blob: 8052cd809a557643ee685eb438be110a8bdd2bff [file] [log] [blame]
/*
* Copyright 2017 The WebRTC project authors. All Rights Reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#include "pc/ice_server_parsing.h"
#include <stddef.h>
#include <cctype> // For std::isdigit.
#include <string>
#include <tuple>
#include "p2p/base/port_interface.h"
#include "rtc_base/arraysize.h"
#include "rtc_base/checks.h"
#include "rtc_base/ip_address.h"
#include "rtc_base/logging.h"
#include "rtc_base/socket_address.h"
#include "rtc_base/string_encode.h"
#include "rtc_base/string_to_number.h"
namespace webrtc {
namespace {
// Number of tokens must be preset when TURN uri has transport param.
const size_t kTurnTransportTokensNum = 2;
// The default stun port.
const int kDefaultStunPort = 3478;
const int kDefaultStunTlsPort = 5349;
const char kTransport[] = "transport";
// Allowed characters in hostname per RFC 3986 Appendix A "reg-name"
const char kRegNameCharacters[] =
"abcdefghijklmnopqrstuvwxyz"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"0123456789"
"-._~" // unreserved
"%" // pct-encoded
"!$&'()*+,;="; // sub-delims
// NOTE: Must be in the same order as the ServiceType enum.
const char* kValidIceServiceTypes[] = {"stun", "stuns", "turn", "turns"};
// NOTE: A loop below assumes that the first value of this enum is 0 and all
// other values are incremental.
enum class ServiceType {
STUN = 0, // Indicates a STUN server.
STUNS, // Indicates a STUN server used with a TLS session.
TURN, // Indicates a TURN server
TURNS, // Indicates a TURN server used with a TLS session.
INVALID, // Unknown.
};
static_assert(static_cast<size_t>(ServiceType::INVALID) ==
arraysize(kValidIceServiceTypes),
"kValidIceServiceTypes must have as many strings as ServiceType "
"has values.");
// `in_str` should follow of RFC 7064/7065 syntax, but with an optional
// "?transport=" already stripped. I.e.,
// stunURI = scheme ":" host [ ":" port ]
// scheme = "stun" / "stuns" / "turn" / "turns"
// host = IP-literal / IPv4address / reg-name
// port = *DIGIT
// Return tuple is service_type, host, with service_type == ServiceType::INVALID
// on failure.
std::tuple<ServiceType, absl::string_view> GetServiceTypeAndHostnameFromUri(
absl::string_view in_str) {
const auto colonpos = in_str.find(':');
if (colonpos == absl::string_view::npos) {
RTC_LOG(LS_WARNING) << "Missing ':' in ICE URI: " << in_str;
return {ServiceType::INVALID, ""};
}
if ((colonpos + 1) == in_str.length()) {
RTC_LOG(LS_WARNING) << "Empty hostname in ICE URI: " << in_str;
return {ServiceType::INVALID, ""};
}
for (size_t i = 0; i < arraysize(kValidIceServiceTypes); ++i) {
if (in_str.compare(0, colonpos, kValidIceServiceTypes[i]) == 0) {
return {static_cast<ServiceType>(i), in_str.substr(colonpos + 1)};
}
}
return {ServiceType::INVALID, ""};
}
absl::optional<int> ParsePort(absl::string_view in_str) {
// Make sure port only contains digits. StringToNumber doesn't check this.
for (const char& c : in_str) {
if (!std::isdigit(static_cast<unsigned char>(c))) {
return false;
}
}
return rtc::StringToNumber<int>(in_str);
}
// This method parses IPv6 and IPv4 literal strings, along with hostnames in
// standard hostname:port format.
// Consider following formats as correct.
// `hostname:port`, |[IPV6 address]:port|, |IPv4 address|:port,
// `hostname`, |[IPv6 address]|, |IPv4 address|.
// Return tuple is success, host, port.
std::tuple<bool, absl::string_view, int> ParseHostnameAndPortFromString(
absl::string_view in_str,
int default_port) {
if (in_str.empty()) {
return {false, "", 0};
}
absl::string_view host;
int port = default_port;
if (in_str.at(0) == '[') {
// IP_literal syntax
auto closebracket = in_str.rfind(']');
if (closebracket == absl::string_view::npos) {
return {false, "", 0};
}
auto colonpos = in_str.find(':', closebracket);
if (absl::string_view::npos != colonpos) {
if (absl::optional<int> opt_port =
ParsePort(in_str.substr(closebracket + 2))) {
port = *opt_port;
} else {
return {false, "", 0};
}
}
host = in_str.substr(1, closebracket - 1);
} else {
// IPv4address or reg-name syntax
auto colonpos = in_str.find(':');
if (absl::string_view::npos != colonpos) {
if (absl::optional<int> opt_port =
ParsePort(in_str.substr(colonpos + 1))) {
port = *opt_port;
} else {
return {false, "", 0};
}
host = in_str.substr(0, colonpos);
} else {
host = in_str;
}
// RFC 3986 section 3.2.2 and Appendix A - "reg-name" syntax
if (host.find_first_not_of(kRegNameCharacters) != absl::string_view::npos) {
return {false, "", 0};
}
}
return {!host.empty(), host, port};
}
// Adds a STUN or TURN server to the appropriate list,
// by parsing `url` and using the username/password in `server`.
RTCErrorType ParseIceServerUrl(
const PeerConnectionInterface::IceServer& server,
absl::string_view url,
cricket::ServerAddresses* stun_servers,
std::vector<cricket::RelayServerConfig>* turn_servers) {
// RFC 7064
// stunURI = scheme ":" host [ ":" port ]
// scheme = "stun" / "stuns"
// RFC 7065
// turnURI = scheme ":" host [ ":" port ]
// [ "?transport=" transport ]
// scheme = "turn" / "turns"
// transport = "udp" / "tcp" / transport-ext
// transport-ext = 1*unreserved
// RFC 3986
// host = IP-literal / IPv4address / reg-name
// port = *DIGIT
RTC_DCHECK(stun_servers != nullptr);
RTC_DCHECK(turn_servers != nullptr);
cricket::ProtocolType turn_transport_type = cricket::PROTO_UDP;
RTC_DCHECK(!url.empty());
std::vector<absl::string_view> tokens = rtc::split(url, '?');
absl::string_view uri_without_transport = tokens[0];
// Let's look into transport= param, if it exists.
if (tokens.size() == kTurnTransportTokensNum) { // ?transport= is present.
std::vector<absl::string_view> transport_tokens =
rtc::split(tokens[1], '=');
if (transport_tokens[0] != kTransport) {
RTC_LOG(LS_WARNING) << "Invalid transport parameter key.";
return RTCErrorType::SYNTAX_ERROR;
}
if (transport_tokens.size() < 2) {
RTC_LOG(LS_WARNING) << "Transport parameter missing value.";
return RTCErrorType::SYNTAX_ERROR;
}
absl::optional<cricket::ProtocolType> proto =
cricket::StringToProto(transport_tokens[1]);
if (!proto ||
(*proto != cricket::PROTO_UDP && *proto != cricket::PROTO_TCP)) {
RTC_LOG(LS_WARNING) << "Transport parameter should always be udp or tcp.";
return RTCErrorType::SYNTAX_ERROR;
}
turn_transport_type = *proto;
}
auto [service_type, hoststring] =
GetServiceTypeAndHostnameFromUri(uri_without_transport);
if (service_type == ServiceType::INVALID) {
RTC_LOG(LS_WARNING) << "Invalid transport parameter in ICE URI: " << url;
return RTCErrorType::SYNTAX_ERROR;
}
// GetServiceTypeAndHostnameFromUri should never give an empty hoststring
RTC_DCHECK(!hoststring.empty());
int default_port = kDefaultStunPort;
if (service_type == ServiceType::TURNS) {
default_port = kDefaultStunTlsPort;
turn_transport_type = cricket::PROTO_TLS;
}
if (hoststring.find('@') != absl::string_view::npos) {
RTC_LOG(LS_WARNING) << "Invalid url: " << uri_without_transport;
RTC_LOG(LS_WARNING)
<< "Note that user-info@ in turn:-urls is long-deprecated.";
return RTCErrorType::SYNTAX_ERROR;
}
auto [success, address, port] =
ParseHostnameAndPortFromString(hoststring, default_port);
if (!success) {
RTC_LOG(LS_WARNING) << "Invalid hostname format: " << uri_without_transport;
return RTCErrorType::SYNTAX_ERROR;
}
if (port <= 0 || port > 0xffff) {
RTC_LOG(LS_WARNING) << "Invalid port: " << port;
return RTCErrorType::SYNTAX_ERROR;
}
switch (service_type) {
case ServiceType::STUN:
case ServiceType::STUNS:
stun_servers->insert(rtc::SocketAddress(address, port));
break;
case ServiceType::TURN:
case ServiceType::TURNS: {
if (server.username.empty() || server.password.empty()) {
// The WebRTC spec requires throwing an InvalidAccessError when username
// or credential are ommitted; this is the native equivalent.
RTC_LOG(LS_WARNING) << "TURN server with empty username or password";
return RTCErrorType::INVALID_PARAMETER;
}
// If the hostname field is not empty, then the server address must be
// the resolved IP for that host, the hostname is needed later for TLS
// handshake (SNI and Certificate verification).
absl::string_view hostname =
server.hostname.empty() ? address : server.hostname;
rtc::SocketAddress socket_address(hostname, port);
if (!server.hostname.empty()) {
rtc::IPAddress ip;
if (!IPFromString(address, &ip)) {
// When hostname is set, the server address must be a
// resolved ip address.
RTC_LOG(LS_WARNING)
<< "IceServer has hostname field set, but URI does not "
"contain an IP address.";
return RTCErrorType::INVALID_PARAMETER;
}
socket_address.SetResolvedIP(ip);
}
cricket::RelayServerConfig config =
cricket::RelayServerConfig(socket_address, server.username,
server.password, turn_transport_type);
if (server.tls_cert_policy ==
PeerConnectionInterface::kTlsCertPolicyInsecureNoCheck) {
config.tls_cert_policy =
cricket::TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK;
}
config.tls_alpn_protocols = server.tls_alpn_protocols;
config.tls_elliptic_curves = server.tls_elliptic_curves;
turn_servers->push_back(config);
break;
}
default:
// We shouldn't get to this point with an invalid service_type, we should
// have returned an error already.
RTC_DCHECK_NOTREACHED() << "Unexpected service type";
return RTCErrorType::INTERNAL_ERROR;
}
return RTCErrorType::NONE;
}
} // namespace
RTCErrorType ParseIceServers(
const PeerConnectionInterface::IceServers& servers,
cricket::ServerAddresses* stun_servers,
std::vector<cricket::RelayServerConfig>* turn_servers) {
for (const PeerConnectionInterface::IceServer& server : servers) {
if (!server.urls.empty()) {
for (const std::string& url : server.urls) {
if (url.empty()) {
RTC_LOG(LS_WARNING) << "Empty uri.";
return RTCErrorType::SYNTAX_ERROR;
}
RTCErrorType err =
ParseIceServerUrl(server, url, stun_servers, turn_servers);
if (err != RTCErrorType::NONE) {
return err;
}
}
} else if (!server.uri.empty()) {
// Fallback to old .uri if new .urls isn't present.
RTCErrorType err =
ParseIceServerUrl(server, server.uri, stun_servers, turn_servers);
if (err != RTCErrorType::NONE) {
return err;
}
} else {
RTC_LOG(LS_WARNING) << "Empty uri.";
return RTCErrorType::SYNTAX_ERROR;
}
}
// Candidates must have unique priorities, so that connectivity checks
// are performed in a well-defined order.
int priority = static_cast<int>(turn_servers->size() - 1);
for (cricket::RelayServerConfig& turn_server : *turn_servers) {
// First in the list gets highest priority.
turn_server.priority = priority--;
}
return RTCErrorType::NONE;
}
} // namespace webrtc