Commit 4d7e38b1 authored by Adrien Béraud's avatar Adrien Béraud

dht: add DHTAccount

Add a DHTAccount class based on SIPAccountBase.

Refs #53127

Change-Id: I95736735a05107cdc9ffbd003fa5e4bc75518b0f
parent 4fa00076
...@@ -20,6 +20,12 @@ IAX_LIBA=./iax/libiaxlink.la ...@@ -20,6 +20,12 @@ IAX_LIBA=./iax/libiaxlink.la
IAX_LIB=-liax IAX_LIB=-liax
endif endif
if USE_DHT
DHT_SUBDIR=dht
DHT_CXXFLAG=-DUSE_DHT
DHT_LIBA=./dht/libdht.la
endif
if USE_NETWORKMANAGER if USE_NETWORKMANAGER
NETWORKMANAGER=-DUSE_NETWORKMANAGER NETWORKMANAGER=-DUSE_NETWORKMANAGER
endif endif
...@@ -29,11 +35,7 @@ TLS_LIB = @GNUTLS_LIBS@ ...@@ -29,11 +35,7 @@ TLS_LIB = @GNUTLS_LIBS@
TLS_CFLAGS = @GNUTLS_CFLAGS@ TLS_CFLAGS = @GNUTLS_CFLAGS@
endif endif
SUBDIRS = client audio config hooks history sip $(IAX_SUBDIR) $(INSTANT_MESSAGING_SUBDIR) $(SFL_VIDEO_SUBDIR) SUBDIRS = client audio config hooks history sip $(IAX_SUBDIR) $(DHT_SUBDIR) $(INSTANT_MESSAGING_SUBDIR) $(SFL_VIDEO_SUBDIR)
if USE_DHT
SUBDIRS += dht
endif
# libsflphone # libsflphone
...@@ -46,6 +48,7 @@ libsflphone_la_LIBADD = \ ...@@ -46,6 +48,7 @@ libsflphone_la_LIBADD = \
./config/libconfig.la \ ./config/libconfig.la \
./hooks/libhooks.la \ ./hooks/libhooks.la \
./history/libhistory.la \ ./history/libhistory.la \
$(DHT_LIBA) \
$(IAX_LIBA) \ $(IAX_LIBA) \
$(IM_LIBA) \ $(IM_LIBA) \
$(SFL_VIDEO_LIBS) $(SFL_VIDEO_LIBS)
......
...@@ -38,6 +38,9 @@ ...@@ -38,6 +38,9 @@
#if HAVE_IAX #if HAVE_IAX
#include "iax/iaxaccount.h" #include "iax/iaxaccount.h"
#endif #endif
#if HAVE_DHT
#include "dht/dhtaccount.h"
#endif
#include "sip/sipvoiplink.h" // for SIPVoIPLink::loadIP2IPSettings #include "sip/sipvoiplink.h" // for SIPVoIPLink::loadIP2IPSettings
...@@ -55,6 +58,11 @@ AccountFactory::AccountFactory() ...@@ -55,6 +58,11 @@ AccountFactory::AccountFactory()
generators_.insert(std::make_pair(IAXAccount::ACCOUNT_TYPE, iaxfunc)); generators_.insert(std::make_pair(IAXAccount::ACCOUNT_TYPE, iaxfunc));
DEBUG("registered %s account", IAXAccount::ACCOUNT_TYPE); DEBUG("registered %s account", IAXAccount::ACCOUNT_TYPE);
#endif #endif
#if HAVE_DHT
auto dhtfunc = [](const std::string& id){ return std::make_shared<DHTAccount>(id, false); };
generators_.insert(std::make_pair(DHTAccount::ACCOUNT_TYPE, dhtfunc));
DEBUG("registered %s account", DHTAccount::ACCOUNT_TYPE);
#endif
} }
std::shared_ptr<Account> std::shared_ptr<Account>
......
include $(top_srcdir)/globals.mak
if USE_DHT
noinst_LTLIBRARIES = libdht.la
libdht_la_CXXFLAGS = @CXXFLAGS@
SUBDIRS = dhtcpp SUBDIRS = dhtcpp
libdht_la_LIBADD = \
dhtcpp/libdhtcpp.la
libdht_la_SOURCES = \
dhtaccount.cpp \
dhtaccount.h
endif
This diff is collapsed.
This diff is collapsed.
...@@ -45,6 +45,9 @@ ...@@ -45,6 +45,9 @@
#include "fileutils.h" #include "fileutils.h"
#include "map_utils.h" #include "map_utils.h"
#include "account.h" #include "account.h"
#if HAVE_DHT
#include "dht/dhtaccount.h"
#endif
#include "call_factory.h" #include "call_factory.h"
...@@ -2757,6 +2760,15 @@ ManagerImpl::newOutgoingCall(const std::string& id, ...@@ -2757,6 +2760,15 @@ ManagerImpl::newOutgoingCall(const std::string& id,
std::shared_ptr<Account> account = Manager::instance().getIP2IPAccount(); std::shared_ptr<Account> account = Manager::instance().getIP2IPAccount();
std::string finalToUrl = toUrl; std::string finalToUrl = toUrl;
#if HAVE_DHT
if (toUrl.find("dht:") != std::string::npos) {
WARN("DHT call detected");
auto dhtAcc = getAllAccounts<DHTAccount>();
if (not dhtAcc.empty())
return dhtAcc.front()->newOutgoingCall(id, finalToUrl);
}
#endif
// FIXME: have a generic version to remove sip dependency // FIXME: have a generic version to remove sip dependency
sip_utils::stripSipUriPrefix(finalToUrl); sip_utils::stripSipUriPrefix(finalToUrl);
......
...@@ -75,6 +75,8 @@ ...@@ -75,6 +75,8 @@
static const int MIN_REGISTRATION_TIME = 60; static const int MIN_REGISTRATION_TIME = 60;
static const int DEFAULT_REGISTRATION_TIME = 3600; static const int DEFAULT_REGISTRATION_TIME = 3600;
static const char *const VALID_TLS_METHODS[] = {"Default", "TLSv1", "SSLv3", "SSLv23"}; static const char *const VALID_TLS_METHODS[] = {"Default", "TLSv1", "SSLv3", "SSLv23"};
static const char *const VALID_SRTP_KEY_EXCHANGES[] = {"", "sdes", "zrtp"};
constexpr const char * const SIPAccount::ACCOUNT_TYPE; constexpr const char * const SIPAccount::ACCOUNT_TYPE;
#if HAVE_TLS #if HAVE_TLS
...@@ -407,19 +409,26 @@ void SIPAccount::serialize(YAML::Emitter &out) ...@@ -407,19 +409,26 @@ void SIPAccount::serialize(YAML::Emitter &out)
// tls submap // tls submap
out << YAML::Key << TLS_KEY << YAML::Value << YAML::BeginMap; out << YAML::Key << TLS_KEY << YAML::Value << YAML::BeginMap;
SIPAccountBase::serializeTls(out);
out << YAML::Key << TLS_ENABLE_KEY << YAML::Value << tlsEnable_;
out << YAML::Key << VERIFY_CLIENT_KEY << YAML::Value << tlsVerifyClient_;
out << YAML::Key << VERIFY_SERVER_KEY << YAML::Value << tlsVerifyServer_;
out << YAML::Key << REQUIRE_CERTIF_KEY << YAML::Value << tlsRequireClientCertificate_;
out << YAML::Key << TIMEOUT_KEY << YAML::Value << tlsNegotiationTimeoutSec_;
out << YAML::Key << CALIST_KEY << YAML::Value << tlsCaListFile_; out << YAML::Key << CALIST_KEY << YAML::Value << tlsCaListFile_;
out << YAML::Key << CERTIFICATE_KEY << YAML::Value << tlsCertificateFile_; out << YAML::Key << CERTIFICATE_KEY << YAML::Value << tlsCertificateFile_;
out << YAML::Key << CIPHERS_KEY << YAML::Value << tlsCiphers_; out << YAML::Key << CIPHERS_KEY << YAML::Value << tlsCiphers_;
out << YAML::Key << TLS_ENABLE_KEY << YAML::Value << tlsEnable_;
out << YAML::Key << METHOD_KEY << YAML::Value << tlsMethod_; out << YAML::Key << METHOD_KEY << YAML::Value << tlsMethod_;
out << YAML::Key << TLS_PASSWORD_KEY << YAML::Value << tlsPassword_; out << YAML::Key << TLS_PASSWORD_KEY << YAML::Value << tlsPassword_;
out << YAML::Key << PRIVATE_KEY_KEY << YAML::Value << tlsPrivateKeyFile_; out << YAML::Key << PRIVATE_KEY_KEY << YAML::Value << tlsPrivateKeyFile_;
out << YAML::Key << REQUIRE_CERTIF_KEY << YAML::Value << tlsRequireClientCertificate_;
out << YAML::Key << SERVER_KEY << YAML::Value << tlsServerName_; out << YAML::Key << SERVER_KEY << YAML::Value << tlsServerName_;
out << YAML::Key << TIMEOUT_KEY << YAML::Value << tlsNegotiationTimeoutSec_; out << YAML::EndMap;
out << YAML::Key << TLS_PORT_KEY << YAML::Value << tlsListenerPort_;
out << YAML::Key << VERIFY_CLIENT_KEY << YAML::Value << tlsVerifyClient_; // srtp submap
out << YAML::Key << VERIFY_SERVER_KEY << YAML::Value << tlsVerifyServer_; out << YAML::Key << SRTP_KEY << YAML::Value << YAML::BeginMap;
out << YAML::Key << SRTP_ENABLE_KEY << YAML::Value << srtpEnabled_;
out << YAML::Key << KEY_EXCHANGE_KEY << YAML::Value << srtpKeyExchange_;
out << YAML::Key << RTP_FALLBACK_KEY << YAML::Value << srtpFallback_;
out << YAML::EndMap; out << YAML::EndMap;
// zrtp submap // zrtp submap
...@@ -505,7 +514,6 @@ void SIPAccount::unserialize(const YAML::Node &node) ...@@ -505,7 +514,6 @@ void SIPAccount::unserialize(const YAML::Node &node)
const auto &tlsMap = node[TLS_KEY]; const auto &tlsMap = node[TLS_KEY];
parseValue(tlsMap, TLS_ENABLE_KEY, tlsEnable_); parseValue(tlsMap, TLS_ENABLE_KEY, tlsEnable_);
parseValue(tlsMap, TLS_PORT_KEY, tlsListenerPort_);
parseValue(tlsMap, CERTIFICATE_KEY, tlsCertificateFile_); parseValue(tlsMap, CERTIFICATE_KEY, tlsCertificateFile_);
parseValue(tlsMap, CALIST_KEY, tlsCaListFile_); parseValue(tlsMap, CALIST_KEY, tlsCaListFile_);
parseValue(tlsMap, CIPHERS_KEY, tlsCiphers_); parseValue(tlsMap, CIPHERS_KEY, tlsCiphers_);
...@@ -516,13 +524,21 @@ void SIPAccount::unserialize(const YAML::Node &node) ...@@ -516,13 +524,21 @@ void SIPAccount::unserialize(const YAML::Node &node)
parseValue(tlsMap, TLS_PASSWORD_KEY, tlsPassword_); parseValue(tlsMap, TLS_PASSWORD_KEY, tlsPassword_);
parseValue(tlsMap, PRIVATE_KEY_KEY, tlsPrivateKeyFile_); parseValue(tlsMap, PRIVATE_KEY_KEY, tlsPrivateKeyFile_);
parseValue(tlsMap, REQUIRE_CERTIF_KEY, tlsRequireClientCertificate_);
parseValue(tlsMap, SERVER_KEY, tlsServerName_); parseValue(tlsMap, SERVER_KEY, tlsServerName_);
parseValue(tlsMap, REQUIRE_CERTIF_KEY, tlsRequireClientCertificate_);
parseValue(tlsMap, VERIFY_CLIENT_KEY, tlsVerifyClient_); parseValue(tlsMap, VERIFY_CLIENT_KEY, tlsVerifyClient_);
parseValue(tlsMap, VERIFY_SERVER_KEY, tlsVerifyServer_); parseValue(tlsMap, VERIFY_SERVER_KEY, tlsVerifyServer_);
// FIXME // FIXME
parseValue(tlsMap, TIMEOUT_KEY, tlsNegotiationTimeoutSec_); parseValue(tlsMap, TIMEOUT_KEY, tlsNegotiationTimeoutSec_);
// get srtp submap
const auto &srtpMap = node[SRTP_KEY];
parseValue(srtpMap, SRTP_ENABLE_KEY, srtpEnabled_);
std::string tmpKey;
parseValue(srtpMap, KEY_EXCHANGE_KEY, tmpKey);
validate(srtpKeyExchange_, tmpKey, VALID_SRTP_KEY_EXCHANGES);
parseValue(srtpMap, RTP_FALLBACK_KEY, srtpFallback_);
} }
template <typename T> template <typename T>
...@@ -584,6 +600,17 @@ void SIPAccount::setAccountDetails(const std::map<std::string, std::string> &det ...@@ -584,6 +600,17 @@ void SIPAccount::setAccountDetails(const std::map<std::string, std::string> &det
parseBool(details, CONFIG_TLS_VERIFY_CLIENT, tlsVerifyClient_); parseBool(details, CONFIG_TLS_VERIFY_CLIENT, tlsVerifyClient_);
parseBool(details, CONFIG_TLS_REQUIRE_CLIENT_CERTIFICATE, tlsRequireClientCertificate_); parseBool(details, CONFIG_TLS_REQUIRE_CLIENT_CERTIFICATE, tlsRequireClientCertificate_);
parseString(details, CONFIG_TLS_NEGOTIATION_TIMEOUT_SEC, tlsNegotiationTimeoutSec_); parseString(details, CONFIG_TLS_NEGOTIATION_TIMEOUT_SEC, tlsNegotiationTimeoutSec_);
parseBool(details, CONFIG_TLS_VERIFY_SERVER, tlsVerifyServer_);
parseBool(details, CONFIG_TLS_VERIFY_CLIENT, tlsVerifyClient_);
parseBool(details, CONFIG_TLS_REQUIRE_CLIENT_CERTIFICATE, tlsRequireClientCertificate_);
parseString(details, CONFIG_TLS_NEGOTIATION_TIMEOUT_SEC, tlsNegotiationTimeoutSec_);
// srtp settings
parseBool(details, CONFIG_SRTP_ENABLE, srtpEnabled_);
parseBool(details, CONFIG_SRTP_RTP_FALLBACK, srtpFallback_);
iter = details.find(CONFIG_SRTP_KEY_EXCHANGE);
if (iter != details.end())
validate(srtpKeyExchange_, iter->second, VALID_SRTP_KEY_EXCHANGES);
if (credentials_.empty()) { // credentials not set, construct 1 entry if (credentials_.empty()) { // credentials not set, construct 1 entry
WARN("No credentials set, inferring them..."); WARN("No credentials set, inferring them...");
...@@ -664,15 +691,7 @@ std::map<std::string, std::string> SIPAccount::getAccountDetails() const ...@@ -664,15 +691,7 @@ std::map<std::string, std::string> SIPAccount::getAccountDetails() const
a[CONFIG_STUN_SERVER] = stunServer_; a[CONFIG_STUN_SERVER] = stunServer_;
a[CONFIG_KEEP_ALIVE_ENABLED] = keepAliveEnabled_ ? TRUE_STR : FALSE_STR; a[CONFIG_KEEP_ALIVE_ENABLED] = keepAliveEnabled_ ? TRUE_STR : FALSE_STR;
a[CONFIG_ZRTP_DISPLAY_SAS] = zrtpDisplaySas_ ? TRUE_STR : FALSE_STR;
a[CONFIG_ZRTP_DISPLAY_SAS_ONCE] = zrtpDisplaySasOnce_ ? TRUE_STR : FALSE_STR;
a[CONFIG_ZRTP_HELLO_HASH] = zrtpHelloHash_ ? TRUE_STR : FALSE_STR;
a[CONFIG_ZRTP_NOT_SUPP_WARNING] = zrtpNotSuppWarning_ ? TRUE_STR : FALSE_STR;
// TLS listener is unique and parameters are modified through IP2IP_PROFILE // TLS listener is unique and parameters are modified through IP2IP_PROFILE
std::stringstream tlslistenerport;
tlslistenerport << tlsListenerPort_;
a[CONFIG_TLS_LISTENER_PORT] = tlslistenerport.str();
a[CONFIG_TLS_ENABLE] = tlsEnable_ ? TRUE_STR : FALSE_STR; a[CONFIG_TLS_ENABLE] = tlsEnable_ ? TRUE_STR : FALSE_STR;
a[CONFIG_TLS_CA_LIST_FILE] = tlsCaListFile_; a[CONFIG_TLS_CA_LIST_FILE] = tlsCaListFile_;
a[CONFIG_TLS_CERTIFICATE_FILE] = tlsCertificateFile_; a[CONFIG_TLS_CERTIFICATE_FILE] = tlsCertificateFile_;
...@@ -686,6 +705,15 @@ std::map<std::string, std::string> SIPAccount::getAccountDetails() const ...@@ -686,6 +705,15 @@ std::map<std::string, std::string> SIPAccount::getAccountDetails() const
a[CONFIG_TLS_REQUIRE_CLIENT_CERTIFICATE] = tlsRequireClientCertificate_ ? TRUE_STR : FALSE_STR; a[CONFIG_TLS_REQUIRE_CLIENT_CERTIFICATE] = tlsRequireClientCertificate_ ? TRUE_STR : FALSE_STR;
a[CONFIG_TLS_NEGOTIATION_TIMEOUT_SEC] = tlsNegotiationTimeoutSec_; a[CONFIG_TLS_NEGOTIATION_TIMEOUT_SEC] = tlsNegotiationTimeoutSec_;
a[CONFIG_SRTP_KEY_EXCHANGE] = srtpKeyExchange_;
a[CONFIG_SRTP_ENABLE] = srtpEnabled_ ? TRUE_STR : FALSE_STR;
a[CONFIG_SRTP_RTP_FALLBACK] = srtpFallback_ ? TRUE_STR : FALSE_STR;
a[CONFIG_ZRTP_DISPLAY_SAS] = zrtpDisplaySas_ ? TRUE_STR : FALSE_STR;
a[CONFIG_ZRTP_DISPLAY_SAS_ONCE] = zrtpDisplaySasOnce_ ? TRUE_STR : FALSE_STR;
a[CONFIG_ZRTP_HELLO_HASH] = zrtpHelloHash_ ? TRUE_STR : FALSE_STR;
a[CONFIG_ZRTP_NOT_SUPP_WARNING] = zrtpNotSuppWarning_ ? TRUE_STR : FALSE_STR;
return a; return a;
} }
......
...@@ -55,6 +55,19 @@ typedef std::vector<pj_ssl_cipher> CipherArray; ...@@ -55,6 +55,19 @@ typedef std::vector<pj_ssl_cipher> CipherArray;
namespace Conf { namespace Conf {
const char *const KEEP_ALIVE_ENABLED = "keepAlive"; const char *const KEEP_ALIVE_ENABLED = "keepAlive";
// TODO: write an object to store credential which implement serializable
const char *const SRTP_KEY = "srtp";
const char *const SRTP_ENABLE_KEY = "enable";
const char *const KEY_EXCHANGE_KEY = "keyExchange";
const char *const RTP_FALLBACK_KEY = "rtpFallback";
// TODO: wirte an object to store zrtp params wich implement serializable
const char *const ZRTP_KEY = "zrtp";
const char *const DISPLAY_SAS_KEY = "displaySas";
const char *const DISPLAY_SAS_ONCE_KEY = "displaySasOnce";
const char *const HELLO_HASH_ENABLED_KEY = "helloHashEnabled";
const char *const NOT_SUPP_WARNING_KEY = "notSuppWarning";
} }
namespace YAML { namespace YAML {
...@@ -309,14 +322,6 @@ class SIPAccount : public SIPAccountBase { ...@@ -309,14 +322,6 @@ class SIPAccount : public SIPAccountBase {
return stunPort_; return stunPort_;
} }
/**
* @return bool Tells if current transport for that
* account is set to TLS.
*/
bool isTlsEnabled() const {
return tlsEnable_;
}
/** /**
* @return bool Tells if current transport for that * @return bool Tells if current transport for that
* account is set to OTHER. * account is set to OTHER.
...@@ -369,6 +374,21 @@ class SIPAccount : public SIPAccountBase { ...@@ -369,6 +374,21 @@ class SIPAccount : public SIPAccountBase {
bool hasServiceRoute() const { return not serviceRoute_.empty(); } bool hasServiceRoute() const { return not serviceRoute_.empty(); }
virtual bool isTlsEnabled() const {
return tlsEnable_;
}
virtual bool getSrtpEnabled() const {
return srtpEnabled_;
}
virtual std::string getSrtpKeyExchange() const {
return srtpKeyExchange_;
}
virtual bool getSrtpFallback() const {
return srtpFallback_;
}
bool getZrtpHelloHash() const { bool getZrtpHelloHash() const {
return zrtpHelloHash_; return zrtpHelloHash_;
...@@ -605,11 +625,7 @@ class SIPAccount : public SIPAccountBase { ...@@ -605,11 +625,7 @@ class SIPAccount : public SIPAccountBase {
*/ */
pj_uint16_t stunPort_ {PJ_STUN_PORT}; pj_uint16_t stunPort_ {PJ_STUN_PORT};
bool tlsEnable_ {false};
/**
* Certificate autority file
*/
std::string tlsCaListFile_; std::string tlsCaListFile_;
std::string tlsCertificateFile_; std::string tlsCertificateFile_;
std::string tlsPrivateKeyFile_; std::string tlsPrivateKeyFile_;
...@@ -622,6 +638,25 @@ class SIPAccount : public SIPAccountBase { ...@@ -622,6 +638,25 @@ class SIPAccount : public SIPAccountBase {
bool tlsRequireClientCertificate_; bool tlsRequireClientCertificate_;
std::string tlsNegotiationTimeoutSec_; std::string tlsNegotiationTimeoutSec_;
/**
* Determine if SRTP is enabled for this account, SRTP and ZRTP are mutually exclusive
* This only determine if the media channel is secured. One could only enable TLS
* with no secured media channel.
*/
bool srtpEnabled_ {false};
/**
* Specifies the type of key exchange usd for SRTP (sdes/zrtp)
*/
std::string srtpKeyExchange_ {""};
/**
* Determine if the softphone should fallback on non secured media channel if SRTP negotiation fails.
* Make sure other SIP endpoints share the same behavior since it could result in encrypted data to be
* played through the audio device.
*/
bool srtpFallback_ {};
/** /**
* Determine if the SAS sould be displayed on client side. SAS is a 4-charcter string * Determine if the SAS sould be displayed on client side. SAS is a 4-charcter string
* that end users should verbaly validate to ensure the channel is secured. Used especially * that end users should verbaly validate to ensure the channel is secured. Used especially
......
...@@ -44,8 +44,6 @@ ...@@ -44,8 +44,6 @@
bool SIPAccountBase::portsInUse_[HALF_MAX_PORT]; bool SIPAccountBase::portsInUse_[HALF_MAX_PORT];
static const char *const VALID_SRTP_KEY_EXCHANGES[] = {"", "sdes", "zrtp"};
SIPAccountBase::SIPAccountBase(const std::string& accountID) SIPAccountBase::SIPAccountBase(const std::string& accountID)
: Account(accountID), link_(getSIPVoIPLink()) : Account(accountID), link_(getSIPVoIPLink())
{} {}
...@@ -108,19 +106,17 @@ void SIPAccountBase::serialize(YAML::Emitter &out) ...@@ -108,19 +106,17 @@ void SIPAccountBase::serialize(YAML::Emitter &out)
out << YAML::Key << PUBLISH_PORT_KEY << YAML::Value << publishedPort_; out << YAML::Key << PUBLISH_PORT_KEY << YAML::Value << publishedPort_;
out << YAML::Key << SAME_AS_LOCAL_KEY << YAML::Value << publishedSameasLocal_; out << YAML::Key << SAME_AS_LOCAL_KEY << YAML::Value << publishedSameasLocal_;
// srtp submap
out << YAML::Key << SRTP_KEY << YAML::Value << YAML::BeginMap;
out << YAML::Key << SRTP_ENABLE_KEY << YAML::Value << srtpEnabled_;
out << YAML::Key << KEY_EXCHANGE_KEY << YAML::Value << srtpKeyExchange_;
out << YAML::Key << RTP_FALLBACK_KEY << YAML::Value << srtpFallback_;
out << YAML::EndMap;
out << YAML::Key << VIDEO_CODECS_KEY << YAML::Value << videoCodecList_; out << YAML::Key << VIDEO_CODECS_KEY << YAML::Value << videoCodecList_;
out << YAML::Key << VIDEO_ENABLED_KEY << YAML::Value << videoEnabled_; out << YAML::Key << VIDEO_ENABLED_KEY << YAML::Value << videoEnabled_;
out << YAML::Key << VIDEO_PORT_MAX_KEY << YAML::Value << videoPortRange_.second; out << YAML::Key << VIDEO_PORT_MAX_KEY << YAML::Value << videoPortRange_.second;
out << YAML::Key << VIDEO_PORT_MIN_KEY << YAML::Value << videoPortRange_.first; out << YAML::Key << VIDEO_PORT_MIN_KEY << YAML::Value << videoPortRange_.first;
} }
void SIPAccountBase::serializeTls(YAML::Emitter &out)
{
using namespace Conf;
out << YAML::Key << TLS_PORT_KEY << YAML::Value << tlsListenerPort_;
}
void SIPAccountBase::unserialize(const YAML::Node &node) void SIPAccountBase::unserialize(const YAML::Node &node)
{ {
...@@ -153,14 +149,9 @@ void SIPAccountBase::unserialize(const YAML::Node &node) ...@@ -153,14 +149,9 @@ void SIPAccountBase::unserialize(const YAML::Node &node)
parseValue(node, DTMF_TYPE_KEY, dtmfType_); parseValue(node, DTMF_TYPE_KEY, dtmfType_);
// get srtp submap // get tls submap
const auto &srtpMap = node[SRTP_KEY]; const auto &tlsMap = node[TLS_KEY];
parseValue(srtpMap, SRTP_ENABLE_KEY, srtpEnabled_); parseValue(tlsMap, TLS_PORT_KEY, tlsListenerPort_);
std::string tmpKey;
parseValue(srtpMap, KEY_EXCHANGE_KEY, tmpKey);
validate(srtpKeyExchange_, tmpKey, VALID_SRTP_KEY_EXCHANGES);
parseValue(srtpMap, RTP_FALLBACK_KEY, srtpFallback_);
unserializeRange(node, AUDIO_PORT_MIN_KEY, AUDIO_PORT_MAX_KEY, audioPortRange_); unserializeRange(node, AUDIO_PORT_MIN_KEY, AUDIO_PORT_MAX_KEY, audioPortRange_);
unserializeRange(node, VIDEO_PORT_MIN_KEY, VIDEO_PORT_MAX_KEY, videoPortRange_); unserializeRange(node, VIDEO_PORT_MIN_KEY, VIDEO_PORT_MAX_KEY, videoPortRange_);
...@@ -195,12 +186,8 @@ void SIPAccountBase::setAccountDetails(const std::map<std::string, std::string> ...@@ -195,12 +186,8 @@ void SIPAccountBase::setAccountDetails(const std::map<std::string, std::string>
updateRange(tmpMin, tmpMax, videoPortRange_); updateRange(tmpMin, tmpMax, videoPortRange_);
#endif #endif
// srtp settings // TLS
parseBool(details, CONFIG_SRTP_ENABLE, srtpEnabled_); parseInt(details, CONFIG_TLS_LISTENER_PORT, tlsListenerPort_);
parseBool(details, CONFIG_SRTP_RTP_FALLBACK, srtpFallback_);
auto iter = details.find(CONFIG_SRTP_KEY_EXCHANGE);
if (iter != details.end())
validate(srtpKeyExchange_, iter->second, VALID_SRTP_KEY_EXCHANGES);
} }
std::map<std::string, std::string> std::map<std::string, std::string>
...@@ -231,9 +218,9 @@ SIPAccountBase::getAccountDetails() const ...@@ -231,9 +218,9 @@ SIPAccountBase::getAccountDetails() const
publishedport << publishedPort_; publishedport << publishedPort_;
a[CONFIG_PUBLISHED_PORT] = publishedport.str(); a[CONFIG_PUBLISHED_PORT] = publishedport.str();
a[CONFIG_SRTP_KEY_EXCHANGE] = srtpKeyExchange_; std::stringstream tlslistenerport;
a[CONFIG_SRTP_ENABLE] = srtpEnabled_ ? TRUE_STR : FALSE_STR; tlslistenerport << tlsListenerPort_;
a[CONFIG_SRTP_RTP_FALLBACK] = srtpFallback_ ? TRUE_STR : FALSE_STR; a[CONFIG_TLS_LISTENER_PORT] = tlslistenerport.str();
return a; return a;
} }
......
...@@ -66,19 +66,6 @@ namespace Conf { ...@@ -66,19 +66,6 @@ namespace Conf {
const char *const PRESENCE_STATUS_KEY = "presenceStatus"; const char *const PRESENCE_STATUS_KEY = "presenceStatus";
const char *const PRESENCE_NOTE_KEY = "presenceNote"; const char *const PRESENCE_NOTE_KEY = "presenceNote";
// TODO: write an object to store credential which implement serializable
const char *const SRTP_KEY = "srtp";
const char *const SRTP_ENABLE_KEY = "enable";
const char *const KEY_EXCHANGE_KEY = "keyExchange";
const char *const RTP_FALLBACK_KEY = "rtpFallback";
// TODO: wirte an object to store zrtp params wich implement serializable
const char *const ZRTP_KEY = "zrtp";
const char *const DISPLAY_SAS_KEY = "displaySas";
const char *const DISPLAY_SAS_ONCE_KEY = "displaySasOnce";
const char *const HELLO_HASH_ENABLED_KEY = "helloHashEnabled";
const char *const NOT_SUPP_WARNING_KEY = "notSuppWarning";
// TODO: write an object to store tls params which implement serializable // TODO: write an object to store tls params which implement serializable
const char *const TLS_KEY = "tls"; const char *const TLS_KEY = "tls";
const char *const TLS_PORT_KEY = "tlsPort"; const char *const TLS_PORT_KEY = "tlsPort";
...@@ -152,8 +139,12 @@ public: ...@@ -152,8 +139,12 @@ public:
return dtmfType_; return dtmfType_;
} }
bool isTlsEnabled() const { /**
return tlsEnable_; * Determine if TLS is enabled for this account. TLS provides a secured channel for
* SIP signalization. It is independant than the media encription provided by SRTP or ZRTP.
*/
virtual bool isTlsEnabled() const {
return false;
} }
virtual pjsip_tls_setting * getTlsSetting() { virtual pjsip_tls_setting * getTlsSetting() {
...@@ -238,17 +229,13 @@ public: ...@@ -238,17 +229,13 @@ public:
publishedPort_ = port; publishedPort_ = port;
} }
bool getSrtpEnabled() const { virtual bool getSrtpEnabled() const {
return srtpEnabled_; return false;
} }
std::string getSrtpKeyExchange() const { virtual std::string getSrtpKeyExchange() const = 0;
return srtpKeyExchange_;
}
bool getSrtpFallback() const { virtual bool getSrtpFallback() const = 0;
return srtpFallback_;
}
/** /**
* Get the contact header for * Get the contact header for
...@@ -287,6 +274,7 @@ public: ...@@ -287,6 +274,7 @@ public:
protected: protected:
virtual void serialize(YAML::Emitter &out); virtual void serialize(YAML::Emitter &out);
virtual void serializeTls(YAML::Emitter &out);
virtual void unserialize(const YAML::Node &node); virtual void unserialize(const YAML::Node &node);
virtual void setAccountDetails(const std::map<std::string, std::string> &details); virtual void setAccountDetails(const std::map<std::string, std::string> &details);
...@@ -360,31 +348,6 @@ protected: ...@@ -360,31 +348,6 @@ protected:
*/ */
std::string dtmfType_ {OVERRTP_STR}; std::string dtmfType_ {OVERRTP_STR};
/**
* Determine if TLS is enabled for this account. TLS provides a secured channel for
* SIP signalization. It is independant than the media encription provided by SRTP or ZRTP.
*/
bool tlsEnable_ {false};
/**
* Determine if SRTP is enabled for this account, SRTP and ZRTP are mutually exclusive
* This only determine if the media channel is secured. One could only enable TLS
* with no secured media channel.
*/
bool srtpEnabled_ {false};
/**
* Specifies the type of key exchange usd for SRTP (sdes/zrtp)
*/
std::string srtpKeyExchange_ {""};
/**
* Determine if the softphone should fallback on non secured media channel if SRTP negotiation fails.
* Make sure other SIP endpoints share the same behavior since it could result in encrypted data to be
* played through the audio device.
*/
bool srtpFallback_ {};
pj_status_t transportStatus_ {PJSIP_SC_TRYING}; pj_status_t transportStatus_ {PJSIP_SC_TRYING};
std::string transportError_ {}; std::string transportError_ {};
......
...@@ -43,6 +43,8 @@ ...@@ -43,6 +43,8 @@
#include "sipaccount.h" #include "sipaccount.h"
#include "sip_utils.h" #include "sip_utils.h"
#include "dht/dhtaccount.h"
#include "call_factory.h" #include "call_factory.h"
#include "manager.h" #include "manager.h"
...@@ -231,13 +233,13 @@ transaction_request_cb(pjsip_rx_data *rdata) ...@@ -231,13 +233,13 @@ transaction_request_cb(pjsip_rx_data *rdata)
const std::string remote_user(sip_from_uri->user.ptr, sip_from_uri->user.slen); const std::string remote_user(sip_from_uri->user.ptr, sip_from_uri->user.slen);
const std::string remote_hostname(sip_from_uri->host.ptr, sip_from_uri->host.slen); const std::string remote_hostname(sip_from_uri->host.ptr, sip_from_uri->host.slen);
auto sipaccount(getSIPVoIPLink()->guessAccount(toUsername, viaHostname, remote_hostname)); auto account(getSIPVoIPLink()->guessAccount(toUsername, viaHostname, remote_hostname));
if (!sipaccount) { if (!account) {
ERROR("NULL account"); ERROR("NULL account");
return PJ_FALSE; return PJ_FALSE;
} }
const auto& account_id = sipaccount->getAccountID(); const auto& account_id = account->getAccountID();
std::string displayName(sip_utils::parseDisplayName(rdata->msg_info.msg_buf)); std::string displayName(sip_utils::parseDisplayName(rdata->msg_info.msg_buf));
pjsip_msg_body *body = rdata->msg_info.msg->body; pjsip_msg_body *body = rdata->msg_info.msg->body;
...@@ -271,7 +273,7 @@ transaction_request_cb(pjsip_rx_data *rdata) ...@@ -271,7 +273,7 @@ transaction_request_cb(pjsip_rx_data *rdata)
if (!body || pjmedia_sdp_parse(rdata->tp_info.pool, (char*) body->data, body->len, &r_sdp) != PJ_SUCCESS) if (!body || pjmedia_sdp_parse(rdata->tp_info.pool, (char*) body->data, body->len, &r_sdp) != PJ_SUCCESS)
r_sdp = NULL; r_sdp = NULL;
if (sipaccount->getActiveAudioCodecs().empty()) { if (account->getActiveAudioCodecs().empty()) {
try_respond_stateless(endpt_, rdata, PJSIP_SC_NOT_ACCEPTABLE_HERE, NULL, NULL, NULL); try_respond_stateless(endpt_, rdata, PJSIP_SC_NOT_ACCEPTABLE_HERE, NULL, NULL, NULL);
return PJ_FALSE; return PJ_FALSE;
...@@ -287,19 +289,19 @@ transaction_request_cb(pjsip_rx_data *rdata) ...@@ -287,19 +289,19 @@ transaction_request_cb(pjsip_rx_data *rdata)
Manager::instance().hookPreference.runHook(rdata->msg_info.msg); Manager::instance().hookPreference.runHook(rdata->msg_info.msg);
auto call = sipaccount->newIncomingCall(Manager::instance().getNewCallID()); auto call = account->newIncomingCall(Manager::instance().getNewCallID());
// FIXME : for now, use the same address family as the SIP transport // FIXME : for now, use the same address family as the SIP transport
auto family = pjsip_transport_type_get_af(sipaccount->getTransportType()); auto family = pjsip_transport_type_get_af(account->getTransportType());
IpAddr addrToUse = ip_utils::getInterfaceAddr(sipaccount->getLocalInterface(), family); IpAddr addrToUse = ip_utils::getInterfaceAddr(account->getLocalInterface(), family);
// May use the published address as well // May use the published address as well
IpAddr addrSdp = sipaccount->isStunEnabled() or (not sipaccount->getPublishedSameasLocal()) IpAddr addrSdp = account->isStunEnabled() or (not account->getPublishedSameasLocal())
? sipaccount->getPublishedIpAddress() : addrToUse; ? account->getPublishedIpAddress() : addrToUse;
char tmp[PJSIP_MAX_URL_SIZE]; char tmp[PJSIP_MAX_URL_SIZE];
size_t length = pjsip_uri_print(PJSIP_URI_IN_FROMTO_HDR, sip_from_uri, tmp, PJSIP_MAX_URL_SIZE);