You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@openmeetings.apache.org by se...@apache.org on 2021/03/24 19:54:14 UTC

[openmeetings] branch feature/OPENMEETINGS-2601-configure-certificate-type-for-webrtcendpoint created (now b2fca8e)

This is an automated email from the ASF dual-hosted git repository.

sebawagner pushed a change to branch feature/OPENMEETINGS-2601-configure-certificate-type-for-webrtcendpoint
in repository https://gitbox.apache.org/repos/asf/openmeetings.git.


      at b2fca8e  OPENMEETINGS-2601 Able to configure which certificate type to use for WebRtcEndpoint.

This branch includes the following new commits:

     new b2fca8e  OPENMEETINGS-2601 Able to configure which certificate type to use for WebRtcEndpoint.

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[openmeetings] 01/01: OPENMEETINGS-2601 Able to configure which certificate type to use for WebRtcEndpoint.

Posted by se...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

sebawagner pushed a commit to branch feature/OPENMEETINGS-2601-configure-certificate-type-for-webrtcendpoint
in repository https://gitbox.apache.org/repos/asf/openmeetings.git

commit b2fca8e65031dc10d14c31a76dda2249ad168a5d
Author: Sebastian Wagner <se...@gmail.com>
AuthorDate: Thu Mar 25 08:53:50 2021 +1300

    OPENMEETINGS-2601 Able to configure which certificate type to use for WebRtcEndpoint.
---
 .../org/apache/openmeetings/core/remote/AbstractStream.java    | 10 +++++++++-
 .../main/java/org/apache/openmeetings/core/remote/KStream.java |  2 +-
 .../java/org/apache/openmeetings/core/remote/KTestStream.java  |  4 ++--
 .../org/apache/openmeetings/core/remote/KurentoHandler.java    |  6 ++++++
 .../org/apache/openmeetings/core/remote/BaseMockedTest.java    |  2 +-
 .../src/main/webapp/WEB-INF/classes/openmeetings.properties    |  3 +++
 6 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/AbstractStream.java b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/AbstractStream.java
index 64ac599..e741346 100644
--- a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/AbstractStream.java
+++ b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/AbstractStream.java
@@ -18,6 +18,7 @@
  */
 package org.apache.openmeetings.core.remote;
 
+import org.kurento.client.CertificateKeyType;
 import org.kurento.client.MediaPipeline;
 import org.kurento.client.MediaProfileSpecType;
 import org.kurento.client.PlayerEndpoint;
@@ -48,8 +49,15 @@ public abstract class AbstractStream {
 
 	public abstract void release(boolean remove);
 
-	public static WebRtcEndpoint createWebRtcEndpoint(MediaPipeline pipeline, Boolean recv) {
+	public static WebRtcEndpoint createWebRtcEndpoint(MediaPipeline pipeline, Boolean recv,
+			String certificateType) {
 		WebRtcEndpoint.Builder builder = new WebRtcEndpoint.Builder(pipeline);
+		// See https://doc-kurento.readthedocs.io/en/latest/features/security.html#media-plane-security-dtls
+		if (CertificateKeyType.RSA.name().equals(certificateType)) {
+			builder.withCertificateKeyType(CertificateKeyType.RSA);
+		} else if (CertificateKeyType.ECDSA.name().equals(certificateType)) {
+			builder.withCertificateKeyType(CertificateKeyType.ECDSA);
+		}
 		if (recv != null) {
 			if (recv) {
 				builder.recvonly();
diff --git a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KStream.java b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KStream.java
index f461c6d..d639bb5 100644
--- a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KStream.java
+++ b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KStream.java
@@ -319,7 +319,7 @@ public class KStream extends AbstractStream implements ISipCallbacks {
 	}
 
 	private WebRtcEndpoint createEndpoint(String sid, String uid, boolean recv) {
-		WebRtcEndpoint endpoint = createWebRtcEndpoint(pipeline, recv);
+		WebRtcEndpoint endpoint = createWebRtcEndpoint(pipeline, recv, kHandler.getCertificateType());
 		setTags(endpoint, uid);
 		reApplyIceCandiates(endpoint, recv);
 
diff --git a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KTestStream.java b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KTestStream.java
index 57111ed..a4f0f85 100644
--- a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KTestStream.java
+++ b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KTestStream.java
@@ -80,7 +80,7 @@ public class KTestStream extends AbstractStream {
 	}
 
 	private void startTestRecording(IWsClient c, JSONObject msg) {
-		webRtcEndpoint = createWebRtcEndpoint(pipeline, null);
+		webRtcEndpoint = createWebRtcEndpoint(pipeline, null, kHandler.getCertificateType());
 		webRtcEndpoint.connect(webRtcEndpoint);
 
 		MediaProfileSpecType profile = getProfile(msg);
@@ -142,7 +142,7 @@ public class KTestStream extends AbstractStream {
 
 	public void play(final IWsClient inClient, JSONObject msg) {
 		createPipeline(() -> {
-			webRtcEndpoint = createWebRtcEndpoint(pipeline, true);
+			webRtcEndpoint = createWebRtcEndpoint(pipeline, true, kHandler.getCertificateType());
 			player = createPlayerEndpoint(pipeline, recPath);
 			player.connect(webRtcEndpoint);
 			webRtcEndpoint.addMediaSessionStartedListener(evt -> {
diff --git a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java
index a301dce..6227163 100644
--- a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java
+++ b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java
@@ -112,6 +112,8 @@ public class KurentoHandler {
 	private int watchThreadCount = 10;
 	@Value("${kurento.kuid}")
 	private String kuid;
+	@Value("${kurento.certificateType}")
+	private String certificateType;
 	private KurentoClient client;
 	private final AtomicBoolean connected = new AtomicBoolean(false);
 	private final Map<Long, KRoom> rooms = new ConcurrentHashMap<>();
@@ -391,6 +393,10 @@ public class KurentoHandler {
 		return kuid;
 	}
 
+	public String getCertificateType() {
+		return certificateType;
+	}
+
 	static int getFlowoutTimeout() {
 		return flowoutTimeout;
 	}
diff --git a/openmeetings-core/src/test/java/org/apache/openmeetings/core/remote/BaseMockedTest.java b/openmeetings-core/src/test/java/org/apache/openmeetings/core/remote/BaseMockedTest.java
index 86f0211..a6b433b 100644
--- a/openmeetings-core/src/test/java/org/apache/openmeetings/core/remote/BaseMockedTest.java
+++ b/openmeetings-core/src/test/java/org/apache/openmeetings/core/remote/BaseMockedTest.java
@@ -114,7 +114,7 @@ public class BaseMockedTest {
 					return null;
 				}
 			});
-			streamMock.when(() -> AbstractStream.createWebRtcEndpoint(any(MediaPipeline.class), anyBoolean())).thenReturn(mock(WebRtcEndpoint.class));
+			streamMock.when(() -> AbstractStream.createWebRtcEndpoint(any(MediaPipeline.class), anyBoolean(), anyString())).thenReturn(mock(WebRtcEndpoint.class));
 			streamMock.when(() -> AbstractStream.createRecorderEndpoint(any(MediaPipeline.class), anyString(), any(MediaProfileSpecType.class))).thenReturn(mock(RecorderEndpoint.class));
 			streamMock.when(() -> AbstractStream.createPlayerEndpoint(any(MediaPipeline.class), anyString())).thenReturn(mock(PlayerEndpoint.class));
 
diff --git a/openmeetings-web/src/main/webapp/WEB-INF/classes/openmeetings.properties b/openmeetings-web/src/main/webapp/WEB-INF/classes/openmeetings.properties
index 37315c4..41727a7 100644
--- a/openmeetings-web/src/main/webapp/WEB-INF/classes/openmeetings.properties
+++ b/openmeetings-web/src/main/webapp/WEB-INF/classes/openmeetings.properties
@@ -51,6 +51,9 @@ kurento.flowout.timeout=5
 kurento.kuid=df992960-e7b0-11ea-9acd-337fb30dd93d
 ## this list can be space and/or comma separated
 kurento.ignored.kuids=
+## See https://doc-kurento.readthedocs.io/en/latest/features/security.html#media-plane-security-dtls
+## possible values: RSA, or ECDSA (capital-case)
+kurento.certificateType=
 
 ################## NetTest ##################
 nettest.max.clients=50