Specifications

ManualsBrandsCisco ManualsComputer equipmentContent Delivery Engine 100/200/300/400

371

372

373

374

375

376

377

378

379

380

F-4

Cisco Internet Streamer CDS 2.0-2.2 API Guide

OL-14319-03

Appendix F URL Signing and Validation

URL Signing Script

In addition to the above six variables, the current time is used to generate the URL signing, so even if

the same values were used for the above six variables, the signed URL would be different.

To use the URL signing script on the URL “rtsp://cisco.com/content/CiscoCDS.mov,” for the client IP

address of 171.71.50.123, with expiry delay of 120 seconds, key-id owner of 1, key-id-number of 2, and

a key of kwnx90KGP, enter the following:.

python cds-ims-urlsign.py rtsp://cisco.com/content/CiscoCDS.mov 171.71.50.123 120 1 2

kwnx90KGP

The signed URL is the following:

rtsp://cisco.com/content/CiscoCDS.mov?IS=0&ET=1209422976&CIP=171.71.50.123&KO=1&KN=2&US=f0

8b56f46075813e44b2d4888628a471

Note The above signed URL is only an example. The MD5 algorithm generates a different message digest

each time. For more information on the MD5 algorithm see the IETF RFC 1321.

Importance of Device Synchronization

URL expiry time validation relies on the assumption that the clocks are synchronized on the server

running the signing application and the Service Engines validating the URL. Use of Network Time

Protocol (NTP) on all devices, including the device running the signing application or script, is highly

recommended.

It is not sufficient to merely have the same local times on two devices while their time zones differ.

For example, the following two devices are not synchronized:

• Device 1:

–

Local Time: 11:00:59 PM, October 12, 2008

–

Time Zone: PST

• Device 2:

–

Local Time: 11:00:59 PM, October 12, 2008

–

Time Zone: EST

url URL to sign.

client-ip IP address of the client for which this URL is being signed, in dotted decimal

format (A.B.C.D). The signed URL will be rejected if sent from any other

client if signature validation is enabled.

expiry-delay-seconds Seconds (from now) when the URL expires. The request will be rejected if

the time period has passed when the URL is validated at the device. See the

“Importance of Device Synchronization” section on page F-4.

key-id-owner This argument provides the first index into the key matrix.

key-id-number This argument provides the second index into the key matrix.

key Shared secret key corresponding to this ordered pair (key-id-owner,

key-id-number).