Merge pull request #7 from kavuri/master
Merge pull request #7 from kavuri/master

Added AES-128 encryption to the generated files

--- a/HLS-Stream-Creator.sh
+++ b/HLS-Stream-Creator.sh
@@ -94,6 +94,8 @@
 	-f	Foreground encoding only (don't fork the encoding processes into the background - adaptive non-live streams only)
 	-p	Playlist filename
 	-t	Segment filename prefix
+	-S	Segment directory name (default none)
+	-e	Encrypt the HLS segments (default none)
 
 Deprecated Legacy usage:
 	HLS-Stream-Creator.sh inputfile segmentlength(seconds) [outputdir='./output']
@@ -166,6 +168,13 @@
 	  if ! kill -0 ${PIDS[$i]} 2> /dev/null
 	  then
 		echo "Encoding for bitrate ${BITRATE_PROCESSES[$i]}k completed"
+
+		if [ "$LIVE_STREAM" == "1" ] && [ `grep 'EXT-X-ENDLIST' "$OUTPUT_DIRECTORY/${PLAYLIST_PREFIX}_${BITRATE_PROCESSES[$i]}.m3u8" | wc -l ` == "0" ]
+		then
+		    # Correctly terminate the manifest. See HLS-15 for info on why
+		    echo "#EXT-X-ENDLIST" >> "$OUTPUT_DIRECTORY/${PLAYLIST_PREFIX}_${BITRATE_PROCESSES[$i]}.m3u8"
+		fi
+
 		unset BITRATE_PROCESSES[$i]
 		unset PIDS[$i]
 	  fi
@@ -175,6 +184,31 @@
 done
 }
 
+function encrypt(){
+# Encrypt the generated segments with AES-128 bits
+
+    KEY_FILE="$OUTPUT_DIRECTORY/${PLAYLIST_PREFIX}.key"
+
+    openssl rand 16 > $KEY_FILE
+    ENCRYPTION_KEY=$(cat $KEY_FILE | hexdump -e '16/1 "%02x"')
+
+    count=0
+    for file in $(ls ${OUTPUT_DIRECTORY}/*.ts | cut -f3 -d '/')
+    do
+        ENC_FILENAME="$OUTPUT_DIRECTORY/${SEGMENT_PREFIX}_enc_${count}".ts
+
+	INIT_VECTOR=$(printf '%032x' $count)
+	openssl aes-128-cbc -e -in $OUTPUT_DIRECTORY/$file -out $ENC_FILENAME -nosalt -iv $INIT_VECTOR -K $ENCRYPTION_KEY
+
+        # Move encrypted file to the original filename, so that the m3u8 file does not have to be changed
+        mv $ENC_FILENAME ${OUTPUT_DIRECTORY}/$file
+
+        count=$((count+1))
+    done
+
+    # Insert the KEY at the 5'th line in the m3u8 file
+    sed -i "5i #EXT-X-KEY:METHOD=AES-128,URI="${PLAYLIST_PREFIX}.key "$OUTPUT_DIRECTORY/${PLAYLIST_PREFIX}.m3u8"
+}
 
 # This is used internally, if the user wants to specify their own flags they should be
 # setting FFMPEG_FLAGS
@@ -189,7 +223,7 @@
 LEGACY_ARGS=1
 
 # If even one argument is supplied, switch off legacy argument style
-while getopts "i:o:s:c:b:p:t:lf" flag
+while getopts "i:o:s:c:b:p:t:S:lfe" flag
 do
 	LEGACY_ARGS=0
         case "$flag" in
@@ -202,6 +236,8 @@
 		f) NO_FORK=1;;
 		p) PLAYLIST_PREFIX="$OPTARG";;
 		t) SEGMENT_PREFIX="$OPTARG";;
+		S) SEGMENT_DIRECTORY="$OPTARG";;
+		e) ENCRYPT=1;;
         esac
 done
 
@@ -258,7 +294,8 @@
 
     if [ "$LIVE_SEGMENT_COUNT" -gt 0 ]
     then
-	FFMPEG_ADDITIONAL+=" -segment_list_size $LIVE_SEGMENT_COUNT"
+	WRAP_POINT=$(($LIVE_SEGMENT_COUNT * 2)) # Wrap the segment numbering after 2 manifest lengths - prevents disks from filling
+	FFMPEG_ADDITIONAL+=" -segment_list_size $LIVE_SEGMENT_COUNT -segment_wrap $WRAP_POINT"
     fi
 fi
 
@@ -269,6 +306,20 @@
 # If a prefix hasn't been specified, use the input filename
 PLAYLIST_PREFIX=${PLAYLIST_PREFIX:-$INPUTFILENAME}
 SEGMENT_PREFIX=${SEGMENT_PREFIX:-$PLAYLIST_PREFIX}
+
+# The 'S' option allows segments and bitrate specific manifests to be placed in a subdir
+SEGMENT_DIRECTORY=${SEGMENT_DIRECTORY:-''}
+
+if [ ! "$SEGMENT_DIRECTORY" == "" ]
+then
+
+	if [ ! -d "${OUTPUT_DIRECTORY}/${SEGMENT_DIRECTORY}" ]
+	then
+		mkdir "${OUTPUT_DIRECTORY}/${SEGMENT_DIRECTORY}"
+	fi
+
+	SEGMENT_DIRECTORY+="/"
+fi
 
 # Set the bitrate
 if [ ! "$OP_BITRATES" == "" ]
@@ -284,13 +335,15 @@
       createVariantPlaylist "$OUTPUT_DIRECTORY/${PLAYLIST_PREFIX}_master.m3u8"
       for br in $OP_BITRATES
       do
-	    appendVariantPlaylistentry "$OUTPUT_DIRECTORY/${PLAYLIST_PREFIX}_master.m3u8" "${PLAYLIST_PREFIX}_${br}.m3u8" "$br"
+	    appendVariantPlaylistentry "$OUTPUT_DIRECTORY/${PLAYLIST_PREFIX}_master.m3u8" "${SEGMENT_DIRECTORY}${PLAYLIST_PREFIX}_${br}.m3u8" "$br"
       done
+
+      OUTPUT_DIRECTORY+=$SEGMENT_DIRECTORY
 
       # Now for the longer running bit, transcode the video
       for br in $OP_BITRATES
       do
-	      BITRATE="-b:v ${br}k -bufsize ${br}k"
+	      BITRATE="-b:v ${br}k"
 	      # Finally, lets build the output filename format
 	      OUT_NAME="${SEGMENT_PREFIX}_${br}_%05d.ts"
 	      PLAYLIST_NAME="$OUTPUT_DIRECTORY/${PLAYLIST_PREFIX}_${br}.m3u8"
@@ -344,6 +397,7 @@
 
 else
 
+  OUTPUT_DIRECTORY+=$SEGMENT_DIRECTORY
   # No bitrate specified
 
   # Finally, lets build the output filename format
@@ -357,5 +411,9 @@
   createStream "$PLAYLIST_NAME" "$OUT_NAME" "$BITRATE" "$INPUTFILE"
 
 
-fi
-
+  if [ "$ENCRYPT" == "1" ] && [ "$LIVE_STREAM" == "0" ]
+  then
+    encrypt
+  fi
+fi
+

file:a/README.md -> file:b/README.md
--- a/README.md
+++ b/README.md
@@ -47,6 +47,7 @@
 	-t [name]	Segment filename prefix
 	-l		Input is a live stream
 	-f		Foreground encoding only (adaptive non-live streams only)
+	-S		Name of a subdirectory to put segments into
 ```