srs/trunk/src/app/srs_app_dtls.cpp

/**
 * The MIT License (MIT)
 *
 * Copyright (c) 2013-2020 Winlin
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy of
 * this software and associated documentation files (the "Software"), to deal in
 * the Software without restriction, including without limitation the rights to
 * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
 * the Software, and to permit persons to whom the Software is furnished to do so,
 * subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in all
 * copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
 * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
 * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
 * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 */

#include <srs_app_dtls.hpp>

using namespace std;

#include <string.h>

#include <srs_kernel_log.hpp>

SrsDtls* SrsDtls::_instance = NULL;

SrsDtls::SrsDtls()
{
}

SrsDtls::~SrsDtls()
{
}

SrsDtls* SrsDtls::instance()
{
    if (!_instance) {
        _instance = new SrsDtls();
        _instance->init();
    }   
    return _instance;
}

void SrsDtls::init()
{
	EVP_PKEY* dtls_private_key = EVP_PKEY_new();
    srs_assert(dtls_private_key);

    RSA* rsa = RSA_new();
    srs_assert(rsa);

    BIGNUM* exponent = BN_new();
    srs_assert(exponent);

    BN_set_word(exponent, RSA_F4);

	const std::string& aor = "www.hw.com";
	int expire_day = 365;
	int private_key_len = 1024;

    RSA_generate_key_ex(rsa, private_key_len, exponent, NULL);

    srs_assert(EVP_PKEY_set1_RSA(dtls_private_key, rsa) == 1);

    X509* dtls_cert = X509_new();
    srs_assert(dtls_cert);

    X509_NAME* subject = X509_NAME_new();
    srs_assert(subject);

    int serial = rand();
    ASN1_INTEGER_set(X509_get_serialNumber(dtls_cert), serial);

    X509_NAME_add_entry_by_txt(subject, "CN", MBSTRING_ASC, (unsigned char *) aor.data(), aor.size(), -1, 0);

    X509_set_issuer_name(dtls_cert, subject);
    X509_set_subject_name(dtls_cert, subject);

    const long cert_duration = 60*60*24*expire_day;

    X509_gmtime_adj(X509_get_notBefore(dtls_cert), 0);
    X509_gmtime_adj(X509_get_notAfter(dtls_cert), cert_duration);

    srs_assert(X509_set_pubkey(dtls_cert, dtls_private_key) == 1);

    srs_assert(X509_sign(dtls_cert, dtls_private_key, EVP_sha1()) != 0);

    // cleanup
    RSA_free(rsa);
    BN_free(exponent);
    X509_NAME_free(subject);

    dtls_ctx = SSL_CTX_new(DTLSv1_2_method());
	srs_assert(SSL_CTX_use_certificate(dtls_ctx, dtls_cert) == 1);

    srs_assert(SSL_CTX_use_PrivateKey(dtls_ctx, dtls_private_key) == 1);
    srs_assert(SSL_CTX_set_cipher_list(dtls_ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH") == 1);
    srs_assert(SSL_CTX_set_tlsext_use_srtp(dtls_ctx, "SRTP_AES128_CM_SHA1_80") == 0);

    SSL_CTX_set_verify_depth (dtls_ctx, 4); 
    SSL_CTX_set_read_ahead(dtls_ctx, 1);

    // dtls fingerprint
    char fp[100] = {0};
    char *p = fp;
    unsigned char md[EVP_MAX_MD_SIZE];
    unsigned int n = 0; 
 
    int r = X509_digest(dtls_cert, EVP_sha256(), md, &n);
    
    for (unsigned int i = 0; i < n; i++, ++p) {
        sprintf(p, "%02X", md[i]);
        p += 2;
        
        if(i < (n-1)) {
            *p = ':';
        } else {
            *p = '\0';
        }
    }

    fingerprint.assign(fp, strlen(fp));
    srs_trace("fingerprint=%s", fingerprint.c_str());
}
"stun and dtls done" 2020-03-06 15:01:48 +00:00			`/**`
			`* The MIT License (MIT)`
			`*`
			`* Copyright (c) 2013-2020 Winlin`
			`*`
			`* Permission is hereby granted, free of charge, to any person obtaining a copy of`
			`* this software and associated documentation files (the "Software"), to deal in`
			`* the Software without restriction, including without limitation the rights to`
			`* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of`
			`* the Software, and to permit persons to whom the Software is furnished to do so,`
			`* subject to the following conditions:`
			`*`
			`* The above copyright notice and this permission notice shall be included in all`
			`* copies or substantial portions of the Software.`
			`*`
			`* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR`
			`* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS`
			`* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR`
			`* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER`
			`* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN`
			`* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.`
			`*/`

			`#include <srs_app_dtls.hpp>`

			`using namespace std;`

			`#include <string.h>`

			`#include <srs_kernel_log.hpp>`

			`SrsDtls* SrsDtls::_instance = NULL;`

			`SrsDtls::SrsDtls()`
			`{`
			`}`

			`SrsDtls::~SrsDtls()`
			`{`
			`}`

			`SrsDtls* SrsDtls::instance()`
			`{`
			`if (!_instance) {`
			`_instance = new SrsDtls();`
			`_instance->init();`
			`}`
			`return _instance;`
			`}`

			`void SrsDtls::init()`
			`{`
			`EVP_PKEY* dtls_private_key = EVP_PKEY_new();`
			`srs_assert(dtls_private_key);`

			`RSA* rsa = RSA_new();`
			`srs_assert(rsa);`

			`BIGNUM* exponent = BN_new();`
			`srs_assert(exponent);`

			`BN_set_word(exponent, RSA_F4);`

			`const std::string& aor = "www.hw.com";`
			`int expire_day = 365;`
			`int private_key_len = 1024;`

			`RSA_generate_key_ex(rsa, private_key_len, exponent, NULL);`

			`srs_assert(EVP_PKEY_set1_RSA(dtls_private_key, rsa) == 1);`

			`X509* dtls_cert = X509_new();`
			`srs_assert(dtls_cert);`

			`X509_NAME* subject = X509_NAME_new();`
			`srs_assert(subject);`

			`int serial = rand();`
			`ASN1_INTEGER_set(X509_get_serialNumber(dtls_cert), serial);`

			`X509_NAME_add_entry_by_txt(subject, "CN", MBSTRING_ASC, (unsigned char *) aor.data(), aor.size(), -1, 0);`

			`X509_set_issuer_name(dtls_cert, subject);`
			`X509_set_subject_name(dtls_cert, subject);`

			`const long cert_duration = 606024*expire_day;`

			`X509_gmtime_adj(X509_get_notBefore(dtls_cert), 0);`
			`X509_gmtime_adj(X509_get_notAfter(dtls_cert), cert_duration);`

			`srs_assert(X509_set_pubkey(dtls_cert, dtls_private_key) == 1);`

			`srs_assert(X509_sign(dtls_cert, dtls_private_key, EVP_sha1()) != 0);`

			`// cleanup`
			`RSA_free(rsa);`
			`BN_free(exponent);`
			`X509_NAME_free(subject);`

			`dtls_ctx = SSL_CTX_new(DTLSv1_2_method());`
			`srs_assert(SSL_CTX_use_certificate(dtls_ctx, dtls_cert) == 1);`

			`srs_assert(SSL_CTX_use_PrivateKey(dtls_ctx, dtls_private_key) == 1);`
			`srs_assert(SSL_CTX_set_cipher_list(dtls_ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH") == 1);`
			`srs_assert(SSL_CTX_set_tlsext_use_srtp(dtls_ctx, "SRTP_AES128_CM_SHA1_80") == 0);`

			`SSL_CTX_set_verify_depth (dtls_ctx, 4);`
			`SSL_CTX_set_read_ahead(dtls_ctx, 1);`

			`// dtls fingerprint`
			`char fp[100] = {0};`
			`char *p = fp;`
			`unsigned char md[EVP_MAX_MD_SIZE];`
			`unsigned int n = 0;`

			`int r = X509_digest(dtls_cert, EVP_sha256(), md, &n);`

			`for (unsigned int i = 0; i < n; i++, ++p) {`
			`sprintf(p, "%02X", md[i]);`
			`p += 2;`

			`if(i < (n-1)) {`
			`*p = ':';`
			`} else {`
			`*p = '\0';`
			`}`
			`}`

			`fingerprint.assign(fp, strlen(fp));`
			`srs_trace("fingerprint=%s", fingerprint.c_str());`
			`}`