Merge pull request #327 from opentok/feature/e-2-e-support

Add end-to-end encryption when creating session.

Author: SecondeJK

src/OpenTok/OpenTok.php

@@ -2,7 +2,6 @@
 
 namespace OpenTok;
 
-use OpenTok\Layout;
 use OpenTok\Util\Client;
 use OpenTok\Util\Validators;
 use OpenTok\Exception\InvalidArgumentException;
@@ -166,6 +165,10 @@ public function generateToken($sessionId, $options = array())
     *    (either automatically or not), you must set the <code>mediaMode</code> key to
     *    <code>MediaMode::ROUTED</code>.</li>
     *
+    *    <li><code>'e2ee'</code> (Boolean) &mdash; Whether to enable
+    *    <a href="https://tokbox.com/developer/guides/end-to-end-encryption">end-to-end encryption</a>
+    *    for a routed session.</li>
+    *
     *    <li><code>'location'</code> (String) &mdash; An IP address that the OpenTok servers
     *    will use to situate the session in its global network. If you do not set a location hint,
     *    the OpenTok servers will be based on the first client connecting to the session.</li>
@@ -212,26 +215,41 @@ public function createSession($options = array())
     {
         if (
             array_key_exists('archiveMode', $options) &&
-            $options['archiveMode'] != ArchiveMode::MANUAL
+            $options['archiveMode'] !== ArchiveMode::MANUAL
         ) {
             if (
                 array_key_exists('mediaMode', $options) &&
-                $options['mediaMode'] != MediaMode::ROUTED
+                $options['mediaMode'] !== MediaMode::ROUTED
             ) {
                 throw new InvalidArgumentException('A session must be routed to be archived.');
             } else {
                 $options['mediaMode'] = MediaMode::ROUTED;
             }
         }
 
+        if (array_key_exists('e2ee', $options) && $options['e2ee']) {
+
+            if (array_key_exists('mediaMode', $options) && $options['mediaMode'] !== MediaMode::ROUTED) {
+                throw new InvalidArgumentException('MediaMode must be routed in order to enable E2EE');
+            }
+
+            if (array_key_exists('archiveMode', $options) && $options['archiveMode'] === ArchiveMode::ALWAYS) {
+                throw new InvalidArgumentException('ArchiveMode cannot be set to always when using E2EE');
+            }
+
+            $options['e2ee'] = 'true';
+        }
+
         // unpack optional arguments (merging with default values) into named variables
         $defaults = array(
             'mediaMode' => MediaMode::RELAYED,
             'archiveMode' => ArchiveMode::MANUAL,
-            'location' => null
+            'location' => null,
+            'e2ee' => 'false',
         );
+
         $options = array_merge($defaults, array_intersect_key($options, $defaults));
-        list($mediaMode, $archiveMode, $location) = array_values($options);
+        list($mediaMode, $archiveMode, $location, $e2ee) = array_values($options);
 
         // validate arguments
         Validators::validateMediaMode($mediaMode);
@@ -251,7 +269,8 @@ public function createSession($options = array())
         return new Session($this, (string)$sessionId, array(
             'location' => $location,
             'mediaMode' => $mediaMode,
-            'archiveMode' => $archiveMode
+            'archiveMode' => $archiveMode,
+            'e2ee' => $e2ee
         ));
     }
 

src/OpenTok/Session.php

@@ -32,16 +32,25 @@ class Session
      * @internal
      */
     protected $opentok;
+    /**
+     * @internal
+     */
+    protected $e2ee;
 
     /**
      * @internal
      */
     public function __construct($opentok, $sessionId, $properties = array())
     {
-        // unpack arguments
-        $defaults = array('mediaMode' => MediaMode::ROUTED, 'archiveMode' => ArchiveMode::MANUAL, 'location' => null);
+        $defaults = [
+            'mediaMode' => MediaMode::ROUTED,
+            'archiveMode' => ArchiveMode::MANUAL,
+            'location' => null,
+            'e2ee' => false
+        ];
+
         $properties = array_merge($defaults, array_intersect_key($properties, $defaults));
-        list($mediaMode, $archiveMode, $location) = array_values($properties);
+        list($mediaMode, $archiveMode, $location, $e2ee) = array_values($properties);
 
         Validators::validateOpenTok($opentok);
         Validators::validateSessionId($sessionId);
@@ -54,6 +63,7 @@ public function __construct($opentok, $sessionId, $properties = array())
         $this->location = $location;
         $this->mediaMode = $mediaMode;
         $this->archiveMode = $archiveMode;
+        $this->e2ee = $e2ee;
     }
 
     /**
@@ -148,4 +158,15 @@ public function generateToken($options = array())
     {
         return $this->opentok->generateToken($this->sessionId, $options);
     }
+
+    /**
+     * Whether <a href="https://tokbox.com/developer/guides/end-to-end-encryption">end-to-end encryption</a>
+     * is set for the session.
+     *
+     * @return bool
+     */
+    public function getE2EE(): bool
+    {
+        return (bool)$this->e2ee;
+    }
 }

tests/OpenTokTest/OpenTokTest.php

@@ -18,6 +18,7 @@
 use PHPUnit\Framework\TestCase;
 use GuzzleHttp\Handler\MockHandler;
 use OpenTok\Exception\InvalidArgumentException;
+use OpenTok\Session;
 
 define('OPENTOK_DEBUG', true);
 
@@ -218,6 +219,9 @@ public function testCreatesDefaultSession()
         $p2p_preference = $this->getPostField($request, 'p2p.preference');
         $this->assertEquals('enabled', $p2p_preference);
 
+        $e2ee = $this->getPostField($request, 'e2ee');
+        $this->assertEquals('false', $e2ee);
+
         $this->assertInstanceOf('OpenTok\Session', $session);
         // NOTE: this is an actual sessionId from the recorded response, this doesn't correspond to
         // the API Key and API Secret used to create the session.
@@ -227,6 +231,89 @@ public function testCreatesDefaultSession()
         );
     }
 
+    public function testCreatesE2EESession(): void
+    {
+        // Arrange
+        $this->setupOTWithMocks([[
+            'code' => 200,
+            'headers' => [
+                'Content-Type' => 'text/xml'
+            ],
+            'path' => 'session/create/relayed'
+        ]]);
+
+        $session = $this->opentok->createSession(['e2ee' => true]);
+
+        $this->assertCount(1, $this->historyContainer);
+
+        $request = $this->historyContainer[0]['request'];
+        $this->assertEquals('POST', strtoupper($request->getMethod()));
+        $this->assertEquals('/session/create', $request->getUri()->getPath());
+        $this->assertEquals('api.opentok.com', $request->getUri()->getHost());
+        $this->assertEquals('https', $request->getUri()->getScheme());
+
+        $authString = $request->getHeaderLine('X-OPENTOK-AUTH');
+        $this->assertEquals(true, TestHelpers::validateOpenTokAuthHeader($this->API_KEY, $this->API_SECRET, $authString));
+
+        $userAgent = $request->getHeaderLine('User-Agent');
+        $this->assertNotEmpty($userAgent);
+        $this->assertStringStartsWith('OpenTok-PHP-SDK/4.12.0', $userAgent);
+
+        $p2p_preference = $this->getPostField($request, 'p2p.preference');
+        $this->assertEquals('enabled', $p2p_preference);
+
+        $e2ee = $this->getPostField($request, 'e2ee');
+        $this->assertEquals('true', $e2ee);
+
+        $this->assertInstanceOf(Session::class, $session);
+        $this->assertEquals(
+            '2_MX4xNzAxMjYzMX4xMjcuMC4wLjF-V2VkIEZlYiAyNiAxODo1NzoyNCBQU1QgMjAxNH4wLjU0MDU4ODc0fg',
+            $session->getSessionId()
+        );
+    }
+
+    public function testCannotStartE2EESessionWithWrongMediaMode(): void
+    {
+        $this->expectException(InvalidArgumentException::class);
+        $this->expectErrorMessage('MediaMode must be routed in order to enable E2EE');
+
+        $this->setupOTWithMocks([[
+            'code' => 200,
+            'headers' => [
+                'Content-Type' => 'text/xml'
+            ],
+            'path' => 'session/create/relayed'
+        ]]);
+
+        $session = $this->opentok->createSession(
+            [
+                'mediaMode' => MediaMode::RELAYED,
+                'e2ee' => true
+            ]
+        );
+    }
+
+    public function testCannotStartE2EESessionWithWrongArchiveMode(): void
+    {
+        $this->expectException(InvalidArgumentException::class);
+        $this->expectErrorMessage('ArchiveMode cannot be set to always when using E2EE');
+
+        $this->setupOTWithMocks([[
+            'code' => 200,
+            'headers' => [
+                'Content-Type' => 'text/xml'
+            ],
+            'path' => 'session/create/relayed'
+        ]]);
+
+        $session = $this->opentok->createSession(
+            [
+                'archiveMode' => ArchiveMode::ALWAYS,
+                'e2ee' => true
+            ]
+        );
+    }
+
     private function getPostField($request, $targetKey)
     {
         $params = array_map(function ($item) {

tests/OpenTokTest/SessionTest.php

@@ -2,14 +2,10 @@
 
 namespace OpenTokTest;
 
-use GuzzleHttp\Handler\MockHandler;
-use GuzzleHttp\HandlerStack;
-use GuzzleHttp\Middleware;
 use OpenTok\OpenTok;
 use OpenTok\Session;
 use OpenTok\MediaMode;
 use OpenTok\ArchiveMode;
-use OpenTok\Util\Client;
 use PHPUnit\Framework\TestCase;
 
 class SessionTest extends TestCase
@@ -122,6 +118,20 @@ public function badParameterProvider()
         );
     }
 
+    public function testInitialzationWithoutE2ee()
+    {
+        $sessionId = 'SESSIONID';
+        $session = new Session($this->opentok, $sessionId);
+        $this->assertEquals(false, $session->getE2EE());
+    }
+
+    public function testInitialzationWithE2ee()
+    {
+        $sessionId = 'SESSIONID';
+        $session = new Session($this->opentok, $sessionId, ['e2ee' => true]);
+        $this->assertEquals(true, $session->getE2EE());
+    }
+
     public function testInitializationWithExtraneousParams()
     {
         $sessionId = 'SESSIONID';