MSS and playready problem

[marzipi]

Dear all, We succeed to make Dash and Widewine DRM(CENC) work perfectly with shaka player and our WV license/key server. But Mss and Playready packaging failed to play. The manifest is generated (pssh included) and the fist segments are downloaded but the license request is never sent to our Playready license server and

We use http://playready.directtaps.net/pr/doc/slee/ for testing. MSS without DRM works fine. Does someone get MSS/Playready working? Thank you in advance for your help or advise. Pierre

[erankor]

Yes MSS/PlayReady works fine, here is a sample URL: http://www.kaltura.com/index.php/extwidget/preview/partner_id/2035982/uiconf_id/32247421/entry_id/0_nf0aybik/embed/auto?&flashvars[streamerType]=auto If you open it in Firefox it will play MSS/PlayReady.

There are 2 possible causes I can think of for what you describe:

1. The license acquisition URL is too long - there is a fairly low limit on the length of this URL, if it's more than a few hundred chars the player doesn't fetch it. Our player team found a way to work around this issue, but with this demo player you referred to I would assume the limitation applies
2. The PSSH may not be formatted properly - if option 1 does not apply to you, please send the PSSH here

[marzipi]

Thank you Erankor for your answer. You can find the pssh below tx Pierre

Base64 encoded: PFdSTUhFQURFUiB4bWxucz0iaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS9EUk0vMjAwNy8wMy9QbGF5UmVhZHlIZWFkZXIiIHZlcnNpb249IjQuMS4wLjAiPjxEQVRBPjxQUk9URUNUSU5GTz48S0VZTEVOPjE2PC9LRVlMRU4+PEFMR0lEPkFFU0NUUjwvQUxHSUQ+PC9QUk9URUNUSU5GTz48S0lEPjc5ODdhaitlRTB1QmxYaTBONzNBUXc9PTwvS0lEPjxMQV9VUkw+aHR0cHM6Ly9wci5iY2UubHUvcmlnaHRzbWFuYWdlci5hc214P1BsYXlSaWdodD0xJlVzZVNpbXBsZU5vblBlcnNpc3RlbnRMaWNlbnNlPTE8L0xBX1VSTD48L0RBVEE+PC9XUk1IRUFERVI+

[erankor]

This PSSH is not packaged correctly, the WRMHEADER xml should be UTF-16 encoded, and it should also be preceded by a couple of structs. We use the following code to do it (python):

def BuildHeader(headerXml):
    header_utf16_le = headerXml.encode('utf-16-le')
    rm_record = struct.pack('<HH', 1, len(header_utf16_le)) + header_utf16_le
    header =  struct.pack('<IH', len(rm_record) + 6, 1) + rm_record
    return base64.b64encode(header)

[marzipi]

Thank you Erankor, If I understand correctly, I have to encode "my" WRMHEADER xml in UTF-16 with this function? Pierre

[erankor]

Yes, it should be UTF-16 little endian, and also have the structs that this function adds. If by any chance you are using python as well, you can just replace the call to b64encode that you currently have with a call to this function

[marzipi]

Thanks to you function, is the pssh below correct? Pierre

hgIAAAEAAQB8AjwAVwBSAE0ASABFAEEARABFAFIAIAB4AG0AbABuAHMAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwBEAFIATQAvADIAMAAwADcALwAwADMALwBQAGwAYQB5AFIAZQBhAGQAeQBIAGUAYQBkAGUAcgAiACAAdgBlAHIAcwBpAG8AbgA9ACIANAAuADEALgAwAC4AMAAiAD4APABEAEEAVABBAD4APABQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsARQBZAEwARQBOAD4AMQA2ADwALwBLAEUAWQBMAEUATgA+ADwAQQBMAEcASQBEAD4AQQBFAFMAQwBUAFIAPAAvAEEATABHAEkARAA+ADwALwBQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsASQBEAD4ANwA5ADgANwBhAGoAKwBlAEUAMAB1AEIAbABYAGkAMABOADcAMwBBAFEAdwA9AD0APAAvAEsASQBEAD4APABMAEEAXwBVAFIATAA+AGgAdAB0AHAAcwA6AC8ALwBwAHIALgBiAGMAZQAuAGwAdQAvAHIAaQBnAGgAdABzAG0AYQBuAGEAZwBlAHIALgBhAHMAbQB4AD8AUABsAGEAeQBSAGkAZwBoAHQAPQAxACYAVQBzAGUAUwBpAG0AcABsAGUATgBvAG4AUABlAHIAcwBpAHMAdABlAG4AdABMAGkAYwBlAG4AcwBlAD0AMQA8AC8ATABBAF8AVQBSAEwAPgA8AC8ARABBAFQAQQA+ADwALwBXAFIATQBIAEUAQQBEAEUAUgA+AA==

[erankor]

Looks ok to me

[marzipi]

Dear Erankor,

Thank to your advice the license request works fine now but the player stop immediately. I use the same PSSH than the demo server of Microsoft (kseed is shared) and I can play their video without problem with this license.

The tests I did:

NGINX delivery server: http://live1.bce.lu/nginx/content/TBT/20151014/0/0_8sb6xgnx_0_6fgjltwl_2.mp4/manifest

License received but play stop immediately

Microsoft delivery server: http://live1.bce.lu/tothelimit720/manifest

license already acquired with NGINX request and the video play.

Do you know where the problem could be? I have no more idea... Thank you again Pierre

[erankor]

1. Did you try playing this video in clear smooth streaming ?
2. Are you sure the encryption key passed to nginx-vod is the same encryption key returned inside the license response ?

[marzipi]

Erankor, Clear smooth streaming works fine. I am wondering if our conversion and content key calculation's tools are correct.

If I convert the Kid/key from GUID representation to Base64 or vice versa: KeyId: Base64: AmfjCTOPbEOl3WD/5mcecA== Bytes to GUID: 09e367028f336c43a5dd60ffe6671e70

An the contentkey calculated form the kid and keyseed is: Base64: Rh09NaxXdlonbLykKx6LtQ== Bytes to GUID: 353d1d4657ac5a76276cbca42b1e8bb5

If I package in dash one video with MP4BOX (crypt) with the following value in GUID format, I can play the video:

key KID="0x09e367028f336c43a5dd60ffe6671e70" and value="0x353d1d4657ac5a76276cbca42b1e8bb5"

The problem may be to the base64 representation of these GUID. Could you confirm that this conversion is correct, it will help a lot.

Thank again Pierre

[erankor]

This seems correct, but note that in MSS (unlike DASH) the key_id you send to nginx-vod in the JSON is completely ignored. But either way for the KID inside the PSSH, I would suggest that you will try both GUID order and regular/binary order and see if one of them works

[marzipi]

Dear Erankor,

In the WRMHEADER, the kid is coded into base64 according to all working manifest (including your example). For NGINX, the key is base64 too. Would it be possible do send me a working "test" pssh I could you with my NGINX server to control that the problem is not somewhere else? Thank you Pierre

[erankor]

For the test page I provided above: http://www.kaltura.com/index.php/extwidget/preview/partner_id/2035982/uiconf_id/32247421/entry_id/0_nf0aybik/embed/auto?&flashvars[streamerType]=auto

This is the DRM info JSON that the nginx module gets:

[{"pssh": [{"data": "zgIAAAEAAQDEAjwAVwBSAE0ASABFAEEARABFAFIAIAB4AG0AbABuAHMAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwBEAFIATQAvADIAMAAwADcALwAwADMALwBQAGwAYQB5AFIAZQBhAGQAeQBIAGUAYQBkAGUAcgAiACAAdgBlAHIAcwBpAG8AbgA9ACIANAAuADAALgAwAC4AMAAiAD4APABEAEEAVABBAD4APABQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsARQBZAEwARQBOAD4AMQA2ADwALwBLAEUAWQBMAEUATgA+ADwAQQBMAEcASQBEAD4AQQBFAFMAQwBUAFIAPAAvAEEATABHAEkARAA+ADwALwBQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsASQBEAD4AWgBMAE0AagBYAFoAVwBxADYAOQBjAHMAVgBNAFMAdwBxAGMAZQBDAHcAQQA9AD0APAAvAEsASQBEAD4APABDAEgARQBDAEsAUwBVAE0APgB1AHoAaQB4AFkASgBSADQALwAwAEEAPQA8AC8AQwBIAEUAQwBLAFMAVQBNAD4APABMAEEAXwBVAFIATAA+AGgAdAB0AHAAcwA6AC8ALwB1AGQAcgBtAC4AawBhAGwAdAB1AHIAYQAuAGMAbwBtAC8AcABsAGEAeQByAGUAYQBkAHkALwBsAGkAYwBlAG4AcwBlADwALwBMAEEAXwBVAFIATAA+ADwATABVAEkAXwBVAFIATAA+AGgAdAB0AHAAOgAvAC8AdwB3AHcALgBrAGEAbAB0AHUAcgBhAC4AYwBvAG0APAAvAEwAVQBJAF8AVQBSAEwAPgA8AC8ARABBAFQAQQA+ADwALwBXAFIATQBIAEUAQQBEAEUAUgA+AA==", "uuid": "9a04f079-9840-4286-ab92-e65be0885f95"}], "login_url": "http://www.kaltura.com/", "file": "0_2nh6ruyp", "license_url": "https://udrm.kaltura.com/playready/license", "key": "AHtODLbtZJ61ETAPTO+WZg==", "key_id": "ZLMjXZWq69csVMSwqceCwA==", "content_id": "0_nf0aybik"}]

You can capture the license request URL when playing that page using the browser console (it's https://udrm.kaltura.com/...) I'm not pasting it here since it has parts that are expiring.

Btw, another pitfall of MSS/PlayReady is that the protocol does not support multiple keys (unlike DASH). So, in case you are using adaptive bitrate, all the JSONs that nginx-vod gets for a single video should be the same.

[marzipi]

Thank you Erankor, I am going to test with the information you provide me with. Pierre

[erankor]

hi @marzipi, did you manage to get MSS/PlayReady working for you ?

[marzipi]

Hi Erankor, Unfortunately, I don't succeed. It may come from the player (microsoft directap where the status freezes on "individualizing").

Could you take few minutes to try the manifest below with your player? kaltura doesn't integrate mss and dash plugin by default, I have to see how to load them.

http://live1.bce.lu/nginx/content/TBT/20151014/0/0_8sb6xgnx_0_6fgjltwl_2.mp4/manifest

Our license server works fine for CENC (widevine and playready). Will you add in your dash packager cenc feature (plaready and widevine) in your module?

Thank you very much for your support, I will continue to investigate on my side. Pierre

[erankor]

1. what is the license acquisition URL ?
2. if you meant support for multiple PSSH in DASH CENC then it's already supported, on our production environment we generate PSSH for both widevine and playready

[marzipi]

Hi again, The URL is https: //pr .bce . lu/pr/ rightsmanager.asmx (please remove spaces)

For cenc, could you give an example of data format used by your nginx module and how do you append both pssh (widevine and playready)? tx Pierre

[erankor]

Hi,

Your stream does not play for me either. One thing that I noticed (no way of telling of that's the problem or not) is that in your license response there are 2 licenses, while in my working sample there is only one.

Btw, it seems the URL I previously pasted has expired, here is a new one:

http://www.kaltura.com/index.php/extwidget/preview/partner_id/2035982/uiconf_id/32247421/entry_id/0_nf0aybik/embed/auto?&flashvars[streamerType]=auto&flashvars[ks]=MTM5MDVjYTk0OGQ0MjhjM2EwOWNiN2RkNmViZTA5MDZhZjE4ZDdkYXwyMDM1OTgyOzIwMzU5ODI7MTQ2MjI3MzkyOTswOzE0NTM2MzM5MjkuMzgwMTthZG1pbjtkaXNhYmxlZW50aXRsZW1lbnQ7Ow==

Other than that, here is a sample of CENC with both widevine and playready pssh:

[{"key_id": "S7cD44mb7oNU7YPQFQiA7Q==", 
"pssh": [{
"data": "CAESEEu3A+OJm+6DVO2D0BUIgO0aB2thbHR1cmEiCjBfbmYwYXliaWsqBVNEX0hE", 
"uuid": "edef8ba9-79d6-4ace-a3c8-27dcd51d21ed"}, 
{"data": "2AIAAAEAAQDOAjwAVwBSAE0ASABFAEEARABFAFIAIAB4AG0AbABuAHMAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwBEAFIATQAvADIAMAAwADcALwAwADMALwBQAGwAYQB5AFIAZQBhAGQAeQBIAGUAYQBkAGUAcgAiACAAdgBlAHIAcwBpAG8AbgA9ACIANAAuADAALgAwAC4AMAAiAD4APABEAEEAVABBAD4APABQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsARQBZAEwARQBOAD4AMQA2ADwALwBLAEUAWQBMAEUATgA+ADwAQQBMAEcASQBEAD4AQQBFAFMAQwBUAFIAPAAvAEEATABHAEkARAA+ADwALwBQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsASQBEAD4ANAB3AE8AMwBTADUAdQBKAGcAKwA1AFUANwBZAFAAUQBGAFEAaQBBADcAUQA9AD0APAAvAEsASQBEAD4APABDAEgARQBDAEsAUwBVAE0APgBjAGwAWABoAHIATQA2AEsAZwBuAHcAPQA8AC8AQwBIAEUAQwBLAFMAVQBNAD4APABMAEEAXwBVAFIATAA+AGgAdAB0AHAAcwA6AC8ALwB1AGQAcgBtAC4AawBhAGwAdAB1AHIAYQAuAGMAbwBtAC8AYwBlAG4AYwAvAHAAbABhAHkAcgBlAGEAZAB5AC8AbABpAGMAZQBuAHMAZQA8AC8ATABBAF8AVQBSAEwAPgA8AEwAVQBJAF8AVQBSAEwAPgBoAHQAdABwADoALwAvAHcAdwB3AC4AawBhAGwAdAB1AHIAYQAuAGMAbwBtADwALwBMAFUASQBfAFUAUgBMAD4APAAvAEQAQQBUAEEAPgA8AC8AVwBSAE0ASABFAEEARABFAFIAPgA=", 
"uuid": "9a04f079-9840-4286-ab92-e65be0885f95"}], 
"content_id": "0_nf0aybik", 
"key": "owaf3/+5ymPfsnH3HerrBg==", 
"file": "0_2nh6ruyp"}]

[marzipi]

Hi Erankor, Thank you again for you help. Concerning Dash delivery with Cenc for both Widevine and Playready it works perfectly. You made a very good job that we all appreciate ;-) For mms, I am going to see why we produce 2 licenses, the problem may be there and I will compare with your working example. With kind regards Pierre

[erankor]

Closing this one, since the problem does not seem to be in nginx-vod-module