I really have not tried self-signed certificate on iOS. Can’t really help.
Charlie
I really have not tried self-signed certificate on iOS. Can’t really help.
Charlie
Encryption for live streaming is on the origin. There is not way to do per-session encryption with a live stream. It is per-stream. It is all done on the origin and forwarded to the edges.
Yes, all communication between edge and origin is RTMP but there is a separate connection for RTMP and Cupertino for the same stream. We just stream Cupertino chunks over RTMP.
Charlie
Yes, I think that’s they way it works, a new key is generated for each session.
Richard
To start, you need to compile this in the Wowza IDE, then there is additional code that needs to be written. Take a look at this other method for securing IPhone, to see if it is a better method for you:
http://www.wowza.com/community/t/-/83
Richard
I’m not sure if this is going to work for that combo, but the ModuleOnConnectAuthenticate can be used for authentication from Flash apps that will publish:
http://www.wowza.com/forums/showthread.php?t=7812
Try placing this above ModuleRTMPAuthenticate. And if that doesn’t work, try putting it below, last in the Modules list. You have to modify the NetConnection.connect of the Flash app.
Richard
Try going back to SecureURLParams. That should work. I think you have to use the Wowza 1.7.2 MediaSecurity Addon
http://www.wowza.com/community/t/-/45
Richard
Can you zip up and send the startup package to support@wowza.com. Please reference this thread.
Richard
Nish,
I think you just have to start over with this. You had it working and now it is not working, so you know that it does work, it’s not a bug in Wowza or the package, so you have made a mistake somewhere.
Richard
Nish,
Can you paste in your Application.xml
Richard
Sounds similar to this:
http://www.wowza.com/forums/showthread.php?t=10236&page=2#17
So check your Application.xml Properties list.
Richard
I think maybe there is some overlap and confusion regarding encryption key caused by your frequent replay in short time.
Richard
Eric,
From your description, with encryption in place, it sounds like your stress test is breaking the system, but I don’t think it is a valid load test. Wowza has a load test tool that simulates many connection for a live or vod application. It only does rtmp streams, but you can extrapolate. You can get the load test tool by sending request to test@wowza.com
Richard
Eric,
It’s just not a valid load test tool. You are only proving that you can confuse Wowza and the phone, which is streaming from a high-latency playlist of encrypted chunks grouped by sessionID.
You can get the the load test tool by sending request to test@wowza.com. The load test tool only does vod and live rtmp streaming, but it gives you an idea of what your server can handle, and you can extrapolate.
Richard
Eric,
The way to test encryption is download one of the .ts chunks from the playlist and try to play it in VLC. It should not be playable in VLC if encryption is working correctly.
The way to download one of the .ts chunks is:
Enter playlist.m3u8 URL in a browser, for example:
http://localhost:1935/vod/mp4:sample.mp4/playlist.m3u8
A playlist.m3u8 file is downloaded to your computer
Open the playlist.m3u8 file that is download in a text editor, then copy the the URL you see (including the wowzasesssionid) to a browser. It will look something like this:
http://localhost:1935/vod/mp4:sample.mp4/playlist.m3u8?wowzasessionid=1776170579
Another playlist.m3u8 file is downloaded to your computer
Open the new playlist.m3u8 file, then copy one of .ts URLs and append, something like this:
http://localhost:1935/vod/mp4:sample.mp4/media_4.ts?wowzasessionid=1776170579
Richard
You have to build the module and add Module and Properties to Application.xml.
Richard
Eric,
In origin/edge (liverepeater), this encryption module is setup on the origin, so the stream from the origin to the edge, then from edge to client is encrypted. Note the properties at the bottom of the post for configuring an edge application.
RTSP and RTMP are handled separately in origin to edge connection, that is how it works.
Richard
Hi All,
I need to add secure live streaming in iphone app using http streaming protocol
I have read this tutorial but i m totally confused
tell me if i need to use this
http://[localhost}:1935/[App_name]/[stream_name]/playlist.m3u8
how can i use key here???
Also , how can these methods be called?
public void onHTTPCupertinoEncryptionKeyRequest(HTTPStreamerSessionCupertino httpCupertinoStreamingSession, IHTTPRequest req, IHTTPResponse resp)
{
boolean isGood = true;
String ipAddress = httpCupertinoStreamingSession.getIpAddress();
String queryStr = req.getQueryString();
String referrer = httpCupertinoStreamingSession.getReferrer();
String cookieStr = httpCupertinoStreamingSession.getCookieStr();
String userAgent = httpCupertinoStreamingSession.getUserAgent();
String sessionId = httpCupertinoStreamingSession.getSessionId();
IApplicationInstance appInstance = httpCupertinoStreamingSession.getAppInstance();
String streamName = httpCupertinoStreamingSession.getStreamName();
// reject encryption key requests that are not delivered over SSL
//if (!req.isSecure())
// isGood = false;
getLogger().info(“ModuleEncryptionHandlerCupertinoStreaming.onHTTPCupertinoEncryptionKeyRequest[”+appInstance.getContextStr()+"/"+httpCupertinoStreamingSession.getStreamName()+"]: accept:"+isGood);
if (!isGood)
httpCupertinoStreamingSession.rejectSession();
}
public void onHTTPCupertinoEncryptionKeyCreateLive(IApplicationInstance appInstance, String streamName, byte[] encKey)
{
String mySharedSecret = appInstance.getProperties().getPropertyStr(“cupertinoEncryptionSharedSecret”, “”);
String hashStr = mySharedSecret+":"+appInstance.getApplication().getName()+":"+appInstance.getName()+":"+streamName;
byte[] tmpBytes = MD5DigestUtils.generateHashBytes(hashStr);
if (tmpBytes != null)
System.arraycopy(tmpBytes, 0, encKey, 0, encKey.length);
getLogger().info(“ModuleEncryptionHandlerCupertinoStreaming.onHTTPCupertinoEncryptionKeyCreateLive[”+appInstance.getContextStr()+"/"+streamName+"]: *"+BufferUtils.encodeHexString(encKey).substring(28));
}
public void onHTTPCupertinoEncryptionKeyCreateVOD(HTTPStreamerSessionCupertino httpCupertinoStreamingSession, byte[] encKey)
{
String ipAddress = httpCupertinoStreamingSession.getIpAddress();
String queryStr = httpCupertinoStreamingSession.getQueryStr();
String referrer = httpCupertinoStreamingSession.getReferrer();
String cookieStr = httpCupertinoStreamingSession.getCookieStr();
String userAgent = httpCupertinoStreamingSession.getUserAgent();
IApplicationInstance appInstance = httpCupertinoStreamingSession.getAppInstance();
String streamName = httpCupertinoStreamingSession.getStreamName();
String sessionId = httpCupertinoStreamingSession.getSessionId();
String mySharedSecret = appInstance.getProperties().getPropertyStr(“cupertinoEncryptionSharedSecret”, “”);
String hashStr = mySharedSecret+":"+sessionId+":"+appInstance.getApplication().getName()+":"+appInstance.getName()+":"+httpCupertinoStreamingSession.getStreamName();
byte[] tmpBytes = MD5DigestUtils.generateHashBytes(hashStr);
if (tmpBytes != null)
System.arraycopy(tmpBytes, 0, encKey, 0, encKey.length);
getLogger().info(“ModuleEncryptionHandlerCupertinoStreaming.onHTTPCupertinoEncryptionKeyCreateVOD[”+appInstance.getContextStr()+"/"+httpCupertinoStreamingSession.getStreamName()+"]: *"+BufferUtils.encodeHexString(encKey).substring(28));
}
Thanks
Plz it’s urgent
Hi Richard,
I have used RTMPAuthentication for publishing from FMLE encoder and used SecureToken for playback by flash player
Now i have following setup to conf
ModuleRTMPAuthenticate
ModuleRTMPAuthenticate
com.wowza.wms.plugin.security.ModuleRTMPAuthenticate
…
secureTokenSharedSecret
mypassword
in FLASH AS
if (infoObject.info.code == “NetConnection.Connect.Success”)
{
if (infoObject.info.secureToken != null)
nc.call(“secureTokenResponse”, null, TEA.decrypt(infoObject.info.secureToken, “mypassword”));
}
Now, the problem is that publishing from FMLE and playback by flash player works fine
BUT
if I need to publish from flash player , it rejects the stream saying stream not authorized to publish
I need to Support FMLE(publish)/Flash player(PLay) and flash player(publish)/Flash player(PLay) by same wowza application
also if i add securetoken module to conf it does not allow to publish FMLE
plz help it’s really urgent
Thanks alot
Hi Richard,
I have tried both approaches but no result:(
still
NetStream.Publish.Failed (Not authorized to publish)
isnt there any other way by which i can support both publish/play by flashplayer and publish(FMLE)/play(flash player)
thanks
I am using this method but i have a question about cupertinoEncryptionBaseURL that i can’t seem to find the answer to,
I have 2 wowza boxes running on ec2 and I am using a zip config package to start the boxes. how am i suppose to be setting this URL? I am trying the following, but it does not work :
cupertinoEncryptionBaseURL
http://${com.wowza.amazonaws.ec2.AWSEC2_METADATA_PUBLIC_HOSTNAME}:1935
It results in a url that looks like http://${com.wowza.amazonaws.ec2.AWSEC2_METADATA_PUBLIC_HOSTNAME}:1935 and not th ec2 hostname. So i am doing something wrong here…
My other question is if i make a DNS alias to something like wowza.myhost.com and then used that, does it matter which host gets the connection for cupertinoEncryptionBaseURL or do i have to ensure that the wowza box handling the request is the one to hand out the encryption?
What is the correct way to do this when launching more than one box or launching a wowza box without knowing what it’s ip will be before it starts?
© 2007–2024 Wowza Media Systems™, LLC. All rights reserved. Security & Privacy PolicyLegalSystem Status