本文為您介紹自訂鑒權URL相關功能使用,通過閱讀本文您可以瞭解如何進行自訂鑒權URL以及如何對URL鑒權配置進行更新。
鑒權URL產生
自訂鑒權URL
在您實際的業務中,您可能需要動態產生推/播流URL,此時可以通過擷取鑒權配置進行自訂拼接。接下來將通過Java SDK樣本介紹如何?動態拼接推/播流URL。
說明
在此之前如果您對URL鑒權地址結構暫不瞭解,請參見鑒權URL組成。
由於鑒權URL需要根據鑒權KEY以及有效時間長度進行加密,所以要動態產生推/播流URL,需要先擷取到URL鑒權相關配置。
擷取URL鑒權配置需要調用DescribeLiveDomainConfigs查詢直播網域名稱鑒權配置,具體範例程式碼如下:
//需要將<>內容替換成實際使用的值
DefaultProfile profile = DefaultProfile.getProfile("<regionId>", "<ALIBABA_CLOUD_ACCESS_KEY_ID>", "<ALIBABA_CLOUD_ACCESS_KEY_SECRET>");
IAcsClient client = new DefaultAcsClient(profile);
DescribeLiveDomainConfigsRequest describeLiveDomainConfigsRequest=new DescribeLiveDomainConfigsRequest();
describeLiveDomainConfigsRequest.setDomainName("<DomainName>");
describeLiveDomainConfigsRequest.setFunctionNames("aliauth");
DescribeLiveDomainConfigsResponse describeLiveStreamSnapshotInfoResponse = null;
try {
describeLiveStreamSnapshotInfoResponse = client.getAcsResponse(describeLiveDomainConfigsRequest);
} catch (ClientException e) {
e.printStackTrace();
}
//鑒權key
String key="";
//有效時間長度(單位秒)
long expSeconds=0l;
for(DescribeLiveDomainConfigsResponse.DomainConfig.FunctionArg f:describeLiveStreamSnapshotInfoResponse.getDomainConfigs().get(0).getFunctionArgs()){
if("auth_key1".equals(f.getArgName())){
key=f.getArgValue();
}
if("ali_auth_delta".equals(f.getArgName())){
expSeconds=Long.valueOf(f.getArgValue());
}
}
System.out.println(key);
System.out.println(expSeconds);擷取到鑒權KEY和有效時間長度後就可以對URL進行拼接並加密,相關範例程式碼請參考本文檔鑒權URL加密部分Java鑒權URL加密樣本。
說明
產生推流地址時,要使用推流網域名稱的鑒權KEY和有效時間長度。
產生播放地址時,要使用播流網域名稱的鑒權KEY和有效時間長度。
更新鑒權配置
在您實際的業務中,您的鑒權KEY可能是需要定期更換的,同時我們也建議您這樣做。此時可以通過調用BatchSetLiveDomainConfigs大量設定網域名稱API進行網域名稱URL鑒權配置更新。
接下來將通過Java SDK範例程式碼介紹如何更新URL鑒權配置。範例程式碼如下:
//需要將<>內容替換成實際使用的值
DefaultProfile profile = DefaultProfile.getProfile("<regionId>", "<ALIBABA_CLOUD_ACCESS_KEY_ID>", "<ALIBABA_CLOUD_ACCESS_KEY_SECRET>");
IAcsClient client = new DefaultAcsClient(profile);
BatchSetLiveDomainConfigsRequest batchSetLiveDomainConfigsRequest =new BatchSetLiveDomainConfigsRequest();
batchSetLiveDomainConfigsRequest.setDomainNames("<DomainName>");
batchSetLiveDomainConfigsRequest.setFunctions("[{\"functionArgs\":[" +
"{\"argName\":\"auth_type\",\"argValue\":\"type_a\"}," +
"{\"argName\":\"auth_key1\",\"argValue\":\"<KEY_MAIN****>\"}," +
"{\"argName\":\"auth_key2\",\"argValue\":\"<KEY_BAK****>\"}," +
"{\"argName\":\"ali_auth_delta\",\"argValue\":<3600>}]," +
"\"functionName\":\"aliauth\"}]");
try {
BatchSetLiveDomainConfigsResponse response = client.getAcsResponse(batchSetLiveDomainConfigsRequest);
System.out.println(new Gson().toJson(response));
//todo something
} catch (ServerException e) {
e.printStackTrace();
} catch (ClientException e) {
e.printStackTrace();
}
說明
該範例程式碼實現了對<DomainName>的URL鑒權配置更新。鑒權類型為type_a(表示啟用鑒權),auth_key1(主KEY)為<KEY_MAIN****>,auth_key2(備KEY)為<KEY_BAK****>,ali_auth_delta(鑒權URL的有效時間長度)為<3600>秒,
主KEY或備KEY擁有同樣的效力,備KEY主要用於平滑更換。若主KEY執行更換,所有使用主KEY產生的播放地址會立即失效。備KEY作為主KEY更換時,使用主KEY的播放地址不會馬上中斷,備KEY可以繼續替代主KEY提供服務,一般在更換時將舊的主KEY寫入備KEY。
鑒權URL加密
Java鑒權URL加密樣本
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class AuthDemo {
private static String md5Sum(String src) {
MessageDigest md5 = null;
try {
md5 = MessageDigest.getInstance("MD5");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
md5.update(StandardCharsets.UTF_8.encode(src));
return String.format("%032x", new BigInteger(1, md5.digest()));
}
private static String aAuth(String uri, String key, long exp) {
String pattern = "^(rtmp://)?([^/?]+)(/[^?]*)?(\\\\?.*)?$";
Pattern r = Pattern.compile(pattern);
Matcher m = r.matcher(uri);
String scheme = "", host = "", path = "", args = "";
if (m.find()) {
scheme = m.group(1) == null ? "rtmp://" : m.group(1);
host = m.group(2) == null ? "" : m.group(2);
path = m.group(3) == null ? "/" : m.group(3);
args = m.group(4) == null ? "" : m.group(4);
} else {
System.out.println("NO MATCH");
}
String rand = "0"; // "0" by default, other value is ok
String uid = "0"; // "0" by default, other value is ok
String sString = String.format("%s-%s-%s-%s-%s", path, exp, rand, uid, key);
String hashValue = md5Sum(sString);
String authKey = String.format("%s-%s-%s-%s", exp, rand, uid, hashValue);
if (args.isEmpty()) {
return String.format("%s%s%s%s?auth_key=%s", scheme, host, path, args, authKey);
} else {
return String.format("%s%s%s%s&auth_key=%s", scheme, host, path, args, authKey);
}
}
public static void main(String[] args) {
String uri = "rtmp://example.aliyundoc.com/live/test****"; // original uri
String key = "<input private key>"; // private key of authorization
long exp = System.currentTimeMillis() / 1000 + 1 * 3600; // expiration time: 1 hour after current time
String authUri = aAuth(uri, key, exp);
System.out.printf("URL : %s\nAuth: %s", uri, authUri);
}
}Python鑒權URL加密樣本
import re
import time
import hashlib
import datetime
def md5sum(src):
m = hashlib.md5()
m.update(src)
return m.hexdigest()
def a_auth(uri, key, exp):
p = re.compile("^(rtmp://)?([^/?]+)(/[^?]*)?(\\?.*)?$")
if not p:
return None
m = p.match(uri)
scheme, host, path, args = m.groups()
if not scheme: scheme = "rtmp://"
if not path: path = "/"
if not args: args = ""
rand = "0" # "0" by default, other value is ok
uid = "0" # "0" by default, other value is ok
sstring = "%s-%s-%s-%s-%s" %(path, exp, rand, uid, key)
hashvalue = md5sum(sstring.encode('utf-8'))
auth_key = "%s-%s-%s-%s" %(exp, rand, uid, hashvalue)
if args:
return "%s%s%s%s&auth_key=%s" %(scheme, host, path, args, auth_key)
else:
return "%s%s%s%s?auth_key=%s" %(scheme, host, path, args, auth_key)
def main():
uri = "rtmp://example.aliyundoc.com/test/test?vhost=demo.aliyundoc.liucom" # original uri
key = "<input private key>" # private key of authorization
exp = int(time.time()) + 1 * 3600 # expiration time: 1 hour after current itme
authuri = a_auth(uri, key, exp)
print("URL : %s\nAUTH: %s" %(uri, authuri))
if __name__ == "__main__":
main()Go鑒權URL加密樣本
package main
import (
"crypto/md5"
"encoding/hex"
"fmt"
"regexp"
"time"
)
func md5sum(src string) string {
h := md5.New()
h.Write([]byte(src))
return hex.EncodeToString(h.Sum(nil))
}
func a_auth(uri, key string, exp int64) string {
p, err := regexp.Compile("^(rtmp://)?([^/?]+)(/[^?]*)?(\\?.*)?$")
if err != nil {
fmt.Println(err)
return ""
}
m := p.FindStringSubmatch(uri)
var scheme, host, path, args string
if len(m) == 5 {
scheme, host, path, args = m[1], m[2], m[3], m[4]
} else {
scheme, host, path, args = "rtmp://", "", "/", ""
}
rand := "0" // "0" by default, other value is ok
uid := "0" // "0" by default, other value is ok
sstring := fmt.Sprintf("%s-%d-%s-%s-%s", path, exp, rand, uid, key)
hashvalue := md5sum(sstring)
auth_key := fmt.Sprintf("%d-%s-%s-%s", exp, rand, uid, hashvalue)
if len(args) != 0 {
return fmt.Sprintf("%s%s%s%s&auth_key=%s", scheme, host, path, args, auth_key)
} else {
return fmt.Sprintf("%s%s%s%s?auth_key=%s", scheme, host, path, args, auth_key)
}
}
func main() {
uri := "rtmp://example.aliyundoc.com/live/test****" // original uri
key := "<input private key>" // private key of authorization
exp := time.Now().Unix() + 3600 // expiration time: 1 hour after current itme
authuri := a_auth(uri, key, exp)
fmt.Printf("URL : %s\nAUTH: %s", uri, authuri)
}PHP鑒權URL加密樣本
<?php
function a_auth($uri, $key, $exp) {
preg_match("/^(rtmp:\/\/)?([^\/?]+)?(\/[^?]*)?(\\?.*)?$/", $uri, $matches);
$scheme = $matches[1];
$host = $matches[2];
$path = $matches[3];
$args = $matches[4];
if (empty($args)) {
$args ="";
}
if (empty($scheme)) {
$scheme ="rtmp://";
}
if (empty($path)) {
$path ="/";
}
$rand = "0";
// "0" by default, other value is ok
$uid = "0";
// "0" by default, other value is ok
$sstring = sprintf("%s-%u-%s-%s-%s", $path, $exp, $rand, $uid, $key);
$hashvalue = md5($sstring);
$auth_key = sprintf("%u-%s-%s-%s", $exp, $rand, $uid, $hashvalue);
if ($args) {
return sprintf("%s%s%s%s&auth_key=%s", $scheme, $host, $path, $args, $auth_key);
} else {
return sprintf("%s%s%s%s?auth_key=%s", $scheme, $host, $path, $args, $auth_key);
}
}
$uri = "rtmp://example.aliyundoc.com/live/test****";
$key = "<input private key>";
$exp = time() + 3600;
$authuri = a_auth($uri, $key, $exp);
echo "URL :" . $uri;
echo PHP_EOL;
echo "AUTH:" . $authuri;
?>C#鑒權URL加密樣本
using System;
using System.Text.RegularExpressions;
using System.Security.Cryptography;
using System.Text;
public class Test
{
public static void Main()
{
string uri= "rtmp://example.aliyundoc.com/live/test****"; // original uri
string key= "<input private key>"; // private key of authorization
DateTime dateStart = new DateTime(1970, 1, 1, 8, 0, 0);
string exp = Convert.ToInt64((DateTime.Now - dateStart).TotalSeconds+3600).ToString(); // expiration time: 1 hour after current time
string authUri = aAuth(uri, key, exp);
Console.WriteLine (String.Format("URL :{0}",uri));
Console.WriteLine (String.Format("AUTH :{0}",authUri));
}
public static string aAuth(string uri, string key, string exp)
{
Regex regex = new Regex("^(rtmp://)?([^/?]+)(/[^?]*)?(\\\\?.*)?$");
Match m = regex.Match(uri);
string scheme = "rtmp://", host = "", path = "/", args = "";
if (m.Success)
{
scheme=m.Groups[1].Value;
host=m.Groups[2].Value;
path=m.Groups[3].Value;
args=m.Groups[4].Value;
}else{
Console.WriteLine ("NO MATCH");
}
string rand = "0"; // "0" by default, other value is ok
string uid = "0"; // "0" by default, other value is ok
string u = String.Format("{0}-{1}-{2}-{3}-{4}", path, exp, rand, uid, key);
string hashValue = Md5(u);
string authKey = String.Format("{0}-{1}-{2}-{3}", exp, rand, uid, hashValue);
if (args=="")
{
return String.Format("{0}{1}{2}{3}?auth_key={4}", scheme, host, path, args, authKey);
} else
{
return String.Format("{0}{1}{2}{3}&auth_key={4}", scheme, host, path, args, authKey);
}
}
public static string Md5(string value)
{
MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
byte[] bytes = Encoding.ASCII.GetBytes(value);
byte[] encoded = md5.ComputeHash(bytes);
StringBuilder sb = new StringBuilder();
for(int i=0; i<encoded.Length; ++i)
{
sb.Append(encoded[i].ToString("x2"));
}
return sb.ToString();
}
}相關文檔
更多存取控制功能說明,請參見開發指南存取控制。
使用Java SDK,請參見Java SDK使用說明。