sips_transport_ice.h 4.4 KB
Newer Older
1
/*
Sébastien Blin's avatar
Sébastien Blin committed
2
 *  Copyright (C) 2004-2019 Savoir-faire Linux Inc.
Guillaume Roguez's avatar
Guillaume Roguez committed
3
 *
4
 *  Author: Adrien Béraud <adrien.beraud@savoirfairelinux.com>
5
 *  Author: Guillaume Roguez <guillaume.roguez@savoirfairelinux.com>
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301 USA.
 */

#pragma once

24
#include "security/tls_session.h"
25
#include "ip_utils.h"
26
#include "noncopyable.h"
27
#include "scheduled_executor.h"
28 29 30 31 32 33 34 35 36 37 38 39 40

#include <pjsip.h>
#include <pj/pool.h>

#include <gnutls/gnutls.h>
#include <gnutls/dtls.h>
#include <gnutls/abstract.h>

#include <list>
#include <functional>
#include <memory>
#include <mutex>
#include <chrono>
41
#include <queue>
42
#include <utility>
43
#include <vector>
44

Adrien Béraud's avatar
Adrien Béraud committed
45
namespace jami {
46
class IceTransport;
Guillaume Roguez's avatar
Guillaume Roguez committed
47
class IceSocketTransport;
Adrien Béraud's avatar
Adrien Béraud committed
48
} // namespace jami
49

Adrien Béraud's avatar
Adrien Béraud committed
50
namespace jami { namespace tls {
51

52 53 54 55 56
/**
 * SipsIceTransport
 *
 * Implements TLS transport as an pjsip_transport
 */
57 58 59 60 61 62 63 64 65 66
struct SipsIceTransport
{
    using clock = std::chrono::steady_clock;
    using TransportData = struct {
        pjsip_transport base; // do not move, SHOULD be the fist member
        SipsIceTransport* self {nullptr};
    };
    static_assert(std::is_standard_layout<TransportData>::value,
                  "TranportData requires standard-layout");

67
    SipsIceTransport(pjsip_endpoint* endpt, int tp_type, const TlsParams& param,
68 69 70
                    const std::shared_ptr<IceTransport>& ice, int comp_id);
    ~SipsIceTransport();

Guillaume Roguez's avatar
Guillaume Roguez committed
71
    void shutdown();
72

73 74
    std::shared_ptr<IceTransport> getIceTransport() const { return ice_; }
    pjsip_transport* getTransportBase() { return &trData_.base; }
75

76 77
    IpAddr getLocalAddress() const { return local_; }
    IpAddr getRemoteAddress() const { return remote_; }
78

79 80 81
    // uses the tls_ uniquepointer internal gnutls_session_t, to call its method to get its MTU
    uint16_t getTlsSessionMtu();

82
private:
83
    NON_COPYABLE(SipsIceTransport);
84

Guillaume Roguez's avatar
Guillaume Roguez committed
85
    std::shared_ptr<IceTransport> ice_;
86
    const int comp_id_;
87
    const std::function<int(unsigned, const gnutls_datum_t*, unsigned)> certCheck_;
88 89 90
    IpAddr local_ {};
    IpAddr remote_ {};

91 92 93
    // PJSIP transport backend

    TransportData trData_; // uplink to "this" (used by PJSIP called C-callbacks)
94

95 96 97 98
    std::unique_ptr<pj_pool_t, decltype(pj_pool_release)*> pool_;
    std::unique_ptr<pj_pool_t, decltype(pj_pool_release)*> rxPool_;

    pjsip_rx_data rdata_;
99

100 101
    pj_ssl_cert_info localCertInfo_;
    pj_ssl_cert_info remoteCertInfo_;
102

103
    pj_status_t verifyStatus_ {PJ_EUNKNOWN};
104

105
    // TlsSession backend
106

107 108 109
    struct ChangeStateEventData {
        pj_ssl_sock_info ssl_info;
        pjsip_tls_state_info tls_info;
110
        pjsip_transport_state_info state_info;
111 112 113
        decltype(PJSIP_TP_STATE_DISCONNECTED) state;
    };

Guillaume Roguez's avatar
Guillaume Roguez committed
114
    std::unique_ptr<IceSocketTransport> iceSocket_;
115
    std::unique_ptr<TlsSession> tls_;
116 117 118 119 120

    std::mutex txMutex_ {};
    std::condition_variable txCv_ {};
    std::list<pjsip_tx_data*> txQueue_ {};
    bool syncTx_ {false}; // true if we can send data synchronously (cnx established)
121

122 123
    std::mutex stateChangeEventsMutex_ {};
    std::list<ChangeStateEventData> stateChangeEvents_ {};
124 125 126

    std::mutex rxMtx_;
    std::list<std::vector<uint8_t>> rxPending_;
127

128 129
    ScheduledExecutor scheduler_;

130 131 132 133 134 135 136 137 138 139 140
    pj_status_t send(pjsip_tx_data*, const pj_sockaddr_t*, int, void*, pjsip_transport_callback);
    void handleEvents();
    void pushChangeStateEvent(ChangeStateEventData&&);
    void updateTransportState(pjsip_transport_state);
    void certGetInfo(pj_pool_t*, pj_ssl_cert_info*, const gnutls_datum_t*, size_t);
    void certGetCn(const pj_str_t*, pj_str_t*);
    void getInfo(pj_ssl_sock_info*, bool);
    void onTlsStateChange(TlsSessionState);
    void onRxData(std::vector<uint8_t>&&);
    void onCertificatesUpdate(const gnutls_datum_t*, const gnutls_datum_t*, unsigned int);
    int verifyCertificate(gnutls_session_t);
141 142
};

Adrien Béraud's avatar
Adrien Béraud committed
143
}} // namespace jami::tls