public DtlsSrtpClient(Certificate certificateChain, AsymmetricKeyParameter privateKey,
UseSrtpData clientSrtpData)
{
if (certificateChain == null && privateKey == null)
{
(certificateChain, privateKey) = DtlsUtils.CreateSelfSignedTlsCert();
}
if (clientSrtpData == null)
{
SecureRandom random = new SecureRandom();
int[] protectionProfiles = { SrtpProtectionProfile.SRTP_AES128_CM_HMAC_SHA1_80 };
byte[] mki = new byte[(SrtpParameters.SRTP_AES128_CM_HMAC_SHA1_80.GetCipherKeyLength() +
SrtpParameters.SRTP_AES128_CM_HMAC_SHA1_80.GetCipherSaltLength()) / 8];
random.NextBytes(mki); // Reusing our secure random for generating the key.
this.clientSrtpData = new UseSrtpData(protectionProfiles, mki);
}
else
{
this.clientSrtpData = clientSrtpData;
}
this.mPrivateKey = privateKey;
mCertificateChain = certificateChain;
//Generate FingerPrint
var certificate = mCertificateChain.GetCertificateAt(0);
Fingerprint = certificate != null?DtlsUtils.Fingerprint(certificate) : null;
}
public DtlsSrtpServer(Certificate certificateChain, AsymmetricKeyParameter privateKey)
{
this.cipherSuites = base.GetCipherSuites();
this.mPrivateKey = privateKey;
mCertificateChain = certificateChain;
//Generate FingerPrint
var certificate = mCertificateChain.GetCertificateAt(0);
this.mFingerPrint = certificate != null?DtlsUtils.Fingerprint(certificate) : null;
}
public DtlsSrtpServer(Certificate certificateChain, AsymmetricKeyParameter privateKey)
{
if (certificateChain == null && privateKey == null)
{
(certificateChain, privateKey) = DtlsUtils.CreateSelfSignedTlsCert();
}
this.cipherSuites = base.GetCipherSuites();
this.mPrivateKey = privateKey;
mCertificateChain = certificateChain;
//Generate FingerPrint
var certificate = mCertificateChain.GetCertificateAt(0);
this.mFingerPrint = certificate != null?DtlsUtils.Fingerprint(certificate) : null;
}
/// <summary>
/// DtlsHandshake requires DtlsSrtpTransport to work.
/// DtlsSrtpTransport is similar to C++ DTLS class combined with Srtp class and can perform
/// Handshake as Server or Client in same call. The constructor of transport require a DtlsStrpClient
/// or DtlsSrtpServer to work.
/// </summary>
/// <param name="dtlsHandle">The DTLS transport handle to perform the handshake with.</param>
/// <returns></returns>
private bool DoDtlsHandshake(DtlsSrtpTransport dtlsHandle)
{
logger.LogDebug("RTCPeerConnection DoDtlsHandshake started.");
var rtpChannel = GetRtpChannel(SDPMediaTypesEnum.audio);
dtlsHandle.OnDataReady += (buf) =>
{
//logger.LogDebug($"DTLS transport sending {buf.Length} bytes to {AudioDestinationEndPoint}.");
rtpChannel.SendAsync(RTPChannelSocketsEnum.RTP, AudioDestinationEndPoint, buf);
};
var handshakeResult = dtlsHandle.DoHandshake();
if (!handshakeResult)
{
logger.LogWarning($"RTCPeerConnection DTLS handshake failed.");
return(false);
}
else
{
logger.LogDebug($"RTCPeerConnection DTLS handshake result {handshakeResult}, is handshake complete {dtlsHandle.IsHandshakeComplete()}.");
var expectedFp = RemotePeerDtlsFingerprint;
var remoteFingerprint = DtlsUtils.Fingerprint(expectedFp.algorithm, dtlsHandle.GetRemoteCertificate().GetCertificateAt(0));
if (remoteFingerprint.value != expectedFp.value)
{
logger.LogWarning($"RTCPeerConnection remote certificate fingerprint mismatch, expected {expectedFp}, actual {remoteFingerprint}.");
return(false);
}
else
{
logger.LogDebug($"RTCPeerConnection remote certificate fingerprint matched expected value of {remoteFingerprint.value} for {remoteFingerprint.algorithm}.");
base.SetSecurityContext(
dtlsHandle.ProtectRTP,
dtlsHandle.UnprotectRTP,
dtlsHandle.ProtectRTCP,
dtlsHandle.UnprotectRTCP);
return(true);
}
}
}
public List <RTCDtlsFingerprint> getFingerprints()
{
return(new List <RTCDtlsFingerprint> {
DtlsUtils.Fingerprint(Certificate)
});
}