is secure token is activated.

Is there a way of compiling the secure token into the LiveVideoStreaming example player. The ?doconnect may be the problem.

Thanks.

68

Hello Richard,

I now have the code like this but can not see any video playing. The player does not even come. I checked the log and no error in the error log:-

}

function ncOnStatus(infoObject:NetStatusEvent)

{

trace(“nc: “+infoObject.info.code+” (”+infoObject.info.description+")");

if (infoObject.info.secureToken != undefined) //<— SecureToken change here - respond with decoded secureToken

{

var secureResult:Object = new Object();

secureResult.onResult = function(isSuccessful:Boolean):void

{

trace("secureTokenResponse: "+isSuccessful);

}

nc.call(“secureTokenResponse”, new Responder(secureResult.onResult), TEA.decrypt(infoObject.info.secureToken, “12345”));

}

else if (infoObject.info.code == “NetConnection.Connect.Failed”)

prompt.text = “Connection failed: Try rtmp://[server-ip-address]/live”;

else if (infoObject.info.code == “NetConnection.Connect.Rejected”)

prompt.text = infoObject.info.description;

}

Thanks.

69

I compiled it in Flash CS3 and I checked it and it says “This script contains no errors”

Thanks.

70

No because when i click “Play” nothing happens.

71

Sorry my apologies I misunderstand your question. Yes the player comes one and I got this output:

[SWF] H:\sample3\liveabc.swf - 59584 bytes after decompression

testVersion: WIN 9,0,115,0>=9,0,115,0: true

testVersion: WIN 9,0,115,0>=9,0,28,0: true

testVersion: WIN 9,0,115,0>=9,0,60,0: true

nc: NetConnection.Connect.Success (Connection succeeded.)

secureTokenResponse: true

Thanks.

72

Here is an abstract of the access log

2010-02-01 19:54:29 GMT connect-pending session INFO 100 ipaddress - defaultVHost live definst 0.345 [any] 1935 rtmpe://localhaost/live ipaddress rtmpe unknown WIN 10,0,32,18 1112083550 3327 3073 - - - - - - - - - - - - - rtmpe://localhost/live -

2010-02-01 19:54:29 GMT connect session INFO 200 ipadress - defaultVHost live definst 0.346 [any] 1935 rtmpe://localhost/live ipaddress rtmpe unknown WIN 10,0,32,18 1112083550 3327 3073 - - - - - - - - - - - - - rtmpe://localhost/live -

2010-02-01 19:54:58 GMT comment server INFO 200 - Stream.switch[live/definst/Stream4]: index: 2 name:mp4:Title_02_06_1.m4v start:30 length:-1 - - - 671.628 - - - - - - - - - - - - - - - - - - - - - - - - -

2010-02-01 19:56:44 GMT comment server INFO 200 - Stream.switch[live/definst/Stream3]: index: 0 name:mp4:confidence.m4v start:30 length:-1 - - - 778.175 - - - - - - - - - - - - - - - - - - - - - - - - -

Thanks.

73

Thanks Richard email sent.

74

Hi,

is it right that i can’t use the Flex VideoDisplay Component to secure my connection?

I use the securetoken method, get a true from the server, but the video wont start.

i’ve read something like that here:

https://www.wowza.com/forums/showthread.php?t=1707&highlight=videodisplay

Christian

75

Thanks for quick response.

i’ll have a look and give it a try.

christian

76

I can use a little bit of help with the “mayhem” of SecureTokens. I`m a little bit confused when i should use the modules “ModuleSecureURLParams” “securetoken”.

Let me explain what i`m trying to do:

I want to publish a livestream with Flash Media Encoder with the “DoPublish=password” parameter and try to view the stream with Flowplayer, also using a token (the same or other token, doesnt really matter).

Here are my settings in the application.xml:

<Module>
<Name>ModuleSecureURLParams</Name>
<Description>ModuleSecureURLParams</Description>
<Class>com.wowza.wms.plugin.security.ModuleSecureURLParams</Class>
</Module>
...
<Property>
<Name>secureTokenSharedSecret</Name>
<Value>12345</Value>
</Property>
</Properties>

I`m connecting with FME:

rtmp://wowzaip/application/?DoPublish=12345

stream: stream

But i`m getting an error:

-Error: SecureToken: Action before response received: kill connection

When publishing is working, i want to use flowplayer to connect;

<script type="text/javascript">
$f("live", "../flowplayer-3.1.5.swf", { 
 
    clip: { 
        url: 'stream', 
        live: true, 
        // configure clip to use rtmp plugin 
        provider: 'secure'
    }, 
 
    // streaming plugins are configured under the plugins node 
    plugins: { 
 
        // here is our rtpm plugin configuration 
        rtmp: { 
            url: '../flowplayer.rtmp-3.1.3.swf', 
 
            // netConnectionUrl defines where the streams are found 
            netConnectionUrl: 'rtmpe://wowzaip:1935/application' 
        },
		secure: { 
			url: '../flowplayer.securestreaming-3.2.0.swf',
			
			// the token value (shared secret). 
			// Needs to be excaped because our token has a percent sign in it.
			token: '12345'
			}
	}		 
});
</script>

So two questions; How to get FME to work with the secure token? And how to get Flowplayer to work with the secure token?

Note; I know this isnt save and that the secure token is viewable in the source. Thats not the issue right now, i just want to get this to work and deal with the security issue later.

Thanks! :slight_smile:

77

2.1.2 build24878

Tried to escape the token, but doesnt seem to work aswell.

token: escape('12345')
78

When is use the ModuleRTMPAuthenicate i`m getting a username and password prompt on FME. That’s not what i want. I want to connect with the secure token.

79

rrlanham (or somebody else :wink: );

Is it possible to get the do.Publish part to work with ffmpeg (commandline based)?

I got something like:

ffmpeg -i /dev/video0 “bunch of parameters” rtmp://wowzaip/application/stream

That is working :slight_smile: Now i would like to give the " do.Publish=blabla " parameter with ffmpeg. I tried:

ffmpeg -i /dev/video0 “bunch of parameters” rtmp://wowzaip/application/stream?do.Publish=blabla

But that is not working. Do you know another way? :slight_smile:

80

Doesn`t seem to work, hope you can tell me more :slight_smile:

Application settings:

<Module>
<Name>ModuleSecureURLParams</Name>
<Description>ModuleSecureURLParams</Description>
<Class>com.wowza.wms.plugin.security.ModuleSecureURLParams</Class>
</Module>
...
...
<Property>
Name>secureurlparams.connect</Name>
<Value>12345.doConnect</Value>
</Property>
Property>
<Name>secureurlparams.publish</Name>
Value>54321.doPublish</Value>
</Property>

Connecting with FFMPEG:

ffmpeg -i /dev/video0 [non-important params] rtmp://wowzaip:1935/auth/first?doPublish=54321

results in:

Server error: Connection failed: Application rejected connection.

That seems to be true because, access.log gives:

2010-08-17      12:46:19        CEST    connect-pending session INFO    100     wowzaip    -       _defaultVHost_  auth    _definst_       0.0060  [any]1935     rtmp://wowzaip:1935/auth  wowzaip    rtmp    -       FMLE/3.0 (compatible; Lavf52.78.0)      905853140       3235    3073    -    --       -       -       -       -       -       -       -       -       -       -       rtmp://wowzaip:1935/auth  -
2010-08-17      12:46:19        CEST    comment server  INFO    200     -       SecureURLParams.onConnect: rejected     _defaultVHost_  auth    _definst_    432073.676       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -    --       -       -       -       -       -
2010-08-17      12:46:19        CEST    connect session INFO    401     wowzaip    -       _defaultVHost_  auth    _definst_       0.0060  [any]   1935 rtmp://wowzaip:1935/auth   wowzaip    rtmp    -       FMLE/3.0 (compatible; Lavf52.78.0)      905853140       3235    3073    -       -    --       -       -       -       -       -       -       -       -       -       rtmp://wowzaip:1935/auth  -
2010-08-17      12:46:19        CEST    disconnect      session INFO    200     905853140       -       _defaultVHost_  auth    _definst_       0.01    [any]1935     rtmp://wowzaip:1935/auth  wowzaip    rtmp    -       FMLE/3.0 (compatible; Lavf52.78.0)      905853140       3247    3405    -    --       -       -       -       -       -       -       -       -       -       -       rtmp://wowzaip:1935/auth  -

Also tried:

first?doConnect=12345&doPublish=54321

and

first?doConnect=12345

at the end of the connectionstring, but gives the same result.