2020-03-06 15:01:48 +00:00
|
|
|
/**
|
|
|
|
|
* The MIT License (MIT)
|
|
|
|
|
*
|
|
|
|
|
* Copyright (c) 2013-2020 Winlin
|
|
|
|
|
*
|
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy of
|
|
|
|
|
* this software and associated documentation files (the "Software"), to deal in
|
|
|
|
|
* the Software without restriction, including without limitation the rights to
|
|
|
|
|
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
|
|
|
|
* the Software, and to permit persons to whom the Software is furnished to do so,
|
|
|
|
|
* subject to the following conditions:
|
|
|
|
|
*
|
|
|
|
|
* The above copyright notice and this permission notice shall be included in all
|
|
|
|
|
* copies or substantial portions of the Software.
|
|
|
|
|
*
|
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
|
|
|
|
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
|
|
|
|
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
|
|
|
|
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
|
|
|
|
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <srs_app_dtls.hpp>
|
|
|
|
|
|
|
|
|
|
using namespace std;
|
|
|
|
|
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
|
|
#include <srs_kernel_log.hpp>
|
|
|
|
|
|
2020-03-12 16:24:56 +00:00
|
|
|
#include <srtp2/srtp.h>
|
|
|
|
|
|
2020-03-06 15:01:48 +00:00
|
|
|
SrsDtls* SrsDtls::_instance = NULL;
|
|
|
|
|
|
|
|
|
|
SrsDtls::SrsDtls()
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SrsDtls::~SrsDtls()
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SrsDtls* SrsDtls::instance()
|
|
|
|
|
{
|
|
|
|
|
if (!_instance) {
|
|
|
|
|
_instance = new SrsDtls();
|
|
|
|
|
_instance->init();
|
|
|
|
|
}
|
|
|
|
|
return _instance;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void SrsDtls::init()
|
|
|
|
|
{
|
2020-03-12 16:24:56 +00:00
|
|
|
// srtp init first
|
|
|
|
|
srs_assert(srtp_init() == 0);
|
|
|
|
|
|
|
|
|
|
// init dtls context
|
2020-03-06 15:01:48 +00:00
|
|
|
EVP_PKEY* dtls_private_key = EVP_PKEY_new();
|
|
|
|
|
srs_assert(dtls_private_key);
|
|
|
|
|
|
|
|
|
|
RSA* rsa = RSA_new();
|
|
|
|
|
srs_assert(rsa);
|
|
|
|
|
|
|
|
|
|
BIGNUM* exponent = BN_new();
|
|
|
|
|
srs_assert(exponent);
|
|
|
|
|
|
|
|
|
|
BN_set_word(exponent, RSA_F4);
|
|
|
|
|
|
|
|
|
|
const std::string& aor = "www.hw.com";
|
|
|
|
|
int expire_day = 365;
|
|
|
|
|
int private_key_len = 1024;
|
|
|
|
|
|
|
|
|
|
RSA_generate_key_ex(rsa, private_key_len, exponent, NULL);
|
|
|
|
|
|
|
|
|
|
srs_assert(EVP_PKEY_set1_RSA(dtls_private_key, rsa) == 1);
|
|
|
|
|
|
|
|
|
|
X509* dtls_cert = X509_new();
|
|
|
|
|
srs_assert(dtls_cert);
|
|
|
|
|
|
|
|
|
|
X509_NAME* subject = X509_NAME_new();
|
|
|
|
|
srs_assert(subject);
|
|
|
|
|
|
|
|
|
|
int serial = rand();
|
|
|
|
|
ASN1_INTEGER_set(X509_get_serialNumber(dtls_cert), serial);
|
|
|
|
|
|
|
|
|
|
X509_NAME_add_entry_by_txt(subject, "CN", MBSTRING_ASC, (unsigned char *) aor.data(), aor.size(), -1, 0);
|
|
|
|
|
|
|
|
|
|
X509_set_issuer_name(dtls_cert, subject);
|
|
|
|
|
X509_set_subject_name(dtls_cert, subject);
|
|
|
|
|
|
|
|
|
|
const long cert_duration = 60*60*24*expire_day;
|
|
|
|
|
|
|
|
|
|
X509_gmtime_adj(X509_get_notBefore(dtls_cert), 0);
|
|
|
|
|
X509_gmtime_adj(X509_get_notAfter(dtls_cert), cert_duration);
|
|
|
|
|
|
|
|
|
|
srs_assert(X509_set_pubkey(dtls_cert, dtls_private_key) == 1);
|
|
|
|
|
|
|
|
|
|
srs_assert(X509_sign(dtls_cert, dtls_private_key, EVP_sha1()) != 0);
|
|
|
|
|
|
|
|
|
|
// cleanup
|
|
|
|
|
RSA_free(rsa);
|
|
|
|
|
BN_free(exponent);
|
|
|
|
|
X509_NAME_free(subject);
|
|
|
|
|
|
2020-04-01 06:56:31 +00:00
|
|
|
dtls_ctx = SSL_CTX_new(DTLS_method());
|
2020-03-06 15:01:48 +00:00
|
|
|
srs_assert(SSL_CTX_use_certificate(dtls_ctx, dtls_cert) == 1);
|
|
|
|
|
|
|
|
|
|
srs_assert(SSL_CTX_use_PrivateKey(dtls_ctx, dtls_private_key) == 1);
|
|
|
|
|
srs_assert(SSL_CTX_set_cipher_list(dtls_ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH") == 1);
|
|
|
|
|
srs_assert(SSL_CTX_set_tlsext_use_srtp(dtls_ctx, "SRTP_AES128_CM_SHA1_80") == 0);
|
|
|
|
|
|
|
|
|
|
SSL_CTX_set_verify_depth (dtls_ctx, 4);
|
|
|
|
|
SSL_CTX_set_read_ahead(dtls_ctx, 1);
|
|
|
|
|
|
|
|
|
|
// dtls fingerprint
|
|
|
|
|
char fp[100] = {0};
|
|
|
|
|
char *p = fp;
|
|
|
|
|
unsigned char md[EVP_MAX_MD_SIZE];
|
|
|
|
|
unsigned int n = 0;
|
2020-03-17 01:16:52 +00:00
|
|
|
|
|
|
|
|
// TODO: FIXME: Unused variable.
|
|
|
|
|
/*int r = */X509_digest(dtls_cert, EVP_sha256(), md, &n);
|
2020-03-06 15:01:48 +00:00
|
|
|
|
|
|
|
|
for (unsigned int i = 0; i < n; i++, ++p) {
|
|
|
|
|
sprintf(p, "%02X", md[i]);
|
|
|
|
|
p += 2;
|
|
|
|
|
|
|
|
|
|
if(i < (n-1)) {
|
|
|
|
|
*p = ':';
|
|
|
|
|
} else {
|
|
|
|
|
*p = '\0';
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fingerprint.assign(fp, strlen(fp));
|
|
|
|
|
srs_trace("fingerprint=%s", fingerprint.c_str());
|
|
|
|
|
}
|
