File: FlowManager.cxx

package info (click to toggle)
resiprocate 1%3A1.9.7-5
  • links: PTS, VCS
  • area: main
  • in suites: jessie, jessie-kfreebsd
  • size: 36,456 kB
  • ctags: 27,123
  • sloc: cpp: 195,346; xml: 12,515; sh: 11,986; ansic: 6,807; makefile: 2,182; php: 1,150; python: 300; objc: 91; sql: 85; perl: 21; csh: 5
file content (318 lines) | stat: -rw-r--r-- 10,094 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#include <asio.hpp>
#ifdef USE_SSL
#include <asio/ssl.hpp>
#endif
#include <boost/function.hpp>
#include <map>

#include <rutil/Log.hxx>
#include <rutil/Logger.hxx>
#include <rutil/ThreadIf.hxx>
#include <rutil/Random.hxx>
#include <rutil/SharedPtr.hxx>
#include <rutil/Timer.hxx>

#ifdef WIN32
#include <srtp.h>
#else
#include <srtp/srtp.h>
#endif

#ifdef USE_SSL  
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include "FlowDtlsTimerContext.hxx"
#endif //USE_SSL

#include "FlowManagerSubsystem.hxx"
#include "FlowManager.hxx"

using namespace flowmanager;
using namespace resip;
#ifdef USE_SSL 
using namespace dtls;
#endif 
using namespace std;

#define RESIPROCATE_SUBSYSTEM FlowManagerSubsystem::FLOWMANAGER

namespace flowmanager
{
class IOServiceThread : public ThreadIf
{
public:
   IOServiceThread(asio::io_service& ioService) : mIOService(ioService) {}

   virtual ~IOServiceThread() {}

   virtual void thread()
   {
      mIOService.run();
   }
private:
   asio::io_service& mIOService;
};
}

FlowManager::FlowManager()
#ifdef USE_SSL
   : 
   mSslContext(mIOService, asio::ssl::context::tlsv1),
   mClientCert(0),
   mClientKey(0),
   mDtlsFactory(0)
#endif  
{
   mIOServiceWork = new asio::io_service::work(mIOService);
   mIOServiceThread = new IOServiceThread(mIOService);
   mIOServiceThread->run();

#ifdef USE_SSL
   // Setup SSL context
   asio::error_code ec; 
   mSslContext.set_verify_mode(asio::ssl::context::verify_peer | 
                               asio::ssl::context::verify_fail_if_no_peer_cert);
#define VERIFY_FILE "ca.pem"
   mSslContext.load_verify_file(VERIFY_FILE, ec);   // TODO make a setting
   if(ec)
   {
      ErrLog(<< "Unable to load verify file: " << VERIFY_FILE << ", error=" << ec.value() << "(" << ec.message() << ")");
   }
#endif 

   // Initialize SRTP 
   err_status_t status = srtp_init();
   if(status && status != err_status_bad_param)  // Note: err_status_bad_param happens if srtp_init is called twice - we allow this for test programs
   {
      ErrLog(<< "Unable to initialize SRTP engine, error code=" << status);
      throw FlowManagerException("Unable to initialize SRTP engine", __FILE__, __LINE__);
   }
   status = srtp_install_event_handler(FlowManager::srtpEventHandler);   
}
  

FlowManager::~FlowManager()
{
   delete mIOServiceWork;
   mIOServiceThread->join();
   delete mIOServiceThread;
 
 #ifdef USE_SSL
   if(mDtlsFactory) delete mDtlsFactory;
   if(mClientCert) X509_free(mClientCert);
   if(mClientKey) EVP_PKEY_free(mClientKey);
 #endif 
}

#ifdef USE_SSL
void 
FlowManager::initializeDtlsFactory(const char* certAor)
{
   if(mDtlsFactory)
   {
      ErrLog(<< "initializeDtlsFactory called when DtlsFactory is already initialized.");    
      return;
   }

   Data aor(certAor);  
   if(createCert(aor, 365 /* expireDays */, 1024 /* keyLen */, mClientCert, mClientKey))
   {
      FlowDtlsTimerContext* timerContext = new FlowDtlsTimerContext(mIOService);
      mDtlsFactory = new DtlsFactory(std::auto_ptr<DtlsTimerContext>(timerContext), mClientCert, mClientKey);
      assert(mDtlsFactory);
   }
   else
   {
      ErrLog(<< "Unable to create a client cert, cannot use Dtls-Srtp.");    
   }   
}
#endif 

void
FlowManager::srtpEventHandler(srtp_event_data_t *data) 
{
   switch(data->event) {
   case event_ssrc_collision:
     WarningLog(<< "SRTP SSRC collision");
     break;
   case event_key_soft_limit:
     WarningLog(<< "SRTP key usage soft limit reached");
     break;
   case event_key_hard_limit:
     WarningLog(<< "SRTP key usage hard limit reached");
     break;
   case event_packet_index_limit:
     WarningLog(<< "SRTP packet index limit reached");
     break;
   default:
     WarningLog(<< "SRTP unknown event reported to handler");
   }
 }
 
MediaStream* 
FlowManager::createMediaStream(MediaStreamHandler& mediaStreamHandler,
                               const StunTuple& localBinding, 
                               bool rtcpEnabled,
                               MediaStream::NatTraversalMode natTraversalMode,
                               const char* natTraversalServerHostname, 
                               unsigned short natTraversalServerPort, 
                               const char* stunUsername,
                               const char* stunPassword)
{
   MediaStream* newMediaStream = 0;
   if(rtcpEnabled)
   {
      StunTuple localRtcpBinding(localBinding.getTransportType(), localBinding.getAddress(), localBinding.getPort() + 1);
      newMediaStream = new MediaStream(mIOService,
#ifdef USE_SSL
                                       mSslContext,
#endif
                                       mediaStreamHandler,
                                       localBinding,
                                       localRtcpBinding,
#ifdef USE_SSL
                                       mDtlsFactory,
#endif 
                                       natTraversalMode,
                                       natTraversalServerHostname, 
                                       natTraversalServerPort, 
                                       stunUsername, 
                                       stunPassword);
   }
   else
   {
      StunTuple rtcpDisabled;  // Default constructor sets transport type to None - this signals Rtcp is disabled
      newMediaStream = new MediaStream(mIOService,
#ifdef USE_SSL
                                       mSslContext, 
#endif
                                       mediaStreamHandler, 
                                       localBinding, 
                                       rtcpDisabled, 
#ifdef USE_SSL
                                       mDtlsFactory,
#endif 
                                       natTraversalMode, 
                                       natTraversalServerHostname, 
                                       natTraversalServerPort, 
                                       stunUsername, 
                                       stunPassword);
   }
   return newMediaStream;
}

#ifdef USE_SSL 
int 
FlowManager::createCert(const resip::Data& pAor, int expireDays, int keyLen, X509*& outCert, EVP_PKEY*& outKey )
{
   int ret;
   
   Data aor = "sip:" + pAor;
   
   // Make sure that necessary algorithms exist:
   assert(EVP_sha1());

   RSA* rsa = RSA_generate_key(keyLen, RSA_F4, NULL, NULL);
   assert(rsa);    // couldn't make key pair
   
   EVP_PKEY* privkey = EVP_PKEY_new();
   assert(privkey);
   ret = EVP_PKEY_set1_RSA(privkey, rsa);
   assert(ret);

   X509* cert = X509_new();
   assert(cert);
   
   X509_NAME* subject = X509_NAME_new();
   X509_EXTENSION* ext = X509_EXTENSION_new();
   
   // set version to X509v3 (starts from 0)
   X509_set_version(cert, 2L);
   
   int serial = Random::getRandom();  // get an int worth of randomness
   assert(sizeof(int)==4);
   ASN1_INTEGER_set(X509_get_serialNumber(cert),serial);
   
//    ret = X509_NAME_add_entry_by_txt( subject, "O",  MBSTRING_ASC, 
//                                      (unsigned char *) domain.data(), domain.size(), 
//                                      -1, 0);
   assert(ret);
   ret = X509_NAME_add_entry_by_txt( subject, "CN", MBSTRING_ASC, 
                                     (unsigned char *) aor.data(), aor.size(), 
                                     -1, 0);
   assert(ret);
   
   ret = X509_set_issuer_name(cert, subject);
   assert(ret);
   ret = X509_set_subject_name(cert, subject);
   assert(ret);
   
   const long duration = 60*60*24*expireDays;   
   X509_gmtime_adj(X509_get_notBefore(cert),0);
   X509_gmtime_adj(X509_get_notAfter(cert), duration);
   
   ret = X509_set_pubkey(cert, privkey);
   assert(ret);
   
   Data subjectAltNameStr = Data("URI:sip:") + aor
      + Data(",URI:im:")+aor
      + Data(",URI:pres:")+aor;
   ext = X509V3_EXT_conf_nid( NULL , NULL , NID_subject_alt_name, 
                              (char*) subjectAltNameStr.c_str() );
   X509_add_ext( cert, ext, -1);
   X509_EXTENSION_free(ext);
   
   static char CA_FALSE[] = "CA:FALSE";
   ext = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, CA_FALSE);
   ret = X509_add_ext( cert, ext, -1);
   assert(ret);
   X509_EXTENSION_free(ext);
   
   // TODO add extensions NID_subject_key_identifier and NID_authority_key_identifier
   
   ret = X509_sign(cert, privkey, EVP_sha1());
   assert(ret);

   outCert = cert;
   outKey = privkey;
   return ret; 
}
#endif

/* ====================================================================

 Copyright (c) 2007-2008, Plantronics, Inc.
 All rights reserved.

 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are 
 met:

 1. Redistributions of source code must retain the above copyright 
    notice, this list of conditions and the following disclaimer. 

 2. Redistributions in binary form must reproduce the above copyright
    notice, this list of conditions and the following disclaimer in the
    documentation and/or other materials provided with the distribution. 

 3. Neither the name of Plantronics nor the names of its contributors 
    may be used to endorse or promote products derived from this 
    software without specific prior written permission. 

 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 
 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 
 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 
 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 
 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 
 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 ==================================================================== */