Wowza Community

SecureToken 2 with MediaCache and RTMP protocol

I found a bug in SecureToken 2 when using the RTMPS protocol. RTMP works normally.

I define string vod/mp4:sample.mp4?65a4f04573112610 and Wowza read string host.com/vod/mp4:sample.mp4?65a4f04573112610 calculating wrong hash.

RTMPS logs:

2015-02-06 14:45:05 BRST comment server INFO 200 - [vod/definst]ModuleCoreSecurity:creating RTMP token for ClientId:500173584 uri:rtmps://host.com/vod/mp4:sample.mp4 - - - 589.526 - - - - - - - - - - - - - - - - - - - - - - - - -

2015-02-06 14:45:05 BRST comment server INFO 200 - [vod/definst]ModuleCoreSecurity:client IP: 200.196.49.194 - - - 589.526 - - - - - - - - - - - - - - - - - - - - - - - - -

2015-02-06 14:45:05 BRST comment server INFO 200 - [vod/definst]ModuleCoreSecurity:hashCalculated: RtTZusSa9mGgpHjvbPV6kWuebO6MSxi2z0IM-8jFKyE= - - - 589.527 - - - - - - - - - - - - - - - - - - - - - - - - -

2015-02-06 14:45:05 BRST comment server INFO 200 - [vod/definst]ModuleCoreSecurity:string hashed: host.com/vod/mp4:sample.mp4?65a4f04573112610 - - - 589.527 - - - - - - - - - - - - - - - - - - - - - - - - -

2015-02-06 14:45:05 BRST comment server INFO 200 - [vod/definst]ModuleCoreSecurity:token start time stamp: 0 - - - 589.527 - - - - - - - - - - - - - - - - - - - - - - - - -

2015-02-06 14:45:05 BRST comment server INFO 200 - [vod/definst]ModuleCoreSecurity:token end time stamp: 0 - - - 589.528 - - - - - - - - - - - - - - - - - - - - - - - - -

2015-02-06 14:45:05 BRST comment server INFO 200 - [vod/definst]SecureTokenDef:Hash RxAUFctm4Tldt41A1uDEIOUAnmnM4KvQGon1Z4YLx7o=, doesn’t match hash calculated, RtTZusSa9mGgpHjvbPV6kWuebO6MSxi2z0IM-8jFKyE= - - - 589.528 - - - - - - - - - - - - - - - - - - - - - - - - -

2015-02-06 14:45:05 BRST comment session INFO 403 500173584 ModuleCoreSecurity.play[vod/definst/sample.mp4]: SecureToken failed.

RTMP logs:

2015-02-06 14:54:01 BRST comment server INFO 200 - [vod/definst]ModuleCoreSecurity:creating RTMP token for ClientId:1825866841 uri:rtmp://host.com/vod/mp4:sample.mp4 - - - 1124.894 - - - - - - - - - - - - - - - - - - - - - - - - -

2015-02-06 14:54:01 BRST comment server INFO 200 - [vod/definst]ModuleCoreSecurity:client IP: 200.196.49.194 - - - 1124.894 - - - - - - - - - - - - - - - - - - - - - - - - -

2015-02-06 14:54:01 BRST comment server INFO 200 - [vod/definst]ModuleCoreSecurity:hashCalculated: RxAUFctm4Tldt41A1uDEIOUAnmnM4KvQGon1Z4YLx7o= - - - 1124.895 - - - - - - - - - - - - - - - - - - - - - - - - -

2015-02-06 14:54:01 BRST comment server INFO 200 - [vod/definst]ModuleCoreSecurity:string hashed: vod/mp4:sample.mp4?65a4f04573112610 - - - 1124.895 - - - - - - - - - - - - - - - - - - - - - - - - -

2015-02-06 14:54:01 BRST comment server INFO 200 - [vod/definst]ModuleCoreSecurity:token start time stamp: 0 - - - 1124.896 - - - - - - - - - - - - - - - - - - - - - - - - -

2015-02-06 14:54:01 BRST comment server INFO 200 - [vod/definst]ModuleCoreSecurity:token end time stamp: 0 - - - 1124.896 - - - - - - - - - - - - - - - - - - - - - - - - -

2015-02-06 14:54:01 BRST comment server INFO 200 - ModuleCoreSecurity.play[vod/definst/sample.mp4]: All security checks passed.

Regards,

Hi,

This is being looked at in support ticket #117440.

A fix for this issue will be included in a future patch, but there is no time frame set when this will become available.

Regards,

Zoran