r2895 - in trunk: libminisip libminisip/include
libminisip/include/libminisip/mediahandler
libminisip/include/libminisip/sip libminisip/source
libminisip/source/mediahandler libminisip/source/sip libmsip
libmsip/include libmsip/include/libmsip libmsip/source
libmutil/source minisip/minisip/gui/gtkgui
erik at minisip.org
erik at minisip.org
Mon Nov 6 16:31:53 CET 2006
Author: erik
Date: 2006-11-06 16:31:52 +0100 (Mon, 06 Nov 2006)
New Revision: 2895
Removed:
trunk/libminisip/include/libminisip/sip/SipDialogSecurityConfig.h
trunk/libminisip/source/sip/SipDialogSecurityConfig.cxx
Modified:
trunk/libminisip/Makefile.am
trunk/libminisip/include/Makefile.am
trunk/libminisip/include/libminisip/mediahandler/MediaHandler.h
trunk/libminisip/include/libminisip/mediahandler/Session.h
trunk/libminisip/include/libminisip/sip/SipSoftPhoneConfiguration.h
trunk/libminisip/source/Minisip.cxx
trunk/libminisip/source/mediahandler/CallRecorder.cxx
trunk/libminisip/source/mediahandler/KeyAgreement.cxx
trunk/libminisip/source/mediahandler/MediaHandler.cxx
trunk/libminisip/source/mediahandler/Session.cxx
trunk/libminisip/source/sip/DefaultDialogHandler.cxx
trunk/libminisip/source/sip/Sip.cxx
trunk/libminisip/source/sip/SipDialogVoip.cxx
trunk/libminisip/source/sip/SipSoftPhoneConfiguration.cxx
trunk/libmsip/Makefile.am
trunk/libmsip/include/Makefile.am
trunk/libmsip/include/libmsip/SipDialogConfig.h
trunk/libmsip/source/SipDialogConfig.cxx
trunk/libmutil/source/MutexPosix.cxx
trunk/minisip/minisip/gui/gtkgui/AccountsList.cxx
trunk/minisip/minisip/gui/gtkgui/MainWindow.cxx
trunk/minisip/minisip/gui/gtkgui/SettingsDialog.cxx
Log:
NOTE: This breaks config-file compatibility. It is quite a big
change, but this needs to be done since it adresses a design
flaw in minisip. This also prepares for hardware-supported
smart-card USB/SecureMMC/... tokens.
We support multiple accounts, but we have only one security configuration.
This is of course not ok (who is the certificate for - can't more than one
user have security support?).
This commit moves security configuration to the SipIdentity class, and
removes SipDialogSecurityConfig (dialogs that had a security configuration
now have a local identity associated with them).
A class called SipSim is introduced that is meant to hold authentication
information for a user. This makes way for Xuan Pans thesis. I added a
sub-class that implements signing using openssl (moved the certificate
class into the SIM class). He will improve the SipSim class hieararchy
and add a class to use smart-cards with Minisip.
There are some less obvious issues that are a bit harder to solve such as
what certificate to present in the TLS hand shake. Should we open a new
TLS server socket on a new port if more than one username supports it?
Personally, I think that relying on transport security in the SIP logic
is a bad idea.
* Added SipSim and SipSimSoft classes to libmsip
* Removed SipDialogSecurityConfig from libminisip
* Moved certificate to SipSimSoft. Today mikey et al extract the
certificate from the class and use it as before, but this will
be changed to instead call sim->sign(...) to make smart-card
tokens transparent to minisip/libmikey.
->issues: dependency between libmsip and libmikey if both use
SipSim class
->I would like to let TLS connections authenticate using
SipSim (to enable SmartCard authenticated TLS connections),
and I only have a lead on how to do it with gnutls (which
we don't use on W32... ...yet?!)
* Made the GUI change the security settings for the "defaultIdentity"
The GUI should be updated to handle security per identity.
Modified: trunk/libminisip/Makefile.am
===================================================================
--- trunk/libminisip/Makefile.am 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/libminisip/Makefile.am 2006-11-06 15:31:52 UTC (rev 2895)
@@ -152,7 +152,6 @@
source/sip/SipSoftPhoneConfiguration.cxx \
source/sip/DefaultDialogHandler.cxx \
source/sip/PresenceMessageContent.cxx \
- source/sip/SipDialogSecurityConfig.cxx \
source/sip/Sip.cxx
libsoundcard_libadd =
Modified: trunk/libminisip/include/Makefile.am
===================================================================
--- trunk/libminisip/include/Makefile.am 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/libminisip/include/Makefile.am 2006-11-06 15:31:52 UTC (rev 2895)
@@ -67,7 +67,6 @@
libminisip/sip/SipDialogConfVoip.h \
libminisip/sip/SipDialogVoip.h \
libminisip/sip/Sip.h \
- libminisip/sip/SipDialogSecurityConfig.h \
libminisip/sip/SipDialogPresenceClient.h \
libminisip/sip/SipDialogVoipServer.h \
libminisip/sip/SipDialogVoipServer100rel.h \
Modified: trunk/libminisip/include/libminisip/mediahandler/MediaHandler.h
===================================================================
--- trunk/libminisip/include/libminisip/mediahandler/MediaHandler.h 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/libminisip/include/libminisip/mediahandler/MediaHandler.h 2006-11-06 15:31:52 UTC (rev 2895)
@@ -61,7 +61,7 @@
* @param callId identifier shared with the SIP stack
* @returns a reference to the session created
*/
- MRef<Session *> createSession( SipDialogSecurityConfig &config, std::string callId = "" );
+ MRef<Session *> createSession( /*SipDialogSecurityConfig &config*/ MRef<SipIdentity*> ident, std::string callId = "" );
/**
* Registers a new media type (audio or video
Modified: trunk/libminisip/include/libminisip/mediahandler/Session.h
===================================================================
--- trunk/libminisip/include/libminisip/mediahandler/Session.h 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/libminisip/include/libminisip/mediahandler/Session.h 2006-11-06 15:31:52 UTC (rev 2895)
@@ -32,7 +32,8 @@
#include<libmikey/keyagreement.h>
-#include<libminisip/sip/SipDialogSecurityConfig.h>
+//#include<libminisip/sip/SipDialogSecurityConfig.h>
+#include<libmsip/SipDialogConfig.h>
#include<libminisip/mediahandler/DtmfSender.h>
#include<libminisip/sdp/SdpPacket.h>
@@ -68,7 +69,7 @@
* description
* @param config security related configuration for the call
*/
- Session( std::string localIp, SipDialogSecurityConfig &config, std::string localIp6 = "" );
+ Session( std::string localIp, /*SipDialogSecurityConfig &config*/ MRef<SipIdentity*> ident, std::string localIp6 = "" );
/**
* Destructor.
@@ -260,7 +261,7 @@
void addStreamsToKa( bool initiating=true );
void setMikeyOffer();
std::string peerUri;
-
+
MRef<SdpPacket *> emptySdp();
MRef<MediaStreamReceiver *> matchFormat( MRef<SdpHeaderM *> m,
uint32_t iFormat, MRef<IPAddress *> &remoteAddress );
@@ -273,12 +274,16 @@
std::string localIpString;
std::string localIp6String;
MRef<SdpPacket *> sdpAnswer;
- bool secured;
std::string errorString;
uint16_t errorCode;
- SipDialogSecurityConfig securityConfig;
+ //SipDialogSecurityConfig securityConfig;
+ MRef<SipIdentity*> identity;
+ bool secured;
+ int ka_type;
+
+
std::string callId;
//DtmfSender dtmfSender;
Deleted: trunk/libminisip/include/libminisip/sip/SipDialogSecurityConfig.h
===================================================================
--- trunk/libminisip/include/libminisip/sip/SipDialogSecurityConfig.h 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/libminisip/include/libminisip/sip/SipDialogSecurityConfig.h 2006-11-06 15:31:52 UTC (rev 2895)
@@ -1,69 +0,0 @@
-/*
- Copyright (C) 2004-2006 the Minisip Team
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/* Copyright (C) 2004
- *
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
-*/
-
-#ifndef SIP_DIALOG_SECURITY_CONFIG
-#define SIP_DIALOG_SECURITY_CONFIG
-
-#include<libminisip/libminisip_config.h>
-
-#include<libmutil/MemObject.h>
-
-#define KEY_MGMT_METHOD_NULL 0x00
-#define KEY_MGMT_METHOD_MIKEY 0x10
-#define KEY_MGMT_METHOD_MIKEY_DH 0x11
-#define KEY_MGMT_METHOD_MIKEY_PSK 0x12
-#define KEY_MGMT_METHOD_MIKEY_PK 0x13
-
-class XMLFileParser;
-class certificate_chain;
-class ca_db;
-class SipIdentity;
-class ConfBackend;
-
-class LIBMINISIP_API SipDialogSecurityConfig{
- public:
- SipDialogSecurityConfig();
-
- void useIdentity( MRef<SipIdentity *> );
-
- bool secured;
- int ka_type;
-
- bool use_srtp;
- bool use_zrtp;
-
- MRef<certificate_chain *> cert;
- MRef<ca_db *> cert_db;
- bool psk_enabled;
- unsigned char * psk;
- unsigned int psk_length;
- bool dh_enabled;
- bool check_cert;
-
- void save( MRef<ConfBackend *> backend );
- void load( MRef<ConfBackend *> backend );
-};
-
-
-#endif
Modified: trunk/libminisip/include/libminisip/sip/SipSoftPhoneConfiguration.h
===================================================================
--- trunk/libminisip/include/libminisip/sip/SipSoftPhoneConfiguration.h 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/libminisip/include/libminisip/sip/SipSoftPhoneConfiguration.h 2006-11-06 15:31:52 UTC (rev 2895)
@@ -44,7 +44,6 @@
#include<libmsip/SipDialogConfig.h>
-#include<libminisip/sip/SipDialogSecurityConfig.h>
#include<libminisip/sip/Sip.h>
#include<libminisip/contactdb/PhoneBook.h>
#include<libminisip/configbackend/ConfBackend.h>
@@ -85,7 +84,7 @@
MRef<SipStackConfig *> inherited; //inherited.sipIdentity is the default sip identity.
- SipDialogSecurityConfig securityConfig;
+ //SipDialogSecurityConfig securityConfig;
//Configuration only the phone has and not every call
Modified: trunk/libminisip/source/Minisip.cxx
===================================================================
--- trunk/libminisip/source/Minisip.cxx 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/libminisip/source/Minisip.cxx 2006-11-06 15:31:52 UTC (rev 2895)
@@ -330,6 +330,15 @@
#ifdef DEBUG_OUTPUT
mout << BOLD << "init 6/9: Creating MSip SIP stack" << PLAIN << end;
#endif
+
+ MRef<SipSim*> sim = phoneConf->defaultIdentity->getSim();
+ MRef<certificate_chain *> certChain;
+ MRef<ca_db *> certDb;
+ if (sim){
+ certChain = sim->getCertificateChain();
+ certDb = sim->getCAs();
+ }
+
//save Sip object in Minisip::sip ...
this->sip=new Sip(phoneConf,mediaHandler,
localIpString,
@@ -337,12 +346,9 @@
phoneConf->inherited->localUdpPort,
phoneConf->inherited->localTcpPort,
phoneConf->inherited->externalContactUdpPort,
-// phoneConf->inherited->getTransport(),
phoneConf->inherited->localTlsPort,
- phoneConf->securityConfig.cert, //The certificate chain is used by TLS
- //TODO: TLS should use the whole chain instead of only the f$
- // MRef<ca_db *> cert_db = NULL
- phoneConf->securityConfig.cert_db
+ certChain,
+ certDb
);
//sip->init();
Modified: trunk/libminisip/source/mediahandler/CallRecorder.cxx
===================================================================
--- trunk/libminisip/source/mediahandler/CallRecorder.cxx 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/libminisip/source/mediahandler/CallRecorder.cxx 2006-11-06 15:31:52 UTC (rev 2895)
@@ -43,7 +43,10 @@
MRef<IpProvider *> ipProvider ):
MediaStreamReceiver( (Media *)*aMedia, rtpReceiver ),
fileDev( NULL ),
- audioMedia( aMedia) {
+ audioMedia( aMedia),
+ enabledMic(false),
+ enabledNtwk(false)
+{
static int count = 0;
count ++;
Modified: trunk/libminisip/source/mediahandler/KeyAgreement.cxx
===================================================================
--- trunk/libminisip/source/mediahandler/KeyAgreement.cxx 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/libminisip/source/mediahandler/KeyAgreement.cxx 2006-11-06 15:31:52 UTC (rev 2895)
@@ -30,7 +30,6 @@
#include<libmutil/Timestamp.h>
#include<libmutil/dbg.h>
-#include<libminisip/sip/SipDialogSecurityConfig.h>
#include<libmikey/keyagreement.h>
#include<libmikey/keyagreement_dh.h>
@@ -65,27 +64,28 @@
switch( init_mes->type() ){
case MIKEY_TYPE_DH_INIT:
- if( securityConfig.cert.isNull() ){
+ if( !identity->getSim() || identity->getSim()->getCertificateChain().isNull() /*securityConfig.cert.isNull()*/ ){
merr << "No certificate available" << end;
// throw MikeyExceptionUnacceptable(
// "Cannot handle DH key agreement, no certificate" );
- securityConfig.secured = false;
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
return false;
}
- if( !securityConfig.dh_enabled ){
+ if( /*!securityConfig.dh_enabled*/ !identity->dhEnabled ){
merr << "Cannot handle DH key agreement" << end;
//throw MikeyExceptionUnacceptable(
// "Cannot handle DH key agreement" );
- securityConfig.secured = false;
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
return false;
}
if( !ka ){
- ka = new KeyAgreementDH( securityConfig.cert, securityConfig.cert_db, DH_GROUP_OAKLEY5 );
+ ka = new KeyAgreementDH( /*securityConfig.cert*/ identity->getSim()->getCertificateChain(),
+ /*securityConfig.cert_db*/ identity->getSim()->getCAs(), DH_GROUP_OAKLEY5 );
}
ka->setInitiatorData( init_mes );
@@ -97,8 +97,8 @@
// throw MikeyExceptionAuthentication(
// "Authentication of the DH init message failed" );
merr << ka->authError() << end;
- securityConfig.secured = false;
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
return false;
}
@@ -107,13 +107,13 @@
#ifdef ENABLE_TS
ts.save( TMP );
#endif
- if( securityConfig.check_cert ){
+ if( /*securityConfig.check_cert*/ identity->checkCert ){
if( ((KeyAgreementDH *)*ka)->controlPeerCertificate() == 0){
#ifdef DEBUG_OUTPUT
merr << "Certificate check failed in the incoming MIKEY message" << end;
#endif
- securityConfig.secured = false;
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
return false;
}
}
@@ -121,20 +121,21 @@
ts.save( AUTH_END );
#endif
- securityConfig.ka_type = KEY_MGMT_METHOD_MIKEY_DH;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_MIKEY_DH;
break;
case MIKEY_TYPE_PSK_INIT:
- if( !securityConfig.psk_enabled ){
+ if( /*!securityConfig.psk_enabled*/ !identity->pskEnabled ){
//throw MikeyExceptionUnacceptable(
// "Cannot handle PSK key agreement" );
- securityConfig.secured = false;
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
return false;
}
- ka = new KeyAgreementPSK( securityConfig.psk, securityConfig.psk_length );
+ // ka keeps own local copy of private key
+ ka = new KeyAgreementPSK( /*securityConfig.psk*/ (byte_t*)identity->getPsk().c_str(), /*securityConfig.psk_length*/ identity->getPsk().size() );
ka->setInitiatorData( init_mes );
#ifdef ENABLE_TS
@@ -144,8 +145,8 @@
if( init_mes->authenticate( ((KeyAgreementPSK *)*ka) ) ){
// throw MikeyExceptionAuthentication(
// "Authentication of the PSK init message failed" );
- securityConfig.secured = false;
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
return false;
}
@@ -153,44 +154,44 @@
ts.save( AUTH_END );
#endif
- securityConfig.ka_type = KEY_MGMT_METHOD_MIKEY_PSK;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_MIKEY_PSK;
break;
case MIKEY_TYPE_PK_INIT:
//throw MikeyExceptionUnimplemented(
// "Public Key key agreement not implemented" );
- securityConfig.secured = false;
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
return false;
default:
merr << "Unexpected type of message in INVITE" << end;
- securityConfig.secured = false;
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
return false;
}
- securityConfig.secured = true;
+ /*securityConfig.*/secured = true;
authenticated = true;
}
catch( certificate_exception & ){
// TODO: Tell the GUI
merr << "Could not open certificate" <<end;
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
- securityConfig.secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
authenticated = false;
}
catch( MikeyExceptionUnacceptable &exc ){
merr << "MikeyException caught: "<<exc.what()<<end;
//FIXME! send SIP Unacceptable with Mikey Error message
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
- securityConfig.secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
authenticated = false;
}
// Authentication failed
catch( MikeyExceptionAuthentication &exc ){
merr << "MikeyExceptionAuthentication caught: "<<exc.what()<<end;
//FIXME! send SIP Authorization failed with Mikey Error message
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
- securityConfig.secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
authenticated = false;
}
// Message was invalid
@@ -200,14 +201,14 @@
if( ( error_mes = exc.errorMessage() ) != NULL ){
//FIXME: send the error message!
}
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
- securityConfig.secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
authenticated = false;
}
catch( MikeyException & exc ){
merr << "MikeyException caught: " << exc.what() << end;
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
- securityConfig.secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
authenticated = false;
}
@@ -215,8 +216,8 @@
}
else {
merr << "Unknown type of key agreement" << end;
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
- securityConfig.secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
authenticated = true;
}
return authenticated;
@@ -224,9 +225,9 @@
string Session::responderParse(){
- if( ! ( securityConfig.ka_type & KEY_MGMT_METHOD_MIKEY ) ){
+ if( ! ( /*securityConfig.*/ka_type & KEY_MGMT_METHOD_MIKEY ) ){
merr << "Unknown type of key agreement" << end;
- securityConfig.secured = false;
+ /*securityConfig.*/secured = false;
return "";
}
@@ -235,12 +236,12 @@
if( initMessage == NULL ){
merr << "Uninitialized message, this is a bug" << end;
- securityConfig.secured = false;
+ /*securityConfig.*/secured = false;
return "";
}
try{
- switch( securityConfig.ka_type ){
+ switch( /*securityConfig.*/ka_type ){
case KEY_MGMT_METHOD_MIKEY_DH:
#ifdef ENABLE_TS
ts.save( MIKEY_PARSE_START );
@@ -277,14 +278,14 @@
catch( certificate_exception & ){
// TODO: Tell the GUI
merr << "Could not open certificate" <<end;
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
- securityConfig.secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
}
catch( MikeyExceptionUnacceptable & exc ){
merr << "MikeyException caught: "<<exc.what()<<end;
//FIXME! send SIP Unacceptable with Mikey Error message
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
- securityConfig.secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
}
// Message was invalid
catch( MikeyExceptionMessageContent & exc ){
@@ -293,13 +294,13 @@
if( ( error_mes = exc.errorMessage() ) != NULL ){
responseMessage = error_mes;
}
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
- securityConfig.secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
}
catch( MikeyException & exc ){
merr << "MikeyException caught: " << exc.what() << end;
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
- securityConfig.secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
}
if( responseMessage != NULL ){
@@ -320,9 +321,10 @@
try{
- switch( securityConfig.ka_type ){
+ switch( /*securityConfig.*/ka_type ){
case KEY_MGMT_METHOD_MIKEY_DH:
- if( !securityConfig.cert || securityConfig.cert->is_empty() ){
+ //if( !securityConfig.cert || securityConfig.cert->is_empty() ){
+ if( !identity->getSim() || !identity->getSim()->getCertificateChain() ){
throw MikeyException( "No certificate provided for DH key agreement" );
}
#ifdef ENABLE_TS
@@ -333,7 +335,9 @@
ka = NULL;
}
if( !ka ){
- ka = new KeyAgreementDH( securityConfig.cert, securityConfig.cert_db, DH_GROUP_OAKLEY5 );
+ ka = new KeyAgreementDH( /*securityConfig.cert*/ identity->getSim()->getCertificateChain() ,
+ /*securityConfig.cert_db*/ identity->getSim()->getCAs(),
+ DH_GROUP_OAKLEY5 );
}
addStreamsToKa();
#ifdef ENABLE_TS
@@ -348,7 +352,9 @@
#ifdef ENABLE_TS
ts.save( DH_PRECOMPUTE_START );
#endif
- ka = new KeyAgreementPSK( securityConfig.psk, securityConfig.psk_length );
+ //ka stores local copy of key
+ ka = new KeyAgreementPSK( /*securityConfig.psk*/ (byte_t*)identity->getPsk().c_str(),
+ /*securityConfig.psk_length*/ identity->getPsk().size() );
addStreamsToKa();
#ifdef ENABLE_TS
ts.save( DH_PRECOMPUTE_END );
@@ -376,14 +382,14 @@
catch( certificate_exception & ){
// FIXME: tell the GUI
merr << "Could not open certificate" <<end;
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
- securityConfig.secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
return "";
}
catch( MikeyException & exc ){
merr << "MikeyException caught: " << exc.what() << end;
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
- securityConfig.secured=false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured=false;
return "";
}
}
@@ -398,14 +404,14 @@
message = message.substr(6,message.length()-6);
if(message == ""){
merr << "No MIKEY message received" << end;
- securityConfig.secured = false;
+ /*securityConfig.*/secured = false;
return false;
} else {
try{
MikeyMessage * resp_mes = new MikeyMessage( message );
ka->setResponderData( resp_mes );
- switch( securityConfig.ka_type ){
+ switch( /*securityConfig.*/ka_type ){
case KEY_MGMT_METHOD_MIKEY_DH:
#ifdef ENABLE_TS
@@ -419,7 +425,7 @@
#ifdef ENABLE_TS
ts.save( TMP );
#endif
- if( securityConfig.check_cert ){
+ if( /*securityConfig.check_cert*/ identity->checkCert ){
if( ((KeyAgreementDH *)*ka)->controlPeerCertificate() == 0)
throw MikeyExceptionAuthentication(
"Certificate control failed" );
@@ -427,7 +433,7 @@
#ifdef ENABLE_TS
ts.save( AUTH_END );
#endif
- securityConfig.secured = true;
+ /*securityConfig.*/secured = true;
return true;
/*
@@ -459,7 +465,7 @@
"Unexpected MIKEY Message type" );
break;*/
- securityConfig.secured = true;
+ /*securityConfig.*/secured = true;
return true;
case KEY_MGMT_METHOD_MIKEY_PK:
@@ -475,8 +481,8 @@
catch(MikeyExceptionAuthentication &exc){
merr << "MikeyException caught: " << exc.what() << end;
//FIXME! send SIP Authorization failed with Mikey Error message
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
- securityConfig.secured=false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured=false;
return false;
}
catch(MikeyExceptionMessageContent &exc){
@@ -485,22 +491,22 @@
if( ( error_mes = exc.errorMessage() ) != NULL ){
//FIXME: send the error message!
}
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
- securityConfig.secured=false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured=false;
return false;
}
catch(MikeyException &exc){
merr << "MikeyException caught: " << exc.what() << end;
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
- securityConfig.secured=false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured=false;
return false;
}
}
}
else{
merr << "Unknown key management method" << end;
- securityConfig.secured = false;
+ /*securityConfig.*/secured = false;
return false;
}
@@ -509,9 +515,9 @@
string Session::initiatorParse(){
- if( ! ( securityConfig.ka_type & KEY_MGMT_METHOD_MIKEY ) ){
+ if( ! ( /*securityConfig.*/ka_type & KEY_MGMT_METHOD_MIKEY ) ){
merr << "Unknown type of key agreement" << end;
- securityConfig.secured = false;
+ /*securityConfig.*/secured = false;
return "";
}
@@ -522,12 +528,12 @@
if( initMessage == NULL ){
merr << "Uninitialized MIKEY init message, this is a bug" << end;
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
- securityConfig.secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
return "";
}
- switch( securityConfig.ka_type ){
+ switch( /*securityConfig.*/ka_type ){
case KEY_MGMT_METHOD_MIKEY_DH:
#ifdef ENABLE_TS
ts.save( MIKEY_PARSE_START );
@@ -560,14 +566,14 @@
catch( certificate_exception & ){
// TODO: Tell the GUI
merr << "Could not open certificate" <<end;
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
- securityConfig.secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
}
catch( MikeyExceptionUnacceptable &exc ){
merr << "MikeyException caught: "<<exc.what()<<end;
//FIXME! send SIP Unacceptable with Mikey Error message
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
- securityConfig.secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
}
// Message was invalid
catch( MikeyExceptionMessageContent &exc ){
@@ -576,13 +582,13 @@
if( ( error_mes = exc.errorMessage() ) != NULL ){
responseMessage = error_mes;
}
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
- securityConfig.secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
}
catch( MikeyException & exc ){
merr << "MikeyException caught: " << exc.what() << end;
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
- securityConfig.secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
}
if( responseMessage != NULL )
@@ -618,7 +624,7 @@
void Session::setMikeyOffer(){
MikeyMessage * initMessage = (MikeyMessage *)ka->initiatorData();
- switch( securityConfig.ka_type ){
+ switch( /*securityConfig.*/ka_type ){
case KEY_MGMT_METHOD_MIKEY_DH:
initMessage->setOffer((KeyAgreementDH *)*ka);
break;
Modified: trunk/libminisip/source/mediahandler/MediaHandler.cxx
===================================================================
--- trunk/libminisip/source/mediahandler/MediaHandler.cxx 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/libminisip/source/mediahandler/MediaHandler.cxx 2006-11-06 15:31:52 UTC (rev 2895)
@@ -29,7 +29,6 @@
#include<string.h>
#include<libminisip/sdp/SdpPacket.h>
#include<libmikey/keyagreement.h>
-#include<libminisip/sip/SipDialogSecurityConfig.h>
#include<libminisip/sip/SipSoftPhoneConfiguration.h>
#include<libminisip/ipprovider/IpProvider.h>
#include<libminisip/codecs/Codec.h>
@@ -104,7 +103,7 @@
// }
-MRef<Session *> MediaHandler::createSession( SipDialogSecurityConfig &securityConfig, string callId ){
+MRef<Session *> MediaHandler::createSession( /*SipDialogSecurityConfig &securityConfig*/ MRef<SipIdentity*> id, string callId ){
list< MRef<Media *> >::iterator i;
MRef<Session *> session;
@@ -122,7 +121,7 @@
if( ip6Provider )
contactIp6 = ip6Provider->getExternalIp();
- session = new Session( contactIp, securityConfig, contactIp6 );
+ session = new Session( contactIp, /*securityConfig*/ id, contactIp6 );
session->setCallId( callId );
for( i = media.begin(); i != media.end(); i++ ){
@@ -144,7 +143,7 @@
session->callRecorder = cr;
}
#ifdef ZRTP_SUPPORT
- if(securityConfig.use_zrtp) {
+ if(/*securityConfig.use_zrtp*/ id->use_zrtp) {
#ifdef DEBUG_OUTPUT
cerr << "MediaHandler::createSession: enabling ZRTP for receiver" << callId << endl;
#endif
@@ -177,7 +176,7 @@
sStream = new MediaStreamSender( media, sock, sock6 );
session->addMediaStreamSender( sStream );
#ifdef ZRTP_SUPPORT
- if(securityConfig.use_zrtp) {
+ if(/*securityConfig.use_zrtp*/ id->use_zrtp) {
#ifdef DEBUG_OUTPUT
cerr << "MediaHandler::createSession: enabling ZRTP for sender: " << callId << endl;
#endif
Modified: trunk/libminisip/source/mediahandler/Session.cxx
===================================================================
--- trunk/libminisip/source/mediahandler/Session.cxx 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/libminisip/source/mediahandler/Session.cxx 2006-11-06 15:31:52 UTC (rev 2895)
@@ -65,8 +65,12 @@
SessionRegistry * Session::registry = NULL;
MRef<KeyAgreement *> Session::precomputedKa = NULL;
-Session::Session( string localIp, SipDialogSecurityConfig &securityConfig, string localIp6 ):ka(NULL),localIpString(localIp), localIp6String(localIp6){
- this->securityConfig = securityConfig; // hardcopy
+Session::Session( string localIp, /*SipDialogSecurityConfig &securityConfig*/ MRef<SipIdentity*> ident, string localIp6 ):ka(NULL),localIpString(localIp), localIp6String(localIp6){
+// this->securityConfig = securityConfig; // hardcopy
+ identity = ident;
+ secured = ident->securityEnabled;
+ ka_type = ident->ka_type;
+
this->ka = Session::precomputedKa;
dtmfTOProvider = new TimeoutProvider<DtmfEvent *, MRef<DtmfSender *> >;
Session::precomputedKa = NULL;
@@ -85,7 +89,8 @@
}
if( Session::precomputedKa.isNull() ){
- Session::precomputedKa = new KeyAgreementDH( securityConfig.cert, securityConfig.cert_db, DH_GROUP_OAKLEY5 );
+ Session::precomputedKa = new KeyAgreementDH( /*securityConfig.cert*/ identity->getSim()->getCertificateChain(),
+ /*securityConfig.cert_db*/ identity->getSim()->getCAs(), DH_GROUP_OAKLEY5 );
}
}
@@ -252,10 +257,10 @@
// cerr << "Session::getSdpOffer" << endl;
result = emptySdp();
- if( securityConfig.secured ){
+ if( /*securityConfig.secured*/ secured ){
MRef<SdpHeaderA *> a;
keyMgmtMessage = initiatorCreate(); //in KeyAgreement.cxx
- if( ! securityConfig.secured ){
+ if( /*! securityConfig.secured*/ !secured ){
// something went wrong
return NULL;
}
@@ -374,7 +379,7 @@
#ifdef DEBUG_OUTPUT
// cerr << "Session::setSdpAnswer" << endl;
#endif
- if( securityConfig.secured ){
+ if( /*securityConfig.secured*/ secured ){
/* get the keymgt: attribute */
string keyMgmtMessage =
answer->getSessionLevelAttribute( "key-mgmt" );
@@ -557,8 +562,8 @@
setMikeyOffer();
}
else{
- securityConfig.secured = false;
- securityConfig.ka_type = KEY_MGMT_METHOD_NULL;
+ /*securityConfig.*/secured = false;
+ /*securityConfig.*/ka_type = KEY_MGMT_METHOD_NULL;
}
@@ -614,7 +619,7 @@
const string &transport = offerM->getTransport();
if (transport != "RTP/AVP" &&
- !securityConfig.secured &&
+ !/*securityConfig.*/secured &&
transport == "RTP/SAVP") {
errorString += "No supported SRTP key exchange method";
return false;
@@ -693,12 +698,12 @@
MRef<SdpPacket *> Session::getSdpAnswer(){
// cerr << "Session::getSdpAnswer" << endl;
- if( securityConfig.secured ){
+ if( /*securityConfig.*/secured ){
string keyMgmtAnswer;
// Generate the key management answer message
keyMgmtAnswer = responderParse();
- if( !securityConfig.secured ){
+ if( !/*securityConfig.*/secured ){
// Something went wrong
errorString = "Could not parse key management message.";
fprintf(stderr, "responderParse failed\n" );
@@ -722,7 +727,7 @@
list< MRef<MediaStreamSender * > >::iterator iS;
list< MRef<MediaStreamReceiver * > >::iterator iR;
- if( securityConfig.secured && ka && ka->type() == KEY_AGREEMENT_TYPE_DH ){
+ if( /*securityConfig.*/secured && ka && ka->type() == KEY_AGREEMENT_TYPE_DH ){
#ifdef ENABLE_TS
ts.save( TGK_START );
#endif
@@ -734,7 +739,7 @@
for( iR = mediaStreamReceivers.begin(); iR != mediaStreamReceivers.end(); iR++ ){
if( ! (*iR)->disabled ){
- if( securityConfig.secured ){
+ if( /*securityConfig.*/secured ){
(*iR)->setKeyAgreement( ka );
}
(*iR)->start();
@@ -744,7 +749,7 @@
mediaStreamSendersLock.lock();
for( iS = mediaStreamSenders.begin(); iS != mediaStreamSenders.end(); iS++ ){
if( (*iS)->getPort() ){
- if( securityConfig.secured ){
+ if( /*securityConfig.*/secured ){
(*iS)->setKeyAgreement( ka );
}
(*iS)->start();
@@ -809,7 +814,7 @@
}
bool Session::isSecure(){
- return securityConfig.secured;
+ return /*securityConfig.*/secured;
}
string Session::getCallId(){
Modified: trunk/libminisip/source/sip/DefaultDialogHandler.cxx
===================================================================
--- trunk/libminisip/source/sip/DefaultDialogHandler.cxx 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/libminisip/source/sip/DefaultDialogHandler.cxx 2006-11-06 15:31:52 UTC (rev 2895)
@@ -127,10 +127,19 @@
if( to ){
SipUri u = to->getUri();
id = phoneconf->getIdentity( u );
+ }else{
+ return true; //handle by ignoring
}
+
+ if (!id){
+ merr <<"WARNING: Could not find local identity - using default"<<endl;
+ id = phoneconf->defaultIdentity;
+ }
+
#ifdef DEBUG_OUTPUT
mdbg << "DefaultDialogHandler:: creating new SipDialogConfVoip" << end;
#endif
+
//get the GroupList from the remote GroupListServer
//MRef<GroupList*>grpList;
@@ -163,7 +172,7 @@
//string prot = sdp->getSessionLevelAttribute("p2tGroupListProt");
// get a session from the mediaHandler
MRef<Session *> mediaSession =
- mediaHandler->createSession(phoneconf->securityConfig, pkt->getCallId() );
+ mediaHandler->createSession(/*phoneconf->securityConfig*/ id, pkt->getCallId() );
/* MRef<SipDialogConfig*> callConf = new SipDialogConfig(phoneconf->inherited);
if( id ){
@@ -193,7 +202,16 @@
if( to ){
SipUri u = to->getUri();
id = phoneconf->getIdentity( u );
+ }else{
+ mdbg << "INFO: dropping incoming message without FROM header"<<endl;
+ return true;
}
+
+ if (!id){
+ merr <<"WARNING: Could not find local identity - using default"<<endl;
+ id = phoneconf->defaultIdentity;
+ }
+
#ifdef DEBUG_OUTPUT
mdbg << "DefaultDialogHandler:: creating new SipDialogConfVoip" << end;
#endif
@@ -203,7 +221,7 @@
MRef<SdpPacket*> sdp = (SdpPacket*)*inv->getContent();
string confid = sdp->getSessionLevelAttribute("confId");
MRef<Session *> mediaSession =
- mediaHandler->createSession(phoneconf->securityConfig, pkt->getCallId() );
+ mediaHandler->createSession(/*phoneconf->securityConfig*/ id, pkt->getCallId() );
/* MRef<SipDialogConfig*> callConf = new SipDialogConfig(phoneconf->inherited);
@@ -230,11 +248,18 @@
if( to ){
SipUri u = to->getUri();
id = phoneconf->getIdentity( u );
+ }else{
+ return true; // We handled it by ignoring the packet
}
+ if (!id){
+ merr <<"WARNING: Could not find local identity - using default"<<endl;
+ id = phoneconf->defaultIdentity;
+ }
+
// get a session from the mediaHandler
MRef<Session *> mediaSession =
- mediaHandler->createSession(phoneconf->securityConfig, pkt->getCallId() );
+ mediaHandler->createSession(/*phoneconf->securityConfig*/ id, pkt->getCallId() );
/* MRef<SipDialogConfig*> callConf = new SipDialogConfig(phoneconf->inherited);
Modified: trunk/libminisip/source/sip/Sip.cxx
===================================================================
--- trunk/libminisip/source/sip/Sip.cxx 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/libminisip/source/sip/Sip.cxx 2006-11-06 15:31:52 UTC (rev 2895)
@@ -116,11 +116,11 @@
string user = cmd.getParam();
bool gotAtSign;
- SipDialogSecurityConfig securityConfig;
+// SipDialogSecurityConfig securityConfig;
#ifdef ENABLE_TS
ts.save( INVITE_START );
#endif
- securityConfig = phoneconfig->securityConfig;
+// securityConfig = phoneconfig->securityConfig;
int startAddr=0;
if (user.substr(0,4)=="sip:")
@@ -141,10 +141,10 @@
phoneconfig->defaultIdentity;
if( !id ){
- cerr << "id is null" << endl;
+ merr << "ERROR: could not determine what local identity to use" << endl;
}
- securityConfig.useIdentity( id );
+// securityConfig.useIdentity( id );
gotAtSign = ( user.find("@", startAddr) != string::npos );
@@ -185,7 +185,7 @@
cerr << "Before new mediaSession" << endl;
#endif
MRef<Session *> mediaSession =
- mediaHandler->createSession( securityConfig );
+ mediaHandler->createSession( /*securityConfig*/ id );
#ifdef DEBUG_OUTPUT
cerr << "After new mediaSession" << endl;
#endif
@@ -223,11 +223,11 @@
}
string Sip::confjoin(string &user, minilist<ConfMember> *conflist, string confId){
- SipDialogSecurityConfig securityConfig;
+// SipDialogSecurityConfig securityConfig;
#ifdef ENABLE_TS
ts.save( INVITE_START );
#endif
- securityConfig = phoneconfig->securityConfig;
+// securityConfig = phoneconfig->securityConfig;
int startAddr=0;
if (user.substr(0,4)=="sip:")
@@ -241,13 +241,13 @@
if (user[i]<'0' || user[i]>'9')
onlydigits=false;
- MRef<SipIdentity*> identity;
+ MRef<SipIdentity*> identity=phoneconfig->defaultIdentity;
if (onlydigits && phoneconfig->usePSTNProxy){
identity = phoneconfig->pstnIdentity;
- securityConfig.useIdentity( phoneconfig->pstnIdentity );
+// securityConfig.useIdentity( phoneconfig->pstnIdentity );
}
else{
- securityConfig.useIdentity( phoneconfig->defaultIdentity);
+// securityConfig.useIdentity( phoneconfig->defaultIdentity);
}
@@ -296,7 +296,7 @@
MRef<Session *> mediaSession =
- mediaHandler->createSession( securityConfig );
+ mediaHandler->createSession( /*securityConfig*/ identity );
MRef<SipDialog*> voipConfCall( new SipDialogConfVoip(dynamic_cast<ConfMessageRouter*>(*sipstack->getConfCallback()), sipstack, identity, phoneconfig, mediaSession, conflist, confId, ""));
@@ -314,11 +314,11 @@
}
string Sip::confconnect(string &user, string confId){
- SipDialogSecurityConfig securityConfig;
+// SipDialogSecurityConfig securityConfig;
#ifdef ENABLE_TS
ts.save( INVITE_START );
#endif
- securityConfig = phoneconfig->securityConfig;
+// securityConfig = phoneconfig->securityConfig;
int startAddr=0;
if (user.substr(0,4)=="sip:")
@@ -328,15 +328,15 @@
startAddr = 5;
bool onlydigits=true;
- MRef<SipIdentity*> identity;
+ MRef<SipIdentity*> identity=phoneconfig->defaultIdentity;
for (unsigned i=0; i<user.length(); i++)
if (user[i]<'0' || user[i]>'9')
onlydigits=false;
if (onlydigits && phoneconfig->usePSTNProxy){
identity = phoneconfig->pstnIdentity;
- securityConfig.useIdentity( phoneconfig->pstnIdentity );
+// securityConfig.useIdentity( phoneconfig->pstnIdentity );
}else{
- securityConfig.useIdentity( phoneconfig->defaultIdentity);
+// securityConfig.useIdentity( phoneconfig->defaultIdentity);
}
@@ -385,7 +385,7 @@
MRef<Session *> mediaSession =
- mediaHandler->createSession( securityConfig );
+ mediaHandler->createSession( /*securityConfig*/ identity );
MRef<SipDialog*> voipConfCall( new SipDialogConfVoip(dynamic_cast<ConfMessageRouter*>(*sipstack->getConfCallback()), sipstack, identity, phoneconfig, mediaSession, confId));
@@ -437,7 +437,8 @@
}
if (phoneconfig->tls_server){
- if( phoneconfig->securityConfig.cert.isNull() ){
+ //if( phoneconfig->securityConfig.cert.isNull() ){
+ if( !phoneconfig->defaultIdentity->getSim() || phoneconfig->defaultIdentity->getSim()->getCertificateChain().isNull() ){
merr << "Certificate needed for TLS server. You will not be able to receive incoming TLS connections." << end;
}
else{
Deleted: trunk/libminisip/source/sip/SipDialogSecurityConfig.cxx
===================================================================
--- trunk/libminisip/source/sip/SipDialogSecurityConfig.cxx 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/libminisip/source/sip/SipDialogSecurityConfig.cxx 2006-11-06 15:31:52 UTC (rev 2895)
@@ -1,324 +0,0 @@
-/*
- Copyright (C) 2004-2006 the Minisip Team
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/* Copyright (C) 2004
- *
- * Authors: Erik Eliasson <eliasson at it.kth.se>
- * Johan Bilien <jobi at via.ecp.fr>
- */
-
-#include<config.h>
-
-#include<libminisip/sip/SipDialogSecurityConfig.h>
-
-#include<libminisip/configbackend/ConfBackend.h>
-#include<libmcrypto/cert.h>
-#include<libmutil/XMLParser.h>
-#include<libmutil/stringutils.h>
-#include<libmsip/SipDialogConfig.h>
-
-#include<libminisip/configbackend/OnlineConfBackend.h>
-#include<vector>
-using namespace std;
-
-SipDialogSecurityConfig::SipDialogSecurityConfig():
- secured(false),
- ka_type(0),
- use_srtp(false),
- use_zrtp(false),
- cert(NULL),
- cert_db(NULL),
- psk_enabled(false),
- psk(NULL),
- psk_length(0),
- dh_enabled(false),
- check_cert(false)
-{
-}
-
-void SipDialogSecurityConfig::save( MRef<ConfBackend *> backend ){
-
- backend->save("secured", secured?string("yes"): string("no"));
-
- backend->save("use_srtp", use_srtp?string("yes"): string("no"));
- if (use_srtp) {
- backend->save("use_zrtp", use_zrtp ? string("yes") : string("no"));
- }
-
- backend->save("psk_enabled", psk_enabled?string("yes"): string("no"));
- backend->save("dh_enabled", dh_enabled?string("yes"): string("no"));
-
- char * pskString = new char[psk_length+1];
- memcpy( pskString, psk, psk_length );
- pskString[psk_length] = '\0';
- backend->save("psk", pskString);
- delete [] pskString;
-
- string kaTypeString;
- switch( ka_type ){
- case KEY_MGMT_METHOD_MIKEY_DH:
- kaTypeString = "dh";
- break;
- case KEY_MGMT_METHOD_MIKEY_PSK:
- kaTypeString = "psk";
- break;
- case KEY_MGMT_METHOD_MIKEY_PK:
- kaTypeString = "pk";
- }
-
- backend->save("ka_type", kaTypeString);
-
- /***********************************************************
- * Certificate settings
- ***********************************************************/
-
- /* Update the certificate part of the configuration file */
- cert->lock();
- cert->init_index();
- MRef<certificate *> certItem = cert->get_next();
-
- /* The first element is the personal certificate, the next ones
- * are saved as certificate_chain */
- if( !certItem.isNull() ){
- backend->save("certificate",certItem->get_file());
- backend->save("private_key",certItem->get_pk_file());
- certItem = cert->get_next();
- }
-
- uint32_t i = 0;
-
- while( !certItem.isNull() ){
- backend->save("certificate_chain["+itoa(i)+"]",
- certItem->get_file() );
- i++;
- certItem = cert->get_next();
- }
-
- cert->unlock();
-
- /* CA database saved in the config file */
- uint32_t iFile = 0;
- uint32_t iDir = 0;
- cert_db->lock();
- cert_db->init_index();
- ca_db_item * caDbItem = cert_db->get_next();
-
- while( caDbItem != NULL ){
- switch( caDbItem->type ){
- case CERT_DB_ITEM_TYPE_FILE:
- backend->save("ca_file["+itoa(iFile)+"]",
- caDbItem->item);
- iFile ++;
- break;
- case CERT_DB_ITEM_TYPE_DIR:
- backend->save("ca_dir["+itoa(iDir)+"]",
- caDbItem->item);
- iDir ++;
- break;
- }
-
- caDbItem = cert_db->get_next();
- }
-
- cert_db->unlock();
-}
-
-void SipDialogSecurityConfig::load( MRef<ConfBackend *> backend ){
-
- secured = backend->loadString("secured","no")=="yes";
- use_srtp = backend->loadString("use_srtp","no")=="yes";
- if (use_srtp) {
- use_zrtp = backend->loadString("use_zrtp", "no") == "yes";
- }
-
- dh_enabled = backend->loadString("dh_enabled","no")=="yes";
- psk_enabled = backend->loadString("psk_enabled","no")=="yes";
- check_cert = backend->loadString("check_cert","no")=="yes";
-
- if( backend->loadString("ka_type", "psk") == "psk" )
- ka_type = KEY_MGMT_METHOD_MIKEY_PSK;
-
- else if( backend->loadString("ka_type", "psk") == "dh" )
- ka_type = KEY_MGMT_METHOD_MIKEY_DH;
-
-
- else if( backend->loadString("ka_type", "psk") == "pk" )
- ka_type = KEY_MGMT_METHOD_MIKEY_PK;
-
- else{
- ka_type = KEY_MGMT_METHOD_MIKEY_PSK;
-#ifdef DEBUG_OUTPUT
- merr << "Invalid KA type in config file, default to PSK"<<end;
-#endif
- }
-
- string pskString = backend->loadString("psk","Unspecified PSK");
- psk_length = (int)pskString.size();
- psk = new unsigned char[psk_length];
-
- memcpy( psk, pskString.c_str(), psk_length );
-
- /****************************************************************
- * Certificate settings
- ****************************************************************/
-
- string certFile = backend->loadString("certificate","");
- string privateKeyFile = backend->loadString("private_key","");
-
- cert = new certificate_chain();
-
-#ifdef ONLINECONF_SUPPORT
- if(certFile.substr(0,10)=="httpsrp://")
- {
- OnlineConfBack *conf;
- conf = backend->getConf();
- certificate *cert=NULL;
- cert = conf->getOnlineCert();
- this->cert->add_certificate( cert );
- }
-
- else
-#endif
- if( certFile != "" ){
- certificate * cert=NULL;
-
- try{
- cert = new certificate( certFile );
- this->cert->add_certificate( cert );
- }
- catch( certificate_exception & ){
- merr << "Could not open the given certificate " << certFile <<end;
- }
-
- if( privateKeyFile != "" ){
-
- try{
- cert->set_pk( privateKeyFile );
- }
- catch( certificate_exception_pkey & ){
- merr << "The given private key " << privateKeyFile << " does not match the certificate"<<end;
- }
-
- catch( certificate_exception &){
- merr << "Could not open the given private key "<< privateKeyFile << end;
- }
- }
- }
-
- uint32_t iCertFile = 0;
- certFile = backend->loadString("certificate_chain[0]","");
-
-#ifdef ONLINECONF_SUPPORT
- if(certFile.substr(0,10)=="httpsrp://")
- {
- OnlineConfBack *conf;
- conf = backend->getConf();
- vector<struct contdata*> res;
- string user = conf->getUser();
- conf->downloadReq(user, "certificate_chain",res);/*gets the whole chain*/
- for(int i=0;i<res.size();i++)
- {
- try
- {
- certificate *cert = new certificate((unsigned char *)res.at(i)->data,(size_t) res.at(i)->size,
- "httpsrp:///"+user + "/certificate_chain" );
- this->cert->add_certificate( cert );
- }
- catch(certificate_exception &)
- {
- merr << "Could not open the given certificate" << end;
- }
- }
- }
-
- else
-#endif
- while( certFile != "" ){
- try{
- certificate * cert = new certificate( certFile );
- this->cert->add_certificate( cert );
- }
- catch( certificate_exception &){
- merr << "Could not open the given certificate" << end;
- }
- iCertFile ++;
- certFile = backend->loadString("certificate_chain["+itoa(iCertFile)+"]","");
-
- }
-
- cert_db = new ca_db();
- iCertFile = 0;
- certFile = backend->loadString("ca_file[0]","");
-
-#ifdef ONLINECONF_SUPPORT
- if(certFile.substr(0,10)=="httpsrp://")
- {
- OnlineConfBack *conf;
- conf = backend->getConf();
- vector<struct contdata*> res;
- string user = conf->getUser();
- conf->downloadReq(user, "certificate_chain",res);
- for(int i=0;i<res.size();i++)
- {
- try{
- certificate *cert = new certificate((unsigned char *)res.at(i)->data,(size_t) res.at(i)->size,
- "httpsrp:///"+user + "/root_cert" );
- cert_db->add_certificate( cert );
- }
- catch( certificate_exception &){
- merr << "Could not open the CA certificate" << end;
- }
- }
- }
-
- else
-#endif
- while( certFile != ""){
- try{
- cert_db->add_file( certFile );
- }
- catch( certificate_exception &){
- merr << "Could not open the CA certificate" << end;
- }
- iCertFile ++;
- certFile = backend->loadString("ca_file["+itoa(iCertFile)+"]","");
-
- }
- iCertFile = 0;
-
- certFile = backend->loadString("ca_dir[0]","");
-
- while( certFile != ""){
- try{
- cert_db->add_directory( certFile );
- }
- catch( certificate_exception &){
- merr << "Could not open the CA certificate directory " << certFile << end;
- }
- iCertFile ++;
- certFile = backend->loadString("ca_dir["+itoa(iCertFile)+"]","");
- }
-}
-
-
-void SipDialogSecurityConfig::useIdentity( MRef<SipIdentity *> identity ){
- identity->lock();
- secured = identity->securitySupport;
- identity->unlock();
-}
-
Modified: trunk/libminisip/source/sip/SipDialogVoip.cxx
===================================================================
--- trunk/libminisip/source/sip/SipDialogVoip.cxx 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/libminisip/source/sip/SipDialogVoip.cxx 2006-11-06 15:31:52 UTC (rev 2895)
@@ -583,7 +583,8 @@
SipDialog(stack,ident),
phoneconf(pconf),
mediaSession(mediaSession),
- lastInvite(NULL)
+ lastInvite(NULL),
+ notifyEarlyTermination(false)
{
if (cid=="")
dialogState.callId = itoa(rand())+"@"+getDialogConfig()->inherited->externalContactIP;
Modified: trunk/libminisip/source/sip/SipSoftPhoneConfiguration.cxx
===================================================================
--- trunk/libminisip/source/sip/SipSoftPhoneConfiguration.cxx 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/libminisip/source/sip/SipSoftPhoneConfiguration.cxx 2006-11-06 15:31:52 UTC (rev 2895)
@@ -48,6 +48,7 @@
#include<libminisip/configbackend/UserConfig.h>
#include<fstream>
#include<libminisip/soundcard/AudioMixer.h>
+#include<libmsip/SipSimSoft.h>
#ifdef _WIN32_WCE
# include<stdlib.h>
@@ -60,13 +61,13 @@
#include<libminisip/configbackend/OnlineConfBackend.h>
//update both!!!! the str define is to avoid including itoa.h
-#define CONFIG_FILE_VERSION_REQUIRED 2
-#define CONFIG_FILE_VERSION_REQUIRED_STR "2"
+#define CONFIG_FILE_VERSION_REQUIRED 3
+#define CONFIG_FILE_VERSION_REQUIRED_STR "3"
using namespace std;
SipSoftPhoneConfiguration::SipSoftPhoneConfiguration():
- securityConfig(),
+ //securityConfig(),
sip(NULL),
useSTUN(false),
stunServerPort(0),
@@ -100,7 +101,7 @@
backend->save( "local_tcp_port", inherited->localTcpPort );
backend->save( "local_tls_port", inherited->localTlsPort );
backend->save( "auto_answer", inherited->autoAnswer?"yes":"no");
- securityConfig.save( backend );
+ //securityConfig.save( backend );
list< MRef<SipIdentity *> >::iterator iIdent;
uint32_t ii = 0;
@@ -117,6 +118,104 @@
backend->save( accountPath + "sip_uri", (*iIdent)->sipUsername + "@" + (*iIdent)->sipDomain );
+
+/*From SipDialogSecurity below*/
+ backend->save(accountPath + "use_zrtp", /*use_zrtp*/ (*iIdent)->use_zrtp ? string("yes") : string("no"));
+ backend->save(accountPath + "psk_enabled", (*iIdent)->pskEnabled ? string("yes") : string("no"));
+ backend->save(accountPath + "dh_enabled", (*iIdent)->dhEnabled ? string("yes") : string("no"));
+
+ backend->save(accountPath + "psk", (*iIdent)->getPsk() );
+
+
+ string kaTypeString;
+ switch( (*iIdent)->ka_type ){
+ case KEY_MGMT_METHOD_MIKEY_DH:
+ kaTypeString = "dh";
+ break;
+ case KEY_MGMT_METHOD_MIKEY_PSK:
+ kaTypeString = "psk";
+ break;
+ case KEY_MGMT_METHOD_MIKEY_PK:
+ kaTypeString = "pk";
+ }
+
+ backend->save(accountPath + "ka_type", kaTypeString);
+
+
+ /***********************************************************
+ * Certificate settings
+ ***********************************************************/
+
+ MRef<certificate_chain*> cert;
+ if ((*iIdent)->getSim()){
+ cert = (*iIdent)->getSim()->getCertificateChain();
+ }else{
+ cert = new certificate_chain(); //create an empty chain if no SIM to simplify code below
+ }
+
+ /* Update the certificate part of the configuration file */
+ cert->lock();
+ cert->init_index();
+ MRef<certificate *> certItem = cert->get_next();
+
+ /* The first element is the personal certificate, the next ones
+ * are saved as certificate_chain */
+ if( !certItem.isNull() ){
+ backend->save(accountPath + "certificate",certItem->get_file());
+ backend->save(accountPath + "private_key",certItem->get_pk_file());
+ certItem = cert->get_next();
+ }
+
+ uint32_t i = 0;
+
+ while( !certItem.isNull() ){
+ backend->save(accountPath + "certificate_chain["+itoa(i)+"]",
+ certItem->get_file() );
+ i++;
+ certItem = cert->get_next();
+ }
+
+ cert->unlock();
+
+ /* CA database saved in the config file */
+ uint32_t iFile = 0;
+ uint32_t iDir = 0;
+ MRef<ca_db*> cert_db;
+ if ((*iIdent)->getSim())
+ cert_db = (*iIdent)->getSim()->getCAs();
+ else
+ cert_db = new ca_db;
+
+ cert_db->lock();
+ cert_db->init_index();
+ ca_db_item * caDbItem = cert_db->get_next();
+
+
+ while( caDbItem != NULL ){
+ switch( caDbItem->type ){
+ case CERT_DB_ITEM_TYPE_FILE:
+ backend->save(accountPath + "ca_file["+itoa(iFile)+"]",
+ caDbItem->item);
+ iFile ++;
+ break;
+ case CERT_DB_ITEM_TYPE_DIR:
+ backend->save(accountPath + "ca_dir["+itoa(iDir)+"]",
+ caDbItem->item);
+ iDir ++;
+ break;
+ }
+
+ caDbItem = cert_db->get_next();
+ }
+
+ cert_db->unlock();
+
+
+
+/*From SipDialogSecurity above*/
+
+
+
if( (*iIdent)->getSipProxy()->autodetectSettings ) {
backend->save( accountPath + "auto_detect_proxy", "yes" );
} else {
@@ -259,8 +358,6 @@
backend->save( "network_interface", networkInterfaceName );
backend->commit();
-
-
}
void SipSoftPhoneConfiguration::addMissingAudioCodecs( MRef<ConfBackend *> be ){
@@ -346,6 +443,186 @@
string uri = backend->loadString(accountPath + "sip_uri");
ident->setSipUri(uri);
+
+/*From SipDialogSecurity below*/
+
+ ident->securityEnabled = backend->loadString(accountPath + "secured","no")=="yes";
+ //ident->use_srtp = backend->loadString(accountPath + "use_srtp","no")=="yes";
+ //ident->use_srtp = backend->loadString(accountPath + "use_srtp","no")=="yes";
+ //if (use_srtp) {
+ ident->use_zrtp = backend->loadString(accountPath + "use_zrtp", "no") == "yes";
+ //}
+ ident->dhEnabled = backend->loadString(accountPath + "dh_enabled","no")=="yes";
+ ident->pskEnabled = backend->loadString(accountPath + "psk_enabled","no")=="yes";
+ ident->checkCert = backend->loadString(accountPath + "check_cert","no")=="yes";
+
+
+ if( backend->loadString(accountPath + "ka_type", "psk") == "psk" )
+ ident->ka_type = KEY_MGMT_METHOD_MIKEY_PSK;
+
+ else if( backend->loadString(accountPath + "ka_type", "psk") == "dh" )
+ ident->ka_type = KEY_MGMT_METHOD_MIKEY_DH;
+ else if( backend->loadString(accountPath + "ka_type", "psk") == "pk" )
+ ident->ka_type = KEY_MGMT_METHOD_MIKEY_PK;
+ else{
+ ident->ka_type = KEY_MGMT_METHOD_MIKEY_PSK;
+#ifdef DEBUG_OUTPUT
+ merr << "Invalid KA type in config file, default to PSK"<<end;
+#endif
+ }
+
+ string pskString = backend->loadString(accountPath + "psk","Unspecified PSK");
+ ident->setPsk(pskString);
+
+
+
+ /****************************************************************
+ * Certificate settings
+ ****************************************************************/
+
+ string certFile = backend->loadString(accountPath + "certificate","");
+ string privateKeyFile = backend->loadString(accountPath + "private_key","");
+
+ MRef<certificate_chain*> certchain = new certificate_chain();
+
+#ifdef ONLINECONF_SUPPORT
+ if(certFile.substr(0,10)=="httpsrp://") {
+ OnlineConfBack *conf;
+ conf = backend->getConf();
+ certificate *cert=NULL;
+ cert = conf->getOnlineCert();
+ certchain->add_certificate( cert );
+ } else
+#endif
+
+ if( certFile != "" ){
+ certificate * cert=NULL;
+
+ try{
+ cert = new certificate( certFile );
+ certchain->add_certificate( cert );
+ }
+ catch( certificate_exception & ){
+ merr << "Could not open the given certificate " << certFile <<end;
+ }
+
+ if( privateKeyFile != "" ){
+
+ try{
+ cert->set_pk( privateKeyFile );
+ }
+ catch( certificate_exception_pkey & ){
+ merr << "The given private key " << privateKeyFile << " does not match the certificate"<<end; }
+
+ catch( certificate_exception &){
+ merr << "Could not open the given private key "<< privateKeyFile << end;
+ }
+ }
+ }
+
+ uint32_t iCertFile = 0;
+ certFile = backend->loadString(accountPath + "certificate_chain[0]","");
+
+
+#ifdef ONLINECONF_SUPPORT
+ if(certFile.substr(0,10)=="httpsrp://") {
+ OnlineConfBack *conf;
+ conf = backend->getConf();
+ vector<struct contdata*> res;
+ string user = conf->getUser();
+ conf->downloadReq(user, "certificate_chain",res);/*gets the whole chain*/
+ for(int i=0;i<res.size();i++) {
+ try {
+ certificate *cert = new certificate((unsigned char *)res.at(i)->data,
+ (size_t) res.at(i)->size,
+ "httpsrp:///"+user + "/certificate_chain" );
+ certchain->add_certificate( cert );
+ } catch(certificate_exception &) {
+ merr << "Could not open the given certificate" << end;
+ }
+ }
+ }
+
+ else
+#endif
+
+
+ while( certFile != "" ){
+ try{
+ certificate * cert = new certificate( certFile );
+ certchain->add_certificate( cert );
+ }
+ catch( certificate_exception &){
+ merr << "Could not open the given certificate" << end;
+ }
+ iCertFile ++;
+ certFile = backend->loadString(accountPath + "certificate_chain["+itoa(iCertFile)+"]","");
+
+ }
+
+ MRef<ca_db*> cert_db = new ca_db();
+ iCertFile = 0;
+ certFile = backend->loadString(accountPath + "ca_file[0]","");
+
+
+
+#ifdef ONLINECONF_SUPPORT
+ if(certFile.substr(0,10)=="httpsrp://")
+ {
+ OnlineConfBack *conf;
+ conf = backend->getConf();
+ vector<struct contdata*> res;
+ string user = conf->getUser();
+ conf->downloadReq(user, "certificate_chain",res);
+ for(int i=0;i<res.size();i++)
+ {
+ try{
+ certificate *cert = new certificate((unsigned char *)res.at(i)->data,
+ (size_t) res.at(i)->size,
+ "httpsrp:///"+user + "/root_cert" );
+ cert_db->add_certificate( cert );
+ }
+ catch( certificate_exception &){
+ merr << "Could not open the CA certificate" << end;
+ }
+ }
+ }
+
+ else
+#endif
+
+
+ while( certFile != ""){
+ try{
+ cert_db->add_file( certFile );
+ }
+ catch( certificate_exception &){
+ merr << "Could not open the CA certificate" << end;
+ }
+ iCertFile ++;
+ certFile = backend->loadString(accountPath + "ca_file["+itoa(iCertFile)+"]","");
+
+ }
+ iCertFile = 0;
+
+ certFile = backend->loadString(accountPath + "ca_dir[0]","");
+
+ while( certFile != ""){
+ try{
+ cert_db->add_directory( certFile );
+ }
+ catch( certificate_exception &){
+ merr << "Could not open the CA certificate directory " << certFile << end;
+ }
+ iCertFile ++;
+ certFile = backend->loadString(accountPath + "ca_dir["+itoa(iCertFile)+"]","");
+ }
+
+ ident->setSim(new SipSimSoft(certchain, cert_db));
+
+/*From SipDialogSecurity above*/
+
+
bool autodetect = ( backend->loadString(accountPath + "auto_detect_proxy","no") == "yes" );
//these two values we collect them, but if autodetect is true, they are not used
@@ -394,7 +671,7 @@
if (backend->loadString(accountPath + "pstn_account","")=="yes"){
pstnIdentity = ident;
usePSTNProxy = true;
- ident->securitySupport = false;
+ ident->securityEnabled= false;
}
if (backend->loadString(accountPath + "default_account","")=="yes"){
@@ -492,16 +769,18 @@
inherited->localTlsPort = backend->loadInt("local_tls_port",5061);
inherited->autoAnswer = backend->loadString("auto_answer", "no") == "yes";
- securityConfig.load( backend );
+ //securityConfig.load( backend ); //TODO: EEEE Load security per identity
// FIXME: per identity security
/* if( inherited->sipIdentity){
inherited->sipIdentity->securitySupport = securityConfig.secured;
}
*/
- if ( defaultIdentity){
- defaultIdentity->securitySupport = securityConfig.secured;
- }
+
+// if ( defaultIdentity){
+// defaultIdentity->securitySupport = securityConfig.secured;
+// }
+
audioCodecs.clear();
int iCodec = 0;
string codec = backend->loadString("codec["+ itoa( iCodec ) + "]","");
@@ -540,19 +819,19 @@
be->save( "account[0]/proxy_password", "password" );
be->save( "account[0]/pstn_account", "no" );
be->save( "account[0]/default_account", "yes" );
+
+ be->save( "account[0]/secured", "no" );
+ be->save( "account[0]/ka_type", "psk" );
+ be->save( "account[0]/psk", "Unspecified PSK" );
+ be->save( "account[0]/certificate", "" );
+ be->save( "account[0]/private_key", "" );
+ be->save( "account[0]/ca_file", "" );
+ be->save( "account[0]/dh_enable", "no" );
+ be->save( "account[0]/psk_enable", "no" );
+ be->save( "account[0]/check_cert", "yes" );
be->save( "tcp_server", "yes" );
be->save( "tls_server", "no" );
-
- be->save( "secured", "no" );
- be->save( "ka_type", "psk" );
- be->save( "psk", "Unspecified PSK" );
- be->save( "certificate", "" );
- be->save( "private_key", "" );
- be->save( "ca_file", "" );
- be->save( "dh_enabled", "no" );
- be->save( "psk_enabled", "no" );
- be->save( "check_cert", "yes" );
be->save( "local_udp_port", 5060 );
be->save( "local_tcp_port", 5060 );
be->save( "local_tls_port", 5061 );
Modified: trunk/libmsip/Makefile.am
===================================================================
--- trunk/libmsip/Makefile.am 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/libmsip/Makefile.am 2006-11-06 15:31:52 UTC (rev 2895)
@@ -21,6 +21,8 @@
msip_src = source/SipDialogConfig.cxx \
source/SipAuthenticationDigest.cxx \
+ source/SipSim.cxx \
+ source/SipSimSoft.cxx \
source/SipStack.cxx \
source/SipStackInternal.cxx \
source/SipLayerDialog.cxx \
Modified: trunk/libmsip/include/Makefile.am
===================================================================
--- trunk/libmsip/include/Makefile.am 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/libmsip/include/Makefile.am 2006-11-06 15:31:52 UTC (rev 2895)
@@ -1,5 +1,7 @@
pkginclude_HEADERS = libmsip/SipHeader.h \
libmsip/SipStack.h \
+ libmsip/SipSim.h \
+ libmsip/SipSimSoft.h \
libmsip/SipLayerDialog.h \
libmsip/SipUtils.h \
libmsip/SipTimers.h \
Modified: trunk/libmsip/include/libmsip/SipDialogConfig.h
===================================================================
--- trunk/libmsip/include/libmsip/SipDialogConfig.h 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/libmsip/include/libmsip/SipDialogConfig.h 2006-11-06 15:31:52 UTC (rev 2895)
@@ -42,9 +42,16 @@
#include<libmutil/Mutex.h>
#include<libmsip/SipRequest.h>
#include<libmsip/SipStack.h>
+#include<libmsip/SipSim.h>
#define DEFAULT_SIPPROXY_EXPIRES_VALUE_SECONDS 1000
+#define KEY_MGMT_METHOD_NULL 0x00
+#define KEY_MGMT_METHOD_MIKEY 0x10
+#define KEY_MGMT_METHOD_MIKEY_DH 0x11
+#define KEY_MGMT_METHOD_MIKEY_PSK 0x12
+#define KEY_MGMT_METHOD_MIKEY_PK 0x13
+
#include<string>
class SipStackConfig;
@@ -214,7 +221,6 @@
std::string identityIdentifier;
- bool securitySupport;
/**
Indicates whether this identity requires to be registered to a proxy.
@@ -239,7 +245,29 @@
unlock();
return ret;}
+ void setSim(MRef<SipSim*> s){sim=s;}
+
+ MRef<SipSim *> getSim(){return sim;}
+
+ std::string getPsk(){return psk;}
+
+ void setPsk( std::string key );
+
+ bool securityEnabled;
+ int ka_type;
+ bool dhEnabled;
+ bool pskEnabled;
+ bool checkCert;
+ bool use_zrtp;
private:
+ MRef<SipSim *> sim;
+
+ //bool use_srtp;
+ //unsigned char *psk;
+ //unsigned int pskLength;
+ std::string psk;
+
+
MRef<SipProxy *> sipProxy;
/**
Modified: trunk/libmsip/source/SipDialogConfig.cxx
===================================================================
--- trunk/libmsip/source/SipDialogConfig.cxx 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/libmsip/source/SipDialogConfig.cxx 2006-11-06 15:31:52 UTC (rev 2895)
@@ -225,7 +225,14 @@
SipIdentity::SipIdentity(){
/*sipProxyPort=0; sipProxyIpAddr=NULL;*/
registerToProxy=false;
- securitySupport=false;
+ securityEnabled=false;
+ ka_type=0;
+ //use_srtp=false;
+ use_zrtp=false;
+ pskEnabled=false;
+ dhEnabled=false;
+ checkCert=false;
+
identityIdx = itoa( globalIndex );
globalIndex ++;
#ifdef DEBUG_OUTPUT
@@ -233,9 +240,17 @@
#endif
setIsRegistered (false);
}
-SipIdentity::SipIdentity(string addr) : securitySupport(false),registerToProxy(false){
+
+SipIdentity::SipIdentity(string addr) : securityEnabled(false),registerToProxy(false){
setSipUri(addr);
- securitySupport = false;
+ securityEnabled = false;
+ ka_type=0;
+ //use_srtp=false;
+ use_zrtp=false;
+ pskEnabled=false;
+ dhEnabled=false;
+ checkCert=false;
+
identityIdx = itoa( globalIndex );
globalIndex ++;
#ifdef DEBUG_OUTPUT
@@ -362,6 +377,7 @@
currentlyRegistered = false;
}
}
+
string SipIdentity::getDebugString(){
lock();
string ret = "identity="+identityIdx+
@@ -373,6 +389,10 @@
return ret;
}
+void SipIdentity::setPsk( string key ){
+ psk=key;
+}
+
SipStackConfig::SipStackConfig():
localUdpPort(0),
localTcpPort(0),
Modified: trunk/libmutil/source/MutexPosix.cxx
===================================================================
--- trunk/libmutil/source/MutexPosix.cxx 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/libmutil/source/MutexPosix.cxx 2006-11-06 15:31:52 UTC (rev 2895)
@@ -56,9 +56,11 @@
Mutex::Mutex(const Mutex &){
createMutex();
+ massert(handle_ptr);
}
void Mutex::createMutex(){
+
pthread_mutexattr_t *attr = NULL;
#ifdef DEBUG_OUTPUT
@@ -77,19 +79,23 @@
}
Mutex::~Mutex(){
+ massert(handle_ptr);
pthread_mutex_destroy((pthread_mutex_t*)handle_ptr);
delete (pthread_mutex_t*)handle_ptr;
+ handle_ptr=NULL;
}
void Mutex::lock(){
int ret;
+ massert(handle_ptr);
ret = pthread_mutex_lock((pthread_mutex_t*)handle_ptr);
massert( ret == 0 );
}
void Mutex::unlock(){
int ret;
+ massert(handle_ptr);
ret = pthread_mutex_unlock((pthread_mutex_t*)handle_ptr);
massert( ret == 0 );
}
Modified: trunk/minisip/minisip/gui/gtkgui/AccountsList.cxx
===================================================================
--- trunk/minisip/minisip/gui/gtkgui/AccountsList.cxx 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/minisip/minisip/gui/gtkgui/AccountsList.cxx 2006-11-06 15:31:52 UTC (rev 2895)
@@ -125,7 +125,7 @@
Glib::locale_from_utf8( (*iter)[columns->password] );
if( (*iter)[columns->pstnProxy] ){
- identity->securitySupport = false;
+ identity->securityEnabled= false;
config->usePSTNProxy = true;
config->pstnIdentity = identity;
}
Modified: trunk/minisip/minisip/gui/gtkgui/MainWindow.cxx
===================================================================
--- trunk/minisip/minisip/gui/gtkgui/MainWindow.cxx 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/minisip/minisip/gui/gtkgui/MainWindow.cxx 2006-11-06 15:31:52 UTC (rev 2895)
@@ -577,8 +577,9 @@
accountsList->loadFromConfig( config );
settingsDialog->setAccounts( accountsList );
settingsDialog->setConfig( config );
- certificateDialog->setCertChain( config->securityConfig.cert );
- certificateDialog->setRootCa( config->securityConfig.cert_db );
+ //FIXME: per identity settings
+ certificateDialog->setCertChain( /*config->securityConfig.cert*/ config->defaultIdentity->getSim()->getCertificateChain() );
+ certificateDialog->setRootCa( /*config->securityConfig.cert_db*/ config->defaultIdentity->getSim()->getCAs() );
const Glib::RefPtr<PhoneBookModel> modelPtr( phoneBookModel );
Modified: trunk/minisip/minisip/gui/gtkgui/SettingsDialog.cxx
===================================================================
--- trunk/minisip/minisip/gui/gtkgui/SettingsDialog.cxx 2006-10-31 13:11:01 UTC (rev 2894)
+++ trunk/minisip/minisip/gui/gtkgui/SettingsDialog.cxx 2006-11-06 15:31:52 UTC (rev 2895)
@@ -588,22 +588,24 @@
void SecuritySettings::setConfig( MRef<SipSoftPhoneConfiguration *> config ){
this->config = config;
- dhCheck->set_active( config->securityConfig.dh_enabled );
- pskCheck->set_active( config->securityConfig.psk_enabled );
+ //FIXME: per identity configuration
+ dhCheck->set_active( /*config->securityConfig.dh_enabled*/ config->defaultIdentity->dhEnabled );
+ pskCheck->set_active( /*config->securityConfig.psk_enabled*/ config->defaultIdentity->pskEnabled );
- string psk( (const char *)config->securityConfig.psk, config->securityConfig.psk_length );
+// string psk( (const char *)config->securityConfig.psk, config->securityConfig.psk_length );
+ string psk=config->defaultIdentity->getPsk();
pskEntry->set_text( psk );
- if( config->securityConfig.ka_type == KEY_MGMT_METHOD_MIKEY_DH ){
+ if( /*config->securityConfig.ka_type*/ config->defaultIdentity->ka_type == KEY_MGMT_METHOD_MIKEY_DH ){
dhRadio->set_active( true );
}
- else if( config->securityConfig.ka_type == KEY_MGMT_METHOD_MIKEY_PSK ){
+ else if( /*config->securityConfig.ka_type*/ config->defaultIdentity->ka_type == KEY_MGMT_METHOD_MIKEY_PSK ){
pskRadio->set_active( true );
}
- secureCheck->set_active( config->securityConfig.secured );
+ secureCheck->set_active( /*config->securityConfig.secured*/ config->defaultIdentity->securityEnabled );
kaChange();
secureChange();
@@ -651,47 +653,51 @@
string SecuritySettings::apply(){
string err;
if( dhCheck->get_active() ){
- config->securityConfig.cert->lock();
- if( config->securityConfig.cert->is_empty() ){
+ /*config->securityConfig.cert->lock()*/ config->defaultIdentity->getSim()->getCertificateChain()->lock();
+ if( /*config->securityConfig.cert->is_empty()*/ config->defaultIdentity->getSim()->getCertificateChain()->is_empty() ){
err += "You have selected the Diffie-Hellman key agreement\n"
"but have not selected a certificate file.\n"
"The D-H key agreement has been disabled.";
dhCheck->set_active( false );
}
- else if( !config->securityConfig.cert->get_first()->get_openssl_private_key() ){
+ else if( !config->/*securityConfig.cert*/defaultIdentity->getSim()->getCertificateChain()->get_first()->get_openssl_private_key() ){
err += "You have selected the Diffie-Hellman key agreement\n"
"but have not selected a private key file.\n"
"The D-H key agreement has been disabled.";
dhCheck->set_active( false );
}
- config->securityConfig.cert->unlock();
+ config->/*securityConfig.cert*/defaultIdentity->getSim()->getCertificateChain()->unlock();
}
- config->securityConfig.dh_enabled = dhCheck->get_active();
- config->securityConfig.psk_enabled = pskCheck->get_active();
+ config->/*securityConfig*/defaultIdentity->dhEnabled = dhCheck->get_active();
+ config->/*securityConfig*/defaultIdentity->pskEnabled = pskCheck->get_active();
string s = pskEntry->get_text();
- const unsigned char * psk = (const unsigned char *)s.c_str();
- unsigned int psk_length = s.size();
+ const char * psk = s.c_str();
+
+#if 0
if( config->securityConfig.psk != NULL )
delete [] config->securityConfig.psk;
config->securityConfig.psk = new unsigned char[psk_length];
memcpy( config->securityConfig.psk, psk, psk_length );
config->securityConfig.psk_length = psk_length;
+#endif
+ config->defaultIdentity->setPsk(string(psk));
- config->securityConfig.secured = secureCheck->get_active();
+
+ /*config->securityConfig.secured*/ config->defaultIdentity->securityEnabled = secureCheck->get_active();
if( config->defaultIdentity ){
- config->defaultIdentity->securitySupport = secureCheck->get_active();
+ config->defaultIdentity->securityEnabled = secureCheck->get_active();
}
- if( config->securityConfig.secured ){
+ if( /*config->securityConfig.secured*/ config->defaultIdentity->securityEnabled ){
if( pskRadio->get_active() ){
- config->securityConfig.ka_type = KEY_MGMT_METHOD_MIKEY_PSK;
+ /*config->securityConfig.ka_type*/ config->defaultIdentity->ka_type = KEY_MGMT_METHOD_MIKEY_PSK;
}
else if( dhRadio->get_active() ){
- config->securityConfig.ka_type = KEY_MGMT_METHOD_MIKEY_DH;
+ /*config->securityConfig.ka_type*/ config->defaultIdentity->ka_type = KEY_MGMT_METHOD_MIKEY_DH;
}
}
More information about the Minisip-devel
mailing list