本文为您介绍自定义鉴权URL相关功能使用,通过阅读本文您可以了解如何进行自定义鉴权URL以及如何对URL鉴权配置进行更新。
鉴权URL生成
自定义鉴权URL
在您实际的业务中,您可能需要动态生成推/播流URL,此时可以通过获取鉴权配置进行自定义拼接。接下来将通过Java SDK示例介绍如何实现动态拼接推/播流URL。
说明
在此之前如果您对URL鉴权地址结构暂不了解,请参见鉴权URL组成。
由于鉴权URL需要根据鉴权KEY以及有效时长进行加密,所以要动态生成推/播流URL,需要先获取到URL鉴权相关配置。
获取URL鉴权配置需要调用DescribeLiveDomainConfigs查询直播域名鉴权配置,具体示例代码如下:
//需要将<>内容替换成实际使用的值
DefaultProfile profile = DefaultProfile.getProfile("<regionId>", "<ALIBABA_CLOUD_ACCESS_KEY_ID>", "<ALIBABA_CLOUD_ACCESS_KEY_SECRET>");
IAcsClient client = new DefaultAcsClient(profile);
DescribeLiveDomainConfigsRequest describeLiveDomainConfigsRequest=new DescribeLiveDomainConfigsRequest();
describeLiveDomainConfigsRequest.setDomainName("<DomainName>");
describeLiveDomainConfigsRequest.setFunctionNames("aliauth");
DescribeLiveDomainConfigsResponse describeLiveStreamSnapshotInfoResponse = null;
try {
describeLiveStreamSnapshotInfoResponse = client.getAcsResponse(describeLiveDomainConfigsRequest);
} catch (ClientException e) {
e.printStackTrace();
}
//鉴权key
String key="";
//有效时长(单位秒)
long expSeconds=0l;
for(DescribeLiveDomainConfigsResponse.DomainConfig.FunctionArg f:describeLiveStreamSnapshotInfoResponse.getDomainConfigs().get(0).getFunctionArgs()){
if("auth_key1".equals(f.getArgName())){
key=f.getArgValue();
}
if("ali_auth_delta".equals(f.getArgName())){
expSeconds=Long.valueOf(f.getArgValue());
}
}
System.out.println(key);
System.out.println(expSeconds);获取到鉴权KEY和有效时长后就可以对URL进行拼接并加密,相关示例代码请参考本文档鉴权URL加密部分Java鉴权URL加密示例。
说明
生成推流地址时,要使用推流域名的鉴权KEY和有效时长。
生成播放地址时,要使用播流域名的鉴权KEY和有效时长。
更新鉴权配置
在您实际的业务中,您的鉴权KEY可能是需要定期更换的,同时我们也建议您这样做。此时可以通过调用BatchSetLiveDomainConfigs批量配置域名API进行域名URL鉴权配置更新。
接下来将通过Java SDK示例代码介绍如何更新URL鉴权配置。示例代码如下:
//需要将<>内容替换成实际使用的值
DefaultProfile profile = DefaultProfile.getProfile("<regionId>", "<ALIBABA_CLOUD_ACCESS_KEY_ID>", "<ALIBABA_CLOUD_ACCESS_KEY_SECRET>");
IAcsClient client = new DefaultAcsClient(profile);
BatchSetLiveDomainConfigsRequest batchSetLiveDomainConfigsRequest =new BatchSetLiveDomainConfigsRequest();
batchSetLiveDomainConfigsRequest.setDomainNames("<DomainName>");
batchSetLiveDomainConfigsRequest.setFunctions("[{\"functionArgs\":[" +
"{\"argName\":\"auth_type\",\"argValue\":\"type_a\"}," +
"{\"argName\":\"auth_key1\",\"argValue\":\"<KEY_MAIN****>\"}," +
"{\"argName\":\"auth_key2\",\"argValue\":\"<KEY_BAK****>\"}," +
"{\"argName\":\"ali_auth_delta\",\"argValue\":<3600>}]," +
"\"functionName\":\"aliauth\"}]");
try {
BatchSetLiveDomainConfigsResponse response = client.getAcsResponse(batchSetLiveDomainConfigsRequest);
System.out.println(new Gson().toJson(response));
//todo something
} catch (ServerException e) {
e.printStackTrace();
} catch (ClientException e) {
e.printStackTrace();
}
说明
该示例代码实现了对<DomainName>的URL鉴权配置更新。鉴权类型为type_a(表示启用鉴权),auth_key1(主KEY)为<KEY_MAIN****>,auth_key2(备KEY)为<KEY_BAK****>,ali_auth_delta(鉴权URL的有效时长)为<3600>秒,
主KEY或备KEY拥有同样的效力,备KEY主要用于平滑更换。若主KEY执行更换,所有使用主KEY生成的播放地址会立即失效。备KEY作为主KEY更换时,使用主KEY的播放地址不会马上中断,备KEY可以继续替代主KEY提供服务,一般在更换时将旧的主KEY写入备KEY。
鉴权URL加密
Java鉴权URL加密示例
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class AuthDemo {
private static String md5Sum(String src) {
MessageDigest md5 = null;
try {
md5 = MessageDigest.getInstance("MD5");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
md5.update(StandardCharsets.UTF_8.encode(src));
return String.format("%032x", new BigInteger(1, md5.digest()));
}
private static String aAuth(String uri, String key, long exp) {
String pattern = "^(rtmp://)?([^/?]+)(/[^?]*)?(\\\\?.*)?$";
Pattern r = Pattern.compile(pattern);
Matcher m = r.matcher(uri);
String scheme = "", host = "", path = "", args = "";
if (m.find()) {
scheme = m.group(1) == null ? "rtmp://" : m.group(1);
host = m.group(2) == null ? "" : m.group(2);
path = m.group(3) == null ? "/" : m.group(3);
args = m.group(4) == null ? "" : m.group(4);
} else {
System.out.println("NO MATCH");
}
String rand = "0"; // "0" by default, other value is ok
String uid = "0"; // "0" by default, other value is ok
String sString = String.format("%s-%s-%s-%s-%s", path, exp, rand, uid, key);
String hashValue = md5Sum(sString);
String authKey = String.format("%s-%s-%s-%s", exp, rand, uid, hashValue);
if (args.isEmpty()) {
return String.format("%s%s%s%s?auth_key=%s", scheme, host, path, args, authKey);
} else {
return String.format("%s%s%s%s&auth_key=%s", scheme, host, path, args, authKey);
}
}
public static void main(String[] args) {
String uri = "rtmp://example.aliyundoc.com/live/test****"; // original uri
String key = "<input private key>"; // private key of authorization
long exp = System.currentTimeMillis() / 1000 + 1 * 3600; // expiration time: 1 hour after current time
String authUri = aAuth(uri, key, exp);
System.out.printf("URL : %s\nAuth: %s", uri, authUri);
}
}Python鉴权URL加密示例
import re
import time
import hashlib
import datetime
def md5sum(src):
m = hashlib.md5()
m.update(src)
return m.hexdigest()
def a_auth(uri, key, exp):
p = re.compile("^(rtmp://)?([^/?]+)(/[^?]*)?(\\?.*)?$")
if not p:
return None
m = p.match(uri)
scheme, host, path, args = m.groups()
if not scheme: scheme = "rtmp://"
if not path: path = "/"
if not args: args = ""
rand = "0" # "0" by default, other value is ok
uid = "0" # "0" by default, other value is ok
sstring = "%s-%s-%s-%s-%s" %(path, exp, rand, uid, key)
hashvalue = md5sum(sstring.encode('utf-8'))
auth_key = "%s-%s-%s-%s" %(exp, rand, uid, hashvalue)
if args:
return "%s%s%s%s&auth_key=%s" %(scheme, host, path, args, auth_key)
else:
return "%s%s%s%s?auth_key=%s" %(scheme, host, path, args, auth_key)
def main():
uri = "rtmp://example.aliyundoc.com/test/test?vhost=demo.aliyundoc.liucom" # original uri
key = "<input private key>" # private key of authorization
exp = int(time.time()) + 1 * 3600 # expiration time: 1 hour after current itme
authuri = a_auth(uri, key, exp)
print("URL : %s\nAUTH: %s" %(uri, authuri))
if __name__ == "__main__":
main()Go鉴权URL加密示例
package main
import (
"crypto/md5"
"encoding/hex"
"fmt"
"regexp"
"time"
)
func md5sum(src string) string {
h := md5.New()
h.Write([]byte(src))
return hex.EncodeToString(h.Sum(nil))
}
func a_auth(uri, key string, exp int64) string {
p, err := regexp.Compile("^(rtmp://)?([^/?]+)(/[^?]*)?(\\?.*)?$")
if err != nil {
fmt.Println(err)
return ""
}
m := p.FindStringSubmatch(uri)
var scheme, host, path, args string
if len(m) == 5 {
scheme, host, path, args = m[1], m[2], m[3], m[4]
} else {
scheme, host, path, args = "rtmp://", "", "/", ""
}
rand := "0" // "0" by default, other value is ok
uid := "0" // "0" by default, other value is ok
sstring := fmt.Sprintf("%s-%d-%s-%s-%s", path, exp, rand, uid, key)
hashvalue := md5sum(sstring)
auth_key := fmt.Sprintf("%d-%s-%s-%s", exp, rand, uid, hashvalue)
if len(args) != 0 {
return fmt.Sprintf("%s%s%s%s&auth_key=%s", scheme, host, path, args, auth_key)
} else {
return fmt.Sprintf("%s%s%s%s?auth_key=%s", scheme, host, path, args, auth_key)
}
}
func main() {
uri := "rtmp://example.aliyundoc.com/live/test****" // original uri
key := "<input private key>" // private key of authorization
exp := time.Now().Unix() + 3600 // expiration time: 1 hour after current itme
authuri := a_auth(uri, key, exp)
fmt.Printf("URL : %s\nAUTH: %s", uri, authuri)
}PHP鉴权URL加密示例
<?php
function a_auth($uri, $key, $exp) {
preg_match("/^(rtmp:\/\/)?([^\/?]+)?(\/[^?]*)?(\\?.*)?$/", $uri, $matches);
$scheme = $matches[1];
$host = $matches[2];
$path = $matches[3];
$args = $matches[4];
if (empty($args)) {
$args ="";
}
if (empty($scheme)) {
$scheme ="rtmp://";
}
if (empty($path)) {
$path ="/";
}
$rand = "0";
// "0" by default, other value is ok
$uid = "0";
// "0" by default, other value is ok
$sstring = sprintf("%s-%u-%s-%s-%s", $path, $exp, $rand, $uid, $key);
$hashvalue = md5($sstring);
$auth_key = sprintf("%u-%s-%s-%s", $exp, $rand, $uid, $hashvalue);
if ($args) {
return sprintf("%s%s%s%s&auth_key=%s", $scheme, $host, $path, $args, $auth_key);
} else {
return sprintf("%s%s%s%s?auth_key=%s", $scheme, $host, $path, $args, $auth_key);
}
}
$uri = "rtmp://example.aliyundoc.com/live/test****";
$key = "<input private key>";
$exp = time() + 3600;
$authuri = a_auth($uri, $key, $exp);
echo "URL :" . $uri;
echo PHP_EOL;
echo "AUTH:" . $authuri;
?>C#鉴权URL加密示例
using System;
using System.Text.RegularExpressions;
using System.Security.Cryptography;
using System.Text;
public class Test
{
public static void Main()
{
string uri= "rtmp://example.aliyundoc.com/live/test****"; // original uri
string key= "<input private key>"; // private key of authorization
DateTime dateStart = new DateTime(1970, 1, 1, 8, 0, 0);
string exp = Convert.ToInt64((DateTime.Now - dateStart).TotalSeconds+3600).ToString(); // expiration time: 1 hour after current time
string authUri = aAuth(uri, key, exp);
Console.WriteLine (String.Format("URL :{0}",uri));
Console.WriteLine (String.Format("AUTH :{0}",authUri));
}
public static string aAuth(string uri, string key, string exp)
{
Regex regex = new Regex("^(rtmp://)?([^/?]+)(/[^?]*)?(\\\\?.*)?$");
Match m = regex.Match(uri);
string scheme = "rtmp://", host = "", path = "/", args = "";
if (m.Success)
{
scheme=m.Groups[1].Value;
host=m.Groups[2].Value;
path=m.Groups[3].Value;
args=m.Groups[4].Value;
}else{
Console.WriteLine ("NO MATCH");
}
string rand = "0"; // "0" by default, other value is ok
string uid = "0"; // "0" by default, other value is ok
string u = String.Format("{0}-{1}-{2}-{3}-{4}", path, exp, rand, uid, key);
string hashValue = Md5(u);
string authKey = String.Format("{0}-{1}-{2}-{3}", exp, rand, uid, hashValue);
if (args=="")
{
return String.Format("{0}{1}{2}{3}?auth_key={4}", scheme, host, path, args, authKey);
} else
{
return String.Format("{0}{1}{2}{3}&auth_key={4}", scheme, host, path, args, authKey);
}
}
public static string Md5(string value)
{
MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
byte[] bytes = Encoding.ASCII.GetBytes(value);
byte[] encoded = md5.ComputeHash(bytes);
StringBuilder sb = new StringBuilder();
for(int i=0; i<encoded.Length; ++i)
{
sb.Append(encoded[i].ToString("x2"));
}
return sb.ToString();
}
}相关文档
更多访问控制功能说明,请参见开发指南访问控制。
使用Java SDK,请参见Java SDK使用说明。
文档内容是否对您有帮助?