vzaar user-signed security examples

uss-tokens-java.java

// This example requires the apache commons-codec library
//   (http://commmons.apache.org/codec)
import org.apache.commons.codec.digest.DigestUtils;

import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.TimeZone;

public class VzaarUssTokens {

    public static void main(String[] args) {
        SimpleDateFormat dateFormat = new SimpleDateFormat("yyyyMMddHHmmss");
        dateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));

        String expiryTimestamp = dateFormat.format(
                new Date(System.currentTimeMillis() + (120 * 1000)));
        String signingKey = "000033337777aaaa222233334444bbbb";
        int videoId = 920344;

        // Generate a video-specific token
        String signatureVs = DigestUtils.md5Hex(
                String.format("%d:%s:%s", videoId, signingKey, expiryTimestamp));
        String tokenVs = String.format("2.%s.%s", expiryTimestamp, signatureVs);

        // Generate a user-specific token
        String signatureUs = DigestUtils.md5Hex(
                String.format("%s:%s", signingKey, expiryTimestamp));
        String tokenUs = String.format("3.%s.%s", expiryTimestamp, signatureUs);
        
        // Generate a video- and format-specific token
        // This allows only playback, not downloads
        String signatureFs = DigestUtils.md5Hex(
                String.format("%s:%d:%s:%s", "video", videoId, signingKey, expiryTimestamp));
        String tokenFs = String.format("4.%s.%s", expiryTimestamp, signatureFs);
        
         // This allows only downloads, not playback
        String signatureFs = DigestUtils.md5Hex(
                String.format("%s:%d:%s:%s", "download", videoId, signingKey, expiryTimestamp));
        String tokenFs = String.format("4.%s.%s", expiryTimestamp, signatureFs);
    }
}

uss-tokens-php.php

<?php
	# Expire in 2 minutes time
	$time = new DateTime('now', new DateTimeZone('UTC'));
	$time -> modify("+2 minutes");
	$expiry_timestamp = $time -> format('YmdHis');
	$signing_key = "000033337777aaaa222233334444bbbb";
	$video_id = 920344;

	# Generate a video-specific token
	$signature_vs = md5("{$video_id}:{$signing_key}:{$expiry_timestamp}");
	$token_vs = "2.{$expiry_timestamp}.{$signature_vs}";

	# Generate a user-specific token
	$signature_us = md5("{$signing_key}:{$expiry_timestamp}");
	$token_us = "3.{$expiry_timestamp}.{$signature_us}";
	
	# Generate a video- and format-specific token
	# This allows only playback, not downloads
	$signature_fs = md5("video:{$video_id}:{$signing_key}:{$expiry_timestamp}");
	$token_fs = "4.{$expiry_timestamp}.{$signature_fs}";

	# This allows only downloads, not playback
	$signature_fs = md5("download:{$video_id}:{$signing_key}:{$expiry_timestamp}");
	$token_fs = "4.{$expiry_timestamp}.{$signature_fs}";
?>

uss-tokens-ruby.rb

require 'digest'

# Expire in 2 minutes time
expiry_timestamp = (Time.now.utc + 120).strftime("%Y%m%d%H%M%S")
signing_key = "000033337777aaaa222233334444bbbb"
video_id = 920344

# Generate a video-specific token
signature_vs = Digest::MD5.hexdigest(
   "#{video_id}:#{signing_key}:#{expiry_timestamp}"
)
token_vs = "2.#{expiry_timestamp}.#{signature_vs}"

# Generate a user-specific token
signature_us = Digest::MD5.hexdigest(
   "#{signing_key}:#{expiry_timestamp}"
)
token_us = "3.#{expiry_timestamp}.#{signature_us}"

# Generate a video- and format-specific token
# This allows only playback, not downloads
signature_fs = Digest::MD5.hexdigest(
   "video:#{video_id}:#{signing_key}:#{expiry_timestamp}"
)
token_fs = "4.#{expiry_timestamp}.#{signature_fs}"

# This allows only downloads, not playback
signature_fs = Digest::MD5.hexdigest(
   "download:#{video_id}:#{signing_key}:#{expiry_timestamp}"
)
token_fs = "4.#{expiry_timestamp}.#{signature_fs}"