[asterisk-scf-commits] asterisk-scf/release/sip.git branch "master" updated.
Commits to the Asterisk SCF project code repositories
asterisk-scf-commits at lists.digium.com
Wed Feb 8 09:04:44 CST 2012
branch "master" has been updated
via 931b37bca7117716f7f6742d70ddeab0d3122f2b (commit)
from 9bf9bf8fa1d3b95496a6c7571db5b9deda19bad7 (commit)
Summary of changes:
config/Sip.config | 38 ++++++++++++++++++++++
config/SipConfigurator.py | 77 +++++++++++++++++++++++++++++++++++++-------
src/Component.cpp | 14 ++++++--
src/SIPSession.cpp | 5 ---
4 files changed, 113 insertions(+), 21 deletions(-)
- Log -----------------------------------------------------------------
commit 931b37bca7117716f7f6742d70ddeab0d3122f2b
Author: Brent Eagles <beagles at digium.com>
Date: Wed Feb 8 11:33:31 2012 -0330
Merging dev/jira-astscf-397-cryptokey-configuration.
diff --git a/config/Sip.config b/config/Sip.config
index b14323a..067a65f 100644
--- a/config/Sip.config
+++ b/config/Sip.config
@@ -171,6 +171,44 @@ ids=bob-bar-office,bob-bar-cell
# dtmfmethod=rfc4733
#
+# Enable SRTP authentication support (default: false)
+#
+# enableauth=false
+
+#
+# Enable SRTP encryption (default: false). Cipher suites and keys
+# should be defined if this is enabled.
+#
+# enableencryption=false
+
+#
+# Configuration cipher suites and their keys. More than one may be
+# defined and they must be defined in pairs and they must have a
+# suffix that identifies the pair. If a cryptosuite does not require a
+# key, simply enter a blank cryptokey property. If only one pair is
+# defined, a suffix may be omitted. These values are only processed if
+# encryption is enabled.
+#
+# Note: valid values are largely dependent on how pjsip is configured.
+#
+# WARNING: If multiple pairs are provided and suffixes are not used
+# properly, configuration mismatches will occur.
+#
+# ciphersuite=[cipher suite name]
+# cryptokey=[key or blank]
+#
+# AND OR
+#
+# ciphersuite[a suffix]=[cipher suite name]
+# cryptokey[a suffix]=[key or blank]
+#
+# eg.
+#
+# ciphersuite_a128=Awesome Suite 128bit
+# cryptokey_a128=Wx0wWhxAtxAxCRxAPPYKxEY
+#
+
+#
# Example of configuring a STUN server for NAT handling.
#
# [transport_stun]
diff --git a/config/SipConfigurator.py b/config/SipConfigurator.py
index 49cc83f..4ba6cd7 100755
--- a/config/SipConfigurator.py
+++ b/config/SipConfigurator.py
@@ -24,7 +24,7 @@ import os, sys
sys.path.append(os.environ["ASTSCF_HOME"] + "/configurator")
sys.path.append("/opt/Ice-3.4/python")
-import ConfigParser, Ice, Configurator, traceback
+import ConfigParser, Ice, Configurator, traceback, uuid
# Load our component specific configuration definitions
Ice.loadSlice("--underscore -I\"" + os.environ["ASTSCF_HOME"] + "/slice/slice\"" + " -I" + Ice.getSliceDir() + " --all " + os.environ["ASTSCF_HOME"] + "/sip/slice/AsteriskSCF/Configuration/SIPSessionManager/SIPConfigurationIf.ice")
@@ -207,24 +207,75 @@ class SIPSectionVisitors(Configurator.SectionVisitors):
mapper.map('enableturn', item, 'enableTURN', 'enableRTPICE', config.get, None)
item = AsteriskSCF.Configuration.SIPSessionManager.V1.SRTPCryptoItem()
-
+
+ #
+ # Maps key/suite pairs to SRTPCryptoKey configuration
+ # objects. It is a little suboptimal in how it goes about
+ # mapping multiple entries because it requires that the suite
+ # and keys that "belong together" appear right next to each
+ # other in the file. Kind of iffy, but parsing strings on
+ # delimiters might cause problems in that it is not clear what
+ # makes a safe delimiter.
+ #
class CryptoKeyHandler:
- def __init__(self, config, keyItem):
+ def __init__(self, config, item):
self.config = config
- self.item = keyItem
+ self.cryptoItem = item
+
+ def enableEncryption(self, section, item):
+ itemData = self.config.get(section, item)
+ if not itemData or len(itemData) == 0 or itemData.lower() not in ["1", "true", "yes"]:
+ self.cryptoItem.enableEncryption = False
+ return
+
+ #
+ # Okay, so encryption is enabled. We scan the
+ # items in the section looking for ciphersuite and
+ # cryptokey pairs associated to each other with a
+ # common suffix (suffix can be any string really).
+ # If a suffix is not present, we provide a default
+ # one based on UUID generation. There *is* a
+ # potential for collision, but hey.
+ #
+
+ self.cryptoItem.enableEncryption = True
+
+ cryptoKeyPairs = { }
- def getSuite(self, section, item):
- self.item.suite = self.config.get(section, item)
+ defaultSuffix = str(uuid.uuid1())
+
+ #
+ # Get the items for this section.
+ #
+ for key, value in self.config.items(section):
+ if key.lower().startswith("ciphersuite"):
+ suffix = key[len("ciphersuite"):len(key)]
+ if len(suffix) == 0:
+ suffix = defaultSuffix
+ if suffix not in cryptoKeyPairs:
+ cryptoKeyPairs[suffix] = [ value, "" ]
+ else:
+ cryptoKeyPairs[suffix][0] = value
+ elif key.lower().startswith("cryptokey"):
+ suffix = key[len("cryptokey"):len(key)]
+ if len(suffix) == 0:
+ suffix = defaultSuffix
+ if suffix not in cryptoKeyPairs:
+ cryptoKeyPairs[suffix] = [ "", value ]
+ else:
+ cryptoKeyPairs[suffix][1] = value
+
+ for k in cryptoKeyPairs.values():
+ cryptoKey = AsteriskSCF.Configuration.SIPSessionManager.V1.SRTPCryptoKey()
+ cryptoKey.suite = k[0]
+ cryptoKey.cryptoKey = k[1]
+ self.cryptoItem.cryptoKeys.append(cryptoKey)
- def getKey(self, section, item):
- self.item.cryptoKey = self.config.get(section, item)
- item.cryptoKeys = [ AsteriskSCF.Configuration.SIPSessionManager.V1.SRTPCryptoKey() ]
mapper.map('enableauth', item, 'enableAuthentication', 'srtpCryptoSettings', config.get, None)
- mapper.map('enableencryption', item, 'enableEncryption', 'srtpCryptoSettings', config.get, None)
- handler = CryptoKeyHandler(config, item.cryptoKeys[0])
- mapper.map('ciphersuite', item, 'suite', 'srtpCryptoSettings', handler.getSuite, None)
- mapper.map('cryptokey', item, 'cryptoKey', 'srtpCryptoSettings', handler.getKey, None)
+ item.cryptoKeys = []
+ handler = CryptoKeyHandler(config, item)
+ mapper.map('enableencryption', item, 'enableEncryption', 'srtpCryptoSettings', handler.enableEncryption, None)
class AllowableCallDirectionTransformer():
def __init__(self, config):
diff --git a/src/Component.cpp b/src/Component.cpp
index 311b4eb..3da1d4e 100644
--- a/src/Component.cpp
+++ b/src/Component.cpp
@@ -228,6 +228,11 @@ void Component::preparePrimaryServicesForDiscovery()
*/
void Component::prepareBackplaneServicesForDiscovery()
{
+ //
+ // TODO: It would be much nicer if the base component did the default
+ // component intialization in a different method than that would be
+ // normally overridden by a derived class to add features.
+ //
// Insure the default Component services are prepped.
AsteriskSCF::Component::Component::prepareBackplaneServicesForDiscovery();
@@ -384,6 +389,9 @@ void Component::registerPJSIPModules()
//module names to modules to the PJSIP session manager instead.
//Since there's only a single configurable module at the moment,
//we'll just do it here instead.
+ //
+ // TODO: update comment!
+ //
if ((*i) == "Session")
{
mPJSIPManager->registerSessionModule(mEndpointFactory,
@@ -416,9 +424,9 @@ void Component::onPreInitialize()
{
try
{
- //As nice as it is of IceBox to provide us with a communicator,
- //we're going to create our own so that we can provide it with a threadhook.
- //Yes, this could be done via a plugin, but this is easier. Go away.
+ // As nice as it is of IceBox to provide us with a communicator,
+ // we're going to create our own so that we can provide it with a threadhook.
+ // Yes, this could be done via a plugin, but this is easier. Go away.
Ice::InitializationData id;
id.threadHook = new AsteriskSCF::PJLIB::ThreadHook("Ice");
id.properties = getCommunicator()->getProperties();
diff --git a/src/SIPSession.cpp b/src/SIPSession.cpp
index 00ad31d..a4d0849 100755
--- a/src/SIPSession.cpp
+++ b/src/SIPSession.cpp
@@ -2825,11 +2825,6 @@ void SIPSession::addKeys(const SIPEndpointMediaSRTPConfig& config, pjmedia_sdp_m
{
if(!config.cryptoKeys.empty())
{
- //
- // NOTE: AFAICT, we should really be able to supply multiple potential cyphersuites and keys.
- // However, the configuration tool doesn't currently support that so what we'll do for now
- // is provide support in the code and deal with the configuration issue later.
- //
int index = 1;
for (CryptoKeys::const_iterator i = config.cryptoKeys.begin();
i != config.cryptoKeys.end(); ++i)
-----------------------------------------------------------------------
--
asterisk-scf/release/sip.git
More information about the asterisk-scf-commits
mailing list