RubyGems - oversip_p - Versions diffs - 1.0.0 - Mend

oversip_p 1.0.0

Files changed (132) hide show

checksums.yaml +7 -0
data/AUTHORS +22 -0
data/LICENSE +25 -0
data/README.md +43 -0
data/Rakefile +54 -0
data/bin/oversip +184 -0
data/etc/oversip.conf +274 -0
data/etc/proxies.conf +145 -0
data/etc/server.rb +315 -0
data/etc/tls/ca/cacert.pem +3894 -0
data/etc/tls/demo-tls.oversip.net.crt +17 -0
data/etc/tls/demo-tls.oversip.net.key +15 -0
data/etc/tls/upgrade-cacert.sh +12 -0
data/etc/tls/utils/create-cert.rb +162 -0
data/etc/tls/utils/get-sip-identities.rb +95 -0
data/ext/common/c_util.h +74 -0
data/ext/common/ruby_c_util.h +88 -0
data/ext/sip_parser/common_headers.h +210 -0
data/ext/sip_parser/ext_help.h +18 -0
data/ext/sip_parser/extconf.rb +3 -0
data/ext/sip_parser/sip_message_parser.c +29741 -0
data/ext/sip_parser/sip_parser.h +250 -0
data/ext/sip_parser/sip_parser_ruby.c +1370 -0
data/ext/sip_parser/sip_uri_parser.c +39699 -0
data/ext/stud/extconf.rb +43 -0
data/ext/stun/ext_help.h +16 -0
data/ext/stun/extconf.rb +3 -0
data/ext/stun/stun_ruby.c +394 -0
data/ext/utils/ext_help.h +14 -0
data/ext/utils/extconf.rb +3 -0
data/ext/utils/haproxy_protocol.c +6163 -0
data/ext/utils/haproxy_protocol.h +27 -0
data/ext/utils/ip_utils.c +5952 -0
data/ext/utils/ip_utils.h +64 -0
data/ext/utils/outbound_utils.c +3227 -0
data/ext/utils/outbound_utils.h +27 -0
data/ext/utils/utils_ruby.c +392 -0
data/ext/utils/utils_ruby.h +76 -0
data/ext/websocket_framing_utils/ext_help.h +18 -0
data/ext/websocket_framing_utils/extconf.rb +3 -0
data/ext/websocket_framing_utils/ws_framing_utils.h +47 -0
data/ext/websocket_framing_utils/ws_framing_utils_ruby.c +135 -0
data/ext/websocket_http_parser/ext_help.h +18 -0
data/ext/websocket_http_parser/extconf.rb +3 -0
data/ext/websocket_http_parser/ws_http_parser.c +1635 -0
data/ext/websocket_http_parser/ws_http_parser.h +87 -0
data/ext/websocket_http_parser/ws_http_parser_ruby.c +630 -0
data/lib/oversip/config.rb +597 -0
data/lib/oversip/config_validators.rb +126 -0
data/lib/oversip/default_server.rb +52 -0
data/lib/oversip/errors.rb +10 -0
data/lib/oversip/fiber_pool.rb +56 -0
data/lib/oversip/launcher.rb +635 -0
data/lib/oversip/logger.rb +84 -0
data/lib/oversip/modules/outbound_mangling.rb +56 -0
data/lib/oversip/modules/user_assertion.rb +73 -0
data/lib/oversip/proxies_config.rb +189 -0
data/lib/oversip/ruby_ext/eventmachine.rb +38 -0
data/lib/oversip/sip/client.rb +428 -0
data/lib/oversip/sip/client_transaction.rb +586 -0
data/lib/oversip/sip/constants.rb +88 -0
data/lib/oversip/sip/core.rb +217 -0
data/lib/oversip/sip/launcher.rb +221 -0
data/lib/oversip/sip/listeners/connection.rb +54 -0
data/lib/oversip/sip/listeners/ipv4_tcp_client.rb +21 -0
data/lib/oversip/sip/listeners/ipv4_tcp_server.rb +22 -0
data/lib/oversip/sip/listeners/ipv4_tls_client.rb +21 -0
data/lib/oversip/sip/listeners/ipv4_tls_server.rb +22 -0
data/lib/oversip/sip/listeners/ipv4_tls_tunnel_server.rb +22 -0
data/lib/oversip/sip/listeners/ipv4_udp_server.rb +21 -0
data/lib/oversip/sip/listeners/ipv6_tcp_client.rb +21 -0
data/lib/oversip/sip/listeners/ipv6_tcp_server.rb +22 -0
data/lib/oversip/sip/listeners/ipv6_tls_client.rb +21 -0
data/lib/oversip/sip/listeners/ipv6_tls_server.rb +22 -0
data/lib/oversip/sip/listeners/ipv6_tls_tunnel_server.rb +22 -0
data/lib/oversip/sip/listeners/ipv6_udp_server.rb +21 -0
data/lib/oversip/sip/listeners/tcp_client.rb +97 -0
data/lib/oversip/sip/listeners/tcp_connection.rb +202 -0
data/lib/oversip/sip/listeners/tcp_server.rb +71 -0
data/lib/oversip/sip/listeners/tls_client.rb +125 -0
data/lib/oversip/sip/listeners/tls_server.rb +88 -0
data/lib/oversip/sip/listeners/tls_tunnel_connection.rb +89 -0
data/lib/oversip/sip/listeners/tls_tunnel_server.rb +61 -0
data/lib/oversip/sip/listeners/udp_connection.rb +214 -0
data/lib/oversip/sip/listeners.rb +24 -0
data/lib/oversip/sip/message.rb +177 -0
data/lib/oversip/sip/message_processor.rb +213 -0
data/lib/oversip/sip/name_addr.rb +51 -0
data/lib/oversip/sip/proxy.rb +324 -0
data/lib/oversip/sip/request.rb +179 -0
data/lib/oversip/sip/response.rb +37 -0
data/lib/oversip/sip/rfc3263.rb +643 -0
data/lib/oversip/sip/server_transaction.rb +295 -0
data/lib/oversip/sip/sip.rb +76 -0
data/lib/oversip/sip/tags.rb +39 -0
data/lib/oversip/sip/timers.rb +55 -0
data/lib/oversip/sip/transport_manager.rb +130 -0
data/lib/oversip/sip/uac.rb +89 -0
data/lib/oversip/sip/uac_request.rb +84 -0
data/lib/oversip/sip/uri.rb +208 -0
data/lib/oversip/syslog.rb +68 -0
data/lib/oversip/system_callbacks.rb +45 -0
data/lib/oversip/tls.rb +172 -0
data/lib/oversip/utils.rb +30 -0
data/lib/oversip/version.rb +21 -0
data/lib/oversip/websocket/constants.rb +55 -0
data/lib/oversip/websocket/http_request.rb +59 -0
data/lib/oversip/websocket/launcher.rb +183 -0
data/lib/oversip/websocket/listeners/connection.rb +51 -0
data/lib/oversip/websocket/listeners/ipv4_ws_server.rb +22 -0
data/lib/oversip/websocket/listeners/ipv4_wss_server.rb +22 -0
data/lib/oversip/websocket/listeners/ipv4_wss_tunnel_server.rb +22 -0
data/lib/oversip/websocket/listeners/ipv6_ws_server.rb +22 -0
data/lib/oversip/websocket/listeners/ipv6_wss_server.rb +22 -0
data/lib/oversip/websocket/listeners/ipv6_wss_tunnel_server.rb +22 -0
data/lib/oversip/websocket/listeners/ws_server.rb +331 -0
data/lib/oversip/websocket/listeners/wss_server.rb +88 -0
data/lib/oversip/websocket/listeners/wss_tunnel_server.rb +133 -0
data/lib/oversip/websocket/listeners.rb +13 -0
data/lib/oversip/websocket/websocket.rb +13 -0
data/lib/oversip/websocket/ws_framing.rb +545 -0
data/lib/oversip/websocket/ws_sip_app.rb +120 -0
data/lib/oversip.rb +127 -0
data/test/oversip_test_helper.rb +19 -0
data/test/test_http_parser.rb +73 -0
data/test/test_name_addr.rb +27 -0
data/test/test_name_addr_parser.rb +24 -0
data/test/test_sip_message_parser.rb +168 -0
data/test/test_sip_uri_parser.rb +56 -0
data/test/test_uri.rb +68 -0
data/thirdparty/stud/stud.tar.gz +0 -0
metadata +334 -0

data/lib/oversip/sip/listeners/ipv6_tls_server.rb ADDED Viewed

@@ -0,0 +1,22 @@
+module OverSIP::SIP
+  class IPv6TlsServer < TlsServer
+    @ip_type = :ipv6
+    @transport = :tls
+    @connections = {}
+    @invite_server_transactions = {}
+    @non_invite_server_transactions = {}
+    @invite_client_transactions = {}
+    @non_invite_client_transactions = {}
+    @is_reliable_transport_listener = true
+    @is_outbound_listener = true
+    LOG_ID = "SIP TLS IPv6 server"
+    def log_id
+      LOG_ID
+    end
+  end
+end

data/lib/oversip/sip/listeners/ipv6_tls_tunnel_server.rb ADDED Viewed

@@ -0,0 +1,22 @@
+module OverSIP::SIP
+  class IPv6TlsTunnelServer < TlsTunnelServer
+    @ip_type = :ipv6
+    @transport = :tls
+    @connections = {}
+    @invite_server_transactions = {}
+    @non_invite_server_transactions = {}
+    @invite_client_transactions = {}
+    @non_invite_client_transactions = {}
+    @is_reliable_transport_listener = true
+    @is_outbound_listener = true
+    LOG_ID = "SIP TLS-Tunnel IPv6 server"
+    def log_id
+      LOG_ID
+    end
+  end
+end

data/lib/oversip/sip/listeners/ipv6_udp_server.rb ADDED Viewed

@@ -0,0 +1,21 @@
+module OverSIP::SIP
+  class IPv6UdpServer < UdpConnection
+    @ip_type = :ipv6
+    @transport = :udp
+    @connections = nil  # To be set after creating the unique server instance.
+    @invite_server_transactions = {}
+    @non_invite_server_transactions = {}
+    @invite_client_transactions = {}
+    @non_invite_client_transactions = {}
+    @is_outbound_listener = true
+    LOG_ID = "SIP UDP IPv6 server"
+    def log_id
+      LOG_ID
+    end
+  end
+end

data/lib/oversip/sip/listeners/tcp_client.rb ADDED Viewed

@@ -0,0 +1,97 @@
+module OverSIP::SIP
+  class TcpClient < TcpConnection
+    class << self
+      attr_reader :server_class
+    end
+    attr_reader :connected
+    attr_reader :pending_client_transactions
+    def initialize ip, port
+      # NOTE: The parent class implementing "initialize" method is Connection, and allows no arguments.
+      # If we call just "super" from here it will fail since "ip" and "port" will be passed as
+      # arguments. So we must use "super()" and we are done (no arguments are passed to parent).
+      super()
+      @remote_ip = ip
+      @remote_port = port
+      @connection_id = ::OverSIP::SIP::TransportManager.add_connection self, self.class, self.class.ip_type, @remote_ip, @remote_port
+      @connected = false
+      @pending_client_transactions = []
+      ### TODO: make it configurable.
+      set_pending_connect_timeout 2.0
+    end
+    def connection_completed
+      log_system_info "TCP connection opened to " << remote_desc
+      @connected = true
+      @pending_client_transactions.clear
+    end
+    def remote_desc
+      @remote_desc ||= case self.class.ip_type
+        when :ipv4  ; "#{@remote_ip}:#{@remote_port.to_s}"
+        when :ipv6  ; "[#{@remote_ip}]:#{@remote_port.to_s}"
+        end
+    end
+    def unbind cause=nil
+      @state = :ignore
+      # Remove the connection.
+      self.class.connections.delete @connection_id
+      @local_closed = true  if cause == ::Errno::ETIMEDOUT
+      if @connected
+        log_msg = "connection to #{remote_desc} "
+        log_msg << ( @local_closed ? "locally closed" : "remotely closed" )
+        log_msg << " (cause: #{cause.inspect})"  if cause
+        log_system_debug log_msg  if $oversip_debug
+      # If the TCP client connection has failed (remote server rejected the connection) then
+      # inform to all the pending client transactions.
+      else
+        log_system_notice "connection to #{remote_desc} failed"  if $oversip_debug
+        @pending_client_transactions.each do |client_transaction|
+          client_transaction.connection_failed
+        end
+        @pending_client_transactions.clear
+      end unless $!
+      @connected = false
+    end
+    # For the case in which OverSIP receives a SIP request from a connection open by OverSIP.
+    def record_route
+      @record_route and return @record_route
+      server_class = self.class.server_class
+      local_port, local_ip = ::Socket.unpack_sockaddr_in(get_sockname)
+      case
+        when server_class == ::OverSIP::SIP::IPv4TcpServer
+          uri_ip = local_ip
+        when server_class == ::OverSIP::SIP::IPv6TcpServer
+          uri_ip = "[#{local_ip}]"
+        when server_class == ::OverSIP::SIP::IPv4TlsServer
+          uri_ip = local_ip
+        when server_class == ::OverSIP::SIP::IPv6TlsServer
+          uri_ip = "[#{local_ip}]"
+        end
+      @record_route = "<sip:#{uri_ip}:#{local_port};transport=#{server_class.transport.to_s};lr;ovid=#{OverSIP::SIP::Tags.value_for_route_ovid}>"
+    end
+  end
+end

data/lib/oversip/sip/listeners/tcp_connection.rb ADDED Viewed

@@ -0,0 +1,202 @@
+module OverSIP::SIP
+  class TcpConnection < Connection
+    # Max size (bytes) of the buffered data when receiving message headers
+    # (avoid DoS attacks).
+    HEADERS_MAX_SIZE = 16384
+    def remote_ip_type
+      @remote_ip_type || self.class.ip_type
+    end
+    def remote_ip
+      @remote_ip
+    end
+    def remote_port
+      @remote_port
+    end
+    def receive_data data
+      @state == :ignore and return
+      @buffer << data
+      @state == :waiting_for_on_client_tls_handshake and return
+      process_received_data
+    end
+    def process_received_data
+      @state == :ignore and return
+      while (case @state
+        when :init
+          @parser.reset
+          @parser_nbytes = 0
+          @state = :headers
+        when :headers
+          parse_headers
+          # TODO: Add a timer for the case in which an attacker sends us slow headers that never end:
+          #   http://ha.ckers.org/slowloris/.
+        when :body
+          get_body
+        when :finished
+          if @msg.request?
+            process_request
+          else
+            process_response
+          end
+          # Set state to :init.
+          @state = :init
+          # Return true to continue processing possible remaining data.
+          true
+        when :ignore
+          false
+        end)
+      end  # while
+    end
+    def parse_headers
+      return false if @buffer.empty?
+      # Parse the currently buffered data. If parsing fails @parser_nbytes gets nil value.
+      unless @parser_nbytes = @parser.execute(@buffer.to_str, @parser_nbytes)
+        # The parsed data is invalid, however some data could be parsed so @parsed.parsed
+        # can be:
+        # - SIP::Request
+        # - SIP::Response
+        # - nil (the message is so wrong that cannot be neither a request or response).
+        if wrong_message = @parser.parsed
+          log_system_warn "parsing error for #{MSG_TYPE[wrong_message.class]}: \"#{@parser.error}\""
+        else
+          log_system_warn "parsing error: \"#{@parser.error}\""
+        end
+        close_connection_after_writing
+        @state = :ignore
+        return false
+      end
+      # Avoid flood attacks in TCP (very long headers).
+      if @parser_nbytes > HEADERS_MAX_SIZE
+        log_system_warn "DoS attack detected: headers size exceedes #{HEADERS_MAX_SIZE} bytes, closing connection with #{remote_desc}"
+        close_connection
+        # After closing client connection some data can still arrrive to "receive_data()"
+        # (explained in EM documentation). By setting @state = :ignore we ensure such
+        # remaining data is not processed.
+        @state = :ignore
+        return false
+      end
+      # If the parsing has not finished, it is correct in TCP so return false and wait for more data under :headers state.
+      return false  unless @parser.finished?
+      # At this point we've got a SIP::Request, SIP::Response or :outbound_keepalive symbol.
+      @msg = @parser.parsed
+      # Clear parsed data from the buffer.
+      @buffer.read(@parser_nbytes)
+      # Received data is a Outbound keealive.
+      if @msg == :outbound_keepalive
+        log_system_debug "Outbound keepalive received, replying single CRLF"  if $oversip_debug
+        # Reply a single CRLF over the same connection.
+        send_data CRLF
+        # If TCP then go back to :init state so possible remaining data would be processed.
+        @state = :init
+        return true
+      end
+      @parser.post_parsing
+      # Here we have received the entire headers of a SIP request or response. Fill some
+      # attributes.
+      @msg.connection = self
+      @msg.transport = self.class.transport
+      @msg.source_ip = @remote_ip
+      @msg.source_port = @remote_port
+      @msg.source_ip_type = @remote_ip_type || self.class.ip_type
+      unless valid_message? @parser
+        close_connection_after_writing
+        @state = :ignore
+        return false
+      end
+      add_via_received_rport if @msg.request?
+      unless check_via_branch
+        close_connection_after_writing
+        @state = :ignore
+        return false
+      end
+      # Examine Content-Length header.
+      # In SIP over TCP Content-Length header is mandatory.
+      if (@body_length = @msg.content_length)
+        # There is body (or should be).
+        if @body_length > 0
+          @state = :body
+          # Return true to continue in get_body() method.
+          return true
+        # No body.
+        else
+          # Set :finished state and return true to process the parsed message.
+          @state = :finished
+          return true
+        end
+      # No Content-Length, invalid message!
+      else
+        # Log it and reply a 400 Bad Request (if it's a request).
+        # Close the connection, set :ignore state and return false to leave
+        # receive_data().
+        if @msg.request?
+          unless @msg.sip_method == :ACK
+            log_system_warn "request body size doesn't match Content-Length => 400"
+            @msg.reply 400, "Body size doesn't match Content-Length"
+          else
+            log_system_warn "ACK body size doesn't match Content-Length, ignoring it"
+          end
+        else
+          log_system_warn "response has not Content-Length header, ignoring it"
+        end
+        close_connection_after_writing
+        @state = :ignore
+        return false
+      end
+    end  # parse_headers
+    def get_body
+      # Return false until the buffer gets all the body.
+      return false if @buffer.size < @body_length
+      ### TODO: Creo que es mejor forzarlo a BINARY y no a UTF-8. Aunque IOBuffer ya lo saca siempre en BINARY.
+      # ¿Por qué lo forcé a UTF-8?
+      # RESPUESTA: Si no lo hago y resulta que el body no es UTF-8 válido, al añadir el body a los headers (que
+      # se generan como un string en UTF-8 (aunque contengan símbolos no UTF-8) fallaría. O todo UTF-8 (aunque
+      # tenga símbolos inválidos) o todo BINARY.
+      @msg.body = @buffer.read(@body_length).force_encoding(::Encoding::UTF_8)
+      @state = :finished
+      return true
+    end
+    # Parameters ip and port are just included because they are needed in UDP, so the API remains equal.
+    def send_sip_msg msg, ip=nil, port=nil
+      if self.error?
+        log_system_notice "SIP message could not be sent, connection is closed"
+        return false
+      end
+      send_data msg
+      true
+    end
+  end
+end

data/lib/oversip/sip/listeners/tcp_server.rb ADDED Viewed

@@ -0,0 +1,71 @@
+module OverSIP::SIP
+  class TcpServer < TcpConnection
+    attr_reader :outbound_flow_token
+    def post_connection
+      begin
+        @remote_port, @remote_ip = ::Socket.unpack_sockaddr_in(get_peername)
+      rescue => e
+        log_system_error "error obtaining remote IP/port (#{e.class}: #{e.message}), closing connection"
+        close_connection
+        @state = :ignore
+        return
+      end
+      @connection_id = ::OverSIP::SIP::TransportManager.add_connection self, self.class, self.class.ip_type, @remote_ip, @remote_port
+      # Create an Outbound (RFC 5626) flow token for this connection.
+      @outbound_flow_token = ::OverSIP::SIP::TransportManager.add_outbound_connection self
+      ### Testing TCP keepalive.
+      # https://github.com/bklang/eventmachine/commit/74c65a56c733bc1b6f092e32a9f0d722501ade46
+      # http://tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/
+      if ::OverSIP::SIP.tcp_keepalive_interval
+        set_sock_opt Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, true
+        set_sock_opt Socket::SOL_TCP, Socket::TCP_KEEPIDLE, ::OverSIP::SIP.tcp_keepalive_interval  # First TCP ping.
+        set_sock_opt Socket::SOL_TCP, Socket::TCP_KEEPINTVL, ::OverSIP::SIP.tcp_keepalive_interval  # Interval between TCP pings.
+      end
+      log_system_debug("connection opened from " << remote_desc)  if $oversip_debug
+    end
+    def remote_desc force=nil
+      if force
+        @remote_desc = case @remote_ip_type
+          when :ipv4  ; "#{@remote_ip}:#{@remote_port.to_s}"
+          when :ipv6  ; "[#{@remote_ip}]:#{@remote_port.to_s}"
+          end
+      else
+        @remote_desc ||= case self.class.ip_type
+          when :ipv4  ; "#{@remote_ip}:#{@remote_port.to_s}"
+          when :ipv6  ; "[#{@remote_ip}]:#{@remote_port.to_s}"
+          end
+      end
+    end
+    def unbind cause=nil
+      @state = :ignore
+      # Remove the connection.
+      self.class.connections.delete @connection_id
+      # Remove the Outbound token flow.
+      ::OverSIP::SIP::TransportManager.delete_outbound_connection @outbound_flow_token
+      @local_closed = true  if cause == ::Errno::ETIMEDOUT
+      if $oversip_debug
+        log_msg = "connection from #{remote_desc} "
+        log_msg << ( @local_closed ? "locally closed" : "remotely closed" )
+        log_msg << " (cause: #{cause.inspect})"  if cause
+        log_system_debug log_msg
+      end unless $!
+    end
+  end
+end

data/lib/oversip/sip/listeners/tls_client.rb ADDED Viewed

@@ -0,0 +1,125 @@
+module OverSIP::SIP
+  class TlsClient < TcpClient
+    TLS_HANDSHAKE_MAX_TIME = 4
+    attr_writer :callback_on_server_tls_handshake
+    def initialize ip, port
+      super
+      @pending_messages = []
+    end
+    def connection_completed
+      @server_pems = []
+      @server_last_pem = false
+      start_tls({
+        :verify_peer => @callback_on_server_tls_handshake,
+        :cert_chain_file => ::OverSIP.tls_public_cert,
+        :private_key_file => ::OverSIP.tls_private_cert,
+        :ssl_version => %w(tlsv1 tlsv1_1 tlsv1_2)
+      })
+      # If the remote server does never send us a TLS certificate
+      # after the TCP connection we would leak by storing more and
+      # more messages in @pending_messages array.
+      @timer_tls_handshake = ::EM::Timer.new(TLS_HANDSHAKE_MAX_TIME) do
+        unless @connected
+          log_system_notice "TLS handshake not performed within #{TLS_HANDSHAKE_MAX_TIME} seconds, closing the connection"
+          close_connection
+        end
+      end
+    end
+    # Called for every certificate provided by the peer.
+    # This is just called in case @callback_on_server_tls_handshake is true.
+    def ssl_verify_peer pem
+      # TODO: Dirty workaround for bug https://github.com/eventmachine/eventmachine/issues/194.
+      return true  if @server_last_pem == pem
+      @server_last_pem = pem
+      @server_pems << pem
+      log_system_debug "received certificate num #{@server_pems.size} from server"  if $oversip_debug
+      # Validation must be done in ssl_handshake_completed after receiving all the certs, so return true.
+      return true
+    end
+    # This is called after all the calls to ssl_verify_peer().
+    def ssl_handshake_completed
+      log_system_debug("TLS connection established to " << remote_desc)  if $oversip_debug
+      # @connected in TlsClient means "TLS connection" rather than
+      # just "TCP connection".
+      @connected = true
+      @timer_tls_handshake.cancel  if @timer_tls_handshake
+      # Run OverSIP::SipEvents.on_server_tls_handshake.
+      ::Fiber.new do
+        if @callback_on_server_tls_handshake
+          log_system_debug "running OverSIP::SipEvents.on_server_tls_handshake()..."  if $oversip_debug
+          begin
+            ::OverSIP::SipEvents.on_server_tls_handshake self, @server_pems
+          rescue ::Exception => e
+            log_system_error "error calling OverSIP::SipEvents.on_server_tls_handshake():"
+            log_system_error e
+            close_connection
+          end
+          # If the user or peer has closed the connection in the on_server_tls_handshake() callback
+          # then notify pending transactions.
+          if @local_closed or error?
+            log_system_debug "connection closed, aborting"  if $oversip_debug
+            @pending_client_transactions.each do |client_transaction|
+              client_transaction.tls_validation_failed
+            end
+            @pending_client_transactions.clear
+            @pending_messages.clear
+            @state = :ignore
+          end
+        end
+        @pending_client_transactions.clear
+        @pending_messages.each do |msg|
+          send_data msg
+        end
+        @pending_messages.clear
+      end.resume
+    end
+    def unbind cause=nil
+      super
+      @timer_tls_handshake.cancel  if @timer_tls_handshake
+      @pending_messages.clear
+    end
+    # In TLS client, we must wait until ssl_handshake_completed is
+    # completed before sending data. If not, data will be sent in
+    # plain TCP.
+    #   http://dev.sipdoc.net/issues/457
+    def send_sip_msg msg, ip=nil, port=nil
+      if self.error?
+        log_system_notice "SIP message could not be sent, connection is closed"
+        return false
+      end
+      if @connected
+        send_data msg
+      else
+        log_system_debug "TLS handshake not completed yet, waiting before sending the message"  if $oversip_debug
+        @pending_messages << msg
+      end
+      true
+    end
+  end
+end

data/lib/oversip/sip/listeners/tls_server.rb ADDED Viewed

@@ -0,0 +1,88 @@
+module OverSIP::SIP
+  class TlsServer < TcpServer
+    TLS_HANDSHAKE_MAX_TIME = 4
+    def post_init
+      @client_pems = []
+      @client_last_pem = false
+      start_tls({
+        :verify_peer => true,
+        :cert_chain_file => ::OverSIP.tls_public_cert,
+        :private_key_file => ::OverSIP.tls_private_cert,
+        :ssl_version => %w(tlsv1 tlsv1_1 tlsv1_2)
+      })
+      # If the remote client does never send us a TLS certificate
+      # after the TCP connection we would leak by storing more and
+      # more messages in @pending_messages array.
+      @timer_tls_handshake = ::EM::Timer.new(TLS_HANDSHAKE_MAX_TIME) do
+        unless @connected
+          log_system_notice "TLS handshake not performed within #{TLS_HANDSHAKE_MAX_TIME} seconds, closing the connection"
+          close_connection
+        end
+      end
+    end
+    def ssl_verify_peer pem
+      # TODO: Dirty workaround for bug https://github.com/eventmachine/eventmachine/issues/194.
+      return true  if @client_last_pem == pem
+      @client_last_pem = pem
+      @client_pems << pem
+      log_system_debug "received certificate num #{@client_pems.size} from client"  if $oversip_debug
+      # Validation must be done in ssl_handshake_completed after receiving all the certs, so return true.
+      return true
+    end
+    def ssl_handshake_completed
+      log_system_info "TLS connection established from " << remote_desc
+      # @connected in TlsServer means "TLS connection" rather than
+      # just "TCP connection".
+      @connected = true
+      @timer_tls_handshake.cancel  if @timer_tls_handshake
+      if ::OverSIP::SIP.callback_on_client_tls_handshake
+        # Set the state to :waiting_for_on_client_tls_handshake so data received after TLS handshake  but before
+        # user callback validation is just stored.
+        @state = :waiting_for_on_client_tls_handshake
+        # Run OverSIP::SipEvents.on_client_tls_handshake.
+        ::Fiber.new do
+          begin
+            log_system_debug "running OverSIP::SipEvents.on_client_tls_handshake()..."  if $oversip_debug
+            ::OverSIP::SipEvents.on_client_tls_handshake self, @client_pems
+            # If the user of the peer has not closed the connection then continue.
+            unless @local_closed or error?
+              @state = :init
+              # Call process_received_data() to process possible data received in the meanwhile.
+              process_received_data
+            else
+              log_system_debug "connection closed, aborting"  if $oversip_debug
+            end
+          rescue ::Exception => e
+            log_system_error "error calling OverSIP::SipEvents.on_client_tls_handshake():"
+            log_system_error e
+            close_connection
+          end
+        end.resume
+      end
+    end
+    def unbind cause=nil
+      @timer_tls_handshake.cancel  if @timer_tls_handshake
+      super
+    end
+  end
+end