SecureToken protection in Wowza Streaming Engine - HLS example

Hi all,

We are trying to implement SecureToken protection in Wowza Streaming Engine.

The way we understood is that we should do something like this:

  • sha256(“vod/sample.mp4?mySharedSecret&myTokenPrefixCustomParameter=abcdef&myTokenPrefixendtime=1467904640&myTokenPrefixstarttime=1467804640”)

  • The result would be: b70c922b74dee5a94bb1f66e72dc5f6672e8924e9b9eebc38d9c068ae8944007

  • Then, we do base64(b70c922b74dee5a94bb1f66e72dc5f6672e8924e9b9eebc38d9c068ae8944007)

  • And we use the result of base64 as value for “myTokenPrefixhash” parameter.

    But this is not working and we believe the reason is we did not properly interpret how exactly to generate the hash.

    We followed HLS example provided here:

    https://www.wowza.com/docs/how-to-protect-streaming-using-securetoken-in-wowza-streaming-engine

    Could someone explain, on this example, how is this:

    String used for hashing (in required alphabetical order):

    vod/sample.mp4?192.168.1.2&mySharedSecret&myTokenPrefixCustomParameter=abcdef&myTokenPrefixendtime=15000 00000&myTokenPrefixstarttime=1395230400

    Turned into:

    myTokenPrefixhash=TgJft5hsjKyC5Rem_EoUNP7xZvxbqVPhhd0GxIcA2oo=

Hi,

Here’s an example of generating the hash using PHP which you are free to adapt for your own use

<?php

$clientIP = null; // provide client IP optionally
$host = "[WOWZA-HOST]"; // your ip/host
$url= "rtmp://".$host.":1935/";
$stream = "vod/_definst_/mp4:sample.mp4"; // your stream
$start = time();
$end = strtotime("+30 minutes");
$secret = "abcde";
$tokenName = "wowzatoken";
$hash = "";

if(is_null($clientIP))
{
	$hash = hash('sha384', $stream."?".$secret."&{$tokenName}endtime=".$end."&{$tokenName}starttime=".$start, true); // generate the hash string

}
else
{
	$hash = hash('sha384', $stream."?".$clientIP."&".$secret."&{$tokenName}endtime=".$end."&{$tokenName}starttime=".$start, true); // generate the hash string
}

$base64Hash = strtr(base64_encode($hash), '+/', '-_');

$params = array("{$tokenName}starttime=".$start, "{$tokenName}endtime=".$end, "{$tokenName}hash=".$base64Hash);

if(!is_null($clientIP))
{
	$params[] = $clientIP;
}

sort($params);
$playbackURL = $url.$stream."/playlist.m3u8?";

if(preg_match("/(rtmp)/",$url))
{
	$playbackURL = $url.$stream."?";
}

foreach($params as $entry)
{
	$playbackURL.= $entry."&";
}

$playbackURL = preg_replace("/(\&)$/","", $playbackURL);

// echo "$playbackURL"; // DEBUG - show fully formed URL

?>

The above example is for sample.mp4 within the application “vod”. Secure Token must be enabled in that app for it to work, and you must set it up to reflect the script (or vice versa).

Regards,

Paul

@Paul Shields

i am tray you scrit but in error.log wowza show

WARN server comment 2017-08-30 03:36:06 - - - - - 46.87 - - - - - - - - HTTPStreamerAdapterCupertinoStreamer.onPlaylist[vod/mp4:sample.mp4/playlist.m3u8?wowzatokenstarttime=1504064235&wowzatokenendtime=1504066035&wowzatokenCustomParameter=abcdef&wowzatokenhash=jHhM7Jh5_zb1k6ry5SyKyZo3tkC0wS0GUjWx8UExMAocswho7FApMBUx-SIxkJEL]: Session not accepted[1829886621]

thank you

Hi,

Is this happening every time? It looks like session expiry so try with a new session or set the start and end times to 0 to see if that changes things. If the problem persists then I’d recommend opening a support ticket and include a link to the hosting page, a copy of your code, and a zip of your /conf and /logs https://www.wowza.com/support/open-ticket

It would also be useful to enable Secure Token debug briefly and run a few tests first to capture more detail in the logs.

Regards,

Paul

Thanks for example. It works great. But such a question: I can not apply it to live DVR (HLS). What do I need to add? ups… thats easy… playlist.m3u8?DVR& - in this place:

  1. $playbackURL = $url.$stream."/playlist.m3u8?";
  2. Thanks, thanks for me :slight_smile: and You of course :slight_smile:

I apply this but after 30 min from my site also stream get stop how I can sovle this?

I added my site but after 30 min from my web page stream also get stop how I can solve this?

it easy…

  1. $end = strtotime("+30 minutes");

change 30 to… what you wont

Regards

If I change it works but my token link also works that time so 3rd party can play that time . I want token link will play short time but my web site will play long ( unlimited ) time, can I do this?

any update? this works for me but, I want token link will play short time but my web site will play long ( unlimited ) time,

The example allows the link to work for 30 minutes. If you want to shorten the time, you can modify the script as Dorota Szafer-Kwasik explained above. You might also want to include the client’s IP address for maximum protection of your stream.

Tech support is asking: Do you have two different users @Rex Wowza?

Hi.

I try to do - “include the client’s IP address for maximum protection of your stream” then … it doesn’t work. Do I do something wrong?

$ clientIP = $ _SERVER [‘REMOTE_ADDR’]; // provide client IP optionally

Can you explain to me? How to do it to add the client’s IP address?

Best Regards

D

Hi.

I try to do - “include the client’s IP address for maximum protection of your stream” then … it doesn’t work. Do I do something wrong?

$ clientIP = $ _SERVER [‘REMOTE_ADDR’]; // provide client IP optionally

Can you explain to me? How to do it to add the client’s IP address?

Best Regards

D