Updated for alias support in 1.2.16

mondain · mondain · commit f8f0c7771eb4 · 2022-03-22T13:01:54.000-07:00
diff --git a/pom.xml b/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <groupId>org.red5</groupId>
         <artifactId>red5-parent</artifactId>
-        <version>1.2.13</version>
+        <version>1.2.16</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>red5-server</artifactId>
diff --git a/src/main/java/org/red5/server/net/rtmp/InboundHandshake.java b/src/main/java/org/red5/server/net/rtmp/InboundHandshake.java
@@ -17,7 +17,6 @@
 import org.bouncycastle.util.BigIntegers;
 import org.red5.server.api.Red5;
 import org.red5.server.net.rtmp.message.Constants;
-import org.slf4j.LoggerFactory;
 
 /**
  * Performs handshaking for server connections.
@@ -39,12 +38,10 @@ public class InboundHandshake extends RTMPHandshake {
 
     public InboundHandshake() {
         super(RTMPConnection.RTMP_NON_ENCRYPTED);
-        log = LoggerFactory.getLogger(InboundHandshake.class);
     }
 
     public InboundHandshake(byte handshakeType) {
         super(handshakeType);
-        log = LoggerFactory.getLogger(InboundHandshake.class);
     }
 
     public InboundHandshake(byte handshakeType, int algorithm) {
@@ -184,14 +181,14 @@ public IoBuffer decodeClientRequest1(IoBuffer in) {
                     log.debug("RTMPE type 8 XTEA");
                     // encrypt signatureResp
                     for (int i = 0; i < DIGEST_LENGTH; i += 8) {
-                        //encryptXtea(signatureResp, i, digestResp[i] % 15);
+                        encryptXtea(signatureResponse, i, digestResp[i] % 15);
                     }
                     break;
                 case RTMPConnection.RTMP_ENCRYPTED_BLOWFISH:
                     log.debug("RTMPE type 9 Blowfish");
                     // encrypt signatureResp
                     for (int i = 0; i < DIGEST_LENGTH; i += 8) {
-                        //encryptBlowfish(signatureResp, i, digestResp[i] % 15);
+                        encryptBlowfish(signatureResponse, i, digestResp[i] % 15);
                     }
                     break;
             }
@@ -250,14 +247,14 @@ public boolean decodeClientRequest2(IoBuffer in) {
                         log.debug("RTMPE type 8 XTEA");
                         // encrypt signature
                         for (int i = 0; i < DIGEST_LENGTH; i += 8) {
-                            //encryptXtea(signature, i, digest[i] % 15);
+                            encryptXtea(signature, i, digest[i] % 15);
                         }
                         break;
                     case RTMPConnection.RTMP_ENCRYPTED_BLOWFISH:
                         log.debug("RTMPE type 9 Blowfish");
                         // encrypt signature
                         for (int i = 0; i < DIGEST_LENGTH; i += 8) {
-                            //encryptBlowfish(signature, i, digest[i] % 15);
+                            encryptBlowfish(signature, i, digest[i] % 15);
                         }
                         break;
                 }
@@ -408,6 +405,33 @@ private boolean validateScheme(byte[] handshake, int scheme) {
         return result;
     }
 
+    /**
+     * Encrypt via xtea.
+     * 
+     * @param in
+     * @param index
+     * @param keyId
+     */
+    private void encryptXtea(byte[] in, int index, int keyId) {
+        //xtea_le_init(XTEA_KEYS[keyId]);
+        //xtea_le_crypt(out, in, 1, NULL, 0);
+    }
+
+    /**
+     * Encrypt via blowfish.
+     * 
+     * @param in
+     * @param index
+     * @param keyId
+     */
+    private void encryptBlowfish(byte[] in, int index, int keyId) {
+        if (blowfish == null) {
+            initBlowfishEncryption(keyId);
+        }
+        // overwrite in as out using same array
+        blowfish.processBlock(in, index, in, index);
+    }
+
     public void setHandshakeBytes(byte[] handshake) {
         this.handshakeBytes = handshake;
     }
diff --git a/src/main/server/conf/red5-common.xml b/src/main/server/conf/red5-common.xml
@@ -71,7 +71,7 @@
     <!-- High level access to streams -->
     <bean id="streamService" class="org.red5.server.stream.StreamService">
         <property name="stripTypePrefix" value="true"/>
-        <property name="nameAliasingEnabled" value="true"/>
+        <property name="nameAliasingEnabled" value="false"/>
     </bean>
 
     <!-- High level access to broadcasted streams -->
diff --git a/src/main/server/webapps/root/cross-domain-policy.dtd b/src/main/server/webapps/root/cross-domain-policy.dtd
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!-- Adobe DTD for cross-domain policy files -->
+<!-- Copyright (c) 2008-2009, Adobe Systems Inc. -->
+
+<!ELEMENT cross-domain-policy (site-control?,allow-access-from*,allow-http-request-headers-from*,allow-access-from-identity*)>
+
+<!ELEMENT site-control EMPTY>
+<!ATTLIST site-control permitted-cross-domain-policies (all|by-content-type|by-ftp-filename|master-only|none) #REQUIRED>
+
+<!ELEMENT allow-access-from EMPTY>
+<!ATTLIST allow-access-from domain CDATA #REQUIRED>
+<!ATTLIST allow-access-from to-ports CDATA #IMPLIED>
+<!ATTLIST allow-access-from secure (true|false) "true">
+
+<!ELEMENT allow-http-request-headers-from EMPTY>
+<!ATTLIST allow-http-request-headers-from domain CDATA #REQUIRED>
+<!ATTLIST allow-http-request-headers-from headers CDATA #REQUIRED>
+<!ATTLIST allow-http-request-headers-from secure (true|false) "true">
+
+<!ELEMENT allow-access-from-identity (signatory)>
+
+<!ELEMENT signatory (certificate)>
+
+<!ELEMENT certificate EMPTY>
+<!ATTLIST certificate fingerprint CDATA #IMPLIED>
+<!ATTLIST certificate fingerprint-algorithm CDATA #IMPLIED>
+
+<!-- End of file. -->
diff --git a/src/main/server/webapps/root/crossdomain.xml b/src/main/server/webapps/root/crossdomain.xml
@@ -1,7 +1,12 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
+<?xml version="1.0"?>
+<!DOCTYPE cross-domain-policy SYSTEM "cross-domain-policy.dtd">
 <cross-domain-policy>
-<site-control permitted-cross-domain-policies="all"/>
-<allow-access-from domain="*" to-ports="1935"/>
-<allow-http-request-headers-from domain="*" headers="*"/>
+  <site-control permitted-cross-domain-policies="all"/>
+  <allow-access-from domain="*" to-ports="1935"/>
+  <allow-http-request-headers-from domain="*" headers="*"/>
+  <allow-access-from-identity>
+    <signatory>
+      <certificate/>
+    </signatory>
+  </allow-access-from-identity>
 </cross-domain-policy>
