FairPlay problem

Marcin Szaniec 1 Reputation point
2020-10-27T09:07:45.98+00:00

Hello,

I have problem with FairPlay configuration, I have configured multi drm content policy ( Widevide, PlayReady , FairPlay ) , for test purposes without token restriction. Works fine for Widevide and PlayReady , with FairPlay there is a problem ( using https://openidconnectweb.azurewebsites.net/AMTestPlayer ), streaming endpoint is using Predefined_MultiDrmStreaming streaming policy

I've tried both format , using (format=m3u8-aapl,encryption=cbcs-aapl) I am reciving below error

  • error message: MediaKeyError code: 6, systemCode: 0x48444350
  • error code: 60500000
  • category code: 500000
  • category message: MEDIA_ERR_ENCRYPTED (The video is encrypted and we do not have the keys to decrypt it.)
  • detailed description: Generic encrypted error

I've set .cer file downloaded from apple , created pfx from it ( I've check modulus from cer and pfx using openssl , it is same). I've analyze a little bit network traffic , it seems that player receive fairplay licence correctly from https://*.keydelivery.northeurope.media.azure.net/FairPlay/?kid={GUID}

With CMAF, player is hanging and I can see below error in network calls

<serverError>
<status>403</status>
<subStatus>0</subStatus>
<hresult>MPE_ENC_ENCRYPTION_NOT_SET_IN_DELIVERY_POLICY</hresult>
<activityId>80000777-0000-FE00-B63F-84710C7967BB</activityId>
<serviceId>EB1ED3E9-CBA5-0B8E-0E4B-29694B63F6D0</serviceId>
</serverError>

Any ideas why it is not working?

Thanks
Marcin

Azure Media Services
Azure Media Services
A group of Azure services that includes encoding, format conversion, on-demand streaming, content protection, and live streaming services.
316 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Xavier Pouyat 591 Reputation points Microsoft Employee
    2020-10-27T10:24:38.357+00:00

    Hello,

    I am not sure about the first error.

    For the second error, in order to use FairPlay with CMAF (or to enable offline FairPlay too), you need to create and use a custom streaming policy. In that policy, you need to activate FairPlay with DASH (as CMAF used MP4 fragments). The CommonEncryptionCenc and CommonEncryptionCbcs objects can be created as below : 

           /// <summary>
        /// Generates de Cenc config for Dash and Smooth Streaming.
        /// </summary>
        /// <returns>The Cenc configuration.</returns>
        protected static CommonEncryptionCenc GenerateCencConfig()
        {
            return new CommonEncryptionCenc()
            {
                Drm = new CencDrmConfiguration()
                {
                  PlayReady = new StreamingPolicyPlayReadyConfiguration(),
                  Widevine = new StreamingPolicyWidevineConfiguration()
                },
                EnabledProtocols = new EnabledProtocols()
                {
                    Hls = false,
                    Dash = true,
                    SmoothStreaming = true,
                    Download = false
                },
                ContentKeys = new StreamingPolicyContentKeys()
                {
                    // Default key must be specified if keyToTrackMappings is present
                    DefaultKey = new DefaultKey()
                    {
                        Label = "cencKeyDefault"
                    }
                }
            };
        }

        /// <summary>
        /// Generates de Cbcs config with offline FairPlayfor HLS-Ts and HLS-Cmaf.
        /// </summary>
        /// <returns>The Cenc configuration.</returns>
        protected static CommonEncryptionCbcs GenerateCbcsConfig()
        {
            return new CommonEncryptionCbcs()
            {
                Drm = new CbcsDrmConfiguration()
                {
                    FairPlay = new StreamingPolicyFairPlayConfiguration()
                    {
                        AllowPersistentLicense = true // this enables offline mode
                    }
                },
                EnabledProtocols = new EnabledProtocols()
                {
                    Hls = true,
                    Dash = true // Even though DASH under CBCS is not supported for either CSF or CMAF, HLS-CMAF-CBCS uses DASH-CBCS fragments in its HLS playlist
                },

                ContentKeys = new StreamingPolicyContentKeys()
                {
                    // Default key must be specified if keyToTrackMappings is present
                    DefaultKey = new DefaultKey()
                    {
                        Label = "cbcsKeyDefault"
                    }
                }
            };
        }
    1 person found this answer helpful.
  2. Xavier Pouyat 591 Reputation points Microsoft Employee
    2020-10-27T15:49:19.13+00:00

    A colleague told me to check the app cert. Is it hosted somewhere? We guess you put the app cert URL in the textbox of the test player? In that case, it would be cross-domain javascript call. Please make sure the hosting site enable CORS.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.