For #1657, Support HTTPS API

trunk/conf/full.conf

@@ -197,6 +197,23 @@ http_api {
         # default: off
         allow_update        off;
     }
+    # For https_api or HTTPS API.
+    https {
+        # Whether enable HTTPS API.
+        # default: off
+        enabled on;
+        # The listen endpoint for HTTPS API.
+        # default: 1986
+        listen 1986;
+        # The SSL private key file, generated by:
+        #       openssl genrsa -out server.key 2048
+        # default: ./conf/server.key
+        key ./conf/server.key;
+        # The SSL public cert file, generated by:
+        #       openssl req -new -x509 -key server.key -out server.crt -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=Me/OU=Me/CN=ossrs.net"
+        # default: ./conf/server.crt
+        cert ./conf/server.crt;
+    }
 }
 # embedded http server in srs.
 # the http streaming config, for HLS/HDS/DASH/HTTPProgressive

trunk/conf/server.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDOjCCAiICCQDdW9nBokaeVjANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJD
+TjEQMA4GA1UECAwHQmVpamluZzEQMA4GA1UEBwwHQmVpamluZzELMAkGA1UECgwC
+TWUxCzAJBgNVBAsMAk1lMRIwEAYDVQQDDAlvc3Nycy5uZXQwHhcNMjAxMTA0MDMz
+NzA2WhcNMzAxMTAyMDMzNzA2WjBfMQswCQYDVQQGEwJDTjEQMA4GA1UECAwHQmVp
+amluZzEQMA4GA1UEBwwHQmVpamluZzELMAkGA1UECgwCTWUxCzAJBgNVBAsMAk1l
+MRIwEAYDVQQDDAlvc3Nycy5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDboRBymzLCMS0rpJ0EpBBEtkY3kKETYrAcs3AyJyB8YghrotOeY+Klh1ca
+GmUMy2UncOBxZKHeupNEytOBWmdk67nrWVc5+nIWoWkqyzSkRFwzE+XbuCbZYjpF
+O/G0/aka71mQyuI9W6djhxFUGPctM9ixSYF14/BkuYYDYrW0hXT5PWu0mxleVZAZ
+UQsy8DLhwjj9Vn3Y3D6Ttrdax5DHH+WoPmC3L7wrgfpn0ccE8UrvkxvkUJL7pgHN
+4n+21lXhrpoH6PP7TLU3Y7cq6XXNlApoitcjxKBBKKKP1jHEN5v8FKCGN0yQuGI2
+Pf+ZmuqUnWiDIjQeStknckdmliNnAgMBAAEwDQYJKoZIhvcNAQELBQADggEBABvp
+HMf97otfELZBTrk/YbeosgSbyRcxVIUN9nYT06s948katw/bmDABhoslI5ePlomq
+X9NrfMEz6eeFIQUOd7KKcfp/sz3nmlkykR5hLe10RxGlB2pwV+Piu9hQfP59y2X8
+7hWkT5CbtN8Jm2U151AkZkbEnKVnAbz9XS352Ta5M8AuJGp+rNcFOFZhaMG23kt3
+oqZMdehI3RO5CcIiWr/lsX+ZwcDpT+x0DC6F3lBw9r9hBv4pVSP4WZ+zuUCaano8
+BCT/FmoxUWMpusGIkhNTNJGAOH1tgtZkiIfiKCKuyHX32sLQ0ls1PUTLqbKubIlS
+fYGN4X/2UKfFCXKrNes=
+-----END CERTIFICATE-----

trunk/conf/server.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA26EQcpsywjEtK6SdBKQQRLZGN5ChE2KwHLNwMicgfGIIa6LT
+nmPipYdXGhplDMtlJ3DgcWSh3rqTRMrTgVpnZOu561lXOfpyFqFpKss0pERcMxPl
+27gm2WI6RTvxtP2pGu9ZkMriPVunY4cRVBj3LTPYsUmBdePwZLmGA2K1tIV0+T1r
+tJsZXlWQGVELMvAy4cI4/VZ92Nw+k7a3WseQxx/lqD5gty+8K4H6Z9HHBPFK75Mb
+5FCS+6YBzeJ/ttZV4a6aB+jz+0y1N2O3Kul1zZQKaIrXI8SgQSiij9YxxDeb/BSg
+hjdMkLhiNj3/mZrqlJ1ogyI0HkrZJ3JHZpYjZwIDAQABAoIBAHMEcUmjjzx1ZnNx
+nK0+giqJzlHxEvnE9/e/3OTW6sNYz5IWzn4nTx1iuDG6WusNZWb3TQL1MXQj/1XK
+ZmNahcUrUc03l1+MkczaMOoxStsv1Z0GMZ0UXnv/Xga98sHXCYVKjXwvU7XQVuPf
+ayrAfEmW2kdV+E9V1KHbKpyBSClFtmGTCL7lFq2F+fokTDxItZNDQbkrCTPDa8sR
+i4gk/vKi48AJgbnJC2uF9/0+NMJhMjRvpJ8U2roYWd8HQMuJZXYbLPwUDZDMW+rq
+l6oax+GZQhrez9bJESrmWZebrJLcJMOhMHv9hVAh8Yu4Bzqhxxsrmjff5PmHIE+t
+Upf4J2ECgYEA80Fs6rqbHrrNfNXGolM8h3e9wQyrpWXZnS+OBS1poosns5YalF6g
+s1J/GF/lwPs7bQNsX/JSX9NTezKi326qrzbu67K8dxufPNliI10/XlYpOFJRD48m
+2ShYUezbA3AipmOiS/Tr4OO0D4uZ4Uo6ThiOEZgM/Eq2vkLX8IKjAxECgYEA5yLC
+JJM7Lyr7X2HHAPGBwUyMWVrmbNcECTlk4MxYCY1EKZr+1zgN3Z5do927gqLQYRWH
+B3/cAl5en+HTF3aWHPw2CiDsW6jzmgrhHnQOZngh3dGgQN3hFJ5TZy97851gQrsI
+xv6dEH/uzl51SKZbS4KccDczdySHu1Za75xvTvcCgYBUIUqUHBnOFPlAtYbPWU5T
+49viyokK2SDcNjg+HiisqMgAWmey7M9TdbKzMWd6yOkSmN6AiIRo0+PJdgfSkqnB
+k5QqPFTmNM1r9Br29CcYb2AuNHoIkY/0BvoUy4ArvjqdpVPaRUjXLKl3vuZnfo6P
+t/pap2XGU+jEAMZCTkwmoQKBgQClPp5aE8CuWiZY7MifjgncLmPwxiITEi3agmPy
+q2UNfyeKLzueln6jQMNlkfKq1MfxgLiGzgx2zQ0NdR+7mJZ9pnrkBuG0Ljfqm3iS
+kxpwe9aKhYHyni561S5/iN0vMAZP7vO5gPK9hxkuBS4IgJaoh3pcZ7qtpTo83uIo
+iEizxQKBgQDpHcsuZy4ZNAQLDnQXjFut3Pypy80NkpThCjOa6yEdleBY9CqttD0K
+olVoFQ5h5dv95oBdM5TaKkQNhKDFpLG0vOYRCua7k+xfnDt5Faaiy6Qe/e7cDKbf
+9QDejoY43wlEtYzwfSeojnvP0ASPwiWb8DLfBpE0uOTs8/N8qwRiBA==
+-----END RSA PRIVATE KEY-----

trunk/src/app/srs_app_config.cpp

@@ -1538,6 +1538,11 @@ srs_error_t SrsConfig::reload_conf(SrsConfig* conf)
     if ((err = reload_http_api(old_root)) != srs_success) {
         return srs_error_wrap(err, "http api");;
     }
+
+    // merge config: http_api.https
+    if ((err = reload_https_api(old_root)) != srs_success) {
+        return srs_error_wrap(err, "https api");;
+    }
 
     // merge config: http_stream
     if ((err = reload_http_stream(old_root)) != srs_success) {
@@ -1637,6 +1642,67 @@ srs_error_t SrsConfig::reload_http_api(SrsConfDirective* old_root)
     return err;
 }
 
+srs_error_t SrsConfig::reload_https_api(SrsConfDirective* old_root)
+{
+    srs_error_t err = srs_success;
+
+    // merge config.
+    std::vector<ISrsReloadHandler*>::iterator it;
+
+    // state graph
+    //      old_https_api   new_https_api
+    //      DISABLED    =>  ENABLED
+    //      ENABLED     =>  DISABLED
+    //      ENABLED     =>  ENABLED (modified)
+
+    SrsConfDirective* new_http_api = root->get("http_api");
+    SrsConfDirective* old_http_api = old_root->get("http_api");
+
+    SrsConfDirective* new_https_api = (new_http_api? new_http_api->get("https") : NULL);
+    SrsConfDirective* old_https_api = (old_http_api? old_http_api->get("https") : NULL);
+
+    // DISABLED    =>      ENABLED
+    if (!get_https_api_enabled(old_https_api) && get_https_api_enabled(new_https_api)) {
+        for (it = subscribes.begin(); it != subscribes.end(); ++it) {
+            ISrsReloadHandler* subscribe = *it;
+            if ((err = subscribe->on_reload_https_api_enabled()) != srs_success) {
+                return srs_error_wrap(err, "https api off=>on");
+            }
+        }
+        srs_trace("reload off=>on https_api success.");
+        return err;
+    }
+
+    // ENABLED     =>      DISABLED
+    if (get_https_api_enabled(old_https_api) && !get_https_api_enabled(new_https_api)) {
+        for (it = subscribes.begin(); it != subscribes.end(); ++it) {
+            ISrsReloadHandler* subscribe = *it;
+            if ((err = subscribe->on_reload_https_api_disabled()) != srs_success) {
+                return srs_error_wrap(err, "https api on=>off");
+            }
+        }
+        srs_trace("reload https_api on=>off success.");
+        return err;
+    }
+
+    //      ENABLED     =>  ENABLED (modified)
+    if (get_https_api_enabled(old_https_api) && get_https_api_enabled(new_https_api)
+        && !srs_directive_equals(old_https_api, new_https_api)
+        ) {
+        for (it = subscribes.begin(); it != subscribes.end(); ++it) {
+            ISrsReloadHandler* subscribe = *it;
+            if ((err = subscribe->on_reload_https_api_enabled()) != srs_success) {
+                return srs_error_wrap(err, "https api enabled");
+            }
+        }
+        srs_trace("reload https api enabled success.");
+        return err;
+    }
+
+    srs_trace("reload https_api success, nothing changed.");
+    return err;
+}
+
 srs_error_t SrsConfig::reload_http_stream(SrsConfDirective* old_root)
 {
     srs_error_t err = srs_success;
@@ -3584,7 +3650,7 @@ srs_error_t SrsConfig::check_normal_config()
         for (int i = 0; conf && i < (int)conf->directives.size(); i++) {
             SrsConfDirective* obj = conf->at(i);
             string n = obj->name;
-            if (n != "enabled" && n != "listen" && n != "crossdomain" && n != "raw_api") {
+            if (n != "enabled" && n != "listen" && n != "crossdomain" && n != "raw_api" && n != "https") {
                 return srs_error_new(ERROR_SYSTEM_CONFIG_INVALID, "illegal http_api.%s", n.c_str());
             }
 
@@ -7661,6 +7727,84 @@ bool SrsConfig::get_raw_api_allow_update()
     return SRS_CONF_PERFER_FALSE(conf->arg0());
 }
 
+SrsConfDirective* SrsConfig::get_https_api()
+{
+    SrsConfDirective* conf = root->get("http_api");
+    if (!conf) {
+        return NULL;
+    }
+
+    return conf->get("https");
+}
+
+bool SrsConfig::get_https_api_enabled(SrsConfDirective* conf)
+{
+    static bool DEFAULT = false;
+
+    conf = conf->get("enabled");
+    if (!conf) {
+        return DEFAULT;
+    }
+
+    return SRS_CONF_PERFER_FALSE(conf->arg0());
+}
+
+bool SrsConfig::get_https_api_enabled()
+{
+    SrsConfDirective* conf = get_https_api();
+    return get_https_api_enabled(conf);
+}
+
+string SrsConfig::get_https_api_listen()
+{
+    static string DEFAULT = "1986";
+
+    SrsConfDirective* conf = get_https_api();
+    if (!conf) {
+        return DEFAULT;
+    }
+
+    conf = conf->get("listen");
+    if (!conf) {
+        return DEFAULT;
+    }
+
+    return conf->arg0();
+}
+
+string SrsConfig::get_https_api_ssl_key()
+{
+    static string DEFAULT = "./conf/server.key";
+
+    SrsConfDirective* conf = get_https_api();
+    if (!conf) {
+        return DEFAULT;
+    }
+
+    conf = conf->get("key");
+    if (!conf) {
+        return DEFAULT;
+    }
+
+    return conf->arg0();
+}
+
+string SrsConfig::get_https_api_ssl_cert()
+{
+    static string DEFAULT = "./conf/server.crt";
+
+    SrsConfDirective* conf = get_https_api();
+    if (!conf) {
+        return DEFAULT;
+    }
+
+    conf = conf->get("cert");
+    if (!conf) {
+        return DEFAULT;
+    }
+
+    return conf->arg0();
+}
 
 bool SrsConfig::get_srt_enabled()
 {

trunk/src/app/srs_app_config.hpp

@@ -330,6 +330,7 @@ class SrsConfig
 private:
     // Reload  the http_api section of config.
     virtual srs_error_t reload_http_api(SrsConfDirective* old_root);
+    virtual srs_error_t reload_https_api(SrsConfDirective* old_root);
     // Reload  the http_stream section of config.
     // TODO: FIXME: rename to http_server.
     virtual srs_error_t reload_http_stream(SrsConfDirective* old_root);
@@ -1014,6 +1015,15 @@ class SrsConfig
     virtual bool get_raw_api_allow_query();
     // Whether allow rpc update.
     virtual bool get_raw_api_allow_update();
+// https api section
+private:
+    SrsConfDirective* get_https_api();
+    virtual bool get_https_api_enabled(SrsConfDirective* conf);
+public:
+    virtual bool get_https_api_enabled();
+    virtual std::string get_https_api_listen();
+    virtual std::string get_https_api_ssl_key();
+    virtual std::string get_https_api_ssl_cert();
 // http stream section
 private:
     // Whether http stream enabled.