bigbluebutton-Github/record-and-playback/mconf/scripts/mconf-decrypt.rb

# Set encoding to utf-8
# encoding: UTF-8
#
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/
#
# Copyright (c) 2012 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
#

require '../../core/lib/recordandplayback'
require 'rubygems'
require 'yaml'
require 'net/http'
require 'rexml/document'
require 'open-uri'
require 'digest/md5'

BigBlueButton.logger = Logger.new("/var/log/bigbluebutton/decrypt.log",'daily' )

bbb_props = YAML::load(File.open('../../core/scripts/bigbluebutton.yml'))
mconf_props = YAML::load(File.open('mconf.yml'))

private_key = mconf_props['private_key']
get_recordings_url = mconf_props['get_recordings_url']
recording_dir = bbb_props['recording_dir'] 
raw_dir = "#{recording_dir}/raw"
archived_dir = "#{recording_dir}/status/archived"

if not get_recordings_url.nil? and not get_recordings_url.empty?

  doc = Nokogiri::XML(Net::HTTP.get_response(URI.parse(get_recordings_url)).body)
  returncode = doc.xpath("//returncode")
  if returncode.empty? or returncode.text != "SUCCESS"
    raise "getRecordings didn't return success"
  end

  doc.xpath("//recording").each do |recording|
    record_id = recording.xpath(".//recordID").text
    recording.xpath(".//download/format").each do |format|
      type = format.xpath(".//type").text
      if type == "encrypted"
        meeting_id = record_id
        file_url = format.xpath(".//url").text
        key_file_url = format.xpath(".//key").text
        md5_value = format.xpath(".//md5").text

        encrypted_file = file_url.split("/").last
        decrypted_file = File.basename(encrypted_file, '.*') + ".zip"
        if not File.exist?("#{archived_dir}/#{meeting_id}.done") then
          Dir.chdir(raw_dir) do
            BigBlueButton.logger.info("Decrypting the recording #{meeting_id}")

            BigBlueButton.logger.debug("recordID = #{record_id}")
            BigBlueButton.logger.debug("file_url = #{file_url}")
            BigBlueButton.logger.debug("key_file_url = #{key_file_url}")
            BigBlueButton.logger.debug("md5_value = #{md5_value}")

            BigBlueButton.logger.info("Downloading the encrypted file to #{encrypted_file}")
            writeOut = open(encrypted_file, "wb")
            writeOut.write(open(file_url).read)
            writeOut.close

            md5_calculated = Digest::MD5.file(encrypted_file)

            if md5_calculated == md5_value
              BigBlueButton.logger.info("The calculated MD5 matches the expected value")
              key_file = key_file_url.split("/").last
              decrypted_key_file = File.basename(key_file, '.*') + ".txt"

              BigBlueButton.logger.info("Downloading the key file to #{key_file}")
              writeOut = open(key_file, "wb")
              writeOut.write(open(key_file_url).read)
              writeOut.close

              if key_file != decrypted_key_file
                BigBlueButton.logger.debug("Locating private key")
                if not File.exists?("#{private_key}")
                  raise "Couldn't find the private key on #{private_key}"
                end
                BigBlueButton.logger.debug("Decrypting recording key")
                command = "openssl rsautl -decrypt -inkey #{private_key} < #{key_file} > #{decrypted_key_file}"
                status = BigBlueButton.execute(command)
                if not status.success?
                  raise "Couldn't decrypt the random key with the server private key"
                end
                FileUtils.rm_r "#{key_file}"
              else
                BigBlueButton.logger.info("No public key was used to encrypt the random key")
              end

              BigBlueButton.logger.debug("Decrypting the recording file")
              command = "openssl enc -aes-256-cbc -d -pass file:#{decrypted_key_file} < #{encrypted_file} > #{decrypted_file}"
              status = BigBlueButton.execute(command)
              if not status.success?
                raise "Couldn't decrypt the recording file using the random key"
              end
       
              BigBlueButton::MconfProcessor.unzip("#{raw_dir}/#{meeting_id}", decrypted_file)

              archived_done = File.new("#{archived_dir}/#{meeting_id}.done", "w")
              archived_done.write("Archived #{meeting_id}")
              archived_done.close
              
              [ "#{encrypted_file}", "#{decrypted_file}", "#{decrypted_key_file}" ].each { |file|
                BigBlueButton.logger.info("Removing #{file}")
                FileUtils.rm_r "#{file}"
              }

              BigBlueButton.logger.info("Recording #{record_id} decrypted successfully")

            else
              BigBlueButton.logger.error("The calculated MD5 doesn't match the expected value")
              FileUtils.rm_f(encrypted_file)
            end
          end
        end
      end
    end
  end
end
adding god-process to uncrypt/unzip files encrypted 2012-12-01 00:16:42 +08:00			`# Set encoding to utf-8`
			`# encoding: UTF-8`
			`#`
			`# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/`
			`#`
			`# Copyright (c) 2012 BigBlueButton Inc. and by respective authors (see below).`
			`#`
			`# This program is free software; you can redistribute it and/or modify it under the`
			`# terms of the GNU Lesser General Public License as published by the Free Software`
			`# Foundation; either version 3.0 of the License, or (at your option) any later`
			`# version.`
			`#`
			`# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY`
			`# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A`
			`# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU Lesser General Public License along`
			`# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.`
			`#`

			`require '../../core/lib/recordandplayback'`
			`require 'rubygems'`
			`require 'yaml'`
Changes to be according to specification 2013-01-10 23:16:08 +08:00			`require 'net/http'`
			`require 'rexml/document'`
			`require 'open-uri'`
uncrypting files according to new xml structure 2013-01-22 23:56:12 +08:00			`require 'digest/md5'`
adding god-process to uncrypt/unzip files encrypted 2012-12-01 00:16:42 +08:00
cleaning up 2013-02-05 01:23:50 +08:00			`BigBlueButton.logger = Logger.new("/var/log/bigbluebutton/decrypt.log",'daily' )`
adding god-process to uncrypt/unzip files encrypted 2012-12-01 00:16:42 +08:00
			`bbb_props = YAML::load(File.open('../../core/scripts/bigbluebutton.yml'))`
			`mconf_props = YAML::load(File.open('mconf.yml'))`
improved and tested both Mconf encryptor and decryptor 2013-02-09 02:10:28 +08:00
			`private_key = mconf_props['private_key']`
			`get_recordings_url = mconf_props['get_recordings_url']`
adding god-process to uncrypt/unzip files encrypted 2012-12-01 00:16:42 +08:00			`recording_dir = bbb_props['recording_dir']`
improved and tested both Mconf encryptor and decryptor 2013-02-09 02:10:28 +08:00			`raw_dir = "#{recording_dir}/raw"`
changing API to add the new object download into the getrecordings XML reply 2013-01-18 00:05:48 +08:00			`archived_dir = "#{recording_dir}/status/archived"`
Changes to be according to specification 2013-01-10 23:16:08 +08:00
only runs the decrypt script if the get_recordings_url is defined and not empty; removed the logs from the part before checking for the existence of archived/<meeting_id>.done 2013-02-23 09:20:55 +08:00			`if not get_recordings_url.nil? and not get_recordings_url.empty?`

			`doc = Nokogiri::XML(Net::HTTP.get_response(URI.parse(get_recordings_url)).body)`
			`returncode = doc.xpath("//returncode")`
			`if returncode.empty? or returncode.text != "SUCCESS"`
			`raise "getRecordings didn't return success"`
			`end`
Changes to be according to specification 2013-01-10 23:16:08 +08:00
only runs the decrypt script if the get_recordings_url is defined and not empty; removed the logs from the part before checking for the existence of archived/<meeting_id>.done 2013-02-23 09:20:55 +08:00			`doc.xpath("//recording").each do \|recording\|`
fixing the xpath stuff on mconf-decrypt 2013-02-27 04:42:41 +08:00			`record_id = recording.xpath(".//recordID").text`
			`recording.xpath(".//download/format").each do \|format\|`
			`type = format.xpath(".//type").text`
only runs the decrypt script if the get_recordings_url is defined and not empty; removed the logs from the part before checking for the existence of archived/<meeting_id>.done 2013-02-23 09:20:55 +08:00			`if type == "encrypted"`
			`meeting_id = record_id`
fixing the xpath stuff on mconf-decrypt 2013-02-27 04:42:41 +08:00			`file_url = format.xpath(".//url").text`
			`key_file_url = format.xpath(".//key").text`
			`md5_value = format.xpath(".//md5").text`
only runs the decrypt script if the get_recordings_url is defined and not empty; removed the logs from the part before checking for the existence of archived/<meeting_id>.done 2013-02-23 09:20:55 +08:00
			`encrypted_file = file_url.split("/").last`
			`decrypted_file = File.basename(encrypted_file, '.*') + ".zip"`
			`if not File.exist?("#{archived_dir}/#{meeting_id}.done") then`
			`Dir.chdir(raw_dir) do`
			`BigBlueButton.logger.info("Decrypting the recording #{meeting_id}")`

			`BigBlueButton.logger.debug("recordID = #{record_id}")`
			`BigBlueButton.logger.debug("file_url = #{file_url}")`
			`BigBlueButton.logger.debug("key_file_url = #{key_file_url}")`
			`BigBlueButton.logger.debug("md5_value = #{md5_value}")`

			`BigBlueButton.logger.info("Downloading the encrypted file to #{encrypted_file}")`
			`writeOut = open(encrypted_file, "wb")`
			`writeOut.write(open(file_url).read)`
improved and tested both Mconf encryptor and decryptor 2013-02-09 02:10:28 +08:00			`writeOut.close`

only runs the decrypt script if the get_recordings_url is defined and not empty; removed the logs from the part before checking for the existence of archived/<meeting_id>.done 2013-02-23 09:20:55 +08:00			`md5_calculated = Digest::MD5.file(encrypted_file)`

			`if md5_calculated == md5_value`
			`BigBlueButton.logger.info("The calculated MD5 matches the expected value")`
			`key_file = key_file_url.split("/").last`
			`decrypted_key_file = File.basename(key_file, '.*') + ".txt"`

			`BigBlueButton.logger.info("Downloading the key file to #{key_file}")`
			`writeOut = open(key_file, "wb")`
			`writeOut.write(open(key_file_url).read)`
			`writeOut.close`

			`if key_file != decrypted_key_file`
check if the private key exists was incorrect 2013-03-04 23:51:36 +08:00			`BigBlueButton.logger.debug("Locating private key")`
			`if not File.exists?("#{private_key}")`
check if the metadata passed in the create call is empty; raise an exception if the private key isn't found on the recording server; updated the deploy script using the ideas implemented on chef 2013-03-01 03:35:22 +08:00			`raise "Couldn't find the private key on #{private_key}"`
			`end`
check if the private key exists was incorrect 2013-03-04 23:51:36 +08:00			`BigBlueButton.logger.debug("Decrypting recording key")`
only runs the decrypt script if the get_recordings_url is defined and not empty; removed the logs from the part before checking for the existence of archived/<meeting_id>.done 2013-02-23 09:20:55 +08:00			`command = "openssl rsautl -decrypt -inkey #{private_key} < #{key_file} > #{decrypted_key_file}"`
			`status = BigBlueButton.execute(command)`
			`if not status.success?`
			`raise "Couldn't decrypt the random key with the server private key"`
			`end`
			`FileUtils.rm_r "#{key_file}"`
			`else`
			`BigBlueButton.logger.info("No public key was used to encrypt the random key")`
			`end`

check if the private key exists was incorrect 2013-03-04 23:51:36 +08:00			`BigBlueButton.logger.debug("Decrypting the recording file")`
only runs the decrypt script if the get_recordings_url is defined and not empty; removed the logs from the part before checking for the existence of archived/<meeting_id>.done 2013-02-23 09:20:55 +08:00			`command = "openssl enc -aes-256-cbc -d -pass file:#{decrypted_key_file} < #{encrypted_file} > #{decrypted_file}"`
improved and tested both Mconf encryptor and decryptor 2013-02-09 02:10:28 +08:00			`status = BigBlueButton.execute(command)`
			`if not status.success?`
only runs the decrypt script if the get_recordings_url is defined and not empty; removed the logs from the part before checking for the existence of archived/<meeting_id>.done 2013-02-23 09:20:55 +08:00			`raise "Couldn't decrypt the recording file using the random key"`
improved and tested both Mconf encryptor and decryptor 2013-02-09 02:10:28 +08:00			`end`
only runs the decrypt script if the get_recordings_url is defined and not empty; removed the logs from the part before checking for the existence of archived/<meeting_id>.done 2013-02-23 09:20:55 +08:00
			`BigBlueButton::MconfProcessor.unzip("#{raw_dir}/#{meeting_id}", decrypted_file)`

			`archived_done = File.new("#{archived_dir}/#{meeting_id}.done", "w")`
			`archived_done.write("Archived #{meeting_id}")`
			`archived_done.close`

			`[ "#{encrypted_file}", "#{decrypted_file}", "#{decrypted_key_file}" ].each { \|file\|`
			`BigBlueButton.logger.info("Removing #{file}")`
			`FileUtils.rm_r "#{file}"`
			`}`
improved and tested both Mconf encryptor and decryptor 2013-02-09 02:10:28 +08:00
only runs the decrypt script if the get_recordings_url is defined and not empty; removed the logs from the part before checking for the existence of archived/<meeting_id>.done 2013-02-23 09:20:55 +08:00			`BigBlueButton.logger.info("Recording #{record_id} decrypted successfully")`

			`else`
			`BigBlueButton.logger.error("The calculated MD5 doesn't match the expected value")`
			`FileUtils.rm_f(encrypted_file)`
improved and tested both Mconf encryptor and decryptor 2013-02-09 02:10:28 +08:00			`end`
			`end`
			`end`
			`end`
			`end`
			`end`
check if the private key exists was incorrect 2013-03-04 23:51:36 +08:00			`end`