izackp/Apollo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement video encryption

Browse Source
This commit is contained in:
Cameron Gutman
2024-01-14 19:59:20 -06:00
parent 23fb07d4a2
commit c88fa655f5
6 changed files with 220 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
src/rtsp.cpp
View File

@@ -524,6 +524,26 @@ namespace rtsp_stream {
uint32_t encryption_flags_supported = SS_ENC_CONTROL_V2 | SS_ENC_AUDIO;
uint32_t encryption_flags_requested = SS_ENC_CONTROL_V2;
// Determine the encryption desired for this remote endpoint
auto nettype = net::from_address(sock.remote_endpoint().address().to_string());
int encryption_mode;
if (nettype == net::net_e::PC || nettype == net::net_e::LAN) {
encryption_mode = config::stream.lan_encryption_mode;
}
else {
encryption_mode = config::stream.wan_encryption_mode;
}
if (encryption_mode != config::ENCRYPTION_MODE_NEVER) {
// Advertise support for video encryption if it's not disabled
encryption_flags_supported |= SS_ENC_VIDEO;
// If it's mandatory, also request it to enable use if the client
// didn't explicitly opt in, but it otherwise has support.
if (encryption_mode == config::ENCRYPTION_MODE_MANDATORY) {
encryption_flags_requested |= SS_ENC_VIDEO | SS_ENC_AUDIO;
}
}
// Report supported and required encryption flags
ss << "a=x-ss-general.encryptionSupported:" << encryption_flags_supported << std::endl;
ss << "a=x-ss-general.encryptionRequested:" << encryption_flags_requested << std::endl;
@@ -811,6 +831,23 @@ namespace rtsp_stream {
return;
}
// Check that any required encryption is enabled
auto nettype = net::from_address(sock.remote_endpoint().address().to_string());
int encryption_mode;
if (nettype == net::net_e::PC || nettype == net::net_e::LAN) {
encryption_mode = config::stream.lan_encryption_mode;
}
else {
encryption_mode = config::stream.wan_encryption_mode;
}
if (encryption_mode == config::ENCRYPTION_MODE_MANDATORY &&
(config.encryptionFlagsEnabled & (SS_ENC_VIDEO | SS_ENC_AUDIO)) != (SS_ENC_VIDEO | SS_ENC_AUDIO)) {
BOOST_LOG(error) << "Rejecting client that cannot comply with mandatory encryption requirement"sv;
respond(sock, &option, 403, "Forbidden", req->sequenceNumber, {});
return;
}
auto session = stream::session::alloc(config, *launch_session);
auto slot = server->accept(session);