The guide says, under "Identifying Your FPS App with an Application Certificate":
Every playback app that uses FPS must find the media’s key server and establish communication with that server. When messages can be exchanged between the iOS device and the key server, the app must send the server an FPS-created SPC message. This message contains a hash of the Application Certificate identifying your private key.
...
Verify that the hash value in bytes 152-171 of the SPC correctly identifies the private key of the developer from which the module expects to receive SPC messages.
...
In the code sample shown in the iOS FPS Client sample (included in the SDK), kTestAppCert contains the Application Certificate.
Who's private key does it refer? The certificate we pass to iOS when creating an SPC is the one issued by Apple specifically for FPS purposes (its CN attribute begins with "FairPlay Streaming"). The application doesn't have the private key for this certificate, only the KSM has it.
Which certificate is the Application Certificate -- that "FairPlay Streaming" certificate or the one used to sign the app for AppStore distribution?
I don't see kTestAppCert anywhere in the code sample.