This is an automated email from the ASF dual-hosted git repository. sebawagner pushed a commit to branch feature/OPENMEETINGS-2601-configure-certificate-type-for-webrtcendpoint in repository https://gitbox.apache.org/repos/asf/openmeetings.git
commit b2fca8e65031dc10d14c31a76dda2249ad168a5d Author: Sebastian Wagner <seba.wag...@gmail.com> AuthorDate: Thu Mar 25 08:53:50 2021 +1300 OPENMEETINGS-2601 Able to configure which certificate type to use for WebRtcEndpoint. --- .../org/apache/openmeetings/core/remote/AbstractStream.java | 10 +++++++++- .../main/java/org/apache/openmeetings/core/remote/KStream.java | 2 +- .../java/org/apache/openmeetings/core/remote/KTestStream.java | 4 ++-- .../org/apache/openmeetings/core/remote/KurentoHandler.java | 6 ++++++ .../org/apache/openmeetings/core/remote/BaseMockedTest.java | 2 +- .../src/main/webapp/WEB-INF/classes/openmeetings.properties | 3 +++ 6 files changed, 22 insertions(+), 5 deletions(-) diff --git a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/AbstractStream.java b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/AbstractStream.java index 64ac599..e741346 100644 --- a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/AbstractStream.java +++ b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/AbstractStream.java @@ -18,6 +18,7 @@ */ package org.apache.openmeetings.core.remote; +import org.kurento.client.CertificateKeyType; import org.kurento.client.MediaPipeline; import org.kurento.client.MediaProfileSpecType; import org.kurento.client.PlayerEndpoint; @@ -48,8 +49,15 @@ public abstract class AbstractStream { public abstract void release(boolean remove); - public static WebRtcEndpoint createWebRtcEndpoint(MediaPipeline pipeline, Boolean recv) { + public static WebRtcEndpoint createWebRtcEndpoint(MediaPipeline pipeline, Boolean recv, + String certificateType) { WebRtcEndpoint.Builder builder = new WebRtcEndpoint.Builder(pipeline); + // See https://doc-kurento.readthedocs.io/en/latest/features/security.html#media-plane-security-dtls + if (CertificateKeyType.RSA.name().equals(certificateType)) { + builder.withCertificateKeyType(CertificateKeyType.RSA); + } else if (CertificateKeyType.ECDSA.name().equals(certificateType)) { + builder.withCertificateKeyType(CertificateKeyType.ECDSA); + } if (recv != null) { if (recv) { builder.recvonly(); diff --git a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KStream.java b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KStream.java index f461c6d..d639bb5 100644 --- a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KStream.java +++ b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KStream.java @@ -319,7 +319,7 @@ public class KStream extends AbstractStream implements ISipCallbacks { } private WebRtcEndpoint createEndpoint(String sid, String uid, boolean recv) { - WebRtcEndpoint endpoint = createWebRtcEndpoint(pipeline, recv); + WebRtcEndpoint endpoint = createWebRtcEndpoint(pipeline, recv, kHandler.getCertificateType()); setTags(endpoint, uid); reApplyIceCandiates(endpoint, recv); diff --git a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KTestStream.java b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KTestStream.java index 57111ed..a4f0f85 100644 --- a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KTestStream.java +++ b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KTestStream.java @@ -80,7 +80,7 @@ public class KTestStream extends AbstractStream { } private void startTestRecording(IWsClient c, JSONObject msg) { - webRtcEndpoint = createWebRtcEndpoint(pipeline, null); + webRtcEndpoint = createWebRtcEndpoint(pipeline, null, kHandler.getCertificateType()); webRtcEndpoint.connect(webRtcEndpoint); MediaProfileSpecType profile = getProfile(msg); @@ -142,7 +142,7 @@ public class KTestStream extends AbstractStream { public void play(final IWsClient inClient, JSONObject msg) { createPipeline(() -> { - webRtcEndpoint = createWebRtcEndpoint(pipeline, true); + webRtcEndpoint = createWebRtcEndpoint(pipeline, true, kHandler.getCertificateType()); player = createPlayerEndpoint(pipeline, recPath); player.connect(webRtcEndpoint); webRtcEndpoint.addMediaSessionStartedListener(evt -> { diff --git a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java index a301dce..6227163 100644 --- a/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java +++ b/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java @@ -112,6 +112,8 @@ public class KurentoHandler { private int watchThreadCount = 10; @Value("${kurento.kuid}") private String kuid; + @Value("${kurento.certificateType}") + private String certificateType; private KurentoClient client; private final AtomicBoolean connected = new AtomicBoolean(false); private final Map<Long, KRoom> rooms = new ConcurrentHashMap<>(); @@ -391,6 +393,10 @@ public class KurentoHandler { return kuid; } + public String getCertificateType() { + return certificateType; + } + static int getFlowoutTimeout() { return flowoutTimeout; } diff --git a/openmeetings-core/src/test/java/org/apache/openmeetings/core/remote/BaseMockedTest.java b/openmeetings-core/src/test/java/org/apache/openmeetings/core/remote/BaseMockedTest.java index 86f0211..a6b433b 100644 --- a/openmeetings-core/src/test/java/org/apache/openmeetings/core/remote/BaseMockedTest.java +++ b/openmeetings-core/src/test/java/org/apache/openmeetings/core/remote/BaseMockedTest.java @@ -114,7 +114,7 @@ public class BaseMockedTest { return null; } }); - streamMock.when(() -> AbstractStream.createWebRtcEndpoint(any(MediaPipeline.class), anyBoolean())).thenReturn(mock(WebRtcEndpoint.class)); + streamMock.when(() -> AbstractStream.createWebRtcEndpoint(any(MediaPipeline.class), anyBoolean(), anyString())).thenReturn(mock(WebRtcEndpoint.class)); streamMock.when(() -> AbstractStream.createRecorderEndpoint(any(MediaPipeline.class), anyString(), any(MediaProfileSpecType.class))).thenReturn(mock(RecorderEndpoint.class)); streamMock.when(() -> AbstractStream.createPlayerEndpoint(any(MediaPipeline.class), anyString())).thenReturn(mock(PlayerEndpoint.class)); diff --git a/openmeetings-web/src/main/webapp/WEB-INF/classes/openmeetings.properties b/openmeetings-web/src/main/webapp/WEB-INF/classes/openmeetings.properties index 37315c4..41727a7 100644 --- a/openmeetings-web/src/main/webapp/WEB-INF/classes/openmeetings.properties +++ b/openmeetings-web/src/main/webapp/WEB-INF/classes/openmeetings.properties @@ -51,6 +51,9 @@ kurento.flowout.timeout=5 kurento.kuid=df992960-e7b0-11ea-9acd-337fb30dd93d ## this list can be space and/or comma separated kurento.ignored.kuids= +## See https://doc-kurento.readthedocs.io/en/latest/features/security.html#media-plane-security-dtls +## possible values: RSA, or ECDSA (capital-case) +kurento.certificateType= ################## NetTest ################## nettest.max.clients=50