oversip 0.9.0

data/lib/oversip/config.rb

@@ -0,0 +1,541 @@
+module OverSIP
+
+  module Config
+
+    # Pre-declaration of Validators module (defined in other file).
+    module Config::Validators ; end
+
+    extend ::OverSIP::Logger
+    extend ::OverSIP::Config::Validators
+
+    DEFAULT_CONFIG_DIR = "/etc/oversip/"
+    DEFAULT_TLS_DIR = "tls/"
+    DEFAULT_TLS_CA_DIR = "tls/ca/"
+    CONF_FILE = "oversip.conf"
+    PROXIES_FILE = "proxies.conf"
+    LOGIC_FILE = "logic.rb"
+    WEBSOCKET_POLICY_FILE = "websocket_policy.rb"
+
+    def self.log_id
+      @log_id ||= "Config"
+    end
+
+    def self.conf_file
+      @conf_file ||= ::File.join(@conf_dir, CONF_FILE)
+    end
+
+    def self.proxies_file
+      @proxies_file ||= ::File.join(@conf_dir, PROXIES_FILE)
+    end
+
+    def self.logic_file
+      @logic_file ||= ::File.join(@conf_dir, LOGIC_FILE)
+    end
+
+    def self.websocket_policy_file
+      @websocket_policy_file ||= ::File.join(@conf_dir, WEBSOCKET_POLICY_FILE)
+    end
+
+    @configuration = {
+      :core => {
+        :nameservers              => nil,
+        :syslog_facility          => "user",
+        :syslog_level             => "info"
+      },
+      :sip => {
+        :sip_udp                  => true,
+        :sip_tcp                  => true,
+        :sip_tls                  => false,
+        :enable_ipv4              => true,
+        :listen_ipv4              => nil,
+        :enable_ipv6              => true,
+        :listen_ipv6              => nil,
+        :listen_port              => 5060,
+        :listen_port_tls          => 5061,
+        :use_tls_tunnel           => false,
+        :listen_port_tls_tunnel   => 5062,
+        :local_domains            => nil,
+        :tcp_keepalive_interval   => nil,
+        :record_route_hostname_tls_ipv4 => nil,
+        :record_route_hostname_tls_ipv6 => nil
+      },
+      :websocket => {
+        :sip_ws                   => false,
+        :sip_wss                  => false,
+        :enable_ipv4              => true,
+        :listen_ipv4              => nil,
+        :enable_ipv6              => true,
+        :listen_ipv6              => nil,
+        :listen_port              => 10080,
+        :listen_port_tls          => 10443,
+        :use_tls_tunnel           => false,
+        :listen_port_tls_tunnel   => 10444,
+        :max_ws_message_size      => 65536,
+        :max_ws_frame_size        => 65536,
+        :ws_keepalive_interval    => nil
+      },
+      :tls => {
+        :public_cert              => nil,
+        :private_cert             => nil,
+        :ca_dir                   => nil
+      }
+    }
+
+    CONFIG_VALIDATIONS = {
+      :core => {
+        :nameservers              => [ :ipv4, :multi_value ],
+        :syslog_facility          => [
+          [ :choices,
+            %w{ kern user daemon local0 local1 local2 local3 local4 local5 local6 local7 } ]
+        ],
+        :syslog_level             => [
+          [ :choices,
+            %w{ debug info notice warn error crit } ]
+        ],
+      },
+      :sip => {
+        :sip_udp                  => :boolean,
+        :sip_tcp                  => :boolean,
+        :sip_tls                  => :boolean,
+        :enable_ipv4              => :boolean,
+        :listen_ipv4              => :ipv4,
+        :enable_ipv6              => :boolean,
+        :listen_ipv6              => :ipv6,
+        :listen_port              => :port,
+        :listen_port_tls          => :port,
+        :use_tls_tunnel           => :boolean,
+        # TODO, si use_tls_tunnel es yes entonces listen_port_tls_tunnel debe estar puesto.
+        :listen_port_tls_tunnel   => :port,
+        :local_domains            => [ :domain, :multi_value ],
+        :tcp_keepalive_interval        => [ :fixnum, [ :greater_equal_than, 180 ] ],
+        :record_route_hostname_tls_ipv4 => :domain,
+        :record_route_hostname_tls_ipv6 => :domain,
+      },
+      :websocket => {
+        :sip_ws                   => :boolean,
+        :sip_wss                  => :boolean,
+        :enable_ipv4              => :boolean,
+        :listen_ipv4              => :ipv4,
+        :enable_ipv6              => :boolean,
+        :listen_ipv6              => :ipv6,
+        :listen_port              => :port,
+        :listen_port_tls          => :port,
+        :use_tls_tunnel           => :boolean,
+        :listen_port_tls_tunnel   => :port,
+        :max_ws_message_size      => [ :fixnum, [ :minor_than, 1048576 ] ],
+        :max_ws_frame_size        => [ :fixnum, [ :minor_than, 1048576 ] ],
+        :ws_keepalive_interval    => [ :fixnum, [ :greater_equal_than, 180 ] ]
+      },
+      :tls => {
+        :public_cert              => [ :readable_file, :tls_pem_chain ],
+        :private_cert             => [ :readable_file, :tls_pem_private ],
+        :ca_dir                   => :readable_dir
+      }
+    }
+
+
+    def self.load conf_dir = nil
+      @conf_dir ||= DEFAULT_CONFIG_DIR
+
+      begin
+        conf_yaml = ::YAML.load_file conf_file
+      rescue => e
+        fatal "error loading configuration file '#{conf_file}': #{e.message} (#{e.class})"
+      end
+
+      begin
+        proxies_yaml = ::YAML.load_file proxies_file
+      rescue => e
+        fatal "error loading proxies configuration file '#{proxies_file}': #{e.message} (#{e.class})"
+      end
+
+      begin
+        Kernel.load logic_file
+      rescue LoadError => e
+        fatal "error loading logic file '#{logic_file}': #{e.message} (#{e.class})"
+      end
+
+      begin
+        Kernel.load websocket_policy_file
+      rescue LoadError => e
+        log_system_warn "cannot load WebSocket Policy file '#{websocket_policy_file}': #{e.message} (#{e.class}), using default policy (allow all)"
+      end
+
+      begin
+        pre_check(conf_yaml)
+
+        CONFIG_VALIDATIONS.each_key do |section|
+          CONFIG_VALIDATIONS[section].each do |parameter, validations|
+            values = conf_yaml[section.to_s][parameter.to_s] rescue nil
+            validations = [ validations ]  unless validations.is_a?(Array)
+
+            if values == nil
+              if validations.include? :required
+                fatal "#{section}[#{parameter}] requires a value"
+              end
+              next
+            end
+
+            if values.is_a? Array
+              unless validations.include? :multi_value
+                fatal "#{section}[#{parameter}] does not allow multiple values"
+              end
+
+              if validations.include? :non_empty and values.empty?
+                fatal "#{section}[#{parameter}] does not allow empty values"
+              end
+            end
+
+            values = ( values.is_a?(Array) ? values : [ values ] )
+
+            values.each do |value|
+              validations.each do |validation|
+
+                if validation.is_a? Symbol
+                  args = []
+                elsif validation.is_a? Array
+                  args = validation[1..-1]
+                  validation = validation[0]
+                end
+
+                next if [:required, :multi_value, :non_empty].include? validation
+
+                unless send validation, value, *args
+                  fatal "#{section}[#{parameter}] has invalid value '#{humanize_value value}' (does not satisfy '#{validation}' validation requirement)"
+                end
+              end
+
+              @configuration[section][parameter] = ( validations.include?(:multi_value) ? values : values[0] )
+            end
+
+          end  # CONFIG_VALIDATIONS[section].each
+        end  # CONFIG_VALIDATIONS.each_key
+
+        post_process
+        post_check
+
+      rescue OverSIP::ConfigurationError => e
+        fatal "configuration error: #{e.message}"
+      rescue => e
+        fatal e
+      end
+
+      ::OverSIP.configuration = @configuration
+
+      ::OverSIP::ProxiesConfig.load proxies_yaml
+    end
+
+
+    def self.pre_check conf_yaml
+      # If TLS files/directories are given as relative path, convert them into absolute paths.
+
+      tls_public_cert = conf_yaml["tls"]["public_cert"] rescue nil
+      tls_private_cert = conf_yaml["tls"]["private_cert"] rescue nil
+      tls_ca_dir = conf_yaml["tls"]["ca_dir"] rescue nil
+
+      if tls_public_cert.is_a?(String) and tls_public_cert[0] != "/"
+        conf_yaml["tls"]["public_cert"] = ::File.join(@conf_dir, DEFAULT_TLS_DIR, tls_public_cert)
+      end
+
+      if tls_private_cert.is_a?(String) and tls_private_cert[0] != "/"
+        conf_yaml["tls"]["private_cert"] = ::File.join(@conf_dir, DEFAULT_TLS_DIR, tls_private_cert)
+      end
+
+      if tls_ca_dir.is_a?(String) and tls_ca_dir[0] != "/"
+        conf_yaml["tls"]["ca_dir"] = ::File.join(@conf_dir, DEFAULT_TLS_DIR, tls_ca_dir)
+      end
+    end
+
+    def self.post_process
+      if @configuration[:tls][:public_cert] and @configuration[:tls][:private_cert]
+        @use_tls = true
+        # Generate a full PEM file containing both the public and private certificate (for Stud).
+        full_cert = Tempfile.new("oversip_full_cert_")
+        full_cert.puts File.read(@configuration[:tls][:public_cert])
+        full_cert.puts File.read(@configuration[:tls][:private_cert])
+        @configuration[:tls][:full_cert] = full_cert.path
+        full_cert.close
+      else
+        @configuration[:sip][:sip_tls] = false
+        @configuration[:websocket][:sip_wss] = false
+      end
+
+      if @configuration[:sip][:sip_udp] or @configuration[:sip][:sip_tcp]
+        @use_sip_udp_or_tcp = true
+      else
+        @configuration[:sip][:listen_port] = nil
+      end
+
+      if @configuration[:sip][:sip_tls] and @use_tls
+        @use_sip_tls = true
+      else
+        @configuration[:sip][:listen_port_tls] = nil
+      end
+
+      unless @use_sip_udp_or_tcp or @use_sip_tls
+        @configuration[:sip][:listen_ipv4] = nil
+        @configuration[:sip][:listen_ipv6] = nil
+        @configuration[:sip][:enable_ipv4] = nil
+        @configuration[:sip][:enable_ipv6] = nil
+      end
+
+      unless @configuration[:sip][:enable_ipv4]
+        @configuration[:sip][:listen_ipv4] = nil
+      end
+
+      unless @configuration[:sip][:enable_ipv6]
+        @configuration[:sip][:listen_ipv6] = nil
+      end
+
+      if @configuration[:websocket][:sip_ws]
+        @use_sip_ws = true
+      else
+        @configuration[:websocket][:listen_port] = nil
+      end
+
+      if @configuration[:websocket][:sip_wss] and @use_tls
+        @use_sip_wss = true
+      else
+        @configuration[:websocket][:listen_port_tls] = nil
+      end
+
+      unless @use_sip_ws or @use_sip_wss
+        @configuration[:websocket][:listen_ipv4] = nil
+        @configuration[:websocket][:listen_ipv6] = nil
+        @configuration[:websocket][:enable_ipv4] = nil
+        @configuration[:websocket][:enable_ipv6] = nil
+      end
+
+      if ( @use_sip_udp_or_tcp or @use_sip_tls ) and @configuration[:sip][:listen_ipv4] == nil and @configuration[:sip][:enable_ipv4]
+        unless (@configuration[:sip][:listen_ipv4] = discover_local_ip(:ipv4))
+          log_system_warn "dissabling IPv4 for SIP"
+          @configuration[:sip][:listen_ipv4] = nil
+          @configuration[:sip][:enable_ipv4] = false
+        end
+      end
+
+      if ( @use_sip_udp_or_tcp or @use_sip_tls ) and @configuration[:sip][:listen_ipv6] == nil and @configuration[:sip][:enable_ipv6]
+        unless (@configuration[:sip][:listen_ipv6] = discover_local_ip(:ipv6))
+          log_system_warn "dissabling IPv6 for SIP"
+          @configuration[:sip][:listen_ipv6] = nil
+          @configuration[:sip][:enable_ipv6] = false
+        end
+      end
+
+      if ( @use_sip_ws or @use_sip_wss ) and @configuration[:websocket][:listen_ipv4] == nil and @configuration[:websocket][:enable_ipv4]
+        unless (@configuration[:websocket][:listen_ipv4] = discover_local_ip(:ipv4))
+          log_system_warn "dissabling IPv4 for WebSocket"
+          @configuration[:websocket][:listen_ipv4] = nil
+          @configuration[:websocket][:enable_ipv4] = false
+        end
+      end
+
+      if ( @use_sip_ws or @use_sip_wss ) and @configuration[:websocket][:listen_ipv6] == nil and @configuration[:websocket][:enable_ipv6]
+        unless (@configuration[:websocket][:listen_ipv6] = discover_local_ip(:ipv6))
+          log_system_warn "dissabling IPv6 for WebSocket"
+          @configuration[:websocket][:listen_ipv6] = nil
+          @configuration[:websocket][:enable_ipv6] = false
+        end
+      end
+
+      if @configuration[:sip][:local_domains]
+        if @configuration[:sip][:local_domains].is_a? String
+          @configuration[:sip][:local_domains] = [ @configuration[:sip][:local_domains].downcase ]
+        end
+        @configuration[:sip][:local_domains].each {|local_domain| local_domain.downcase!}
+      end
+    end  # def self.post_process
+
+
+    def self.post_check
+      binds = { :udp => [], :tcp => [] }
+
+      if @configuration[:sip][:enable_ipv4]
+        ipv4 = @configuration[:sip][:listen_ipv4]
+
+        if @configuration[:sip][:sip_udp]
+          binds[:udp] << [ ipv4, @configuration[:sip][:listen_port] ]
+        end
+
+        if @configuration[:sip][:sip_tcp]
+          binds[:tcp] << [ ipv4, @configuration[:sip][:listen_port] ]
+        end
+
+        if @configuration[:sip][:sip_tls]
+          unless @configuration[:sip][:use_tls_tunnel]
+            binds[:tcp] << [ ipv4, @configuration[:sip][:listen_port_tls] ]
+          else
+            binds[:tcp] << [ "127.0.0.1", @configuration[:sip][:listen_port_tls_tunnel] ]
+          end
+        end
+      end
+
+      if @configuration[:sip][:enable_ipv6]
+        ipv6 = @configuration[:sip][:listen_ipv6]
+
+        if @configuration[:sip][:sip_udp]
+          binds[:udp] << [ ipv6, @configuration[:sip][:listen_port] ]
+        end
+
+        if @configuration[:sip][:sip_tcp]
+          binds[:tcp] << [ ipv6, @configuration[:sip][:listen_port] ]
+        end
+
+        if @configuration[:sip][:sip_tls]
+          unless @configuration[:sip][:use_tls_tunnel]
+            binds[:tcp] << [ ipv6, @configuration[:sip][:listen_port_tls] ]
+          else
+            binds[:tcp] << [ "::1", @configuration[:sip][:listen_port_tls_tunnel] ]
+          end
+        end
+      end
+
+      if @configuration[:websocket][:enable_ipv4]
+        ipv4 = @configuration[:websocket][:listen_ipv4]
+
+        if @configuration[:websocket][:sip_ws]
+          binds[:tcp] << [ ipv4, @configuration[:websocket][:listen_port] ]
+        end
+
+        if @configuration[:websocket][:sip_wss]
+          unless @configuration[:sip][:use_tls_tunnel]
+            binds[:tcp] << [ ipv4, @configuration[:websocket][:listen_port_tls] ]
+          else
+            binds[:tcp] << [ "127.0.0.1", @configuration[:websocket][:listen_port_tls_tunnel] ]
+          end
+        end
+      end
+
+      if @configuration[:websocket][:enable_ipv6]
+        ipv6 = @configuration[:websocket][:listen_ipv6]
+
+        if @configuration[:websocket][:sip_ws]
+          binds[:tcp] << [ ipv6, @configuration[:websocket][:listen_port] ]
+        end
+
+        if @configuration[:websocket][:sip_wss]
+          unless @configuration[:sip][:use_tls_tunnel]
+            binds[:tcp] << [ ipv6, @configuration[:websocket][:listen_port_tls] ]
+          else
+            binds[:tcp] << [ "::1", @configuration[:websocket][:listen_port_tls_tunnel] ]
+          end
+        end
+      end
+
+      [:udp, :tcp].each do |transport|
+        transport_str = transport.to_s.upcase
+        binds[transport].each do |ip, port|
+          begin
+            unless (ip_type = ::OverSIP::Utils.ip_type(ip))
+              raise ::OverSIP::ConfigurationError, "given IP '#{ip}' is not IPv4 nor IPv6"
+            end
+
+            case transport
+            when :udp
+              case ip_type
+              when :ipv4
+                socket = ::UDPSocket.new ::Socket::AF_INET
+              when :ipv6
+                socket = ::UDPSocket.new ::Socket::AF_INET6
+              end
+              socket.bind ip, port
+            when :tcp
+              socket = ::TCPServer.open ip, port
+            end
+
+            socket.close
+
+          rescue ::Errno::EADDRNOTAVAIL
+            raise ::OverSIP::ConfigurationError, "cannot bind in #{transport_str} IP '#{ip}', address not available"
+          rescue ::Errno::EADDRINUSE
+            raise ::OverSIP::ConfigurationError, "#{transport_str} IP '#{ip}' and port #{port} already in use"
+          rescue ::Errno::EACCES
+            raise ::OverSIP::ConfigurationError, "no permission to bind in #{transport_str} IP '#{ip}' and port #{port}"
+          rescue => e
+            raise e.class, "error binding in #{transport_str} IP '#{ip}' and port #{port} (#{e.class}: #{e.message})"
+          end
+        end
+      end
+    end  # def self.post_check
+
+
+    def self.print colorize=true
+      color = Term::ANSIColor  if colorize
+
+      puts
+      @configuration.each_key do |section|
+        if colorize
+          puts "  #{color.bold(section.to_s)}:"
+        else
+          puts "  #{section.to_s}:"
+        end
+        @configuration[section].each do |parameter, value|
+          humanized_value = humanize_value value
+          color_value = case value
+            when TrueClass
+              colorize ? color.bold(color.green(humanized_value)) : humanized_value
+            when FalseClass
+              colorize ? color.bold(color.red(humanized_value)) : humanized_value
+            when NilClass
+              humanized_value
+            when String, Symbol
+              colorize ? color.yellow(humanized_value) : humanized_value
+            when Array
+              colorize ? color.yellow(humanized_value) : humanized_value
+            when Fixnum, Float
+              colorize ? color.bold(color.blue(humanized_value)) : humanized_value
+            else
+              humanized_value
+            end
+          printf("    %-32s:  %s\n", parameter, color_value)
+        end
+        puts
+      end
+    end
+
+    def self.humanize_value value
+      case value
+        when TrueClass      ; "yes"
+        when FalseClass     ; "no"
+        when NilClass       ; "null"
+        when String         ; value
+        when Symbol         ; value.to_s
+        when Array          ; value.join(", ")
+        when Fixnum, Float  ; value.to_s
+        else                ; value.to_s
+        end
+    end
+
+    def self.discover_local_ip(type)
+      begin
+        if type == :ipv4
+          socket = ::UDPSocket.new ::Socket::AF_INET
+          socket.connect("1.2.3.4", 1)
+        elsif type == :ipv6
+          socket = ::UDPSocket.new ::Socket::AF_INET6
+          socket.connect("2001::1", 1)
+        end
+        ip = socket.local_address.ip_address
+        socket.close
+        return ip
+      rescue => e
+        log_system_warn "cannot autodiscover local #{type == :ipv4 ? "IPv4" : "IPv6"}: #{e.message} (#{e.class})"
+        return false
+      end
+    end
+
+    def self.reload_logic
+      begin
+        Kernel.load logic_file
+        log_system_info "logic reloaded"
+        true
+      rescue Exception => e
+        log_system_crit "error reloading logic"
+        log_system_crit e
+        false
+      end
+    end
+
+  end
+
+end

data/lib/oversip/config_validators.rb

@@ -0,0 +1,126 @@
+require "openssl"
+
+
+module OverSIP
+
+  module Config
+
+    module Validators
+
+      extend ::OverSIP::Logger
+
+      DOMAIN_REGEXP = /^(([0-9a-zA-Z\-_])+\.)*([0-9a-zA-Z\-_])+$/
+      TLS_PEM_CHAIN_REGEXP = /-{5}BEGIN CERTIFICATE-{5}\n.*?-{5}END CERTIFICATE-{5}\n/m
+
+      def boolean value
+        value == true or value == false
+      end
+
+      def string value
+        value.is_a? String
+      end
+
+      def fixnum value
+        value.is_a? Fixnum
+      end
+
+      def port value
+        fixnum(value) and value.between?(1,65536)
+      end
+
+      def ipv4 value
+        return false  unless value.is_a? String
+        ::OverSIP::Utils.ip_type(value) == :ipv4 and value != "0.0.0.0"
+      end
+
+      def ipv6 value
+        return false  unless value.is_a? String
+        ::OverSIP::Utils.ip_type(value) == :ipv6 and ::OverSIP::Utils.normalize_ipv6(value) != "::"
+      end
+
+      def ipv4_any value
+        return false  unless value.is_a? String
+        ::OverSIP::Utils.ip_type(value) == :ipv4
+      end
+
+      def ipv6_any value
+        return false  unless value.is_a? String
+        ::OverSIP::Utils.ip_type(value) == :ipv6
+      end
+
+      def domain value
+        value =~ DOMAIN_REGEXP
+      end
+
+      def choices value, choices
+        choices.include? value
+      end
+
+      def greater_than value, minimum
+        value > minimum  rescue false
+      end
+
+      def greater_equal_than value, minimum
+        value >= minimum  rescue false
+      end
+
+      def minor_than value, maximum
+        value < maximum  rescue false
+      end
+
+      def minor_equal_than value, maximum
+        value <= maximum  rescue false
+      end
+
+      def readable_file file
+        ::File.file?(file) and ::File.readable?(file)
+      end
+
+      def readable_dir dir
+        ::File.directory?(dir) and ::File.readable?(dir)
+      end
+
+      def tls_pem_chain file
+        chain = ::File.read file
+        pems = chain.scan(TLS_PEM_CHAIN_REGEXP).flatten
+        pem_found = nil
+
+        begin
+          pems.each do |pem|
+            ::OpenSSL::X509::Certificate.new pem
+            pem_found = true
+          end
+        rescue => e
+          log_system_error "#{e.class}: #{e.message}"
+          return false
+        end
+
+        if pem_found
+          return true
+        else
+          log_system_error "no valid X509 PEM found in the file"
+          return false
+        end
+      end
+
+      def tls_pem_private file
+        pem = ::File.read file
+        key_classes = [::OpenSSL::PKey::RSA, ::OpenSSL::PKey::DSA]
+
+        begin
+          key_class = key_classes.shift
+          key_class.new pem
+          return true
+        rescue => e
+          retry if key_classes.any?
+          log_system_error e.message
+        end
+
+        return false
+      end
+
+    end # module Validators
+
+  end # module Config
+
+end

data/lib/oversip/errors.rb

@@ -0,0 +1,7 @@
+module OverSIP
+
+  class Error < StandardError ; end
+  class ConfigurationError < Error ; end
+  class LogicError < Error ; end
+
+end