From e4e4b1e304b6992962caa8dd517bdb03b403c41b Mon Sep 17 00:00:00 2001
From: Anton Georgiev <antobinary@users.noreply.github.com>
Date: Mon, 18 Mar 2024 10:00:04 -0400
Subject: [PATCH] feat(config): add checkSumAlgorithmForBreakouts in akka-apps
 (port) #19754 (#19833)

* feat(config): add checkSumAlgorithmForBreakouts in akka-apps (port) (#19754)
---
 .../bigbluebutton/SystemConfiguration.scala   |  1 +
 .../core/apps/breakout/BreakoutApp2x.scala    | 11 ++++++++--
 .../src/universal/conf/application.conf       |  1 +
 docs/docs/development/api.md                  | 21 ++++++++++++++++++-
 docs/docs/new-features.md                     |  5 +++++
 5 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/akka-bbb-apps/src/main/scala/org/bigbluebutton/SystemConfiguration.scala b/akka-bbb-apps/src/main/scala/org/bigbluebutton/SystemConfiguration.scala
index cdab3d7cb8..9a32f958da 100755
--- a/akka-bbb-apps/src/main/scala/org/bigbluebutton/SystemConfiguration.scala
+++ b/akka-bbb-apps/src/main/scala/org/bigbluebutton/SystemConfiguration.scala
@@ -13,6 +13,7 @@ trait SystemConfiguration {
   lazy val bbbWebPort = Try(config.getInt("services.bbbWebPort")).getOrElse(8888)
   lazy val bbbWebAPI = Try(config.getString("services.bbbWebAPI")).getOrElse("localhost")
   lazy val bbbWebSharedSecret = Try(config.getString("services.sharedSecret")).getOrElse("changeme")
+  lazy val checkSumAlgorithmForBreakouts = Try(config.getString("services.checkSumAlgorithmForBreakouts")).getOrElse("sha256")
   lazy val bbbWebModeratorPassword = Try(config.getString("services.moderatorPassword")).getOrElse("changeme")
   lazy val bbbWebViewerPassword = Try(config.getString("services.viewerPassword")).getOrElse("changeme")
   lazy val keysExpiresInSec = Try(config.getInt("redis.keyExpiry")).getOrElse(14 * 86400) // 14 days
diff --git a/akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/breakout/BreakoutApp2x.scala b/akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/breakout/BreakoutApp2x.scala
index a780ecdb56..9a02c67527 100755
--- a/akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/breakout/BreakoutApp2x.scala
+++ b/akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/breakout/BreakoutApp2x.scala
@@ -4,6 +4,7 @@ import org.bigbluebutton.core.running.MeetingActor
 import java.net.URLEncoder
 import scala.collection.SortedSet
 import org.apache.commons.codec.digest.DigestUtils
+import org.bigbluebutton.SystemConfiguration
 
 trait BreakoutApp2x extends BreakoutRoomCreatedMsgHdlr
   with BreakoutRoomsListMsgHdlr
@@ -26,7 +27,7 @@ trait BreakoutApp2x extends BreakoutRoomCreatedMsgHdlr
 
 }
 
-object BreakoutRoomsUtil {
+object BreakoutRoomsUtil extends SystemConfiguration {
   def createMeetingIds(id: String, index: Int): (String, String) = {
     val timeStamp = System.currentTimeMillis()
     val externalHash = DigestUtils.sha1Hex(id.concat("-").concat(timeStamp.toString()).concat("-").concat(index.toString()))
@@ -48,7 +49,13 @@ object BreakoutRoomsUtil {
   //checksum() -- Return a checksum based on SHA-1 digest
   //
   def checksum(s: String): String = {
-    DigestUtils.sha256Hex(s);
+    checkSumAlgorithmForBreakouts match {
+      case "sha1"   => DigestUtils.sha1Hex(s);
+      case "sha256" => DigestUtils.sha256Hex(s);
+      case "sha384" => DigestUtils.sha384Hex(s);
+      case "sha512" => DigestUtils.sha512Hex(s);
+      case _        => DigestUtils.sha256Hex(s); // default
+    }
   }
 
   def calculateChecksum(apiCall: String, baseString: String, sharedSecret: String): String = {
diff --git a/akka-bbb-apps/src/universal/conf/application.conf b/akka-bbb-apps/src/universal/conf/application.conf
index e703d8c9c1..57936377e2 100755
--- a/akka-bbb-apps/src/universal/conf/application.conf
+++ b/akka-bbb-apps/src/universal/conf/application.conf
@@ -65,6 +65,7 @@ expire {
 services {
   bbbWebAPI = "https://192.168.23.33/bigbluebutton/api"
   sharedSecret = "changeme"
+  checkSumAlgorithmForBreakouts = "sha256"
 }
 
 eventBus {
diff --git a/docs/docs/development/api.md b/docs/docs/development/api.md
index 3675bdf462..df947ed871 100644
--- a/docs/docs/development/api.md
+++ b/docs/docs/development/api.md
@@ -169,7 +169,26 @@ $ sudo bbb-conf --setsecret \$(openssl rand -base64 32 | sed 's/=//g' | sed 's/+
 
 There are other configuration values in bbb-web's configuration `bigbluebutton.properties` (overwritten by `/etc/bigbluebutton/bbb-web.properties` ) related to the lifecycle of a meeting. You don't need to understand all of these to start using the BigBlueButton API. For most BigBlueButton servers, you can leave the [default values](https://github.com/bigbluebutton/bigbluebutton/blob/main/bigbluebutton-web/grails-app/conf/bigbluebutton.properties).
 
-In 2.5 support for additional hashing algorithms, besides sha1 and sha256, were added. These include sha384 and sha512. The `supportedChecksumAlgorithms` property in `bigbluebutton.properties` defines which algorithms are supported. By default checksums can be validated with any of the supported algorithms. To remove support for one or more of these algorithms simply delete it from the configuration file.
+In BigBlueButton 2.5 support for additional hashing algorithms, besides sha1 and sha256, were added. These include sha384 and sha512. The `supportedChecksumAlgorithms` property in bbb-web defines which algorithms are supported. By default checksums can be validated with any of the supported algorithms. To remove support for one or more of these algorithms simply delete it from the configuration file.
+If you drop support for sha256, (for example if you want to force only sha512 to be used) you will also need to update the `checkSumAlgorithmForBreakouts` property in akka-apps.
+
+In `/etc/bigbluebutton/bbb-web.properties`:
+
+```properties
+supportedChecksumAlgorithms=sha512
+```
+
+In `/etc/bigbluebutton/bbb-apps-akka.conf`:
+
+```properties
+services {
+  checkSumAlgorithmForBreakouts = "sha512"
+  #...
+}
+```
+
+And make sure to restart BigBlueButton.
+
 
 ### Usage
 
diff --git a/docs/docs/new-features.md b/docs/docs/new-features.md
index 6439ef334c..8ca1d19b6d 100644
--- a/docs/docs/new-features.md
+++ b/docs/docs/new-features.md
@@ -76,6 +76,11 @@ Recent releases:
 
 We have removed all use of Kurento Media Server. For the live media transmission we still rely on mediasoup. For the recording portion we make use of our own component `bbb-webrtc-recorder`. BigBlueButton 3.0 is the first release where we do not even install Kurento.
 
+#### Improved support for various SHA algorithms for checksum calculation
+
+In BigBlueButton 2.6.17/2.7.5/3.0.0-alpha.5 we added a new configuration property for bbb-apps-akka package under `services` called `checkSumAlgorithmForBreakouts`. By default the value is `"sha256"`. It controls the algorithm for checksum calculation for the breakout rooms join link. In case you overwrite bbb-web's `supportedChecksumAlgorithms` property removing sha256 you will need to set a supported algorithm here too. For example if you want to only use `sha512`, set `supportedChecksumAlgorithms=sha512` in `/etc/bigbluebutton/bbb-web.properties` and also set `checkSumAlgorithmForBreakouts="sha512"` in `/etc/bigbluebutton/bbb-apps-akka.conf` and then restart BigBlueButton.
+
+
 ### Development
 
 For information on developing in BigBlueButton, see [setting up a development environment for 3.0](/development/guide).