You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by se...@apache.org on 2021/03/24 19:54:15 UTC
[openmeetings] 01/01: OPENMEETINGS-2601 Able to configure which certificate type to use for WebRtcEndpoint.

This is an automated email from the ASF dual-hosted git repository.

sebawagner pushed a commit to branch feature/OPENMEETINGS-2601-configure-certificate-type-for-webrtcendpoint
in repository https://gitbox.apache.org/repos/asf/openmeetings.git

commit b2fca8e65031dc10d14c31a76dda2249ad168a5d
Author: Sebastian Wagner <se...@gmail.com>
AuthorDate: Thu Mar 25 08:53:50 2021 +1300

    OPENMEETINGS-2601 Able to configure which certificate type to use for WebRtcEndpoint.
---
 .../org/apache/openmeetings/core/remote/AbstractStream.java    | 10 +++++++++-
 .../main/java/org/apache/openmeetings/core/remote/KStream.java |  2 +-
 .../java/org/apache/openmeetings/core/remote/KTestStream.java  |  4 ++--
 .../org/apache/openmeetings/core/remote/KurentoHandler.java    |  6 ++++++
 .../org/apache/openmeetings/core/remote/BaseMockedTest.java    |  2 +-
 .../src/main/webapp/WEB-INF/classes/openmeetings.properties    |  3 +++
 6 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/AbstractStream.java b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/AbstractStream.java
index 64ac599..e741346 100644
--- a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/AbstractStream.java
+++ b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/AbstractStream.java
@@ -18,6 +18,7 @@
  */
 package org.apache.openmeetings.core.remote;
 
+import org.kurento.client.CertificateKeyType;
 import org.kurento.client.MediaPipeline;
 import org.kurento.client.MediaProfileSpecType;
 import org.kurento.client.PlayerEndpoint;
@@ -48,8 +49,15 @@ public abstract class AbstractStream {
 
 	public abstract void release(boolean remove);
 
-	public static WebRtcEndpoint createWebRtcEndpoint(MediaPipeline pipeline, Boolean recv) {
+	public static WebRtcEndpoint createWebRtcEndpoint(MediaPipeline pipeline, Boolean recv,
+			String certificateType) {
 		WebRtcEndpoint.Builder builder = new WebRtcEndpoint.Builder(pipeline);
+		// See https://doc-kurento.readthedocs.io/en/latest/features/security.html#media-plane-security-dtls
+		if (CertificateKeyType.RSA.name().equals(certificateType)) {
+			builder.withCertificateKeyType(CertificateKeyType.RSA);
+		} else if (CertificateKeyType.ECDSA.name().equals(certificateType)) {
+			builder.withCertificateKeyType(CertificateKeyType.ECDSA);
+		}
 		if (recv != null) {
 			if (recv) {
 				builder.recvonly();
diff --git a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KStream.java b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KStream.java
index f461c6d..d639bb5 100644
--- a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KStream.java
+++ b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KStream.java
@@ -319,7 +319,7 @@ public class KStream extends AbstractStream implements ISipCallbacks {
 	}
 
 	private WebRtcEndpoint createEndpoint(String sid, String uid, boolean recv) {
-		WebRtcEndpoint endpoint = createWebRtcEndpoint(pipeline, recv);
+		WebRtcEndpoint endpoint = createWebRtcEndpoint(pipeline, recv, kHandler.getCertificateType());
 		setTags(endpoint, uid);
 		reApplyIceCandiates(endpoint, recv);
 
diff --git a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KTestStream.java b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KTestStream.java
index 57111ed..a4f0f85 100644
--- a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KTestStream.java
+++ b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KTestStream.java
@@ -80,7 +80,7 @@ public class KTestStream extends AbstractStream {
 	}
 
 	private void startTestRecording(IWsClient c, JSONObject msg) {
-		webRtcEndpoint = createWebRtcEndpoint(pipeline, null);
+		webRtcEndpoint = createWebRtcEndpoint(pipeline, null, kHandler.getCertificateType());
 		webRtcEndpoint.connect(webRtcEndpoint);
 
 		MediaProfileSpecType profile = getProfile(msg);
@@ -142,7 +142,7 @@ public class KTestStream extends AbstractStream {
 
 	public void play(final IWsClient inClient, JSONObject msg) {
 		createPipeline(() -> {
-			webRtcEndpoint = createWebRtcEndpoint(pipeline, true);
+			webRtcEndpoint = createWebRtcEndpoint(pipeline, true, kHandler.getCertificateType());
 			player = createPlayerEndpoint(pipeline, recPath);
 			player.connect(webRtcEndpoint);
 			webRtcEndpoint.addMediaSessionStartedListener(evt -> {
diff --git a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java
index a301dce..6227163 100644
--- a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java
+++ b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java
@@ -112,6 +112,8 @@ public class KurentoHandler {
 	private int watchThreadCount = 10;
 	@Value("${kurento.kuid}")
 	private String kuid;
+	@Value("${kurento.certificateType}")
+	private String certificateType;
 	private KurentoClient client;
 	private final AtomicBoolean connected = new AtomicBoolean(false);
 	private final Map<Long, KRoom> rooms = new ConcurrentHashMap<>();
@@ -391,6 +393,10 @@ public class KurentoHandler {
 		return kuid;
 	}
 
+	public String getCertificateType() {
+		return certificateType;
+	}
+
 	static int getFlowoutTimeout() {
 		return flowoutTimeout;
 	}
diff --git a/openmeetings-core/src/test/java/org/apache/openmeetings/core/remote/BaseMockedTest.java b/openmeetings-core/src/test/java/org/apache/openmeetings/core/remote/BaseMockedTest.java
index 86f0211..a6b433b 100644
--- a/openmeetings-core/src/test/java/org/apache/openmeetings/core/remote/BaseMockedTest.java
+++ b/openmeetings-core/src/test/java/org/apache/openmeetings/core/remote/BaseMockedTest.java
@@ -114,7 +114,7 @@ public class BaseMockedTest {
 					return null;
 				}
 			});
-			streamMock.when(() -> AbstractStream.createWebRtcEndpoint(any(MediaPipeline.class), anyBoolean())).thenReturn(mock(WebRtcEndpoint.class));
+			streamMock.when(() -> AbstractStream.createWebRtcEndpoint(any(MediaPipeline.class), anyBoolean(), anyString())).thenReturn(mock(WebRtcEndpoint.class));
 			streamMock.when(() -> AbstractStream.createRecorderEndpoint(any(MediaPipeline.class), anyString(), any(MediaProfileSpecType.class))).thenReturn(mock(RecorderEndpoint.class));
 			streamMock.when(() -> AbstractStream.createPlayerEndpoint(any(MediaPipeline.class), anyString())).thenReturn(mock(PlayerEndpoint.class));
 
diff --git a/openmeetings-web/src/main/webapp/WEB-INF/classes/openmeetings.properties b/openmeetings-web/src/main/webapp/WEB-INF/classes/openmeetings.properties
index 37315c4..41727a7 100644
--- a/openmeetings-web/src/main/webapp/WEB-INF/classes/openmeetings.properties
+++ b/openmeetings-web/src/main/webapp/WEB-INF/classes/openmeetings.properties
@@ -51,6 +51,9 @@ kurento.flowout.timeout=5
 kurento.kuid=df992960-e7b0-11ea-9acd-337fb30dd93d
 ## this list can be space and/or comma separated
 kurento.ignored.kuids=
+## See https://doc-kurento.readthedocs.io/en/latest/features/security.html#media-plane-security-dtls
+## possible values: RSA, or ECDSA (capital-case)
+kurento.certificateType=
 
 ################## NetTest ##################
 nettest.max.clients=50