1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
|
/*
* Jitsi, the OpenSource Java VoIP and Instant Messaging client.
*
* Copyright @ 2015 Atlassian Pty Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.java.sip.communicator.impl.protocol.sip.net;
import gov.nist.core.net.*;
import gov.nist.javax.sip.*;
import java.io.*;
import java.net.*;
import java.security.*;
import java.util.*;
import javax.net.ssl.*;
import net.java.sip.communicator.impl.protocol.sip.*;
import net.java.sip.communicator.service.certificate.*;
import net.java.sip.communicator.service.protocol.*;
import net.java.sip.communicator.service.protocol.sip.*;
import net.java.sip.communicator.util.*;
import org.jitsi.service.configuration.*;
import org.osgi.framework.*;
/**
* Manages jain-sip socket creation. When dealing with ssl sockets we interact
* with the user when the certificate for some reason is not trusted.
*
* @author Damian Minkov
* @author Ingo Bauersachs
* @author Sebastien Vincent
*/
public class SslNetworkLayer
implements NetworkLayer
{
/**
* Our class logger.
*/
private static final Logger logger =
Logger.getLogger(SslNetworkLayer.class);
/**
* SIP DSCP configuration property name.
*/
private static final String SIP_DSCP_PROPERTY =
"net.java.sip.communicator.impl.protocol.SIP_DSCP";
/**
* The service we use to interact with user.
*/
private CertificateService certificateVerification = null;
/**
* Creates the network layer.
*/
public SslNetworkLayer()
{
ServiceReference guiVerifyReference =
SipActivator.getBundleContext().getServiceReference(
CertificateService.class.getName());
if (guiVerifyReference != null)
certificateVerification =
(CertificateService) SipActivator.getBundleContext().getService(
guiVerifyReference);
}
/**
* Creates a server with the specified port, listen backlog, and local IP
* address to bind to. Comparable to
* "new java.net.ServerSocket(port,backlog,bindAddress);"
*
* @param port the port
* @param backlog backlog
* @param bindAddress local address to use
* @return the newly created server socket.
* @throws IOException problem creating socket.
*/
public ServerSocket createServerSocket(int port, int backlog,
InetAddress bindAddress)
throws IOException
{
ServerSocket sock = new ServerSocket(port, backlog, bindAddress);
// XXX apparently traffic class cannot be set on ServerSocket
//setTrafficClass(sock);
return sock;
}
/**
* Creates a stream socket and connects it to the specified port number at
* the specified IP address.
*
* @param address the address to connect.
* @param port the port to connect.
* @return the socket
* @throws IOException problem creating socket.
*/
public Socket createSocket(InetAddress address, int port)
throws IOException
{
Socket sock = new Socket(address, port);
setTrafficClass(sock);
return sock;
}
/**
* Constructs a datagram socket and binds it to any available port on the
* local host machine. Comparable to "new java.net.DatagramSocket();"
*
* @return the datagram socket
* @throws SocketException problem creating socket.
*/
public DatagramSocket createDatagramSocket()
throws SocketException
{
DatagramSocket sock = new DatagramSocket();
setTrafficClass(sock);
return sock;
}
/**
* Creates a datagram socket, bound to the specified local address.
* Comparable to "new java.net.DatagramSocket(port,laddr);"
*
* @param port local port to use
* @param laddr local address to bind
* @return the datagram socket
* @throws SocketException problem creating socket.
*/
public DatagramSocket createDatagramSocket(int port, InetAddress laddr)
throws SocketException
{
DatagramSocket sock = new DatagramSocket(port, laddr);
setTrafficClass(sock);
return sock;
}
/**
* Creates an SSL server with the specified port, listen backlog, and local
* IP address to bind to.
*
* @param port the port to listen to
* @param backlog backlog
* @param bindAddress the address to listen to
* @return the server socket.
* @throws IOException problem creating socket.
*/
public SSLServerSocket createSSLServerSocket(int port, int backlog,
InetAddress bindAddress)
throws IOException
{
SSLServerSocket sock = (SSLServerSocket) getSSLServerSocketFactory()
.createServerSocket(port, backlog, bindAddress);
// XXX apparently traffic class cannot be set on ServerSocket
// setTrafficClass(sock);
return sock;
}
/**
* Creates a ssl server socket factory.
*
* @return the server socket factory.
* @throws IOException problem creating factory.
*/
protected SSLServerSocketFactory getSSLServerSocketFactory()
throws IOException
{
try
{
return certificateVerification.getSSLContext()
.getServerSocketFactory();
}
catch (GeneralSecurityException e)
{
throw new IOException(e.getMessage());
}
}
/**
* Creates ssl socket factory.
*
* @return the socket factory.
* @throws IOException problem creating ssl socket factory.
*/
private SSLSocketFactory getSSLSocketFactory(InetAddress address)
throws IOException
{
ProtocolProviderServiceSipImpl provider = null;
for (ProtocolProviderServiceSipImpl pps : ProtocolProviderServiceSipImpl
.getAllInstances())
{
if (pps.getConnection() != null
&& pps.getConnection().isSameInetAddress(address))
{
provider = pps;
break;
}
}
if (provider == null)
throw new IOException(
"The provider that requested "
+ "the SSL Socket could not be found");
try
{
ArrayList<String> identities = new ArrayList<String>(2);
SipAccountID id = (SipAccountID) provider.getAccountID();
// if the proxy is configured manually, the entered name is valid
// for the X.509 certificate
if(!id.getAccountPropertyBoolean(
ProtocolProviderFactory.PROXY_AUTO_CONFIG, false))
{
String proxy = id.getAccountPropertyString(
ProtocolProviderFactory.PROXY_ADDRESS);
if(proxy != null)
identities.add(proxy);
if (logger.isDebugEnabled())
logger.debug("Added <" + proxy
+ "> to list of valid SIP TLS server identities.");
}
// the domain part of the user id is always valid
String userID =
id.getAccountPropertyString(ProtocolProviderFactory.USER_ID);
int index = userID.indexOf('@');
if (index > -1)
{
identities.add(userID.substring(index + 1));
if (logger.isDebugEnabled())
logger.debug("Added <" + userID.substring(index + 1)
+ "> to list of valid SIP TLS server identities.");
}
return certificateVerification.getSSLContext(
id.getAccountPropertyString(
ProtocolProviderFactory.CLIENT_TLS_CERTIFICATE),
certificateVerification.getTrustManager(
identities,
null,
new RFC5922Matcher(provider)
)).getSocketFactory();
}
catch (GeneralSecurityException e)
{
throw new IOException(e.getMessage());
}
}
/**
* Creates a stream SSL socket and connects it to the specified port number
* at the specified IP address.
*
* @param address the address we are connecting to.
* @param port the port we use.
* @return the socket.
* @throws IOException problem creating socket.
*/
public SSLSocket createSSLSocket(InetAddress address, int port)
throws IOException
{
SSLSocket sock = (SSLSocket) getSSLSocketFactory(address).createSocket(
address, port);
setTrafficClass(sock);
return sock;
}
/**
* Creates a stream SSL socket and connects it to the specified port number
* at the specified IP address.
*
* @param address the address we are connecting to.
* @param port the port we use.
* @param myAddress the local address to use
* @return the socket.
* @throws IOException problem creating socket.
*/
public SSLSocket createSSLSocket(InetAddress address, int port,
InetAddress myAddress)
throws IOException
{
SSLSocket sock = (SSLSocket) getSSLSocketFactory(address).createSocket(
address, port, myAddress, 0);
setTrafficClass(sock);
return sock;
}
/**
* Creates a stream socket and connects it to the specified port number at
* the specified IP address. Comparable to
* "new java.net.Socket(address, port,localaddress);"
*
* @param address the address to connect to.
* @param port the port we use.
* @param myAddress the local address to use.
* @return the created socket.
* @throws IOException problem creating socket.
*/
public Socket createSocket(InetAddress address, int port,
InetAddress myAddress)
throws IOException
{
Socket sock = null;
if (myAddress != null)
sock = new Socket(address, port, myAddress, 0);
else
sock = new Socket(address, port);
setTrafficClass(sock);
return sock;
}
/**
* Creates a new Socket, binds it to myAddress:myPort and connects it to
* address:port.
*
* @param address the InetAddress that we'd like to connect to.
* @param port the port that we'd like to connect to
* @param myAddress the address that we are supposed to bind on or null for
* the "any" address.
* @param myPort the port that we are supposed to bind on or 0 for a random
* one.
*
* @return a new Socket, bound on myAddress:myPort and connected to
* address:port.
* @throws IOException if binding or connecting the socket fail for a reason
* (exception relayed from the corresponding Socket methods)
*/
public Socket createSocket(InetAddress address, int port,
InetAddress myAddress, int myPort)
throws IOException
{
Socket sock = null;
if (myAddress != null)
{
sock = new Socket(address, port, myAddress, myPort);
}
else if (port != 0)
{
// myAddress is null (i.e. any) but we have a port number
sock = new Socket();
sock.bind(new InetSocketAddress(port));
sock.connect(new InetSocketAddress(address, port));
}
else
{
sock = new Socket(address, port);
}
setTrafficClass(sock);
return sock;
}
/**
* Sets the traffic class for the <tt>Socket</tt>.
*
* @param s <tt>Socket</tt>
*/
protected void setTrafficClass(Socket s)
{
int tc = getDSCP();
try
{
s.setTrafficClass(tc);
}
catch (SocketException e)
{
logger.warn("Failed to set traffic class on Socket", e);
}
}
/**
* Sets the traffic class for the <tt>DatagramSocket</tt>.
*
* @param s <tt>DatagramSocket</tt>
*/
protected void setTrafficClass(DatagramSocket s)
{
int tc = getDSCP();
try
{
s.setTrafficClass(tc);
}
catch (SocketException e)
{
logger.warn("Failed to set traffic class on DatagramSocket", e);
}
}
/**
* Get the SIP traffic class from configuration.
*
* @return SIP traffic class or 0 if not configured
*/
private int getDSCP()
{
ConfigurationService configService =
SipActivator.getConfigurationService();
String dscp =
(String)configService.getProperty(SIP_DSCP_PROPERTY);
if(dscp != null)
{
return Integer.parseInt(dscp) << 2;
}
return 0;
}
@Override
public void setSipStack(SipStackImpl sipStack)
{
}
}
|
