In the Wowza Streaming Engine SecureToken implementation, the stream path is used to generate the digest. However, the same media asset can be accessed through multiple URL variants, for example:
-
http://server/vod/_definst_/sample.mp4/playlist.m3u8 -
http://server/vod/mp4:sample.mp4/playlist.m3u8 -
http://server/vod/sample.mp4/playlist.m3u8
If I generate the digest using vod/sample.mp4, internally Wowza may resolve the request to vod/_definst_/sample.mp4 use this path to digest the streams, i can’t play it, so I must using different path to digest, very confusing to serve the stream.
My goal is to protect the asset sample.mp4. I plan to implement a custom authentication module that verifies signed access to the asset. If I perform this validation in onHTTPCupertinoStreamingSessionCreate, will this provide sufficient protection for playback across all HLS requests?