[asterisk-commits] mmichelson: branch mmichelson/conversion_script r398276 - /team/mmichelson/co...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Wed Sep 4 12:32:20 CDT 2013 

Author: mmichelson
Date: Wed Sep  4 12:32:18 2013
New Revision: 398276

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=398276
Log:
Add TLS transport setup.

Next will be to tie up the loose ends with transports. This
includes the various "extern" options, as well as QOS options.


Modified:
    team/mmichelson/conversion_script/contrib/scripts/sip_to_pjsip/astconfigparser.py
    team/mmichelson/conversion_script/contrib/scripts/sip_to_pjsip/sip_to_pjsip.py

Modified: team/mmichelson/conversion_script/contrib/scripts/sip_to_pjsip/astconfigparser.py
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/conversion_script/contrib/scripts/sip_to_pjsip/astconfigparser.py?view=diff&rev=398276&r1=398275&r2=398276
==============================================================================
--- team/mmichelson/conversion_script/contrib/scripts/sip_to_pjsip/astconfigparser.py (original)
+++ team/mmichelson/conversion_script/contrib/scripts/sip_to_pjsip/astconfigparser.py Wed Sep  4 12:32:18 2013
@@ -330,6 +330,21 @@
             raise LookupError("key %r not found for section %r"
                               % (key, section))
 
+    def multi_get(self, section, key_list):
+        """Retrieves the list of values from a section for a list of keys.
+        This method is intended to be used for equivalent keys. Thus, as soon
+        as any match is found for any key in the key_list, the match is
+        returned. This does not concatenate the lookups of all of the keys
+        together."""
+        for i in key_list:
+            try:
+                return self.get(section, i)
+            except LookupError:
+                pass
+
+        # Making it here means all lookups failed.
+        raise LookupError("keys %r not found for section %r" % (key_list, section))
+
     def set(self, section, key, val):
         """Sets an option in the given section."""
         # TODO - set in multiple sections? (for now set in first)

Modified: team/mmichelson/conversion_script/contrib/scripts/sip_to_pjsip/sip_to_pjsip.py
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/conversion_script/contrib/scripts/sip_to_pjsip/sip_to_pjsip.py?view=diff&rev=398276&r1=398275&r2=398276
==============================================================================
--- team/mmichelson/conversion_script/contrib/scripts/sip_to_pjsip/sip_to_pjsip.py (original)
+++ team/mmichelson/conversion_script/contrib/scripts/sip_to_pjsip/sip_to_pjsip.py Wed Sep  4 12:32:18 2013
@@ -235,14 +235,10 @@
     user = None
 
     try:
-        user = sip.get(section, 'defaultuser')[0]
-        result += user + '@'
-    except LookupError:
-        try:
-            user = sip.get(section, 'username')[0]
-            result += user + '@'
-        except LookupError:
-            pass
+        user = sip.multi_get(section, ['defaultuser', 'username'])[0]
+    except LookupError:
+        # It's fine if there's no user name
+        pass
 
     result += get_host(sip, val, section, 'port')
 
@@ -398,16 +394,8 @@
     externaddr (or externip)
     externhost
     """
-    try:
-        bind = sip.get('general', 'udpbindaddr')[0]
-    except LookupError:
-        # Alternately, this can be called "bindaddr"
-        try:
-            bind = sip.get('general', 'bindaddr')[0]
-        except LookupError:
-            # No bindaddr or means no UDP transport
-            return
-    
+
+    bind = sip.multi_get('general', ['udpbindaddr', 'bindaddr'])[0]
     bind = get_host(sip, bind, 'general', 'bindport')
 
     set_value('protocol', 'udp', 'transport-udp', pjsip, nmapped, 'transport')
@@ -421,6 +409,7 @@
     Creates a 'transport-tcp' section in the pjsip.conf file based
     on the following settings from sip.conf:
 
+    tcpenable
     tcpbindaddr
     externtcpport
     """
@@ -447,11 +436,105 @@
 
     #XXX Add externtcpport...
 
+def set_tls_bindaddr(val, pjsip, nmapped):
+    try:
+        bind = sip.get('general', 'tlsbindaddr')[0]
+        explicit = True
+    except LookupError:
+        # No tlsbindaddr means to default to the bindaddr but with standard TLS
+        # port
+        bind = pjsip.get('transport-udp', 'bind')[0]
+        explicit = False
+
+    matchv4 = re.match('\d+\.\d+\.\d+\.\d+:\d+', bind)
+    matchv6 = re.match('\[.*\]:d+', bind)
+    if matchv4 or matchv6:
+        if explicit:
+            # They provided a port. We'll just use it.
+            set_value('bind', bind, 'transport-tls', pjsip, nmapped, 'transport')
+            return
+        else:
+            # Need to strip the port from the UDP address
+            index = bind.rfind(':')
+            bind = bind[:index]
+
+    # Reaching this point means either there was no port provided or we stripped
+    # the port off. We need to add on the default 5061 port
+
+    bind += ':5061'
+
+    set_value('bind', bind, 'transport-tls', pjsip, nmapped, 'transport')
+
+def set_tls_private_key(val, pjsip, nmapped):
+    set_value('privkey_file', val, 'transport-tls', pjsip, nmapped, 'transport')
+
+def set_tls_cipher(val, pjsip, nmapped):
+    set_value('cipher', val, 'transport-tls', pjsip, nmapped, 'transport')
+
+def set_tls_cafile(val, pjsip, nmapped):
+    set_value('ca_list_file', val, 'transport-tls', pjsip, nmapped, 'transport')
+
+def set_tls_verifyclient(val, pjsip, nmapped):
+    set_value('verify_client', val, 'transport-tls', pjsip, nmapped,
+            'transport')
+
+def set_tls_verifyserver(val, pjsip, nmapped):
+    # sip.conf option is tlsdontverifyserver. pjsip.conf is verify_server. So we
+    # need to set the value in pjsip.conf to the opposite of sip.conf
+    if val == 'no':
+        set_value('verify_server', 'yes', 'transport-tls', pjsip, nmapped,
+            'transport')
+    else:
+        set_value('verify_server', 'no', 'transport-tls', pjsip, nmapped,
+            'transport')
+
+def set_tls_method(val, pjsip, nmapped):
+    set_value('method', val, 'transport-tls', pjsip, nmapped, 'transport')
+
 def create_tls(sip, pjsip, nmapped):
     """
-    Add docs
-    """
-    pass
+    Creates a 'transport-tls' section in pjsip.conf based on the following
+    settings from sip.conf:
+
+    tlsenable (or sslenable)
+    tlsbindaddr (or sslbindaddr)
+    tlsprivatekey (or sslprivatekey)
+    tlscipher (or sslcipher)
+    tlscafile
+    tlscapath (or tlscadir)
+    tlscertfile (or sslcert or tlscert)
+    tlsverifyclient
+    tlsdontverifyserver
+    tlsclientmethod (or sslclientmethod)
+    """
+
+    tls_map = [
+        (['tlsbindaddr', 'sslbindaddr'], set_tls_bindaddr),
+        (['tlsprivatekey', 'sslprivatekey'], set_tls_private_key),
+        (['tlscipher', 'sslcipher'], set_tls_cipher),
+        (['tlscafile'], set_tls_cafile),
+        (['tlsverifyclient'], set_tls_verifyclient),
+        (['tlsdontverifyserver'], set_tls_verifyserver),
+        (['tlsclientmethod', 'sslclientmethod'], set_tls_method)
+    ]
+
+    try:
+        enabled = sip.multi_get('general', ['tlsenable', 'sslenable'])[0]
+    except LookupError:
+        # Not enabled. Don't create a transport
+        return
+
+    if enabled == 'no':
+        return
+
+    set_value('protocol', 'tls', 'transport-tls', pjsip, nmapped, 'transport')
+
+    for i in tls_map:
+        try:
+            i[1](sip.multi_get('general', i[0]), pjsip, nmapped)
+        except LookupError:
+            pass
+
 
 def map_transports(sip, pjsip, nmapped):
     """Finds options in sip.conf general section pertaining to

More information about the asterisk-commits mailing list