srs_error_t SrsDtlsCertificate::initialize() {
// 初始化SRT
srs_assert(srtp_init() == 0);
// 获取ECDSA算法模式,为true表示使用ESDSA算法(椭圆曲线数字签名算法)
ecdsa_mode = _srs_config->get_rtc_server_ecdsa();
// 生成dtls密钥,可使用RSA或者ECDSA算法生成密钥
dtls_pkey = EVP_PKEY_new();
if (!ecdsa_mode) { // By RSA
RSA* rsa = RSA_new();
srs_assert(rsa);
// Initialize the big-number for private key.
BIGNUM* exponent = BN_new();
srs_assert(exponent);
BN_set_word(exponent, RSA_F4);
// Generates a key pair and stores it in the RSA structure provided in rsa.
// @see https://www.openssl.org/docs/man1.0.2/man3/RSA_generate_key_ex.html
int key_bits = 1024;
RSA_generate_key_ex(rsa, key_bits, exponent, NULL);
// @see https://www.openssl.org/docs/man1.1.0/man3/EVP_PKEY_type.html
srs_assert(EVP_PKEY_set1_RSA(dtls_pkey, rsa) == 1);
RSA_free(rsa);
BN_free(exponent);
}
if (ecdsa_mode) { // By ECDSA, https://stackoverflow.com/a/6006898
eckey = EC_KEY_new();
srs_assert(eckey);
// Should use the curves in ClientHello.supported_groups
// For example:
// Supported Group: x25519 (0x001d)
// Supported Group: secp256r1 (0x0017)
// Supported Group: secp384r1 (0x0018)
// @remark The curve NID_secp256k1 is not secp256r1, k1 != r1.
// TODO: FIXME: Parse ClientHello and choose the curve.
// Note that secp256r1 in openssl is called NID_X9_62_prime256v1, not NID_secp256k1
// @see https://stackoverflow.com/questions/41950056/openssl1-1-0-b-is-not-support-secp256r1openssl-ecparam-list-curves
EC_GROUP* ecgroup = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
//EC_GROUP* ecgroup = EC_GROUP_new_by_curve_name(NID_secp384r1);
srs_assert(ecgroup);
#if OPENSSL_VERSION_NUMBER < 0x10100000L // v1.1.x
// For openssl 1.0, we must set the group parameters, so that cert is ok.
// @see https://github.com/monero-project/monero/blob/master/contrib/epee/src/net_ssl.cpp#L225
EC_GROUP_set_asn1_flag(ecgroup, OPENSSL_EC_NAMED_CURVE);
#endif
srs_assert(EC_KEY_set_group(eckey, ecgroup) == 1);
srs_assert(EC_KEY_generate_key(eckey) == 1);
// @see https://www.openssl.org/docs/man1.1.0/man3/EVP_PKEY_type.html
srs_assert(EVP_PKEY_set1_EC_KEY(dtls_pkey, eckey) == 1);
EC_GROUP_free(ecgroup);
}
// 使用生成的key生成证书
dtls_cert = X509_new();
srs_assert(dtls_cert);
if (true) {
X509_NAME* subject = X509_NAME_new();
srs_assert(subject);
int serial = (int)srs_random();
ASN1_INTEGER_set(X509_get_serialNumber(dtls_cert), serial);
const std::string& aor = RTMP_SIG_SRS_DOMAIN;
X509_NAME_add_entry_by_txt(subject, "CN", MBSTRING_ASC, (unsigned char *) aor.data(), aor.size(), -1, 0);
X509_set_issuer_name(dtls_cert, subject);
X509_set_subject_name(dtls_cert, subject);
int expire_day = 365;
const long cert_duration = 60*60*24*expire_day;
X509_gmtime_adj(X509_get_notBefore(dtls_cert), 0);
X509_gmtime_adj(X509_get_notAfter(dtls_cert), cert_duration);
X509_set_version(dtls_cert, 2);
srs_assert(X509_set_pubkey(dtls_cert, dtls_pkey) == 1);
srs_assert(X509_sign(dtls_cert, dtls_pkey, EVP_sha1()) != 0);
X509_NAME_free(subject);
}
// 组装SDP中DTLS fingerprint信息,在创建dtls连接的时候,服务端会根据客户端建立的ssl获取到其证书,获取到证书之后,通过sdp中的加密算法,推算出对应的签名值,并与sdp中值进行比较,如果不对,那么证书被篡改,链接失效
if (true) {
char fp[100] = {0};
char *p = fp;
unsigned char md[EVP_MAX_MD_SIZE];
unsigned int n = 0;
// TODO: FIXME: Unused variable.
/*int r = */X509_digest(dtls_cert, EVP_sha256(), md, &n);
for (unsigned int i = 0; i < n; i++, ++p) {
sprintf(p, "%02X", md[i]);
p += 2;
if(i < (n-1)) {
*p = ':';
} else {
*p = '\0';
}
}
fingerprint.assign(fp, strlen(fp));
srs_trace("fingerprint=%s", fingerprint.c_str());
}
}