ossrs · harlanc · Jun 1, 2018 · Jun 1, 2018 · Jun 1, 2018 · Aug 4, 2018
diff --git a/circle.yml b/circle.yml
@@ -17,6 +17,6 @@ dependencies:
 
 test:
     override:
-        - (cd trunk && ./configure --without-ssl && make)
+        - (cd trunk && ./configure --with-ssl=openssl && make)
         - (cd trunk && ./objs/srs_utest)
 
diff --git a/trunk/conf/full.conf b/trunk/conf/full.conf
@@ -639,6 +639,26 @@ vhost with-hls.srs.com {
         # default: on
         hls_wait_keyframe       on;
 
+        #whether using AES encryption
+        #default: off
+        hls_keys        on; 
+        #how much ts that one key can encrypt 
+        #default: 10
+        hls_fragments_per_key 10;
+        # the hls key file name.
+        # we supports some variables to generate the filename.
+        #       [vhost], the vhost of stream.
+        #       [app], the app of stream.
+        #       [stream], the stream name of stream.
+        #       [seq], the sequence number of key corresponding to the ts.
+        hls_key_file     [app]/[stream]-[seq].key;
+        # the key output path
+        # the key file is configed by hls_path/hls_key_file, the default is:
+        #       ./objs/nginx/html/[app]/[stream]-[seq].key
+        hls_key_file_path    ./objs/nginx/html;
+        # the key root URL which can support https
+        hls_key_url       https://localhost:8080;
+
         # on_hls, never config in here, should config in http_hooks.
         # for the hls http callback, @see http_hooks.on_hls of vhost hooks.callback.srs.com
         # @read https://github.com/ossrs/srs/wiki/v2_CN_DeliveryHLS#http-callback

diff --git a/trunk/src/app/srs_app_config.cpp b/trunk/src/app/srs_app_config.cpp
@@ -1898,8 +1898,8 @@ int SrsConfig::check_config()
                     if (m != "enabled" && m != "hls_entry_prefix" && m != "hls_path" && m != "hls_fragment" && m != "hls_window" && m != "hls_on_error"
                         && m != "hls_storage" && m != "hls_mount" && m != "hls_td_ratio" && m != "hls_aof_ratio" && m != "hls_acodec" && m != "hls_vcodec"
                         && m != "hls_m3u8_file" && m != "hls_ts_file" && m != "hls_ts_floor" && m != "hls_cleanup" && m != "hls_nb_notify"
-                        && m != "hls_wait_keyframe" && m != "hls_dispose"
-                        ) {
+                        && m != "hls_wait_keyframe" && m != "hls_dispose" && m != "hls_keys" && m != "hls_fragments_per_key" && m != "hls_key_file"
+                        && m != "hls_key_file_path" && m != "hls_key_url") {
                         ret = ERROR_SYSTEM_CONFIG_INVALID;
                         srs_error("unsupported vhost hls directive %s, ret=%d", m.c_str(), ret);
                         return ret;
@@ -3898,6 +3898,93 @@ bool SrsConfig::get_hls_wait_keyframe(string vhost)
     return SRS_CONF_PERFER_TRUE(conf->arg0());
 }
 
+bool SrsConfig::get_hls_keys(string vhost)
+{
+    static bool DEFAULT = false;
+
+    SrsConfDirective* conf = get_hls(vhost);
+    if (!conf) {
+        return DEFAULT;
+    }
+
+    conf = conf->get("hls_keys");
+    if (!conf || conf->arg0().empty()) {
+        return DEFAULT;
+    }
+
+    return SRS_CONF_PERFER_TRUE(conf->arg0());
+}
+
+int SrsConfig::get_hls_fragments_per_key(string vhost)
+{
+    static int DEFAULT = 10;
+
+    SrsConfDirective* conf = get_hls(vhost);
+    if (!conf) {
+        return DEFAULT;
+    }
+
+    conf = conf->get("hls_fragments_per_key");
+    if (!conf || conf->arg0().empty()) {
+        return DEFAULT;
+    }
+
+    return ::atoi(conf->arg0().c_str());
+}
+
+string SrsConfig::get_hls_key_file(string vhost)
+{
+    static string DEFAULT = "[app]/[stream]-[seq].key";
+
+    SrsConfDirective* conf = get_hls(vhost);
+    if (!conf) {
+        return DEFAULT;
+    }
+
+    conf = conf->get("hls_key_file");
+    if (!conf || conf->arg0().empty()) {
+        return DEFAULT;
+    }
+
+    return conf->arg0();
+}
+
+string SrsConfig::get_hls_key_file_path(std::string vhost)
+{
+     //put the key in ts path defaultly.
+    static string DEFAULT = get_hls_path(vhost);
+
+    SrsConfDirective* conf = get_hls(vhost);
+    if (!conf) {
+        return DEFAULT;
+    }
+
+    conf = conf->get("hls_key_file_path");
+    if (!conf || conf->arg0().empty()) {
+        return DEFAULT;
+    }
+
+    return conf->arg0();
+}
+
+string SrsConfig::get_hls_key_url(std::string vhost)
+{
+     //put the key in ts path defaultly.
+    static string DEFAULT = get_hls_path(vhost);
+
+    SrsConfDirective* conf = get_hls(vhost);
+    if (!conf) {
+        return DEFAULT;
+    }
+
+    conf = conf->get("hls_key_url");
+    if (!conf || conf->arg0().empty()) {
+        return DEFAULT;
+    }
+
+    return conf->arg0();
+}
+
 SrsConfDirective *SrsConfig::get_hds(const string &vhost)
 {
     SrsConfDirective* conf = get_vhost(vhost);

diff --git a/trunk/src/app/srs_app_config.hpp b/trunk/src/app/srs_app_config.hpp
@@ -934,6 +934,26 @@ class SrsConfig
      * whether reap the ts when got keyframe.
      */
     virtual bool                get_hls_wait_keyframe(std::string vhost);
+    /**
+     * encrypt ts or not
+     */
+    virtual bool get_hls_keys(std::string vhost);
+    /**
+     * how many fragments can one key encrypted.
+     */
+    virtual int get_hls_fragments_per_key(std::string vhost);
+    /**
+     * get the HLS key file path template.
+     */
+    virtual std::string get_hls_key_file(std::string vhost);
+    /**
+     * get the HLS key file store path.
+     */
+    virtual std::string get_hls_key_file_path(std::string vhost);
+    /**
+     * get the HLS key file url which will be put in m3u8
+     */
+    virtual std::string get_hls_key_url(std::string vhost);
     /**
      * get the size of bytes to read from cdn network, for the on_hls_notify callback,
      * that is, to read max bytes of the bytes from the callback, or timeout or error.