Add support for osx-secure-transport.

CHANGES

@@ -7,7 +7,7 @@ New:
 
 - Change `track_sensitive` parameter to a boolean getter (fixed value or anonymous function).
 
-- Add SSL support to the varous harbor operators.
+- Add SSL support to the varous harbor operators, either via openssl or OSX's SecureTransport.
 
 - Add optional "dj" metadata argument for Shoutcast v2, wrap it in a callback in output.shoutcast (#370)
 

INSTALL

@@ -62,6 +62,7 @@ Optional dependencies :
    ocaml-gstreamer>=0.2.0    for GStreamer input, output and encoding/decoding
    ocaml-inotify>=1.0        for reloading playlists when changed
    ocaml-ssl>=0.5.0          for enabling SSL/https client connections
+   osx-secure-transport      for enabling SSL/https client connections via OSX's SecureTransport
    json-wheel                for parsing JSON data (of_json function)
    gd4o                      for video.add_text() on servers without X
 

Makefile.defs.in

@@ -112,5 +112,6 @@ W_GD=@W_GD@
 W_INOTIFY=@W_INOTIFY@
 W_WINSVC=@W_WINSVC@
 W_SSL=@W_SSL@
+W_OSX_SECURE_TRANSPORT=@W_OSX_SECURE_TRANSPORT@
 
 PYMDIR=@PYMDIR@

configure.ac

@@ -561,6 +561,12 @@ let () =
 EOCONF
 fi
 
+#
+# SecureTransport (OSX)
+#
+
+AC_CHECK_OCAML_BINDING([osx-secure-transport],[],[])
+
 #
 # Magic
 #
@@ -980,6 +986,7 @@ cat <<EOMSG
    - magic             : $w_MAGIC
    - yojson            : $w_YOJSON
    - ssl               : $w_SSL
+   - SecureTransport   : $w_OSX_SECURE_TRANSPORT
    - windows service   : $w_WINSVC
 
  * Graphical interfaces

doc/content/harbor.txt

@@ -31,11 +31,13 @@ The global parameters for harbor can be retreived using
 
 Optionally, if SSL support was enabled:
 * @harbor.ssl.certificate@: Path to the SSL certificate.
-* @harbor.ssl.private_key@: Path to the SSL private key.
+* @harbor.ssl.private_key@: Path to the SSL private key (openssl only).
 * @harbor.ssl.password@: Optional password to unlock the private key.
 Obtaining a proper SSL certificate can be tricky. You may want to start with a self-signed certificate first.
 You can obtain a free, valid certificate at: "https://letsencrypt.org/":https://letsencrypt.org/
 
+SSL can be enabled using of of the following @opam@ packages: @ssl@, @osx-secure-transport@.
+
 You also have per-source parameters. You can retreive them using the command 
 @liquidsoap -h input.harbor@. The most important one are:
 

src/Makefile

@@ -105,8 +105,10 @@ sources = \
 	sources/req_queue.ml sources/req_equeue.ml \
 	sources/generated.ml sources/http_source.ml \
   $(if $(W_SSL),sources/https_source.ml) \
+  $(if $(W_OSX_SECURE_TRANSPORT),sources/https_secure_transport_source.ml) \
 	harbor/harbor_base.ml harbor/harbor.ml sources/harbor_input.ml \
   $(if $(W_SSL),harbor/harbor_ssl.ml sources/harbor_input_ssl.ml) \
+  $(if $(W_OSX_SECURE_TRANSPORT),harbor/harbor_secure_transport.ml sources/harbor_input_secure_transport.ml) \
 	sources/external_input.ml \
 	tools/liqMM.ml
 
@@ -161,7 +163,8 @@ $(call conditional_compilation,encoders,$(W_TAGLIB),encoder/taglib_id3v2.ml)
 outputs = outputs/output.ml \
 	outputs/pipe_output.ml \
 	outputs/harbor_output.ml \
-  $(if $(W_SSL),outputs/harbor_output_ssl.ml)
+  $(if $(W_SSL),outputs/harbor_output_ssl.ml) \
+  $(if $(W_OSX_SECURE_TRANSPORT),outputs/harbor_output_secure_transport.ml)
 
 
 $(call conditional_compilation,outputs,$(W_AO),outputs/ao_out.ml)
@@ -185,6 +188,7 @@ tools = tools/stdlib.ml tools/doc.ml tools/utils.ml tools/plug.ml \
   $(if $(W_DYNLINK),tools/dyntools.ml) \
 	tools/http.ml \
   $(if $(W_SSL),tools/https.ml) \
+  $(if $(W_OSX_SECURE_TRANSPORT),tools/https_secure_transport.ml) \
   tools/pool.ml tools/sha1.ml tools/websocket.ml
 
 $(call conditional_compilation,tools,$(W_INOTIFY),tools/file_watcher_inotify.ml)
@@ -205,6 +209,7 @@ $(call conditional_compilation,synth,$(W_DSSI),synth/dssi_op.ml)
 builtins = lang/lang_builtins.ml lang/builtins_json.ml \
            lang/builtins_harbor.ml \
            $(if $(W_SSL),lang/builtins_https.ml lang/builtins_harbor_ssl.ml) \
+           $(if $(W_OSX_SECURE_TRANSPORT),lang/builtins_https_secure_transport.ml lang/builtins_harbor_secure_transport.ml)
 
 $(call conditional_compilation,builtins,$(W_LO),lang/builtins_lo.ml)
 $(call conditional_compilation,builtins,$(W_MAGIC),lang/builtins_magic.ml)

src/harbor/harbor_secure_transport.ml

@@ -0,0 +1,116 @@
+(* -*- mode: tuareg; -*- *)
+(*****************************************************************************
+
+  Liquidsoap, a programmable audio stream generator.
+  Copyright 2003-2017 Savonet team
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details, fully stated in the COPYING
+  file at the root of the liquidsoap distribution.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+ *****************************************************************************)
+
+open Dtools
+
+let conf_harbor_secure_transport =
+  Conf.void ~p:(Harbor_base.conf_harbor#plug "secure_transport")
+    "Harbor SecureTransport (OSX SSL implementation) settings."
+let conf_harbor_secure_transport_certificate =
+  Conf.string ~p:(conf_harbor_secure_transport#plug "certificate") ~d:""
+    "Path to the server's SSL certificate. (mandatory)"
+let conf_harbor_secure_transport_password =
+  Conf.string ~p:(conf_harbor_secure_transport#plug "password") ~d:""
+    "Path to the server's SSL password. (optional, blank if omited)"
+
+module Monad = Duppy.Monad
+module type Monad_t = module type of Monad with module Io := Monad.Io
+
+type handler = Https_secure_transport.socket = {
+  ctx: SecureTransport.t;
+  sock: Unix.file_descr
+}
+
+let read {ctx} buf ofs len =
+  SecureTransport.read ctx buf ofs len
+let read_retry = Stdlib.read_retry read
+let write {ctx} buf ofs len =
+  SecureTransport.write ctx buf ofs len
+let sock {sock} = sock
+
+module Websocket_transport =
+struct
+  type socket = handler
+  let read = read
+  let read_retry = Stdlib.read_retry read
+  let write = write
+end
+
+module Duppy_transport : Duppy.Transport_t with type t = handler =
+struct
+  type t = handler
+  type bigarray = (char, Bigarray.int8_unsigned_elt, Bigarray.c_layout) Bigarray.Array1.t
+  let sock = sock
+  let read = read
+  let write = write
+  let ba_write _ _ _ _ =
+    failwith "Not implemented!"
+end
+
+module Transport =
+struct
+  type socket = handler
+  let file_descr_of_socket = sock
+  let read socket len =
+    let buf = Bytes.create len in
+    let n = read socket buf 0 len in
+    buf, n
+  let accept sock =
+    let (sock, caller) = Unix.accept sock in
+    let ctx =
+      SecureTransport.init SecureTransport.Server SecureTransport.Stream
+    in
+    let password =
+      conf_harbor_secure_transport_password#get
+    in
+    let password =
+      if password = "" then None else Some password
+    in
+    let cert = conf_harbor_secure_transport_certificate#get in
+    begin match SecureTransport.import_p12_certificate ?password cert with
+      | cert::_ -> SecureTransport.set_certificate ctx cert
+      | [] -> failwith "No certificate found in p12 file!"
+    end;
+    SecureTransport.set_connection ctx sock;
+    ({ctx;sock}, caller)
+  let close {ctx;sock} = 
+    SecureTransport.close ctx;
+    Unix.close sock
+
+  module Duppy =
+  struct
+    module Io = Duppy.MakeIo(Duppy_transport)
+    module Monad =
+    struct
+      module Io = Duppy.Monad.MakeIo(Io)
+      include (Monad : Monad_t)
+    end
+  end
+
+  module Http = Https_secure_transport
+  module Websocket = Websocket.Make(Websocket_transport)
+end
+
+module SecureTransport = Harbor.Make(Transport)
+
+include SecureTransport

src/harbor/harbor_ssl.ml

@@ -25,7 +25,7 @@ open Dtools
 
 let conf_harbor_ssl =
   Conf.void ~p:(Harbor_base.conf_harbor#plug "ssl")
-    "Harbor SSL settings.:"
+    "Harbor SSL settings."
 let conf_harbor_ssl_certificate =
   Conf.string ~p:(conf_harbor_ssl#plug "certificate") ~d:""
     "Path to the server's SSL certificate. (mandatory)"

src/lang/builtins_harbor_secure_transport.ml

@@ -0,0 +1,32 @@
+(* -*- mode: tuareg; -*- *)
+(*****************************************************************************
+
+  Liquidsoap, a programmable audio stream generator.
+  Copyright 2003-2017 Savonet team
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details, fully stated in the COPYING
+  file at the root of the liquidsoap distribution.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+ *****************************************************************************)
+
+module SecureTransport_harbor =
+struct
+  include Harbor_secure_transport
+  let name = "https"
+end
+
+module SecureTransport = Builtins_harbor.Make(SecureTransport_harbor)
+
+include SecureTransport

src/lang/builtins_https_secure_transport.ml

@@ -0,0 +1,44 @@
+(*****************************************************************************
+
+  Liquidsoap, a programmable audio stream generator.
+  Copyright 2003-2017 Savonet team
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details, fully stated in the COPYING
+  file at the root of the liquidsoap distribution.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+ *****************************************************************************)
+
+let () =
+  let add_http_request = Lang_builtins.add_http_request (module Https_secure_transport) in
+  add_http_request
+    "https.get"
+    "Perform a full https GET request and return (status,headers),data."
+    Lang_builtins.Get;
+  add_http_request
+    "https.post"
+    "Perform a full https POST request and return (status,headers),data."
+    Lang_builtins.Post;
+  add_http_request
+    "https.put"
+    "Perform a full https PUT request and return (status,headers),data."
+    Lang_builtins.Put;
+  add_http_request
+    "https.head"
+    "Perform a full https HEAD request and return (status,headers),data."
+    Lang_builtins.Head;
+  add_http_request
+    "https.delete"
+    "Perform a full https DELETE request and return (status,headers),data."
+    Lang_builtins.Delete

src/outputs/harbor_output_secure_transport.ml

@@ -0,0 +1,33 @@
+(* -*- mode: tuareg; -*- *)
+(*****************************************************************************
+
+  Liquidsoap, a programmable audio stream generator.
+  Copyright 2003-2017 Savonet team
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details, fully stated in the COPYING
+  file at the root of the liquidsoap distribution.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+ *****************************************************************************)
+
+module SecureTransport_output =
+struct
+  include Harbor_secure_transport.Transport
+  let source_name = "output.harbor.ssl"
+  let source_description = "Encode and output the stream using the SSL OSX harbor server."
+end
+
+module SecureTransport = Harbor_output.Make(SecureTransport_output)
+
+include SecureTransport

src/sources/harbor_input_secure_transport.ml

@@ -0,0 +1,34 @@
+(* -*- mode: tuareg; -*- *)
+(*****************************************************************************
+
+  Liquidsoap, a programmable audio stream generator.
+  Copyright 2003-2017 Savonet team
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details, fully stated in the COPYING
+  file at the root of the liquidsoap distribution.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+ *****************************************************************************)
+
+module SecureTransport_input =
+struct
+  include Harbor_secure_transport
+  let init () = ()
+  let source_name = "input.harbor.ssl"
+  let source_description = "Retrieves the given https stream from the harbor."
+end
+
+module SecureTransport = Harbor_input.Make(SecureTransport_input)
+
+include SecureTransport

src/sources/https_secure_transport_source.ml

@@ -0,0 +1,26 @@
+(*****************************************************************************
+
+  Liquidsoap, a programmable audio stream generator.
+  Copyright 2003-2017 Savonet team
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details, fully stated in the COPYING
+  file at the root of the liquidsoap distribution.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+ *****************************************************************************)
+
+module Input_https = Http_source.Make(Https_secure_transport)
+
+let () =
+  Input_https.register "https"