Wowza secure Apple HTTP Live Streaming (AES-128 - external method). Player is not making the key request

Question

I have been working on Wowza Streaming Server and while trying to secure Apple HTTP Live Streaming using AES-128 - external method I am encountering below problems :

1. External AES-128 method of encryption is not working for .smil files present in the sub-folder of the application's source directory. I tried to achieve it by putting the [my-stream].key in [install-dir]/keys and [install-dir]/keys/[sub-folder-name] but both the scenarios failed for me to achieve this.

playlist url is :- [wowza-server-ip]:[port]/[application-name]/[applcation-instance-name]/smil:[sub-folder]/demo.smil/playlist.m3u8

2. In case of mp4s present in the application's source path, the player is not calling the key url.

The sequence of calls made by the player are :-

• [wowza-server-ip]:[port]/crossdomain.xml
• [wowza-server-ip]:[port]/[application-name]/[applcation-instance-name]/[stream-name]/playlist.m3u8
• [wowza-server-ip]:[port]/[application-name]/[applcation-instance-name]/[stream-name]/chunklist_w[wowza-session-id].m3u8
• [web-server-ip]:[port]/crossdomain.xml

After this player is not calling the "key request uri" as it was supposed to call. The calls are going properly when I am using the internal AES-128 method of Encryption.

My chunklist_w[wowza-session-id].m3u8 is

#EXTM3U

#EXT-X-VERSION:3

#EXT-X-TARGETDURATION:12

#EXT-X-MEDIA-SEQUENCE:0

#EXT-X-KEY:METHOD=AES-128,URI="http://[web-server-ip]:[port]/SimpleWebServlet/key.jsp?wowzasessionid=[session-id]"

#EXTINF:9.52,

media_w[session-id]_0.ts

#EXTINF:10.4,

media_w[session-id]_1.ts

[streamname].key file in [install-dir]/keys folder is

cupertinostreaming-aes128-key: DE51A7254739C0EDF1DCE13BBB308FF0

cupertinostreaming-aes128-url: http://[web-server-ip]:[port]/SimpleWebServlet/key.jsp

jsp file to return the key is key.jsp

<%@ page import="java.util.*,java.io.*" %>
<%
boolean isValid = true;
if (!isValid)
{
    response.setStatus( 403 );
}
else
{
    response.setHeader("Content-Type", "binary/octet-stream");
    response.setHeader("Pragma", "no-cache");

    String keyStr = "DE51A7254739C0EDF1DCE13BBB308FF0";

    int len = keyStr.length()/2;
    byte[] keyBuffer = new byte[len];  

    for (int i=0;i<len;i++)
        keyBuffer[i] = (byte)Integer.parseInt(keyStr.substring(i*2, (i*2)+2), 16);

    OutputStream outs = response.getOutputStream();
    outs.write(keyBuffer);
    outs.flush();
}
%>

If anybody has encountered the similar problem or has successfully implemented the external aes-128 method of wowza, kindly put some light on the issues mentioned above.

EDIT 1

Kindly ignore the 2nd point as after further analysis I found out that there is some issue with the jboss delivering the key, once it delivers the crossdomain xml to the player.

For reference to this problem kindly check : Can I call two crossdomain.xml from two different servers from my flash player?

EDIT 2

Apologies for the typo in my first point. It should be .smil rather than .mp4, I have corrected the same in my first point

Answer 1

I recently tried out HLS with AES128 and it worked fine. My key file was in [wowzadir]/keys/mystream.key. Looks like it is your player that does not do something right here. Which player are you using?

You can try to use wget to download some chunks and you can inspect them with VLC for example to see if the encryption was applied.