feature: make hub encryption configurable + only send heartbeat to va…

…ult when credentials are set

README.md

@@ -226,6 +226,7 @@ Next to attaching the configuration file, it is also possible to override the co
 | `AGENT_TURN_USERNAME`                   | TURN username used for WebRTC.                                                                  | "username1"                    |
 | `AGENT_TURN_PASSWORD`                   | TURN password used for WebRTC.                                                                  | "password1"                    |
 | `AGENT_CLOUD`                           | Store recordings in Kerberos Hub (s3), Kerberos Vault (kstorage) or Dropbox (dropbox).          | "s3"                           |
+| `AGENT_HUB_ENCRYPTED`                   | Turning on or off encrypted traffic from your Kerberos Agent to Kerberos Hub.                   | "true"                         |
 | `AGENT_HUB_URI`                         | The Kerberos Hub API, defaults to our Kerberos Hub SAAS.                                        | "https://api.hub.domain.com"   |
 | `AGENT_HUB_KEY`                         | The access key linked to your account in Kerberos Hub.                                          | ""                             |
 | `AGENT_HUB_PRIVATE_KEY`                 | The secret access key linked to your account in Kerberos Hub.                                   | ""                             |

machinery/data/config/config.json

@@ -107,6 +107,7 @@
 	"turn_username": "username1",
 	"turn_password": "password1",
 	"heartbeaturi": "",
+	"hub_encrypted": "true",
 	"hub_uri": "https://api.cloud.kerberos.io",
 	"hub_key": "",
 	"hub_private_key": "",

machinery/src/cloud/Cloud.go

@@ -450,8 +450,9 @@ loop:
 					}`, config.Key, system.Version, system.CPUId, username, key, name, isEnterprise, system.Hostname, system.Architecture, system.TotalMemory, system.UsedMemory, system.FreeMemory, system.ProcessUsedMemory, macs, ips, "0", "0", "0", uptimeString, boottimeString, config.HubSite, onvifEnabled, onvifZoom, onvifPanTilt, onvifPresets, onvifPresetsList, onvifEventsList, cameraConnected, hasBackChannel)
 
 				// Get the private key to encrypt the data using symmetric encryption: AES.
+				HubEncrypted := config.HubEncrypted
 				privateKey := config.HubPrivateKey
-				if privateKey != "" {
+				if HubEncrypted == "true" && privateKey != "" {
 					// Encrypt the data using AES.
 					encrypted, err := encryption.AesEncrypt([]byte(object), privateKey)
 					if err != nil {
@@ -492,7 +493,9 @@ loop:
 			// If we have a Kerberos Vault connected, we will also send some analytics
 			// to that service.
 			vaultURI = config.KStorage.URI
-			if vaultURI != "" {
+			accessKey := config.KStorage.AccessKey
+			secretAccessKey := config.KStorage.SecretAccessKey
+			if vaultURI != "" && accessKey != "" && secretAccessKey != "" {
 
 				var object = fmt.Sprintf(`{
 					"key" : "%s",

machinery/src/components/Kerberos.go

@@ -437,11 +437,11 @@ func ControlAgent(communication *models.Communication) {
 					occurence = 0
 				}
 
-				log.Log.Info("components.Kerberos.ControlAgent(): Number of packets read from main stream: " + strconv.FormatInt(packetsR, 10))
+				log.Log.Info("components.Kerberos.ControlAgent(): Number of packets read from mainstream: " + strconv.FormatInt(packetsR, 10))
 
 				// After 15 seconds without activity this is thrown..
 				if occurence == 3 {
-					log.Log.Info("components.Kerberos.ControlAgent(): Restarting machinery because of blocking main stream.")
+					log.Log.Info("components.Kerberos.ControlAgent(): Restarting machinery because of blocking mainstream.")
 					communication.HandleBootstrap <- "restart"
 					time.Sleep(2 * time.Second)
 					occurence = 0
@@ -460,11 +460,11 @@ func ControlAgent(communication *models.Communication) {
 						occurenceSub = 0
 					}
 
-					log.Log.Info("components.Kerberos.ControlAgent(): Number of packets read from sub stream: " + strconv.FormatInt(packetsSubR, 10))
+					log.Log.Info("components.Kerberos.ControlAgent(): Number of packets read from substream: " + strconv.FormatInt(packetsSubR, 10))
 
 					// After 15 seconds without activity this is thrown..
 					if occurenceSub == 3 {
-						log.Log.Info("components.Kerberos.ControlAgent(): Restarting machinery because of blocking sub stream.")
+						log.Log.Info("components.Kerberos.ControlAgent(): Restarting machinery because of blocking substream.")
 						communication.HandleBootstrap <- "restart"
 						time.Sleep(2 * time.Second)
 						occurenceSub = 0

machinery/src/config/main.go

@@ -406,6 +406,9 @@ func OverrideWithEnvironmentVariables(configuration *models.Configuration) {
 				break
 
 			/* When connected and storing in Kerberos Hub (SAAS) */
+			case "AGENT_HUB_ENCRYPTED":
+				configuration.Config.HubEncrypted = value
+				break
 			case "AGENT_HUB_URI":
 				configuration.Config.HubURI = value
 				break

machinery/src/models/Config.go

@@ -37,6 +37,7 @@ type Config struct {
 	TURNUsername      string       `json:"turn_username" bson:"turn_username"`
 	TURNPassword      string       `json:"turn_password" bson:"turn_password"`
 	HeartbeatURI      string       `json:"heartbeaturi" bson:"heartbeaturi"` /*obsolete*/
+	HubEncrypted      string       `json:"hub_encrypted" bson:"hub_encrypted"`
 	HubURI            string       `json:"hub_uri" bson:"hub_uri"`
 	HubKey            string       `json:"hub_key" bson:"hub_key"`
 	HubPrivateKey     string       `json:"hub_private_key" bson:"hub_private_key"`