ice: add TURN static credential support

This patch add static credential support in YAML config file and with client throught account details. Issue: #78102 Change-Id: I1727305fda7049e67838b34acc10ba26ad0eab9f

ice: add TURN static credential support
This patch add static credential support in YAML config file and with client throught account details. Issue: #78102 Change-Id: I1727305fda7049e67838b34acc10ba26ad0eab9f
a1fc15cb · Guillaume Roguez · 3ce6034d · a1fc15cb · a1fc15cb · a1fc15cb
Commit a1fc15cb authored Jul 24, 2015 by Guillaume Roguez
5 changed files
--- a/src/account_schema.h
+++ b/src/account_schema.h
@@ -82,6 +82,9 @@ static const char *const CONFIG_STUN_SERVER                     = "STUN.server";
 static const char *const CONFIG_STUN_ENABLE                     = "STUN.enable";
 static const char *const CONFIG_TURN_SERVER                     = "TURN.server";
 static const char *const CONFIG_TURN_ENABLE                     = "TURN.enable";
+static const char *const CONFIG_TURN_SERVER_UNAME               = "TURN.username";
+static const char *const CONFIG_TURN_SERVER_PWD                 = "TURN.password";
+static const char *const CONFIG_TURN_SERVER_REALM               = "TURN.realm";

 // SRTP specific parameters
 static const char *const CONFIG_SRTP_ENABLE                     = "SRTP.enable";

--- a/src/ice_transport.cpp
+++ b/src/ice_transport.cpp
@@ -150,8 +150,14 @@ IceTransport::IceTransport(const char* name, int component_count, bool master,
            config_.turn.port = PJ_STUN_PORT;
        }

-        // No authorization yet
-        //config_.turn.auth_cred.type = PJ_STUN_AUTH_STATIC;
+        // Authorization (only static plain password supported yet)
+        if (not options.turnServerPwd.empty()) {
+            config_.turn.auth_cred.type = PJ_STUN_AUTH_CRED_STATIC;
+            config_.turn.auth_cred.data.static_cred.data_type = PJ_STUN_PASSWD_PLAIN;
+            pj_cstr(&config_.turn.auth_cred.data.static_cred.realm, options.turnServerRealm.c_str());
+            pj_cstr(&config_.turn.auth_cred.data.static_cred.username, options.turnServerUserName.c_str());
+            pj_cstr(&config_.turn.auth_cred.data.static_cred.data, options.turnServerPwd.c_str());
+        }

        // Only UDP yet
        config_.turn.conn_type = PJ_TURN_TP_UDP;

--- a/src/ice_transport.h
+++ b/src/ice_transport.h
@@ -65,6 +65,9 @@ struct IceTransportOptions {
    IceTransportCompleteCb onNegoDone {};
    std::string stunServer {};
    std::string turnServer {};
+    std::string turnServerUserName {};  //!< credential username
+    std::string turnServerPwd {};       //!< credential password
+    std::string turnServerRealm {};     //!< non-empty for long-term credential
 };

 class IceTransport {

--- a/src/sip/sipaccountbase.cpp
+++ b/src/sip/sipaccountbase.cpp
@@ -121,6 +121,9 @@ void SIPAccountBase::serialize(YAML::Emitter &out)
    out << YAML::Key << Conf::STUN_SERVER_KEY << YAML::Value << stunServer_;
    out << YAML::Key << Conf::TURN_ENABLED_KEY << YAML::Value << turnEnabled_;
    out << YAML::Key << Conf::TURN_SERVER_KEY << YAML::Value << turnServer_;
+    out << YAML::Key << Conf::TURN_SERVER_UNAME_KEY << YAML::Value << turnServerUserName_;
+    out << YAML::Key << Conf::TURN_SERVER_PWD_KEY << YAML::Value << turnServerPwd_;
+    out << YAML::Key << Conf::TURN_SERVER_REALM_KEY << YAML::Value << turnServerRealm_;
 }

 void SIPAccountBase::serializeTls(YAML::Emitter &out)
@@ -170,6 +173,9 @@ void SIPAccountBase::unserialize(const YAML::Node &node)
        parseValue(node, Conf::STUN_SERVER_KEY, stunServer_);
        parseValue(node, Conf::TURN_ENABLED_KEY, turnEnabled_);
        parseValue(node, Conf::TURN_SERVER_KEY, turnServer_);
+        parseValue(node, Conf::TURN_SERVER_UNAME_KEY, turnServerUserName_);
+        parseValue(node, Conf::TURN_SERVER_PWD_KEY, turnServerPwd_);
+        parseValue(node, Conf::TURN_SERVER_REALM_KEY, turnServerRealm_);
    }
 }

@@ -206,11 +212,16 @@ void SIPAccountBase::setAccountDetails(const std::map<std::string, std::string>
    parseString(details, Conf::CONFIG_TLS_PRIVATE_KEY_FILE, tlsPrivateKeyFile_);
    parseString(details, Conf::CONFIG_TLS_PASSWORD, tlsPassword_);

-    // ICE - STUN/TURN
-    parseString(details, Conf::CONFIG_STUN_SERVER, stunServer_);
+    // ICE - STUN
    parseBool(details, Conf::CONFIG_STUN_ENABLE, stunEnabled_);
-    parseString(details, Conf::CONFIG_TURN_SERVER, turnServer_);
+    parseString(details, Conf::CONFIG_STUN_SERVER, stunServer_);
+
+    // ICE - TURN
    parseBool(details, Conf::CONFIG_TURN_ENABLE, turnEnabled_);
+    parseString(details, Conf::CONFIG_TURN_SERVER, turnServer_);
+    parseString(details, Conf::CONFIG_TURN_SERVER_UNAME, turnServerUserName_);
+    parseString(details, Conf::CONFIG_TURN_SERVER_PWD, turnServerPwd_);
+    parseString(details, Conf::CONFIG_TURN_SERVER_REALM, turnServerRealm_);
 }

 std::map<std::string, std::string>
@@ -234,6 +245,9 @@ SIPAccountBase::getAccountDetails() const
    a.emplace(Conf::CONFIG_STUN_SERVER, stunServer_);
    a.emplace(Conf::CONFIG_TURN_ENABLE, turnEnabled_ ? TRUE_STR : FALSE_STR);
    a.emplace(Conf::CONFIG_TURN_SERVER, turnServer_);
+    a.emplace(Conf::CONFIG_TURN_SERVER_UNAME, turnServerUserName_);
+    a.emplace(Conf::CONFIG_TURN_SERVER_PWD, turnServerPwd_);
+    a.emplace(Conf::CONFIG_TURN_SERVER_REALM, turnServerRealm_);

    a.emplace(Conf::CONFIG_TLS_CA_LIST_FILE,        tlsCaListFile_);
    a.emplace(Conf::CONFIG_TLS_CERTIFICATE_FILE,    tlsCertificateFile_);
@@ -323,8 +337,12 @@ SIPAccountBase::getIceOptions() const noexcept
    auto opts = Account::getIceOptions();
    if (stunEnabled_)
        opts.stunServer = stunServer_;
-    if (turnEnabled_)
+    if (turnEnabled_) {
        opts.turnServer = turnServer_;
+        opts.turnServerUserName = turnServerUserName_;
+        opts.turnServerPwd = turnServerPwd_;
+        opts.turnServerRealm = turnServerRealm_;
+    }
    return opts;
 }


--- a/src/sip/sipaccountbase.h
+++ b/src/sip/sipaccountbase.h
@@ -88,6 +88,9 @@ namespace Conf {
    const char *const STUN_SERVER_KEY = "stunServer";
    const char *const TURN_ENABLED_KEY = "turnEnabled";
    const char *const TURN_SERVER_KEY = "turnServer";
+    const char *const TURN_SERVER_UNAME_KEY = "turnServerUserName";
+    const char *const TURN_SERVER_PWD_KEY = "turnServerPassword";
+    const char *const TURN_SERVER_REALM_KEY = "turnServerRealm";
    const char *const CRED_KEY = "credential";
    const char *const AUDIO_PORT_MIN_KEY = "audioPortMin";
    const char *const AUDIO_PORT_MAX_KEY = "audioPortMax";
@@ -312,7 +315,10 @@ protected:
     * The TURN server hostname (optional), used to provide the public IP address in case the softphone
     * stay behind a NAT.
     */
-    std::string turnServer_ {};
+    std::string turnServer_;
+    std::string turnServerUserName_;
+    std::string turnServerPwd_;
+    std::string turnServerRealm_;

    std::string tlsCaListFile_;
    std::string tlsCertificateFile_;