I began by reasearching the API and documentation in order to figure out a way to do the following two things:
Add a custom header to an HLS chunklist that will contain all the information needed by the player to decrypt the content (#EXT-X-KEY:METHOD=AES-128…).
Make this work with an origin-edge scenario, encryption and chunklist manipulation being done on edge.
The documentation found that address the topic and the issues are below.
This scenario refers to changing the chunklist for each entry or working with the key in a way I wanted to. This is the way to do it if the key changes during playout, so there will be a discontinuity and a new key delivered, I assume.
The module needs to implement the IModuleOnHTTPCupertinoEncryption interface. And - additionally - IHTTPStreamerCupertinoLivePacketizerDataHandler2 (if needed). Said and done.
These may be categorized as other reading.
The problems encountered and the questions are:
With the origin-edge scenario, there is no call to the onHTTPCupertinoEncryptionKeyLiveChunk() method (or any other methods of IModuleOnHTTPCupertinoEncryption). Does the HLS encryption works on the edge with an origin-edge scenario?
How often will the encryption be done? Can I assume that it will be done once per stream and not for each HTTP session?
The chunklist seems to be generated for each session. So the calls to the methods of the class that implements the IHTTPStreamerCupertinoLivePacketizerDataHandler2 interface (ie onFillChunkStart(), onFillChunkEnd()) will be done for each session, for each chunklist request. Is this correct?
Is there a way to track TS files and corresponding key in order to signal properly the key change in the chunklist?
Should I stick with an origin-edge scenario with encryption done on edge servers or this cannot work?