deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2017 The WebRTC project authors. All Rights Reserved. |
| 3 | * |
| 4 | * Use of this source code is governed by a BSD-style license |
| 5 | * that can be found in the LICENSE file in the root of the source |
| 6 | * tree. An additional intellectual property rights grant can be found |
| 7 | * in the file PATENTS. All contributing project authors may |
| 8 | * be found in the AUTHORS file in the root of the source tree. |
| 9 | */ |
| 10 | |
Steve Anton | 10542f2 | 2019-01-11 09:11:00 -0800 | [diff] [blame] | 11 | #include "pc/ice_server_parsing.h" |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 12 | |
Yves Gerey | 3e70781 | 2018-11-28 16:47:49 +0100 | [diff] [blame] | 13 | #include <stddef.h> |
Jonas Olsson | a4d8737 | 2019-07-05 19:08:33 +0200 | [diff] [blame] | 14 | |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 15 | #include <cctype> // For std::isdigit. |
| 16 | #include <string> |
| 17 | |
Steve Anton | 10542f2 | 2019-01-11 09:11:00 -0800 | [diff] [blame] | 18 | #include "p2p/base/port_interface.h" |
Mirko Bonadei | 92ea95e | 2017-09-15 06:47:31 +0200 | [diff] [blame] | 19 | #include "rtc_base/arraysize.h" |
Yves Gerey | 3e70781 | 2018-11-28 16:47:49 +0100 | [diff] [blame] | 20 | #include "rtc_base/checks.h" |
Steve Anton | 10542f2 | 2019-01-11 09:11:00 -0800 | [diff] [blame] | 21 | #include "rtc_base/ip_address.h" |
Yves Gerey | 3e70781 | 2018-11-28 16:47:49 +0100 | [diff] [blame] | 22 | #include "rtc_base/logging.h" |
Steve Anton | 10542f2 | 2019-01-11 09:11:00 -0800 | [diff] [blame] | 23 | #include "rtc_base/socket_address.h" |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 24 | |
| 25 | namespace webrtc { |
| 26 | |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 27 | // Number of tokens must be preset when TURN uri has transport param. |
| 28 | static const size_t kTurnTransportTokensNum = 2; |
| 29 | // The default stun port. |
| 30 | static const int kDefaultStunPort = 3478; |
| 31 | static const int kDefaultStunTlsPort = 5349; |
| 32 | static const char kTransport[] = "transport"; |
| 33 | |
| 34 | // NOTE: Must be in the same order as the ServiceType enum. |
| 35 | static const char* kValidIceServiceTypes[] = {"stun", "stuns", "turn", "turns"}; |
| 36 | |
| 37 | // NOTE: A loop below assumes that the first value of this enum is 0 and all |
| 38 | // other values are incremental. |
| 39 | enum ServiceType { |
| 40 | STUN = 0, // Indicates a STUN server. |
| 41 | STUNS, // Indicates a STUN server used with a TLS session. |
| 42 | TURN, // Indicates a TURN server |
| 43 | TURNS, // Indicates a TURN server used with a TLS session. |
| 44 | INVALID, // Unknown. |
| 45 | }; |
| 46 | static_assert(INVALID == arraysize(kValidIceServiceTypes), |
| 47 | "kValidIceServiceTypes must have as many strings as ServiceType " |
| 48 | "has values."); |
| 49 | |
Niels Möller | db4def9 | 2019-03-18 16:53:59 +0100 | [diff] [blame] | 50 | // |in_str| should follow of RFC 7064/7065 syntax, but with an optional |
| 51 | // "?transport=" already stripped. I.e., |
| 52 | // stunURI = scheme ":" host [ ":" port ] |
| 53 | // scheme = "stun" / "stuns" / "turn" / "turns" |
| 54 | // host = IP-literal / IPv4address / reg-name |
| 55 | // port = *DIGIT |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 56 | static bool GetServiceTypeAndHostnameFromUri(const std::string& in_str, |
| 57 | ServiceType* service_type, |
| 58 | std::string* hostname) { |
| 59 | const std::string::size_type colonpos = in_str.find(':'); |
| 60 | if (colonpos == std::string::npos) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 61 | RTC_LOG(LS_WARNING) << "Missing ':' in ICE URI: " << in_str; |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 62 | return false; |
| 63 | } |
| 64 | if ((colonpos + 1) == in_str.length()) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 65 | RTC_LOG(LS_WARNING) << "Empty hostname in ICE URI: " << in_str; |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 66 | return false; |
| 67 | } |
| 68 | *service_type = INVALID; |
| 69 | for (size_t i = 0; i < arraysize(kValidIceServiceTypes); ++i) { |
| 70 | if (in_str.compare(0, colonpos, kValidIceServiceTypes[i]) == 0) { |
| 71 | *service_type = static_cast<ServiceType>(i); |
| 72 | break; |
| 73 | } |
| 74 | } |
| 75 | if (*service_type == INVALID) { |
| 76 | return false; |
| 77 | } |
| 78 | *hostname = in_str.substr(colonpos + 1, std::string::npos); |
| 79 | return true; |
| 80 | } |
| 81 | |
| 82 | static bool ParsePort(const std::string& in_str, int* port) { |
| 83 | // Make sure port only contains digits. FromString doesn't check this. |
| 84 | for (const char& c : in_str) { |
| 85 | if (!std::isdigit(c)) { |
| 86 | return false; |
| 87 | } |
| 88 | } |
| 89 | return rtc::FromString(in_str, port); |
| 90 | } |
| 91 | |
| 92 | // This method parses IPv6 and IPv4 literal strings, along with hostnames in |
| 93 | // standard hostname:port format. |
| 94 | // Consider following formats as correct. |
| 95 | // |hostname:port|, |[IPV6 address]:port|, |IPv4 address|:port, |
| 96 | // |hostname|, |[IPv6 address]|, |IPv4 address|. |
| 97 | static bool ParseHostnameAndPortFromString(const std::string& in_str, |
| 98 | std::string* host, |
| 99 | int* port) { |
| 100 | RTC_DCHECK(host->empty()); |
| 101 | if (in_str.at(0) == '[') { |
| 102 | std::string::size_type closebracket = in_str.rfind(']'); |
| 103 | if (closebracket != std::string::npos) { |
| 104 | std::string::size_type colonpos = in_str.find(':', closebracket); |
| 105 | if (std::string::npos != colonpos) { |
| 106 | if (!ParsePort(in_str.substr(closebracket + 2, std::string::npos), |
| 107 | port)) { |
| 108 | return false; |
| 109 | } |
| 110 | } |
| 111 | *host = in_str.substr(1, closebracket - 1); |
| 112 | } else { |
| 113 | return false; |
| 114 | } |
| 115 | } else { |
| 116 | std::string::size_type colonpos = in_str.find(':'); |
| 117 | if (std::string::npos != colonpos) { |
| 118 | if (!ParsePort(in_str.substr(colonpos + 1, std::string::npos), port)) { |
| 119 | return false; |
| 120 | } |
| 121 | *host = in_str.substr(0, colonpos); |
| 122 | } else { |
| 123 | *host = in_str; |
| 124 | } |
| 125 | } |
| 126 | return !host->empty(); |
| 127 | } |
| 128 | |
| 129 | // Adds a STUN or TURN server to the appropriate list, |
| 130 | // by parsing |url| and using the username/password in |server|. |
| 131 | static RTCErrorType ParseIceServerUrl( |
| 132 | const PeerConnectionInterface::IceServer& server, |
| 133 | const std::string& url, |
| 134 | cricket::ServerAddresses* stun_servers, |
| 135 | std::vector<cricket::RelayServerConfig>* turn_servers) { |
Niels Möller | db4def9 | 2019-03-18 16:53:59 +0100 | [diff] [blame] | 136 | // RFC 7064 |
| 137 | // stunURI = scheme ":" host [ ":" port ] |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 138 | // scheme = "stun" / "stuns" |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 139 | |
Niels Möller | db4def9 | 2019-03-18 16:53:59 +0100 | [diff] [blame] | 140 | // RFC 7065 |
| 141 | // turnURI = scheme ":" host [ ":" port ] |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 142 | // [ "?transport=" transport ] |
| 143 | // scheme = "turn" / "turns" |
| 144 | // transport = "udp" / "tcp" / transport-ext |
| 145 | // transport-ext = 1*unreserved |
Niels Möller | db4def9 | 2019-03-18 16:53:59 +0100 | [diff] [blame] | 146 | |
| 147 | // RFC 3986 |
| 148 | // host = IP-literal / IPv4address / reg-name |
| 149 | // port = *DIGIT |
| 150 | |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 151 | RTC_DCHECK(stun_servers != nullptr); |
| 152 | RTC_DCHECK(turn_servers != nullptr); |
| 153 | std::vector<std::string> tokens; |
| 154 | cricket::ProtocolType turn_transport_type = cricket::PROTO_UDP; |
| 155 | RTC_DCHECK(!url.empty()); |
| 156 | rtc::tokenize_with_empty_tokens(url, '?', &tokens); |
| 157 | std::string uri_without_transport = tokens[0]; |
| 158 | // Let's look into transport= param, if it exists. |
| 159 | if (tokens.size() == kTurnTransportTokensNum) { // ?transport= is present. |
| 160 | std::string uri_transport_param = tokens[1]; |
| 161 | rtc::tokenize_with_empty_tokens(uri_transport_param, '=', &tokens); |
| 162 | if (tokens[0] != kTransport) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 163 | RTC_LOG(LS_WARNING) << "Invalid transport parameter key."; |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 164 | return RTCErrorType::SYNTAX_ERROR; |
| 165 | } |
| 166 | if (tokens.size() < 2) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 167 | RTC_LOG(LS_WARNING) << "Transport parameter missing value."; |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 168 | return RTCErrorType::SYNTAX_ERROR; |
| 169 | } |
| 170 | if (!cricket::StringToProto(tokens[1].c_str(), &turn_transport_type) || |
| 171 | (turn_transport_type != cricket::PROTO_UDP && |
| 172 | turn_transport_type != cricket::PROTO_TCP)) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 173 | RTC_LOG(LS_WARNING) << "Transport parameter should always be udp or tcp."; |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 174 | return RTCErrorType::SYNTAX_ERROR; |
| 175 | } |
| 176 | } |
| 177 | |
| 178 | std::string hoststring; |
| 179 | ServiceType service_type; |
| 180 | if (!GetServiceTypeAndHostnameFromUri(uri_without_transport, &service_type, |
| 181 | &hoststring)) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 182 | RTC_LOG(LS_WARNING) << "Invalid transport parameter in ICE URI: " << url; |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 183 | return RTCErrorType::SYNTAX_ERROR; |
| 184 | } |
| 185 | |
| 186 | // GetServiceTypeAndHostnameFromUri should never give an empty hoststring |
| 187 | RTC_DCHECK(!hoststring.empty()); |
| 188 | |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 189 | int port = kDefaultStunPort; |
| 190 | if (service_type == TURNS) { |
| 191 | port = kDefaultStunTlsPort; |
| 192 | turn_transport_type = cricket::PROTO_TLS; |
| 193 | } |
| 194 | |
Niels Möller | db4def9 | 2019-03-18 16:53:59 +0100 | [diff] [blame] | 195 | if (hoststring.find('@') != std::string::npos) { |
| 196 | RTC_LOG(WARNING) << "Invalid url: " << uri_without_transport; |
| 197 | RTC_LOG(WARNING) |
| 198 | << "Note that user-info@ in turn:-urls is long-deprecated."; |
| 199 | return RTCErrorType::SYNTAX_ERROR; |
| 200 | } |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 201 | std::string address; |
| 202 | if (!ParseHostnameAndPortFromString(hoststring, &address, &port)) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 203 | RTC_LOG(WARNING) << "Invalid hostname format: " << uri_without_transport; |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 204 | return RTCErrorType::SYNTAX_ERROR; |
| 205 | } |
| 206 | |
| 207 | if (port <= 0 || port > 0xffff) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 208 | RTC_LOG(WARNING) << "Invalid port: " << port; |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 209 | return RTCErrorType::SYNTAX_ERROR; |
| 210 | } |
| 211 | |
| 212 | switch (service_type) { |
| 213 | case STUN: |
| 214 | case STUNS: |
| 215 | stun_servers->insert(rtc::SocketAddress(address, port)); |
| 216 | break; |
| 217 | case TURN: |
| 218 | case TURNS: { |
Niels Möller | db4def9 | 2019-03-18 16:53:59 +0100 | [diff] [blame] | 219 | if (server.username.empty() || server.password.empty()) { |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 220 | // The WebRTC spec requires throwing an InvalidAccessError when username |
| 221 | // or credential are ommitted; this is the native equivalent. |
Niels Möller | db4def9 | 2019-03-18 16:53:59 +0100 | [diff] [blame] | 222 | RTC_LOG(LS_ERROR) << "TURN server with empty username or password"; |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 223 | return RTCErrorType::INVALID_PARAMETER; |
| 224 | } |
Emad Omara | dab1d2d | 2017-06-16 15:43:11 -0700 | [diff] [blame] | 225 | // If the hostname field is not empty, then the server address must be |
| 226 | // the resolved IP for that host, the hostname is needed later for TLS |
| 227 | // handshake (SNI and Certificate verification). |
| 228 | const std::string& hostname = |
| 229 | server.hostname.empty() ? address : server.hostname; |
| 230 | rtc::SocketAddress socket_address(hostname, port); |
| 231 | if (!server.hostname.empty()) { |
| 232 | rtc::IPAddress ip; |
| 233 | if (!IPFromString(address, &ip)) { |
| 234 | // When hostname is set, the server address must be a |
| 235 | // resolved ip address. |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 236 | RTC_LOG(LS_ERROR) |
| 237 | << "IceServer has hostname field set, but URI does not " |
| 238 | "contain an IP address."; |
Emad Omara | dab1d2d | 2017-06-16 15:43:11 -0700 | [diff] [blame] | 239 | return RTCErrorType::INVALID_PARAMETER; |
| 240 | } |
| 241 | socket_address.SetResolvedIP(ip); |
| 242 | } |
Niels Möller | db4def9 | 2019-03-18 16:53:59 +0100 | [diff] [blame] | 243 | cricket::RelayServerConfig config = |
| 244 | cricket::RelayServerConfig(socket_address, server.username, |
| 245 | server.password, turn_transport_type); |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 246 | if (server.tls_cert_policy == |
| 247 | PeerConnectionInterface::kTlsCertPolicyInsecureNoCheck) { |
Sergey Silkin | 9c147dd | 2018-09-12 10:45:38 +0000 | [diff] [blame] | 248 | config.tls_cert_policy = |
| 249 | cricket::TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK; |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 250 | } |
Sergey Silkin | 9c147dd | 2018-09-12 10:45:38 +0000 | [diff] [blame] | 251 | config.tls_alpn_protocols = server.tls_alpn_protocols; |
| 252 | config.tls_elliptic_curves = server.tls_elliptic_curves; |
Diogo Real | 1dca9d5 | 2017-08-29 12:18:32 -0700 | [diff] [blame] | 253 | |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 254 | turn_servers->push_back(config); |
| 255 | break; |
| 256 | } |
| 257 | default: |
| 258 | // We shouldn't get to this point with an invalid service_type, we should |
| 259 | // have returned an error already. |
| 260 | RTC_NOTREACHED() << "Unexpected service type"; |
| 261 | return RTCErrorType::INTERNAL_ERROR; |
| 262 | } |
| 263 | return RTCErrorType::NONE; |
| 264 | } |
| 265 | |
| 266 | RTCErrorType ParseIceServers( |
| 267 | const PeerConnectionInterface::IceServers& servers, |
| 268 | cricket::ServerAddresses* stun_servers, |
| 269 | std::vector<cricket::RelayServerConfig>* turn_servers) { |
| 270 | for (const PeerConnectionInterface::IceServer& server : servers) { |
| 271 | if (!server.urls.empty()) { |
| 272 | for (const std::string& url : server.urls) { |
| 273 | if (url.empty()) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 274 | RTC_LOG(LS_ERROR) << "Empty uri."; |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 275 | return RTCErrorType::SYNTAX_ERROR; |
| 276 | } |
| 277 | RTCErrorType err = |
| 278 | ParseIceServerUrl(server, url, stun_servers, turn_servers); |
| 279 | if (err != RTCErrorType::NONE) { |
| 280 | return err; |
| 281 | } |
| 282 | } |
| 283 | } else if (!server.uri.empty()) { |
| 284 | // Fallback to old .uri if new .urls isn't present. |
| 285 | RTCErrorType err = |
| 286 | ParseIceServerUrl(server, server.uri, stun_servers, turn_servers); |
| 287 | if (err != RTCErrorType::NONE) { |
| 288 | return err; |
| 289 | } |
| 290 | } else { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 291 | RTC_LOG(LS_ERROR) << "Empty uri."; |
deadbeef | 1dcb164 | 2017-03-29 21:08:16 -0700 | [diff] [blame] | 292 | return RTCErrorType::SYNTAX_ERROR; |
| 293 | } |
| 294 | } |
| 295 | // Candidates must have unique priorities, so that connectivity checks |
| 296 | // are performed in a well-defined order. |
| 297 | int priority = static_cast<int>(turn_servers->size() - 1); |
| 298 | for (cricket::RelayServerConfig& turn_server : *turn_servers) { |
| 299 | // First in the list gets highest priority. |
| 300 | turn_server.priority = priority--; |
| 301 | } |
| 302 | return RTCErrorType::NONE; |
| 303 | } |
| 304 | |
| 305 | } // namespace webrtc |