fix(FEC-14578): [DRM] playkit-js changes needed to support uDRM CPIX multikey solution for HLS FPS#819
fix(FEC-14578): [DRM] playkit-js changes needed to support uDRM CPIX multikey solution for HLS FPS#819chanakabr wants to merge 5 commits intokaltura:masterfrom
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR implements CPIX 2.3 support for FairPlay DRM by adding multi-key/key rotation functionality. The changes enable the uDRM to locate key IDs (KIDs) from license requests to support the new CPIX 2.3 encrypters/packagers that use KID per track per crypto period.
- Adds X-Kaltura-InitData header to license requests containing base64-encoded KID
- Updates content ID extraction to properly parse skd:// format URLs
- Enhances WebKit key message handling to extract KID from session content
Comments suppressed due to low confidence (2)
src/engines/html5/media-source/adapters/fairplay-drm-handler.ts:133
- The header name 'X-Kaltura-InitData' is inconsistent with the description which mentions 'X-InitData-Kaltura'. Please verify the correct header name format.
headers: {'X-Kaltura-InitData': kidBase64} // pass the kid to uDRM
src/engines/html5/media-source/adapters/fairplay-drm-handler.ts:274
- The variable name 'hostname' is misleading since it's now extracting a key ID rather than a hostname. Consider renaming to 'keyId' or 'contentId' for clarity.
const hostname = url.slice(url.lastIndexOf("skd://")+6,url.length); // handle the skd://mykeyid format
| // WebkitMediaKeySession has attribute contentId (which is the mykeyid from playlist's skd://mykeyid) | ||
| const session = event.target; | ||
| const kid = session?.contentId; | ||
| const kidBase64 = btoa(kid); |
There was a problem hiding this comment.
The btoa() function expects a string input, but 'kid' could be undefined or null if session?.contentId is falsy. This will throw an error. Add validation: const kidBase64 = kid ? btoa(kid) : '';
| const kidBase64 = btoa(kid); | |
| const kidBase64 = kid ? btoa(kid) : ''; |
| const hostname = url.slice(url.lastIndexOf("skd://")+6,url.length); // handle the skd://mykeyid format | ||
| return hostname; |
There was a problem hiding this comment.
If the URL doesn't contain 'skd://', lastIndexOf() returns -1, causing slice(-1+6, length) which would return the last 5 characters. Add validation: if (url.includes('skd://')) { return url.slice(url.lastIndexOf('skd://') + 6); } else { /* fallback logic */ }
| const hostname = url.slice(url.lastIndexOf("skd://")+6,url.length); // handle the skd://mykeyid format | |
| return hostname; | |
| if (url.includes("skd://")) { | |
| const hostname = url.slice(url.lastIndexOf("skd://") + 6); // handle the skd://mykeyid format | |
| return hostname; | |
| } else { | |
| throw new Error("Invalid URL format: 'skd://' not found"); | |
| } |
SivanA-Kaltura
changed the title
…multikey solution for HLS FPS ### Description of the Changes Based on #819 Add a custom header for fairplay DRM requests The custom header logic will only work with the configuration ``` playback: { options: { html5: { native: { useKIDHeader: true } } } } ``` Resolves FEC-14578 --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Description of the Changes
Baseline Fairplay Implementation: Following the legacy Key System (com.apple.fps.1_0).
Background: We have a new feature in the uDRM and in the CPIX 2.3 encrypters/packagers to support multikeys/key rotation, which uses kid per track per crypto period.
The Packager is signalling the kid as keyUri in the playlist:
Format:
EXT-X-KEY:METHOD=SAMPLE-AES,URI="skd://kid",KEYFORMAT="com.apple.streamingkeydelivery",KEYFORMATVERSIONS="1"Sample:
During the license flow the uDRM needs to locate the kid from the request.
It can be in 2 places.
a. SPC's AssetID TLLVS (this works with modern media key system how in the legacy the AssetID can't be parsed)
b. X-InitData-Kaltura (skd in base64 - explained in this PR).
The PR Change:
CheckLists