• How to use the internal method of AES-128 encryption to secure live or VOD streams sent to Apple iOS devices (ModuleEncryptionHandlerCupertinoStreaming)

    This article provides step-by-step instructions for using the internal method to configure secure streaming of a live or video on demand (VOD) stream to Apple iOS devices.

    Notes:
    • This module has been removed from the Wowza Module Collection because it is only an example that shows how to encrypt a stream. Before it can be used in production, the module needs extra functionality added to determine if a player is allowed to receive the decryption key.
    • The protocol and security specifics for iOS devices are covered in detail in the Internet Engineering Task Force draft-pantos-http-live-streaming-05 specification.


    In the internal method of AES-128 encryption, all media chunks and encryption keys are delivered by Wowza Streaming Engine™ software. There is also an external method in which the encryption key is delivered by using an external URL. For more information about how to use the external method, see How to secure Apple HTTP Live Streaming (AES-128, external method).

    Start by configuring a Wowza Streaming Engine application for streaming to the iPhone. See the Wowza Streaming Engine User's Guide (PDF) or our Tutorials.

    The module below is a skeleton example of how to implement the internal method for delivering an AES-128 encryption key. The following methods control the encryption process:

    • The onHTTPCupertinoEncryptionKeyRequest method is used to control access to the encryption key. This method is unfinished and requires additional code to protect the key. Use this method to add logic to check the query string, cookies, or other request values to control access to the encryption key.

    • The onHTTPCupertinoEncryptionKeyCreateLive method is called for each live HLS playback session. Use this method to control the key that is used for encryption. This method creates a unique MD5 hash that is based on a shared secret and the context path of the stream. This will guarantee that your encryption keys are unique.

    • The onHTTPCupertinoEncryptionKeyCreateVOD method is called for each video on demand HLS session. This method generates a unique encryption key per session, based on a shared secret, the session ID, and the context path of the stream.

    Code:
    package com.wowza.wms.example.module;
    
    import com.wowza.util.*;
    import com.wowza.wms.http.*;
    import com.wowza.wms.httpstreamer.cupertinostreaming.httpstreamer.*;
    import com.wowza.wms.module.*;
    import com.wowza.wms.application.*;
    
    public class ModuleEncryptionHandlerCupertinoStreaming extends ModuleBase
    {
    	public void onHTTPCupertinoEncryptionKeyRequest(HTTPStreamerSessionCupertino httpCupertinoStreamingSession, IHTTPRequest req, IHTTPResponse resp)
    	{
    		boolean isGood = true;
    		
    		String ipAddress = httpCupertinoStreamingSession.getIpAddress();
    		String queryStr = req.getQueryString();
    		String referrer = httpCupertinoStreamingSession.getReferrer();
    		String cookieStr = httpCupertinoStreamingSession.getCookieStr();
    		String userAgent = httpCupertinoStreamingSession.getUserAgent();
    		String sessionId = httpCupertinoStreamingSession.getSessionId();
    		
    		IApplicationInstance appInstance = httpCupertinoStreamingSession.getAppInstance();
    		String streamName = httpCupertinoStreamingSession.getStreamName();
    		
    		// reject encryption key requests that are not delivered over SSL
    		//if (!req.isSecure())
    		//	isGood = false;
    
    		getLogger().info("ModuleEncryptionHandlerCupertinoStreaming.onHTTPCupertinoEncryptionKeyRequest["+appInstance.getContextStr()+"/"+httpCupertinoStreamingSession.getStreamName()+"]: accept:"+isGood);
    		
    		if (!isGood)
    			httpCupertinoStreamingSession.rejectSession();
    	}
    	
    	public void onHTTPCupertinoEncryptionKeyCreateLive(IApplicationInstance appInstance, String streamName, byte[] encKey)
    	{
    		String mySharedSecret = appInstance.getProperties().getPropertyStr("cupertinoEncryptionSharedSecret", "");
    		
    		String hashStr = mySharedSecret+":"+appInstance.getApplication().getName()+":"+appInstance.getName()+":"+streamName;
    
    		byte[] tmpBytes = MD5DigestUtils.generateHashBytes(hashStr);
    		if (tmpBytes != null)
    			System.arraycopy(tmpBytes, 0, encKey, 0, encKey.length);
    		
    		getLogger().info("ModuleEncryptionHandlerCupertinoStreaming.onHTTPCupertinoEncryptionKeyCreateLive["+appInstance.getContextStr()+"/"+streamName+"]: *"+BufferUtils.encodeHexString(encKey).substring(28));
    	}
    
    	public void onHTTPCupertinoEncryptionKeyCreateVOD(HTTPStreamerSessionCupertino httpCupertinoStreamingSession, byte[] encKey)
    	{
    		String ipAddress = httpCupertinoStreamingSession.getIpAddress();
    		String queryStr = httpCupertinoStreamingSession.getQueryStr();
    		String referrer = httpCupertinoStreamingSession.getReferrer();
    		String cookieStr = httpCupertinoStreamingSession.getCookieStr();
    		String userAgent = httpCupertinoStreamingSession.getUserAgent();
    		
    		IApplicationInstance appInstance = httpCupertinoStreamingSession.getAppInstance();
    		String streamName = httpCupertinoStreamingSession.getStreamName();
    		String sessionId = httpCupertinoStreamingSession.getSessionId();
    
    		String mySharedSecret = appInstance.getProperties().getPropertyStr("cupertinoEncryptionSharedSecret", "");
    		
    		String hashStr = mySharedSecret+":"+(httpCupertinoStreamingSession.isHTTPOrigin() ? "" : sessionId+":")+appInstance.getApplication().getName()+":"+appInstance.getName()+":"+httpCupertinoStreamingSession.getStreamName();
    				
    		byte[] tmpBytes = MD5DigestUtils.generateHashBytes(hashStr);
    		if (tmpBytes != null)
    			System.arraycopy(tmpBytes, 0, encKey, 0, encKey.length);
    		
    		getLogger().info("ModuleEncryptionHandlerCupertinoStreaming.onHTTPCupertinoEncryptionKeyCreateVOD["+appInstance.getContextStr()+"/"+httpCupertinoStreamingSession.getStreamName()+"]: *"+BufferUtils.encodeHexString(encKey).substring(28));
    	}
    
    }
    Note: This example will encrypt only your iOS streams. If you want finer control over the session, you will have to use the Eclipse IDE to complete and compile this module.
    Add the following module definition as the last entry in the <Modules> list in [install-dir]/conf/[application]/Application.xml:
    Code:
    <Module>
    	<Name>ModuleEncryptionHandlerCupertinoStreaming</Name>
    	<Description>ModuleEncryptionHandlerCupertinoStreaming</Description>
    	<Class>com.wowza.wms.example.module.ModuleEncryptionHandlerCupertinoStreaming</Class>
    </Module>
    Add the following properties to the application-level <Properties> container at the bottom of [install-dir]/conf/[application]/Application.xml (be sure to get the correct <Properties> container; there are several in the file):
    Code:
    <Property>
    	<Name>cupertinoEncryptionBaseURL</Name>
    	<Value>http://[wowza-ip-address]:1935</Value>
    </Property>
    <Property>
    	<Name>cupertinoEncryptionSharedSecret</Name>
    	<Value>[enckeysharedsecret]</Value>
    </Property>
    <Property>
    	<Name>cupertinoEncryptionLiveRepeaterSharedSecret</Name>
    	<Value>[mysharedsecret]</Value>
    </Property>
    Add the following property to the HTTPStreamer/Properties container in [install-dir]/conf/[application]/Application.xml:
    Code:
    <Property>
    	<Name>cupertinoEnableOnEncKey</Name>
    	<Value>true</Value>
    	<Type>Boolean</Type>
    </Property>
    • The value of the cupertinoEncryptionBaseURL property is the base URL that is used to fetch the encryption key. If you have configured SSL, be sure to leave out the port number in the URL (:1935), change the URL prefix from http:// to https://, and use the domain name rather than the IP address to address the Wowza Streaming Engine.

    • The value of cupertinoEncryptionSharedSecret is the shared secret that is used in the hash algorithm to generate unique encryption keys. The sample code above illustrates how this value is used. An example shared secret is 1ghtY6D3Wgn.

    • The value of cupertinoEncryptionLiveRepeaterSharedSecret is the shared secret that is used when the encryption key is sent to an edge server in a live stream repeater (origin/edge) configuration. When configuring a live stream repeater edge to deliver a live stream, be sure to set cupertinoEncryptionLiveRepeaterSharedSecret to the same value. An example value is 3Er5sWl09xfE).

    • The property cupertinoEnableOnEncKey turns on the internal key delivery handler (in Wowza Media Server® 3.1 or later).

    If you use this method with Wowza nDVR, the properties are slightly different. Add the following properties to the DVR <Properties> container in [install-dir]/conf/[application]/Application.xml (be sure to get the correct <Properties> container as there are several in the file):
    Code:
    <Property>
    	<Name>cupertinoEncryptionBaseURL</Name>
    	<Value>http://[wowza-ip-address]:1935</Value>
    </Property>
    <Property>
    	<Name>cupertinoEncryptionSharedSecret</Name>
    	<Value>[enckeysharedsecret]</Value>
    </Property>
    Add the following property to the HTTPStreamer/Properties container in [install-dir]/conf/[application]/Application.xml:
    Code:
    <Property>
    	<Name>cupertinoEnableOnEncKey</Name>
    	<Value>true</Value>
    	<Type>Boolean</Type>
    </Property>
    To validate encryption for live streaming, you will see log messages similar to the following example in the Streaming Engine access log, when the stream is published:

    LiveStreamPacketizerCupertino.init[live/_definst_/myStream]: Encrypt Cupertino stream: key: *24bc url: http://192.168.1.120:1935/live/_definst_/myStream/key{sessionid}.m3u8key

    In video on demand streaming, you will see a log message similar to the following in the Streaming Engine access log, when a playback session starts:

    HTTPStreamerCupertinoIndexFile.init[vod/_definst_/sample.mp4]: Encrypt Cupertino stream: key: *4445 url: http://192.168.1.120:1935/vod/_definst_/mp4:sample.mp4/key{bitrate}{sessionid}.m3u8key

    Notes:
    • To test AES encryption, see How to test AES encryption for Apple HLS streams.
    • For delivery of the encryption key, it is best to configure a <HostPort> in [install-dir]/conf/VHost.xml that uses SSL encryption. This will protect the encryption key from being intercepted in transit. See the Wowza Streaming Engine User's Guide for more information about SSL configuration. If you do configure a port that uses SSL encryption, be sure to uncomment the if (!req.isSecure()) check in onHTTPCupertinoEncryptionKeyRequest to ensure that the SSL port is used to deliver the key.
    For nDVR in origin-edge mode, both origin and edges use a common shared secret string to encrypt data sent between instances. The dvrEncryptionSharedSecret or liveRepeaterEncryptionSharedSecret properties may be used to customize the shared secret that is used. See the nDVR advanced configuration article for specific uses of these properties.


    Wowza media server software and all components, including modules, source code, and other related items offered on this page, are copyrighted 20062014 by Wowza Media Systems, LLC, all rights reserved, and are licensed pursuant to the Wowza Media Software End User License Agreement.
    Updated: For Wowza Streaming Engine 4.0.6 on 08-11-2014.
    Comments 56 Comments
    1. rrlanham -
      Before I test, tell us exactly what version of Wowza you are using.

      Check in a browser:
      http://[wowza-address]:1935

      Richard
    1. StreamingMans -
      Thanks for your response quickly.

      My system use Wowza Media Server 2 Perpetual 2.2.4 build27452
    1. rrlanham -
      It was okay in my test. Are you still having trouble?

      What is the stream source? What version of the validator are you using? Can you play the same stream in a iOS device? If not, can you play it in iOS without the AES module? Can you play the same stream in Flash?

      Richard
    1. StreamingMans -
      Hello, Richard

      I give you extended information below

      - What is the stream source?
      Encoder : Adobe Flash Media Live Encoder
      Stream profile:
      video
      - format H.264
      - Baseline level 3.0
      audio
      - format AAC

      - What version of the validator are you using?
      Mys-Mac:~ MCENC01$ mediastreamvalidator --version
      Media Stream Validator (mediastreamvalidator) 1.1.2
      Python interpreter: /usr/bin/python 2.6.1
      Python standard library: /System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6
      msvlib: /Library/Python/2.6/site-packages/msvlib
      Copyright 2009-2010 Apple Inc.
      http://www.apple.com

      - Can you play the same stream in a iOS device? If not, can you play it in iOS without the AES module?
      Yes, i can. Both stream with AES module and stream without AES module can play in iOS device.

      - Can you play the same stream in Flash?
      Yes, i can play stream in Flash.

      FYI: My system has been configuration with Origin - Edge structure

      Thanks.
    1. rrlanham -
      Are you using the right origin and edge LiveStreamPacketizers ?
      On the Origin use "cupertinostreamingpacketizer"
      On the Edge use "cupertinostreamingrepeater"

      There are also steps required for liverepeater in the AES internal method, have you follow those:
      http://www.wowza.com/forums/content....nternal-method)

      Richard
    1. StreamingMans -
      Hello Richard

      i will show a part of Application.xml file of my origin and edge LiveStreamPacketizers to you below.


      Origin
      ====
      <Root>
      <Application>
      ......
      .......
      <Streams>
      <StreamType>liverepeater-origin</StreamType>
      <StorageDir>${com.wowza.wms.context.VHostConfigHome}/content</StorageDir>
      <KeyDir>${com.wowza.wms.context.VHostConfigHome}/keys</KeyDir>
      <LiveStreamPacketizers>cupertinostreamingpacketizer,smoothstreamingpacketizer,sanjosestreamingpacket izer</LiveStreamPacketizers>
      <Properties>
      </Properties>
      </Streams>
      ......
      .......
      <Properties>
      <Property>
      <Name>cupertinoEncryptionBaseURL</Name>
      <Value>http://My-DNS:1935</Value>
      </Property>
      <Property>
      <Name>cupertinoEncryptionSharedSecret</Name>
      <Value>abcde</Value>
      </Property>
      <Property>
      <Name>cupertinoEncryptionLiveRepeaterSharedSecret</Name>
      <Value>abcde</Value>
      </Property>
      </Properties>
      </Application>
      </Root>

      ========================================================
      Edge
      ====
      <Root>
      <Application>
      ......
      .......
      <Streams>
      <StreamType>liverepeater-edge</StreamType>
      <StorageDir>${com.wowza.wms.context.VHostConfigHome}/content</StorageDir>
      <KeyDir>${com.wowza.wms.context.VHostConfigHome}/keys</KeyDir>
      <LiveStreamPacketizers>cupertinostreamingrepeater,smoothstreamingrepeater,sanjosestreamingrepeater </LiveStreamPacketizers>
      <Properties>
      </Properties>
      </Streams>
      ......
      .......
      <Repeater>
      <OriginURL>rtmp://origin-ip/live</OriginURL>
      <QueryString><![CDATA[]]></QueryString>
      </Repeater>
      <Modules>
      <Module>
      <Name>base</Name>
      <Description>Base</Description>
      <Class>com.wowza.wms.module.ModuleCore</Class>
      </Module>
      <Module>
      <Name>properties</Name>
      <Description>Properties</Description>
      <Class>com.wowza.wms.module.ModuleProperties</Class>
      </Module>
      <Module>
      <Name>logging</Name>
      <Description>Client Logging</Description>
      <Class>com.wowza.wms.module.ModuleClientLogging</Class>
      </Module>
      <Module>
      <Name>flvplayback</Name>
      <Description>FLVPlayback</Description>
      <Class>com.wowza.wms.module.ModuleFLVPlayback</Class>
      </Module>
      <Module>
      <Name>ModuleEncryptionHandlerCupertinoStreaming</Name>
      <Description>ModuleEncryptionHandlerCupertinoStreaming</Description>
      <Class>com.wowza.wms.plugin.collection.module.ModuleEncryptionHandlerCupertinoStreaming</Class>
      </Module>
      </Modules>
      <Properties>
      <Property>
      <Name>cupertinoEncryptionBaseURL</Name>
      <Value></Value>
      </Property>
      <Property>
      <Name>cupertinoEncryptionSharedSecret</Name>
      <Value>abcde</Value>
      </Property>
      <Property>
      <Name>cupertinoEncryptionLiveRepeaterSharedSecret</Name>
      <Value>abcde</Value>
      </Property>
      </Properties>
      </Application>
      </Root>


      Thanks.
    1. rrlanham -
      Try filling in cupertinoEncryptionBaseURL Property on the edge. I think it should be the same as the origin, but not sure. Try the edge IP too.

      Code:
      <Property>
      	<Name>cupertinoEncryptionBaseURL</Name>
      	<Value>http://192.168.1.7:1935</Value>
      </Property>
      Richard
    1. Seunghee Jin -
      I guess that the secure key(key.m3u8key) is sent without using SSL to device such as iphone's safari, windows explorer, etc.
      The following are the part of playlist.m3u8 file. And if client want to get the decryption key of stream, these client connect to the URI of EXT-X-KEY.Then when I simply think, the URI don't have SSL protocol(URI is not https).
      I can't believe how transmission of key is protected, please explain that..
      --------------------------------------------------
      #EXTM3U
      #EXT-X-TARGETDURATION:13
      #EXT-X-MEDIA-SEQUENCE:1
      #EXT-X-KEY:METHOD=AES-128,URI="http://10.1.155.1:1935/vod/iphone/mp4:sample.mp4/key.m3u8key?wowzasessionid=1025329578"
      #EXTINF:11,
      media_1.ts?wowzasessionid=1025329578
      #EXTINF:12,
      media_2.ts?wowzasessionid=1025329578
      #EXTINF:11,
      ...
      --------------------------------------------------
      Regards,
      Seunghee Jin
    1. rrlanham -
      There is a note in that guide on that subject:
      Note: For delivery of the encryption key, it is best to configure a <HostPort> in [install-dir]/conf/VHost.xml that uses SSL encryption. This will protect the encryption key from being intercepted in transit. See the User's Guide for more information on SSL configuration. If you do configure a port that uses SSL encryption, be sure to uncomment the if (!req.isSecure()) check in onHTTPCupertinoEncryptionKeyRequest to ensure the SSL port is used to deliver the key.
      Richard
    1. Seunghee Jin -
      Thank you for your reply.

      Already I have been working with SSL configuration and extending module that is uncommented the "if (!req.isSecure())" part.But I can not play the vod from the wowza media server with SSL.

      I have done below items. It is just my present status.
      1. obtaining the certificate form from CA and installing these certs
      2. setting of SSL to configuration files of Wowza Media Server is installed in my PC(Windows 7)
      - After startup the wowza server I can view the message that is "Wowza Media Server 3 Developer Edition (Expires: 4 Month 23, 2012) 3.0.3 build882" from "https://{server-ip}/" page.
      3. passed the "http://www.wowza.com/forums/content.php?245-How-to-test-AES-Encryption" guide
      4. to test the streaming VOD file with iphone device and the result of VOD playback is success.

      But just in case configuration is with below value, it's is succeeded.
      ------------------------------------------------------------------------------
      <Property>
      <Name>cupertinoEncryptionBaseURL</Name>
      <Value>http://{server-ip}:1935</Value>
      </Property>
      -----------------------------------------------------------------------------

      -According to your other guide comments, I think that value of confiuration have to set "https://{server-ip}". If the configuration has the "https://{server-ip}", I can not play the VOD. Also in this case, a onHTTPCupertinoEncryptionKeyRequest fuction is not called from media server.

      @ http://{server-ip}:1935 -------------------
      INFO cupertino connect 199851751 -INFO stream create sample.mp4 -INFO server comment - ModuleEncryptionHandlerCupertinoStreaming.onHTTPCupertinoEncryptionKeyCreateVOD[vod/iphone/sample.mp4]: *9bc8INFO server comment - HTTPStreamerCupertinoIndexFile.init[vod/iphone/sample.mp4]: Encrypt Cupertino stream: key: *9bc8INFO server comment - HTTPStreamerCupertinoIndexFile.init[vod/iphone/sample.mp4]: Encrypt Cupertino stream: url: http://{server-ip}:1935/vod/iphone/mp4:sample.mp4/key.m3u8keyINFO server comment - ModuleEncryptionHandlerCupertinoStreaming.onHTTPCupertinoEncryptionKeyRequest[vod/iphone/sample.mp4]: accept:trueINFO server comment - MediaReaderH264Cupertino.handlePacket[vod/iphone/sample.mp4][mp4a.40.2]: AAC Audio info: {AACFrame: size: 0, rate: 48000, channels: 2, samples: 1024, errorBitsAbsent: true, profileObjectType: "LC"}INFO server comment - MediaReaderH264Cupertino.handlePacket[vod/iphone/sample.mp4][avc1.66.30]: H.264 Video info: {H264CodecConfigInfo: profile: "Baseline", level: 3.0, frameSize: 424x240, displaySize: 424x240, crop: l:0 r:4 t:0 b:0, frameRate: 24.0}INFO stream play sample.mp4
      -----------------------------------------------------

      @ https://{server-ip}/ ---------------------------
      INFO cupertino connect 1220660979 -INFO stream create sample.mp4 -INFO server comment - ModuleEncryptionHandlerCupertinoStreaming.onHTTPCupertinoEncryptionKeyCreateVOD[vod/iphone/sample.mp4]: *1a45INFO server comment - HTTPStreamerCupertinoIndexFile.init[vod/iphone/sample.mp4]: Encrypt Cupertino stream: key: *1a45INFO server comment - HTTPStreamerCupertinoIndexFile.init[vod/iphone/sample.mp4]: Encrypt Cupertino stream: url: https://{server-ip}/vod/iphone/mp4:sample.mp4/key.m3u8keyINFO server comment - MediaReaderH264Cupertino.handlePacket[vod/iphone/sample.mp4][mp4a.40.2]: AAC Audio info: {AACFrame: size: 0, rate: 48000, channels: 2, samples: 1024, errorBitsAbsent: true, profileObjectType: "LC"}INFO server comment - MediaReaderH264Cupertino.handlePacket[vod/iphone/sample.mp4][avc1.66.30]: H.264 Video info: {H264CodecConfigInfo: profile: "Baseline", level: 3.0, frameSize: 424x240, displaySize: 424x240, crop: l:0 r:4 t:0 b:0, frameRate: 24.0}INFO stream play sample.mp4
      -----------------------------------------------------

      Regards,
      Seunghee
    1. Phillip Seamore -
      If you don't have a SSL that has the IP address of the server as the common name it won't work. If the common name on the SSL certificate is wowza.example.com the cupertinoencryptionbaseurl must be https://wowza.example.com

      Also are you still using :1935 as port when you change to HTTPS? Then it won't work either - you must not specify a port or specify :443.

      Cheers,
      Phil
    1. Seunghee Jin -
      Hello, Phil

      When I want to use the SSL protocol I don't specify the 1935 port number on configuration anywhere. To get the playlist.m3u8 file for playback, I only use it.

      The common name of my SSL certificate is vds.digicaps.com.
      So, I had changed the cupertinoencryptionbaseurl to "vds.digicaps.com" as below.
      -----------------------------------------------
      <Property>
      <Name>cupertinoEncryptionBaseURL</Name>
      <Value>https://vds.digicaps.com</Value>
      </Property>
      -----------------------------------------------

      But this result is same that has not changed. It's not working.
      Please guide for this.

      Regards,
      Seunghee Jin
    1. Phillip Seamore -
      Turn on debugging by changing INFO on the first line of log4j.properties to DEBUG. If it's hanging on "handshake" when you connect then I believe you have a problem with your keychain, for instance you might be missing the CA's certificate bundle.

      Did you follow the instructions in http://www.wowza.com/forums/content.php?128 so that your certificates are in the Java keychain (for that you use the keytool provided by Java)?
    1. sprocket -
      Hi,I'm getting: HTTPStreamerAdapterCupertinoStreaming.onEncKey: java.lang.NegativeArraySizeExceptionin the logs...

      I *suspect* it's due to the encrypted Uri, although the encrypted Uri is a valid string (ie no spaces). But I *really* hope not since I can't get around it otherwise...

      Here is the log with lots of debug pointers, with a split between HTML page load (I imaging the request for the m3u8 file?) and then what comes when the video is clicked:

      On Page Load:
      Code:
      2011-11-29      23:14:30        CET     comment server  INFO    200     -       Wowza Media Server is started!  -       -       -       1.427   -       -       -       -       -       -       -       -       -       -       -
       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:14:32        CET     comment server  INFO    200     -       onAppStart: enc/_definst_     -       -       -       4.038   -       -       -       -       -       -       -       -       -       -       -
       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:14:32        CET     app-start       application     INFO    200     _definst_       enc/_definst_ -       -       -       4.067   -       -       -       -       -       -       -       -       -       -
       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:14:32        CET     comment server  INFO    200     -       encryptedStreamName: u9g6sY3Z29pqQjdMss2lEJwPh/BODyYCXOa36iOy2WUS6v5Ht+COeHmhp65zXddAljgzEij3oBLcWNJ3vzRBfO5vWcf1RF1rpOtcob990GL/UHaNLE8MIx734rAEpYXqGfPMmtXdCO26SSCiFChc0RQdHJLRTu2uQ1rH2qKH1gHr+PJvMi4Ln6RDacIm+5VanRzqiasw6BjG71EaiC2+IQ1oqXGSkj3O+frzY6Ox3AtrjntkpYrAbQ==   -       -       -       0.104   -       -       -       -       -       -       -       -       -       -
        -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:14:32        CET     comment server  INFO    200     -       streamName: last-time-race-start2.mp4   -       -       -       0.104   -       -       -       -       -       -       -       -       -       -
       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:14:32        CET     comment server  INFO    200     -       HTTPStreamerCupertinoIndexFile.init[enc/_definst_/last-time-race-start2.mp4]: Encrypt Cupertino stream: key: *873e    -       -       -       0.11
       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:14:32        CET     comment server  INFO    200     -       HTTPStreamerCupertinoIndexFile.init[enc/_definst_/last-time-race-start2.mp4]: Encrypt Cupertino stream: url: http://stream.server.com:1935/enc/_definst_/u9g6sY3Z29pqQjdMss2lEJwPh/BODyYCXOa36iOy2WUS6v5Ht+COeHmhp65zXddAljgzEij3oBLcWNJ3vzRBfO5vWcf1RF1rpOtcob990GL/UHaNLE8MIx734rAEpYXqGfPMmtXdCO26SSCiFChc0RQdHJLRTu2uQ1rH2qKH1gHr+PJvMi4Ln6RDacIm+5VanRzqiasw6BjG71EaiC2+IQ1oqXGSkj3O+frzY6Ox3AtrjntkpYrAbQ==/key.m3u8key  -       -       -       0.11    -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
         -       -       -       -       -
      2011-11-29      23:14:32        CET     comment server  INFO    200     -       encryptedStreamName: u9g6sY3Z29pqQjdMss2lEJwPh/BODyYCXOa36iOy2WUS6v5Ht+COeHmhp65zXddAljgzEij3oBLcWNJ3vzRBfO5vWcf1RF1rpOtcob990GL/UHaNLE8MIx734rAEpYXqGfPMmtXdCO26SSCiFChc0RQdHJLRTu2uQ1rH2qKH1gHr+PJvMi4Ln6RDacIm+5VanRzqiasw6BjG71EaiC2+IQ1oqXGSkj3O+frzY6Ox3AtrjntkpYrAbQ==   -       -       -       0.15    -       -       -       -       -       -       -       -       -       -
        -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:14:32        CET     comment server  INFO    200     -       streamName: last-time-race-start2.mp4   -       -       -       0.151   -       -       -       -       -       -       -       -       -       -
       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:14:32        CET     comment server  INFO    200     -       HTTPStreamerCupertinoIndexFile.init[enc/_definst_/last-time-race-start2.mp4]: Encrypt Cupertino stream: key: *873e    -       -       -       0.151
       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:14:32        CET     comment server  INFO    200     -       HTTPStreamerCupertinoIndexFile.init[enc/_definst_/last-time-race-start2.mp4]: Encrypt Cupertino stream: url: http://stream.server.com:1935/enc/_definst_/u9g6sY3Z29pqQjdMss2lEJwPh/BODyYCXOa36iOy2WUS6v5Ht+COeHmhp65zXddAljgzEij3oBLcWNJ3vzRBfO5vWcf1RF1rpOtcob990GL/UHaNLE8MIx734rAEpYXqGfPMmtXdCO26SSCiFChc0RQdHJLRTu2uQ1rH2qKH1gHr+PJvMi4Ln6RDacIm+5VanRzqiasw6BjG71EaiC2+IQ1oqXGSkj3O+frzY6Ox3AtrjntkpYrAbQ==/key.m3u8key  -       -       -       0.151   -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
         -       -       -       -       -
      2011-11-29      23:14:33        CET     comment server  INFO    200     -       encryptedStreamName: u9g6sY3Z29pqQjdMss2lEJwPh/BODyYCXOa36iOy2WUS6v5Ht+COeHmhp65zXddAljgzEij3oBLcWNJ3vzRBfO5vWcf1RF1rpOtcob990GL/UHaNLE8MIx734rAEpYXqGfPMmtXdCO26SSCiFChc0RQdHJLRTu2uQ1rH2qKH1gHr+PJvMi4Ln6RDacIm+5VanRzqiasw6BjG71EaiC2+IQ1oqXGSkj3O+frzY6Ox3AtrjntkpYrAbQ==   -       -       -       0.537   -       -       -       -       -       -       -       -       -       -
        -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:14:33        CET     comment server  INFO    200     -       streamName: last-time-race-start2.mp4   -       -       -       0.538   -       -       -       -       -       -       -       -       -       -
       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:14:33        CET     comment server  INFO    200     -       HTTPStreamerCupertinoIndexFile.init[enc/_definst_/last-time-race-start2.mp4]: Encrypt Cupertino stream: key: *873e    -       -       -       0.538
       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:14:33        CET     comment server  INFO    200     -       HTTPStreamerCupertinoIndexFile.init[enc/_definst_/last-time-race-start2.mp4]: Encrypt Cupertino stream: url: http://stream.server.com:1935/enc/_definst_/u9g6sY3Z29pqQjdMss2lEJwPh/BODyYCXOa36iOy2WUS6v5Ht+COeHmhp65zXddAljgzEij3oBLcWNJ3vzRBfO5vWcf1RF1rpOtcob990GL/UHaNLE8MIx734rAEpYXqGfPMmtXdCO26SSCiFChc0RQdHJLRTu2uQ1rH2qKH1gHr+PJvMi4Ln6RDacIm+5VanRzqiasw6BjG71EaiC2+IQ1oqXGSkj3O+frzY6Ox3AtrjntkpYrAbQ==/key.m3u8key  -       -       -       0.538   -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
         -       -       -       -       -
      Then on video request,

      Code:
      2011-11-29      23:16:50        CET     comment server  INFO    200     -       encryptedStreamName: u9g6sY3Z29pqQjdMss2lEJwPh/BODyYCXOa36iOy2WUS6v5Ht+COeHmhp65zXddAljgzEij3oBLcWNJ3vzRBfO5vWcf1RF1rpOtcob990GL/UHaNLE8MIx734rAEpYXqGfPMmtXdCO26SSCiFChc0RQdHJLRTu2uQ1rH2qKH1gHr+PJvMi4Ln6RDacIm+5VanRzqiasw6BjG71EaiC2+IQ1oqXGSkj3O+frzY6Ox3AtrjntkpYrAbQ==   -       -       -       138.055 -       -       -       -       -       -       -       -       -       -
        -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:16:50        CET     comment server  INFO    200     -       streamName: last-time-race-start2.mp4   -       -       -       138.055 -       -       -       -       -       -       -       -       -       -
       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:16:50        CET     connect cupertino       INFO    200     1820869926      -       _defaultVHost_  enc   _definst_       138.057 <mydomain>  1935    http://<mydomain>:1935/enc/_definst_/u9g6sY3Z29pqQjdMss2lEJwPh/BODyYCXOa36iOy2WUS6v5Ht+COeHmhp65zXddAljgzEij3oBLcWNJ3vzRBfO5vWcf1RF1rpOtcob990GL/UHaNLE8MIx734rAEpYXqGfPMmtXdCO26SSCiFChc0RQdHJLRTu2uQ1rH2qKH1gHr+PJvMi4Ln6RDacIm+5VanRzqiasw6BjG71EaiC2+IQ1oqXGSkj3O+frzY6Ox3AtrjntkpYrAbQ==/playlist.m3u8       86.74.239.111   http (cupertino)        -       AppleCoreMedia/1.0.0.8L1 (iPhone; U; CPU OS 4_3_5 like Mac OS X; en_us) 1820869926      0       0       -       0       -       -       last-time-race-start2.mp4       -       -       -       -       -       http://<mydomain>:1935/enc/_definst_/u9g6sY3Z29pqQjdMss2lEJwPh/BODyYCXOa36iOy2WUS6v5Ht+COeHmhp65zXddAljgzEij3oBLcWNJ3vzRBfO5vWcf1RF1rpOtcob990GL/UHaNLE8MIx734rAEpYXqGfPMmtXdCO26SSCiFChc0RQdHJLRTu2uQ1rH2qKH1gHr+PJvMi4Ln6RDacIm+5VanRzqiasw6BjG71EaiC2+IQ1oqXGSkj3O+frzY6Ox3AtrjntkpYrAbQ==/playlist.m3u8       http://<mydomain>:1935/enc/_definst_/u9g6sY3Z29pqQjdMss2lEJwPh/BODyYCXOa36iOy2WUS6v5Ht+COeHmhp65zXddAljgzEij3oBLcWNJ3vzRBfO5vWcf1RF1rpOtcob990GL/UHaNLE8MIx734rAEpYXqGfPMmtXdCO26SSCiFChc0RQdHJLRTu2uQ1rH2qKH1gHr+PJvMi4Ln6RDacIm+5VanRzqiasw6BjG71EaiC2+IQ1oqXGSkj3O+frzY6Ox3AtrjntkpYrAbQ==/playlist.m3u8       -       http://<mydomain>:1935/enc/_definst_/u9g6sY3Z29pqQjdMss2lEJwPh/BODyYCXOa36iOy2WUS6v5Ht+COeHmhp65zXddAljgzEij3oBLcWNJ3vzRBfO5vWcf1RF1rpOtcob990GL/UHaNLE8MIx734rAEpYXqGfPMmtXdCO26SSCiFChc0RQdHJLRTu2uQ1rH2qKH1gHr+PJvMi4Ln6RDacIm+5VanRzqiasw6BjG71EaiC2+IQ1oqXGSkj3O+frzY6Ox3AtrjntkpYrAbQ==/playlist.m3u8       -
      2011-11-29      23:16:50        CET     create  stream  INFO    200     last-time-race-start2.mp4       -       _defaultVHost_  enc   _definst_       0.001   <mydomain>  1935    http://<mydomain>:1935/enc/_definst_/u9g6sY3Z29pqQjdMss2lEJwPh/BODyYCXOa36iOy2WUS6v5Ht+COeHmhp65zXddAljgzEij3oBLcWNJ3vzRBfO5vWcf1RF1rpOtcob990GL/UHaNLE8MIx734rAEpYXqGfPMmtXdCO26SSCiFChc0RQdHJLRTu2uQ1rH2qKH1gHr+PJvMi4Ln6RDacIm+5VanRzqiasw6BjG71EaiC2+IQ1oqXGSkj3O+frzY6Ox3AtrjntkpYrAbQ==/playlist.m3u8       86.74.239.111   http (cupertino)        -       AppleCoreMedia/1.0.0.8L1 (iPhone; U; CPU OS 4_3_5 like Mac OS X; en_us) 1820869926      0       0       1       0       0       0
         last-time-race-start2.mp4       -       -       -       -       -       http://<mydomain>:1935/enc/_definst_/u9g6sY3Z29pqQjdMss2lEJwPh/BODyYCXOa36iOy2WUS6v5Ht+COeHmhp65zXddAljgzEij3oBLcWNJ3vzRBfO5vWcf1RF1rpOtcob990GL/UHaNLE8MIx734rAEpYXqGfPMmtXdCO26SSCiFChc0RQdHJLRTu2uQ1rH2qKH1gHr+PJvMi4Ln6RDacIm+5VanRzqiasw6BjG71EaiC2+IQ1oqXGSkj3O+frzY6Ox3AtrjntkpYrAbQ==/playlist.m3u8       http://<mydomain>:1935/enc/_definst_/u9g6sY3Z29pqQjdMss2lEJwPh/BODyYCXOa36iOy2WUS6v5Ht+COeHmhp65zXddAljgzEij3oBLcWNJ3vzRBfO5vWcf1RF1rpOtcob990GL/UHaNLE8MIx734rAEpYXqGfPMmtXdCO26SSCiFChc0RQdHJLRTu2uQ1rH2qKH1gHr+PJvMi4Ln6RDacIm+5VanRzqiasw6BjG71EaiC2+IQ1oqXGSkj3O+frzY6Ox3AtrjntkpYrAbQ==/playlist.m3u8       -       http://<mydomain>:1935/enc/_definst_/u9g6sY3Z29pqQjdMss2lEJwPh/BODyYCXOa36iOy2WUS6v5Ht+COeHmhp65zXddAljgzEij3oBLcWNJ3vzRBfO5vWcf1RF1rpOtcob990GL/UHaNLE8MIx734rAEpYXqGfPMmtXdCO26SSCiFChc0RQdHJLRTu2uQ1rH2qKH1gHr+PJvMi4Ln6RDacIm+5VanRzqiasw6BjG71EaiC2+IQ1oqXGSkj3O+frzY6Ox3AtrjntkpYrAbQ==/playlist.m3u8       -ss2lEJwPh/BODyYCXOa36iOy2WUS6v5Ht+COeHmhp65zXddAljgzEij3oBLcWNJ3vzRBfO5vWcf1RF1rpOtcob990GL/UHaNLE8MIx734rAEpYXqGfPMmtXdCO26SSCiFChc0RQdHJLRTu2uQ1rH2qKH1gHr+PJvMi4Ln6RDacIm+5VanRzqiasw6BjG71EaiC2+IQ1oqXGSkj3O+frzY6Ox3AtrjntkpYrAbQ==/playlist.m3u8       -       http://<mydomain>:1935/enc/_definst_/u9g6sY3Z29pqQjdMss2lEJwPh/BODyYCXOa36iOy2WUS6v5Ht+COeHmhp65zXddAljgzEij3oBLcWNJ3vzRBfO5vWcf1RF1rpOtcob990GL/UHaNLE8MIx734rAEpYXqGfPMmtXdCO26SSCiFChc0RQdHJLRTu2uQ1rH2qKH1gHr+PJvMi4Ln6RDacIm+5VanRzqiasw6BjG71EaiC2+IQ1oqXGSkj3O+frzY6Ox3AtrjntkpYrAbQ==/playlist.m3u8       -
      2011-11-29      23:16:50        CET     comment server  INFO    200     -       iOS.Uri: enc/_definst_/u9g6sY3Z29pqQjdMss2lEJwPh/BODyYCXOa36iOy2WUS6v5Ht+COeHmhp65zXddAljgzEij3oBLcWNJ3vzRBfO5vWcf1RF1rpOtcob990GL/UHaNLE8MIx734rAEpYXqGfPMmtXdCO26SSCiFChc0RQdHJLRTu2uQ1rH2qKH1gHr+PJvMi4Ln6RDacIm+5VanRzqiasw6BjG71EaiC2+IQ1oqXGSkj3O+frzY6Ox3AtrjntkpYrAbQ==/playlist.m3u8     -       -       -       138.06  -       -       -       -       -       -
        -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:16:50        CET     comment server  INFO    200     -       iOS.encryptedStr: u9g6sY3Z29pqQjdMss2lEJwPh/BODyYCXOa36iOy2WUS6v5Ht+COeHmhp65zXddAljgzEij3oBLcWNJ3vzRBfO5vWcf1RF1rpOtcob990GL/UHaNLE8MIx734rAEpYXqGfPMmtXdCO26SSCiFChc0RQdHJLRTu2uQ1rH2qKH1gHr+PJvMi4Ln6RDacIm+5VanRzqiasw6BjG71EaiC2+IQ1oqXGSkj3O+frzY6Ox3AtrjntkpYrAbQ==  -       -       -       138.06  -       -       -       -       -       -       -       -       -
        -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:16:50        CET     comment server  ERROR   500     -       Session has expired: currentTime: Tue Nov 29 23:16:50 CET 2011  expiresTime: Tue Nov 29 23:15:32 CET 2011       -       -       -       138.061 -
       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:16:50        CET     comment server  INFO    200     -       iOS.ipAddressClient: 86.74.239.111    -       -       -       138.061 -       -       -       -       -       -       -       -       -
       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:16:50        CET     comment server  INFO    200     -       iOS.encryptedClientIP: 86.74.239.111  -       -       -       138.061 -       -       -       -       -       -       -       -       -
       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:16:50        CET     comment server  INFO    200     -       iOS: IP accept        -       -       -       138.062 -       -       -       -       -       -       -       -       -       -       -
       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:16:50        CET     comment server  INFO    200     -       iOS: UserAgent accept -       -       -       138.062 -       -       -       -       -       -       -       -       -       -       -
       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:16:50        CET     comment server  INFO    200     -       iOS.onHTTPCupertinoStreamingSessionCreate[_definst_/enc]: accept:false    -       -       -       138.062 -       -       -       -
       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:16:50        CET     comment server  INFO    200     -       ipAddress: 86.74.239.111        -       -       -       138.063 -       -       -       -       -       -       -       -       -       -       -
       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:16:50        CET     comment server  INFO    200     -       queryStr: null  -       -       -       138.063 -       -       -       -       -       -       -       -       -       -       -       -       -
       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:16:50        CET     comment server  INFO    200     -       referrer: null  -       -       -       138.063 -       -       -       -       -       -       -       -       -       -       -       -       -
       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:16:50        CET     comment server  INFO    200     -       cookieStr: null -       -       -       138.064 -       -       -       -       -       -       -       -       -       -       -       -       -
       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:16:50        CET     comment server  INFO    200     -       userAgent: AppleCoreMedia/1.0.0.8L1 (iPhone; U; CPU OS 4_3_5 like Mac OS X; en_us)      -       -       -       138.064 -       -       -       -
       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:16:50        CET     comment server  INFO    200     -       sessionId: 1820869926   -       -       -       138.064 -       -       -       -       -       -       -       -       -       -       -       -
       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:16:50        CET     comment server  INFO    200     -       streamName: last-time-race-start2.mp4   -       -       -       138.064 -       -       -       -       -       -       -       -       -       -
       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:16:50        CET     comment server  INFO    200     -       hashStr: enc123456:1820869926:enc:_definst_:last-time-race-start2.mp4 -       -       -       138.065 -       -       -       -       -       -
       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:16:50        CET     comment server  INFO    200     -       ModuleEncryptionHandlerCupertinoStreaming.onHTTPCupertinoEncryptionKeyCreateVOD[enc/_definst_/last-time-race-start2.mp4]: *2420       -       -
       -       138.065 -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:16:50        CET     comment server  INFO    200     -       HTTPStreamerCupertinoIndexFile.init[enc/_definst_/last-time-race-start2.mp4]: Encrypt Cupertino stream: key: *2420    -       -       -       138.065
       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:16:50        CET     comment server  INFO    200     -       HTTPStreamerCupertinoIndexFile.init[enc/_definst_/last-time-race-start2.mp4]: Encrypt Cupertino stream: url: http://<mydomain>:1935/enc/_definst_/u9g6sY3Z29pqQjdMss2lEJwPh/BODyYCXOa36iOy2WUS6v5Ht+COeHmhp65zXddAljgzEij3oBLcWNJ3vzRBfO5vWcf1RF1rpOtcob990GL/UHaNLE8MIx734rAEpYXqGfPMmtXdCO26SSCiFChc0RQdHJLRTu2uQ1rH2qKH1gHr+PJvMi4Ln6RDacIm+5VanRzqiasw6BjG71EaiC2+IQ1oqXGSkj3O+frzY6Ox3AtrjntkpYrAbQ==/key.m3u8key  -       -       -       138.065 -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
         -       -       -       -       -
      2011-11-29      23:16:50        CET     comment server  WARN    200     -       MediaReaderH264Cupertino.handlePacket[enc/_definst_/last-time-race-start2.mp4][avc1.100.30]: H.264 Video encoding settings are beyond iPhone/iPod touch recommendations (Baseline/3.0): {H264CodecConfigInfo: profile: "High", level: 3.0, frameSize: 640x480, displaySize: 640x480, PAR: 1:1}        -       -       -       138.359 -       -       -       -       -       -       -
        -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:16:50        CET     comment server  INFO    200     -       MediaReaderH264Cupertino.handlePacket[enc/_definst_/last-time-race-start2.mp4][mp4a.40.2]: AAC Audio info: {AACFrame: size: 0, rate: 44100, channels: 2, samples: 1024, errorBitsAbsent: true, profileObjectType: "LC"}       -       -       -       138.362 -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
        -       -       -       -       -       -       -       -       -
      2011-11-29      23:16:50        CET     comment server  ERROR   500     -       HTTPStreamerAdapterCupertinoStreaming.onEncKey: java.lang.NullPointerException  -       -       -       138.423 -       -       -       -       -
       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:16:51        CET     play    stream  INFO    200     last-time-race-start2.mp4       -       _defaultVHost_  enc   _definst_       0.506   <mydomain>  1935    http://<mydomain>:1935/enc/_definst_/u9g6sY3Z29pqQjdMss2lEJwPh/BODyYCXOa36iOy2WUS6v5Ht+COeHmhp65zXddAljgzEij3oBLcWNJ3vzRBfO5vWcf1RF1rpOtcob990GL/UHaNLE8MIx734rAEpYXqGfPMmtXdCO26SSCiFChc0RQdHJLRTu2uQ1rH2qKH1gHr+PJvMi4Ln6RDacIm+5VanRzqiasw6BjG71EaiC2+IQ1oqXGSkj3O+frzY6Ox3AtrjntkpYrAbQ==/playlist.m3u8       86.74.239.111   http (cupertino)        -       AppleCoreMedia/1.0.0.8L1 (iPhone; U; CPU OS 4_3_5 like Mac OS X; en_us) 1820869926      0       1492    1       13875   0       0
         last-time-race-start2.mp4       -       last-time-race-start2.mp4       mp4     12543580        69.567  http://<mydomain>:1935/enc/_definst_/u9g6sY3Z29pqQjdMss2lEJwPh/BODyYCXOa36iOy2WUS6v5Ht+COeHmhp65zXddAljgzEij3oBLcWNJ3vzRBfO5vWcf1RF1rpOtcob990GL/UHaNLE8MIx734rAEpYXqGfPMmtXdCO26SSCiFChc0RQdHJLRTu2uQ1rH2qKH1gHr+PJvMi4Ln6RDacIm+5VanRzqiasw6BjG71EaiC2+IQ1oqXGSkj3O+frzY6Ox3AtrjntkpYrAbQ==/playlist.m3u8       http://<mydomain>:1935/enc/_definst_/u9g6sY3Z29pqQjdMs
      And the iOS device gets "This movie could not be played".

      What I can gather from the debug info is onHTTPCupertinoEncryptionKeyRequest is firing correctly, but when it leaves that, HTTPStreamerAdapterCupertinoStreaming.onEncKey is balking on something....

      Wowza Media Server 2 Developer 2.2.3 build26454

      Thanks for any help on why this is happening...
    1. sprocket -
      aaah - with debug on, I see the problem:

      Code:
      2011-11-29      23:27:57        CET     comment server  DEBUG   200     -       HTTPStreamerAdapterCupertinoStreaming.canHandle[enc/_definst_/RAco45sB9C91a+Uuqvi2QU3Rtp2CMFFFUqMqoK5GDjfQH2DIS2Hpnfqf/PQc36KoSkbFbn+XZ3t+x4sg2E8vRlliRL5dSiyBLXnnX1RtfJnbUqXTfmMoou+NR+ba4gNKS2mQeyhrlnpMC4bbVltrh/lY/IrVcnY5Jm6+fr+N7ULtrwGhLtgVHpHvYz8NhZ25MjQjP/ZQ4veADyre6je12xK+Bqjm+Nf2tlU/NaiORaHXVsjz3p7Nxg==/key.m3u8key]: true     -       -       -       21.605  -       -
        -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:27:57        CET     comment server  DEBUG   200     -       HTTPStreamerAdapterCupertinoStreaming.service: enc/_definst_/RAco45sB9C91a+Uuqvi2QU3Rtp2CMFFFUqMqoK5GDjfQH2DIS2Hpnfqf/PQc36KoSkbFbn+XZ3t+x4sg2E8vRlliRL5dSiyBLXnnX1RtfJnbUqXTfmMoou+NR+ba4gNKS2mQeyhrlnpMC4bbVltrh/lY/IrVcnY5Jm6+fr+N7ULtrwGhLtgVHpHvYz8NhZ25MjQjP/ZQ4veADyre6je12xK+Bqjm+Nf2tlU/NaiORaHXVsjz3p7Nxg==/key.m3u8key?wowzasessionid=481616750    -       -       -       21.606
        -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:27:57        CET     comment server  INFO    200     -       onEncKey: enc/_definst_/RAco45sB9C91a Uuqvi2QU3Rtp2CMFFFUqMqoK5GDjfQH2DIS2Hpnfqf/PQc36KoSkbFbn XZ3t x4sg2E8vRlliRL5dSiyBLXnnX1RtfJnbUqXTfmMoou NR ba4gNKS2mQeyhrlnpMC4bbVltrh/lY/IrVcnY5Jm6 fr N7ULtrwGhLtgVHpHvYz8NhZ25MjQjP/ZQ4veADyre6je12xK Bqjm Nf2tlU/NaiORaHXVsjz3p7Nxg==/key.m3u8key?wowzasessionid=481616750 -       -       -       21.606  -       -       -       -       -
        -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:27:57        CET     comment server  ERROR   500     -       HTTPStreamerAdapterCupertinoStreaming.onEncKey: java.lang.NegativeArraySizeException    -       -       -       10.51   -       -       -       -
       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      The encrypted string has + signs in it, and the onEncKey function is replacing these with spaces....

      aaaaaaaarggggh!

      Shoot! Any way around this, without redoing the encryption key (which is a base64 encoded encrypted string)....
    1. charlie -
      URL encode the Base64 values. That should fix it:

      Example:

      Code:
      PQc36KoSkbFbn+XZ3t+x4sg2E8vRlliRL5dSiyBLXnnX1RtfJnbUqXTfmMoou+NR+ba4gNKS2mQeyhrlnpMC4bbVltrh
      Code:
      PQc36KoSkbFbn%2BXZ3t%2Bx4sg2E8vRlliRL5dSiyBLXnnX1RtfJnbUqXTfmMoou%2BNR%2Bba4gNKS2mQeyhrlnpMC4bbVltrh
      Charlie
    1. sprocket -
      Well, the values are url encoded before being send to wowza, but then they auto-become url_decoded

      In any case, I'm very pleased to see on upgrade to wowza 3 this problem is no longer....

      Wowza Media Server 3 Developer Edition (Expires: Jun 02, 2012) 3.0.3 build882

      Code:
      2011-11-29      23:51:43        CET     comment server  INFO    200     -       HTTPStreamerCupertinoIndexFile.init[enc/_definst_/last-time-race-start2.mp4]: Encrypt Cupertino stream: key: *e7b5    -       -       -       8.733
       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:51:43        CET     comment server  INFO    200     -       HTTPStreamerCupertinoIndexFile.init[enc/_definst_/last-time-race-start2.mp4]: Encrypt Cupertino stream: url: http://<mydomain>:1935/enc/_definst_/bw74SlQzHzmEQgiNqVv5BZNRVPuv4oACO/e0zKj%2BstijLoQqT70KGPkk1zVEBFH/3JI0w%2B9zhR6NCcjDzUIBmAvIU/wEELRd/wBiZ68OjT782HmYBwBOvymE6Vub402Sf6jKPVqVx2AGdNcPDE4%2BWkb7tkqlgAMVkfmqr7DpvHn5B0rZ/J%2BWkKfP6EsINmRpo52HShmfKerti%2BeCSvnpCRTDTO7Yf2VJrrk2ldDT9pEzH4GKbpWS3w%3D%3D/key.m3u8key    -       -       -       8.734   -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
         -       -       -       -       -       -       -
      2011-11-29      23:51:44        CET     comment server  INFO    200     -       MediaReaderH264Cupertino.handlePacket[enc/_definst_/last-time-race-start2.mp4][mp4a.40.2]: AAC Audio info: {AACFrame: size: 0, rate: 44100, channels: 2, samples: 1024, errorBitsAbsent: true, profileObjectType: "LC"}       -       -       -       9.023   -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
        -       -       -       -       -       -       -       -       -
      2011-11-29      23:51:44        CET     comment server  INFO    200     -       MediaReaderH264Cupertino.handlePacket[enc/_definst_/last-time-race-start2.mp4][avc1.100.30]: H.264 (Video may not be playable on older iPhone and iPod touch devices where Baseline/Level 3.0 or lower is required) Video info: {H264CodecConfigInfo: profile: "High", level: 3.0, frameSize: 640x480, displaySize: 640x480, PAR: 1:1, frameRate: 90000.0}    -       -       -       9.024
        -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -       -
      2011-11-29      23:51:44        CET     comment server  INFO    200     -       onHTTPCupertinoEncryptionKeyRequest.ipAddress: x.x.x.x    -       -       -       9.082   -       -       -       -       -       -       -


      Folks - upgrade to Wowza 3 This software really rocks - I love how expandable it is! Nice work you guys.


      BTW< what is it with adding a comment and removing all line breaks??? Every time I add a comment to this article (not on the forums), line breaks get removed and I have to go back and edit the post...
    1. sprocket -
      is it possible to provide a different key for each chunk using this (well of course modified)...

      Apple Media Streaming says:

      The media stream segmenter available from Apple provides encryption and supports three modes for configuring encryption.

      The first mode allows you to specify a path to an existing key file on disk. In this mode the segmenter inserts the URL of the existing key file in the index file. It encrypts all media files using this key.

      The second mode instructs the segmenter to generate a random key file, save it in a specified location, and reference it in the index file. All media files are encrypted using this randomly generated key.

      The third mode instructs the segmenter to generate a new random key file every n media segments, save it in a specified location, and reference it in the index file. This mode is referred to as key rotation. Each group of n files is encrypted using a different key.
      The example above would assume the second mode is being used right? Is it possible to use mode 3 and if so, any helpful pointers how I could do that?
    1. rrlanham -
      Wowza does not support key rotation at present. It might be considered for a future release, but I have not time frame for that.

      Richard
    1. rrlanham -
      To clarify, I think Wowza can do this, but it is not documented yet.

      Richard