Shaka-player: 3.0.0 requests a Widevine service certificate when cert is specified
Have you read the FAQ and checked for duplicate open issues?
Yes
What version of Shaka Player are you using?
3.0.0
Can you reproduce the issue with our latest release version?
Yes
Can you reproduce the issue with the latest code from master?
Have not tried, but I don't see any commits that would suggest that it's been addressed
Are you using the demo app or your own custom app?
Custom app
If custom app, can you reproduce the issue using our demo app?
I'm not sure if any of the demo assets are specifying a serverCertificate, but if one is, I could try it.
What browser and OS are you using?
Chrome 83 - Windows 10
Chrome 80 - Chromecast - Nest Hub
For embedded devices (smart TVs, etc.), what model and firmware version are you using?
What are the manifest and license server URIs?
https://shaka-player-demo.appspot.com/demo/#audiolang=en;textlang=en;uilang=en;asset=https://storage.googleapis.com/shaka-demo-assets/angel-one-widevine/dash.mpd;panel=ALL_CONTENT;panelData=drm:WIDEVINE;build=uncompiled looks like it's sending a service certificate request to the Widevine proxy, but I'm not sure if one is being specified prior to calling load(...).
What did you do?
- Upgrade an application from 2.5.12 to 3.0.0, which had a working Shaka configuration with a
serverCertificatespecified for Widevine requests - Set up the shaka player instance
const player = shaka.Player(videoElement) - Configure the player with typical drm setup and the following to specify the server certificate
player.configure({ drm: { advanced: { 'com.widevine.alpha': { serverCertificate: shaka.util.Uint8ArrayUtils.fromBase64(widevineServerCertificate) } } } }); - Call
player.load(...)
What did you expect to happen?
I expected no service certificate requests to be made to our Widevine Proxy.
What actually happened?
We're seeing our Widevine proxy gets a service certificate request for the license request made by the player. Simply downgrading back to 2.5.12 fixes it. It doesn't look like the AdvancedDrmConfiguration has changed from 2.5 to 3.0 either.
baseballbrad3
All 4 comments
With the content you referenced, in v3.0.3 I see one server cert request and one license request. We don't have a cert configured for our demo content, so this is expected. https://shaka-player-demo.appspot.com/demo/#asset=https://storage.googleapis.com/shaka-demo-assets/angel-one-widevine/dash.mpd
If I set up a custom content entry in the demo with a service cert URL as follows, I can reproduce your issue:
- Manifest URL: https://storage.googleapis.com/shaka-demo-assets/angel-one-widevine/dash.mpd
- Name: 2644 - server cert
- License Server URL: https://cwip-shaka-proxy.appspot.com/no_auth
- License Certificate URL: https://cwip-shaka-proxy.appspot.com/service-cert
Playing that, I see the request for the service cert URL (which in a real app would be hard-coded in base64 or so as you showed in your example). But then I still see a subsequent 2-byte server cert request to the license server, followed by the license request.
joeyparrish
on 18 Aug 2020
Hello,
Since we are using anti replay JWT token based on license request. This bug is blocking us to use Shaka Player to deliver license.
Won't it be corrected in 3.0.Z branch ? or do you have an approximative release date for the 3.1 version ?
Thx
JulienHoullier
on 5 Oct 2020
@JulienHoullier, we also require this functionality. Be aware that it only seems to affect version 3.x.
We are currently using 2.5.15, and holding off the update to 3.x until this issue is resolved.
Best regards
Wayne-Morgan
on 5 Oct 2020
I found the root cause. Although we are using the server certificate, we're creating sessions before applying the cert. This should not be difficult to fix.
joeyparrish
on 6 Oct 2020
Related issues
jakubvojacek
路
5Comments
SemihGk
路
4Comments
luusetsenkoodbichsen
路
3Comments
bansalvks
路
3Comments
alexandercerutti
路
5Comments
Most helpful comment
I found the root cause. Although we are using the server certificate, we're creating sessions before applying the cert. This should not be difficult to fix.