Describe which components and interactions that happen when a new session is established. This should also help to identify any security vulnerabilities.
High Level Components
It is a 3 way communication. The Session between Browser and Kurento will be established after OpenMeetings has created the Session in Kurento.
Comments to consider
1) First diagram: "webRTC wss://$server:433" I would say right now it most probably "ws://KMS:8888"
In fact server and client are send iceCandidates back and forth trying to find network interface and port on both ends
If no direct connection is available STUN/TURN server tries to help
in case of demo-next direct connection to KMS is impossible so coturn do the job
Below is a selection of flows that are relevant for handling Socket or RTC connections.
There are several flows
1) Audio/Video test setup record
2) Audio/Video test setup playback
3) Audio/Video broadcast in room (recording endpoint can be added/removed if necessary)
In this case new WebRTC endpoint is created
4) Audio/Video playback in room
In this case new WebRTC endpoint is connected to the sender (so all can be dropped on broadcast stop)
In every flow websocket messages are sent to KurentoHandler
StreamProcessor and TestStreamProcessor were created and separated to make KurentoHandler more readable :)
TestStreamProcessor is more or less covered with tests https://sonarcloud.io/code?id=apache_openmeetings&selected=apache_openmeetings%3Aopenmeetings-core%2Fsrc%2Fmain%2Fjava%2Forg%2Fapache%2Fopenmeetings%2Fcore%2Fremote%2FTestStreamProcessor.java
Create Video Stream
- User-case: User initiates video in a presentation conference room.
- The diagram simplifies some of the communication for simplification as they are not relevant for the creation if the MediaStream or Security
work in progress
Recently I found this flow is not bullet-proof and web-rtc connection might not be established even if no errors were reported
This is why we get lots of emails like "I only can see my own video"
https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video.js#L118 should improve situation
According to security: we are using secured channel for WS messages
KMS can be secured by setting up HTTPS proxy (in this case port 8888 will be accessible at 443)
Not sure what else can be done here
- This flow was created by debugging various examples from here https://github.com/Kurento/kurento-tutorial-java
- Minimal example of creating a Media Stream with Kurento: https://github.com/Kurento/kurento-tutorial-js/blob/master/kurento-hello-world/js/index.js
Recordings are using the browsers ability to create a video stream of the entire desktop and share it as a video stream. Audio is added separated.