Skip to main content
Skip table of contents

Playback of FPS encrypted content

To test this feature and view the example code, please see the Apple (FPS) SDK 5 Example Code Quick Start guide.

The OTVAVPlayer class extends the native AVPlayer class and makes it easy to enable FPS playback. It extends all of the functionality of AVPlayer, and because FPS is the native DRM, it can support HD and 4K playback.

This page provides an overview of the tasks required to enable FairPlay Streaming in your application, with code examples to show how to implement licence delegation and the framework used to playback encrypted content.

Prerequisites

An understanding of Apple’s FairPlay technology; see the Apple page FairPlay Streaming.

The certificate provided by Apple when an operator wants to use FPS by submitting an X.509 Certificate Signing Request linked to the private key. This certificate will be used when requesting a key request to the OS (returned with Server Playback Context (SPC)).

Key Server Module (KSM)

A handheld device. Playback of FPS encrypted streams is not supported for device simulators.

Example code

The encrypted-playback-advanced (or Encrypted Playback Advanced in UnifiedExampleCode) example code contains an Xcode project demonstrating the entire process for acquiring a license for, and playing back, an encrypted HLS stream. All tokens and URLs in the example code are hard-coded, but they might be fetched from external sources in real applications. The license server used in this example is a NAGRA Security Services Platform (SSP) head-end.

The app has an SSPFairplayLicenseDelegate class, which is an SSP-specific implementation of an OTVLicenseDelegate. Alongside this class, other helper classes assist the handling of licenses, tokens and certificates used to enable FPS playback:

  • ContentIdentifierGenerator associates a URL with its ContentId.

  • FairPlayApplicationCertificateDownloader acquires the authentication certificate. Apple issues this certificate to the license provider; it later authenticates the association between the license server and the player.

  • PlayerCertificateAuthenticator downloads and stores the SSP Certificate that authenticates the player against the license server (using FairPlayApplicationCertificateDownloader). This certificate only needs to be acquired once.

  • StreamLicenceAuthenticator authenticates an encrypted stream and provides its license in the form of an encrypted CKC message. The content token used in this authenticator is an SSP-specific implementation. It authenticates the contentId  and may have additional information such as license duration and expiry. As authentication needs to be done for each stream, you will likely instantiate this class every ‘zapping’.

The central part of enabling playback of FairPlay-encrypted content is to implement the following methods of the OTVLicenseDelegate protocol:

  • contentIdentifier() given a licence server URL (the URI specified in the playlist’s EXT-X-KEY tag), this should get and return the content identifier used on the server side.

  • certificate() fetches and returns the application certificate. Apple supplies this and is used with the content identifier to request a key request from the OS.

  • ckcMessage() fetches and returns the Content Key Context (CKC) message that contains the encrypted key used to decrypt the FairPlay stream.

  • scheme() should return the name of the URI scheme (specified in the EXT-X-KEY URI).

The exact contents of each method will depend on the licence server used.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.