[asterisk-scf-commits] asterisk-scf/release/pjproject.git branch "master" updated.
Commits to the Asterisk SCF project code repositories
asterisk-scf-commits at lists.digium.com
Wed Jan 4 10:41:19 CST 2012
branch "master" has been updated
via 887f2207664b06580bbbcb6efa04bf20fe2deee5 (commit)
from 382bb4be711be54cf783cc5a40e9050450d69e7a (commit)
Summary of changes:
pjsip-apps/src/python/_pjsua.h | 80 ++++++++++++++++++++++++++++++++++++-
pjsip-apps/src/python/pjsua.py | 56 +++++++++++++++++++++++---
pjsip/src/pjsua-lib/pjsua_core.c | 21 ++++++++++
3 files changed, 147 insertions(+), 10 deletions(-)
- Log -----------------------------------------------------------------
commit 887f2207664b06580bbbcb6efa04bf20fe2deee5
Author: Joshua Colp <jcolp at digium.com>
Date: Wed Jan 4 12:40:29 2012 -0400
Add support for TLS and SRTP within the pjsua python support. (issue ASTSCF-418)
diff --git a/pjsip-apps/src/python/_pjsua.h b/pjsip-apps/src/python/_pjsua.h
index 15aeef3..7c99075 100644
--- a/pjsip-apps/src/python/_pjsua.h
+++ b/pjsip-apps/src/python/_pjsua.h
@@ -1327,6 +1327,13 @@ typedef struct
unsigned port;
PyObject *public_addr;
PyObject *bound_addr;
+ PyObject *tls_ca_list_file;
+ PyObject *tls_cert_file;
+ PyObject *tls_privkey_file;
+ PyObject *tls_password;
+ unsigned tls_verify_server;
+ unsigned tls_verify_client;
+ unsigned tls_timeout;
} PyObj_pjsua_transport_config;
@@ -1337,7 +1344,11 @@ typedef struct
static void PyObj_pjsua_transport_config_delete(PyObj_pjsua_transport_config* self)
{
Py_XDECREF(self->public_addr);
- Py_XDECREF(self->bound_addr);
+ Py_XDECREF(self->bound_addr);
+ Py_XDECREF(self->tls_ca_list_file);
+ Py_XDECREF(self->tls_cert_file);
+ Py_XDECREF(self->tls_privkey_file);
+ Py_XDECREF(self->tls_password);
self->ob_type->tp_free((PyObject*)self);
}
@@ -1349,7 +1360,13 @@ static void PyObj_pjsua_transport_config_export(pjsua_transport_config *cfg,
cfg->public_addr = PyString_ToPJ(obj->public_addr);
cfg->bound_addr = PyString_ToPJ(obj->bound_addr);
cfg->port = obj->port;
-
+ cfg->tls_setting.ca_list_file = PyString_ToPJ(obj->tls_ca_list_file);
+ cfg->tls_setting.cert_file = PyString_ToPJ(obj->tls_cert_file);
+ cfg->tls_setting.privkey_file = PyString_ToPJ(obj->tls_privkey_file);
+ cfg->tls_setting.password = PyString_ToPJ(obj->tls_password);
+ cfg->tls_setting.verify_server = obj->tls_verify_server;
+ cfg->tls_setting.verify_client = obj->tls_verify_client;
+ cfg->tls_setting.timeout.sec = obj->tls_timeout;
}
static void PyObj_pjsua_transport_config_import(PyObj_pjsua_transport_config *obj,
@@ -1362,6 +1379,22 @@ static void PyObj_pjsua_transport_config_import(PyObj_pjsua_transport_config *ob
obj->bound_addr = PyString_FromPJ(&cfg->bound_addr);
obj->port = cfg->port;
+
+ Py_XDECREF(obj->tls_ca_list_file);
+ obj->tls_ca_list_file = PyString_FromPJ(&cfg->tls_setting.ca_list_file);
+
+ Py_XDECREF(obj->tls_cert_file);
+ obj->tls_cert_file = PyString_FromPJ(&cfg->tls_setting.cert_file);
+
+ Py_XDECREF(obj->tls_privkey_file);
+ obj->tls_privkey_file = PyString_FromPJ(&cfg->tls_setting.privkey_file);
+
+ Py_XDECREF(obj->tls_password);
+ obj->tls_password = PyString_FromPJ(&cfg->tls_setting.password);
+
+ obj->tls_verify_server = cfg->tls_setting.verify_server;
+ obj->tls_verify_client = cfg->tls_setting.verify_client;
+ obj->tls_timeout = cfg->tls_setting.timeout.sec;
}
@@ -1382,6 +1415,10 @@ static PyObject * PyObj_pjsua_transport_config_new(PyTypeObject *type,
if (self != NULL) {
self->public_addr = PyString_FromString("");
self->bound_addr = PyString_FromString("");
+ self->tls_ca_list_file = PyString_FromString("");
+ self->tls_cert_file = PyString_FromString("");
+ self->tls_privkey_file = PyString_FromString("");
+ self->tls_password = PyString_FromString("");
}
return (PyObject *)self;
@@ -1418,7 +1455,44 @@ static PyMemberDef PyObj_pjsua_transport_config_members[] =
"interface (instead of 0.0.0.0), and SHOULD NOT be used to set the "
"published address of a transport (the public_addr field should be "
"used for that purpose)."
- },
+ },
+ {
+ "tls_ca_list_file", T_OBJECT_EX,
+ offsetof(PyObj_pjsua_transport_config, tls_ca_list_file), 0,
+ "Certificate of Authority (CA) list file."
+ },
+ {
+ "tls_cert_file", T_OBJECT_EX,
+ offsetof(PyObj_pjsua_transport_config, tls_cert_file), 0,
+ "Public endpoint certificate file, which will be used as client- side "
+ "certificate for outgoing TLS connection, and server-side certificate "
+ "for incoming TLS connection."
+ },
+ {
+ "tls_privkey_file", T_OBJECT_EX,
+ offsetof(PyObj_pjsua_transport_config, tls_privkey_file), 0,
+ "Optional private key of the endpoint certificate to be used."
+ },
+ {
+ "tls_password", T_OBJECT_EX,
+ offsetof(PyObj_pjsua_transport_config, tls_password), 0,
+ "Password to open private key."
+ },
+ {
+ "tls_verify_server", T_INT,
+ offsetof(PyObj_pjsua_transport_config, tls_verify_server), 0,
+ "Enables shutdown of the TLS transport if the server certificate can not be verified."
+ },
+ {
+ "tls_verify_client", T_INT,
+ offsetof(PyObj_pjsua_transport_config, tls_verify_client), 0,
+ "Enables shutdown of the TLS transport if the client certificate can not be verified."
+ },
+ {
+ "tls_timeout", T_INT,
+ offsetof(PyObj_pjsua_transport_config, tls_timeout), 0,
+ "TLS negotiation timeout to be applied for both outgoing and incoming connection."
+ },
{NULL} /* Sentinel */
};
diff --git a/pjsip-apps/src/python/pjsua.py b/pjsip-apps/src/python/pjsua.py
index 183ce0e..9a731d2 100644
--- a/pjsip-apps/src/python/pjsua.py
+++ b/pjsip-apps/src/python/pjsua.py
@@ -474,22 +474,60 @@ class TransportConfig:
transport. If empty, the default behavior is to get
the public address from STUN or from the selected
local interface. Format is "host:port".
+ tls_ca_list_file -- Certificate of Authority (CA) list file.
+ tls_cert_file -- Public endpoint certificate file, which will be
+ used as client- side certificate for outgoing TLS
+ connection, and server-side certificate for incoming
+ TLS connection.
+ tls_privkey_file -- Optional private key of the endpoint certificate to be used.
+ tls_password -- Password to open private key.
+ tls_verify_server -- Enables shutdown of the TLS transport if the server certificate
+ can not be verified.
+ tls_verify_client -- Enables shutdown of the TLS transport if the client certificate
+ can not be verified
+ tls_timeout -- TLS negotiation timeout to be applied for both outgoing and
+ incoming connection.
"""
port = 0
bound_addr = ""
public_addr = ""
+ tls_ca_list_file = ""
+ tls_cert_file = ""
+ tls_privkey_file = ""
+ tls_password = ""
+ tls_verify_server = 0
+ tls_verify_client = 0
+ tls_timeout = 0
def __init__(self, port=0,
- bound_addr="", public_addr=""):
+ bound_addr="", public_addr="",
+ tls_ca_list_file = "", tls_cert_file = "",
+ tls_privkey_file = "", tls_password = "",
+ tls_verify_server = 0, tls_verify_client = 0,
+ tls_timeout = 0):
self.port = port
self.bound_addr = bound_addr
self.public_addr = public_addr
+ self.tls_ca_list_file = tls_ca_list_file
+ self.tls_cert_file = tls_cert_file
+ self.tls_privkey_file = tls_privkey_file
+ self.tls_password = tls_password
+ self.tls_verify_server = tls_verify_server
+ self.tls_verify_client = tls_verify_client
+ self.tls_timeout = tls_timeout
def _cvt_to_pjsua(self):
cfg = _pjsua.transport_config_default()
cfg.port = self.port
cfg.bound_addr = self.bound_addr
cfg.public_addr = self.public_addr
+ cfg.tls_ca_list_file = self.tls_ca_list_file
+ cfg.tls_cert_file = self.tls_cert_file
+ cfg.tls_privkey_file = self.tls_privkey_file
+ cfg.tls_password = self.tls_password
+ cfg.tls_verify_server = self.tls_verify_server
+ cfg.tls_verify_client = self.tls_verify_client
+ cfg.tls_timeout = self.tls_timeout
return cfg
@@ -704,6 +742,7 @@ class AccountConfig:
transport is required, 1=hop-by-hop secure
transport such as TLS is required, 2=end-to-
end secure transport is required (i.e. "sips").
+ scheme -- URI scheme to use when constructing URIs. Defaults to sip.
"""
priority = 0
id = ""
@@ -723,9 +762,10 @@ class AccountConfig:
ka_data = "\r\n"
use_srtp = 0
srtp_secure_signaling = 1
+ scheme = "sip"
def __init__(self, domain="", username="", password="",
- display="", registrar="", proxy=""):
+ display="", registrar="", proxy="", scheme="sip"):
"""
Construct account config. If domain argument is specified,
a typical configuration will be built.
@@ -741,16 +781,17 @@ class AccountConfig:
proxy -- the proxy URI. If domain name is specified
and this argument is empty, the proxy URI
will be constructed from the domain name.
+ scheme -- URI scheme to use when constructing URIs. Defaults to sip.
"""
default = _pjsua.acc_config_default()
self._cvt_from_pjsua(default)
if domain!="":
self.build_config(domain, username, password,
- display, registrar, proxy)
+ display, registrar, proxy, scheme)
def build_config(self, domain, username, password, display="",
- registrar="", proxy=""):
+ registrar="", proxy="", scheme="sip"):
"""
Construct account config. If domain argument is specified,
a typical configuration will be built.
@@ -766,6 +807,7 @@ class AccountConfig:
proxy -- the proxy URI. If domain name is specified
and this argument is empty, the proxy URI
will be constructed from the domain name.
+ scheme -- URI scheme to use when constructing URIs. Defaults to sip.
"""
if display != "":
@@ -773,12 +815,12 @@ class AccountConfig:
userpart = username
if userpart != "":
userpart = userpart + "@"
- self.id = display + "<sip:" + userpart + domain + ">"
+ self.id = display + "<" + scheme + ":" + userpart + domain + ">"
self.reg_uri = registrar
if self.reg_uri == "":
- self.reg_uri = "sip:" + domain
+ self.reg_uri = scheme + ":" + domain
if proxy == "":
- proxy = "sip:" + domain + ";lr"
+ proxy = scheme + ":" + domain + ";lr"
if proxy.find(";lr") == -1:
proxy = proxy + ";lr"
self.proxy.append(proxy)
diff --git a/pjsip/src/pjsua-lib/pjsua_core.c b/pjsip/src/pjsua-lib/pjsua_core.c
index 7ddfd59..07fcbe3 100644
--- a/pjsip/src/pjsua-lib/pjsua_core.c
+++ b/pjsip/src/pjsua-lib/pjsua_core.c
@@ -2079,6 +2079,27 @@ PJ_DEF(pj_status_t) pjsua_transport_get_info( pjsua_transport_id id,
status = PJ_SUCCESS;
+ } else if (pjsua_var.tpdata[id].type == PJSIP_TRANSPORT_TLS) {
+
+ pjsip_tpfactory *factory = t->data.factory;
+
+ if (factory == NULL) {
+ PJSUA_UNLOCK();
+ return PJ_EINVALIDOP;
+ }
+
+ info->id = id;
+ info->type = t->type;
+ info->type_name = pj_str("TLS");
+ info->info = pj_str("TLS transport");
+ info->flag = factory->flag;
+ info->addr_len = sizeof(factory->local_addr);
+ info->local_addr = factory->local_addr;
+ info->local_name = factory->addr_name;
+ info->usage_count = 0;
+
+ status = PJ_SUCCESS;
+
} else {
pj_assert(!"Unsupported transport");
status = PJ_EINVALIDOP;
-----------------------------------------------------------------------
--
asterisk-scf/release/pjproject.git
More information about the asterisk-scf-commits
mailing list