Widevine HTTP proxy with AWS Lambda

Question

I am building a Widevine license proxy with AWS Lambda + Serverless and testing it out via the Shaka Player with standard content: https://storage.googleapis.com/wvmedia/cenc/h264/tears/tears.mpd. The ContentKey API works fine but if I try to use the Lambda endpoint as the license URL with CENC encoded DRM content, playback fails because the Shaka player tries to make a CONNECT request which fails in Lambda with a Unsupported HTTP method, the first POST request for the SERVICE_CERTIFICATE works, the second one with the PAYLOAD for requesting the certificate fails. Specifically this:

curl -H 'Host: drm.*****.com:443' -H 'Proxy-Connection: keep-alive' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36' -X CONNECT 'https://drm.******.com'

Analyzing the traffic with Charles, the failure is: Client SSL handshake failed - Remote host closed connection during handshake and results in Unsupported HTTP method.

EDIT: So the Shaka player is making a request for the keys to decrypt an asset to a Widevine license URL, executing on Lambda and behind API Gateway. The first POST request for the service_certificate (payload CAQ=) from the Shaka player works. The second request (the one for the license, from the Shaka player) blocks at the CONNECT step and then the connection is closed with a Unsupported HTTP Method response from the API Gateway.

Any ideas on how to make the license server work?

Answer 1

So after more research I found out that it can't be done using Serverless and AWS Lambda because the HTTP method used by the Shaka player (for example) to load CENC content is not supported.