blob: 47641375dead9cb75e612e73eb28aac520b3aeb4 [file] [log] [blame]
deadbeef1dcb1642017-03-29 21:08:16 -07001/*
2 * Copyright 2017 The WebRTC project authors. All Rights Reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
Steve Anton10542f22019-01-11 09:11:00 -080011#include "pc/ice_server_parsing.h"
deadbeef1dcb1642017-03-29 21:08:16 -070012
Yves Gerey3e707812018-11-28 16:47:49 +010013#include <stddef.h>
Jonas Olssona4d87372019-07-05 19:08:33 +020014
deadbeef1dcb1642017-03-29 21:08:16 -070015#include <cctype> // For std::isdigit.
16#include <string>
17
Steve Anton10542f22019-01-11 09:11:00 -080018#include "p2p/base/port_interface.h"
Mirko Bonadei92ea95e2017-09-15 06:47:31 +020019#include "rtc_base/arraysize.h"
Yves Gerey3e707812018-11-28 16:47:49 +010020#include "rtc_base/checks.h"
Steve Anton10542f22019-01-11 09:11:00 -080021#include "rtc_base/ip_address.h"
Yves Gerey3e707812018-11-28 16:47:49 +010022#include "rtc_base/logging.h"
Steve Anton10542f22019-01-11 09:11:00 -080023#include "rtc_base/socket_address.h"
deadbeef1dcb1642017-03-29 21:08:16 -070024
25namespace webrtc {
26
deadbeef1dcb1642017-03-29 21:08:16 -070027// Number of tokens must be preset when TURN uri has transport param.
28static const size_t kTurnTransportTokensNum = 2;
29// The default stun port.
30static const int kDefaultStunPort = 3478;
31static const int kDefaultStunTlsPort = 5349;
32static const char kTransport[] = "transport";
33
Harald Alvestranda3dd7722020-11-27 08:05:42 +000034// Allowed characters in hostname per RFC 3986 Appendix A "reg-name"
35static const char kRegNameCharacters[] =
36 "abcdefghijklmnopqrstuvwxyz"
37 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
38 "0123456789"
39 "-._~" // unreserved
40 "%" // pct-encoded
41 "!$&'()*+,;="; // sub-delims
42
deadbeef1dcb1642017-03-29 21:08:16 -070043// NOTE: Must be in the same order as the ServiceType enum.
44static const char* kValidIceServiceTypes[] = {"stun", "stuns", "turn", "turns"};
45
46// NOTE: A loop below assumes that the first value of this enum is 0 and all
47// other values are incremental.
48enum ServiceType {
49 STUN = 0, // Indicates a STUN server.
50 STUNS, // Indicates a STUN server used with a TLS session.
51 TURN, // Indicates a TURN server
52 TURNS, // Indicates a TURN server used with a TLS session.
53 INVALID, // Unknown.
54};
55static_assert(INVALID == arraysize(kValidIceServiceTypes),
56 "kValidIceServiceTypes must have as many strings as ServiceType "
57 "has values.");
58
Niels Möllerdb4def92019-03-18 16:53:59 +010059// |in_str| should follow of RFC 7064/7065 syntax, but with an optional
60// "?transport=" already stripped. I.e.,
61// stunURI = scheme ":" host [ ":" port ]
62// scheme = "stun" / "stuns" / "turn" / "turns"
63// host = IP-literal / IPv4address / reg-name
64// port = *DIGIT
deadbeef1dcb1642017-03-29 21:08:16 -070065static bool GetServiceTypeAndHostnameFromUri(const std::string& in_str,
66 ServiceType* service_type,
67 std::string* hostname) {
68 const std::string::size_type colonpos = in_str.find(':');
69 if (colonpos == std::string::npos) {
Mirko Bonadei675513b2017-11-09 11:09:25 +010070 RTC_LOG(LS_WARNING) << "Missing ':' in ICE URI: " << in_str;
deadbeef1dcb1642017-03-29 21:08:16 -070071 return false;
72 }
73 if ((colonpos + 1) == in_str.length()) {
Mirko Bonadei675513b2017-11-09 11:09:25 +010074 RTC_LOG(LS_WARNING) << "Empty hostname in ICE URI: " << in_str;
deadbeef1dcb1642017-03-29 21:08:16 -070075 return false;
76 }
77 *service_type = INVALID;
78 for (size_t i = 0; i < arraysize(kValidIceServiceTypes); ++i) {
79 if (in_str.compare(0, colonpos, kValidIceServiceTypes[i]) == 0) {
80 *service_type = static_cast<ServiceType>(i);
81 break;
82 }
83 }
84 if (*service_type == INVALID) {
85 return false;
86 }
87 *hostname = in_str.substr(colonpos + 1, std::string::npos);
88 return true;
89}
90
91static bool ParsePort(const std::string& in_str, int* port) {
92 // Make sure port only contains digits. FromString doesn't check this.
93 for (const char& c : in_str) {
94 if (!std::isdigit(c)) {
95 return false;
96 }
97 }
98 return rtc::FromString(in_str, port);
99}
100
101// This method parses IPv6 and IPv4 literal strings, along with hostnames in
102// standard hostname:port format.
103// Consider following formats as correct.
104// |hostname:port|, |[IPV6 address]:port|, |IPv4 address|:port,
105// |hostname|, |[IPv6 address]|, |IPv4 address|.
106static bool ParseHostnameAndPortFromString(const std::string& in_str,
107 std::string* host,
108 int* port) {
109 RTC_DCHECK(host->empty());
110 if (in_str.at(0) == '[') {
Harald Alvestranda3dd7722020-11-27 08:05:42 +0000111 // IP_literal syntax
deadbeef1dcb1642017-03-29 21:08:16 -0700112 std::string::size_type closebracket = in_str.rfind(']');
113 if (closebracket != std::string::npos) {
114 std::string::size_type colonpos = in_str.find(':', closebracket);
115 if (std::string::npos != colonpos) {
116 if (!ParsePort(in_str.substr(closebracket + 2, std::string::npos),
117 port)) {
118 return false;
119 }
120 }
121 *host = in_str.substr(1, closebracket - 1);
122 } else {
123 return false;
124 }
125 } else {
Harald Alvestranda3dd7722020-11-27 08:05:42 +0000126 // IPv4address or reg-name syntax
deadbeef1dcb1642017-03-29 21:08:16 -0700127 std::string::size_type colonpos = in_str.find(':');
128 if (std::string::npos != colonpos) {
129 if (!ParsePort(in_str.substr(colonpos + 1, std::string::npos), port)) {
130 return false;
131 }
132 *host = in_str.substr(0, colonpos);
133 } else {
134 *host = in_str;
135 }
Harald Alvestranda3dd7722020-11-27 08:05:42 +0000136 // RFC 3986 section 3.2.2 and Appendix A - "reg-name" syntax
137 if (host->find_first_not_of(kRegNameCharacters) != std::string::npos) {
138 return false;
139 }
deadbeef1dcb1642017-03-29 21:08:16 -0700140 }
141 return !host->empty();
142}
143
144// Adds a STUN or TURN server to the appropriate list,
145// by parsing |url| and using the username/password in |server|.
146static RTCErrorType ParseIceServerUrl(
147 const PeerConnectionInterface::IceServer& server,
148 const std::string& url,
149 cricket::ServerAddresses* stun_servers,
150 std::vector<cricket::RelayServerConfig>* turn_servers) {
Niels Möllerdb4def92019-03-18 16:53:59 +0100151 // RFC 7064
152 // stunURI = scheme ":" host [ ":" port ]
deadbeef1dcb1642017-03-29 21:08:16 -0700153 // scheme = "stun" / "stuns"
deadbeef1dcb1642017-03-29 21:08:16 -0700154
Niels Möllerdb4def92019-03-18 16:53:59 +0100155 // RFC 7065
156 // turnURI = scheme ":" host [ ":" port ]
deadbeef1dcb1642017-03-29 21:08:16 -0700157 // [ "?transport=" transport ]
158 // scheme = "turn" / "turns"
159 // transport = "udp" / "tcp" / transport-ext
160 // transport-ext = 1*unreserved
Niels Möllerdb4def92019-03-18 16:53:59 +0100161
162 // RFC 3986
163 // host = IP-literal / IPv4address / reg-name
164 // port = *DIGIT
165
deadbeef1dcb1642017-03-29 21:08:16 -0700166 RTC_DCHECK(stun_servers != nullptr);
167 RTC_DCHECK(turn_servers != nullptr);
168 std::vector<std::string> tokens;
169 cricket::ProtocolType turn_transport_type = cricket::PROTO_UDP;
170 RTC_DCHECK(!url.empty());
171 rtc::tokenize_with_empty_tokens(url, '?', &tokens);
172 std::string uri_without_transport = tokens[0];
173 // Let's look into transport= param, if it exists.
174 if (tokens.size() == kTurnTransportTokensNum) { // ?transport= is present.
175 std::string uri_transport_param = tokens[1];
176 rtc::tokenize_with_empty_tokens(uri_transport_param, '=', &tokens);
177 if (tokens[0] != kTransport) {
Mirko Bonadei675513b2017-11-09 11:09:25 +0100178 RTC_LOG(LS_WARNING) << "Invalid transport parameter key.";
deadbeef1dcb1642017-03-29 21:08:16 -0700179 return RTCErrorType::SYNTAX_ERROR;
180 }
181 if (tokens.size() < 2) {
Mirko Bonadei675513b2017-11-09 11:09:25 +0100182 RTC_LOG(LS_WARNING) << "Transport parameter missing value.";
deadbeef1dcb1642017-03-29 21:08:16 -0700183 return RTCErrorType::SYNTAX_ERROR;
184 }
185 if (!cricket::StringToProto(tokens[1].c_str(), &turn_transport_type) ||
186 (turn_transport_type != cricket::PROTO_UDP &&
187 turn_transport_type != cricket::PROTO_TCP)) {
Mirko Bonadei675513b2017-11-09 11:09:25 +0100188 RTC_LOG(LS_WARNING) << "Transport parameter should always be udp or tcp.";
deadbeef1dcb1642017-03-29 21:08:16 -0700189 return RTCErrorType::SYNTAX_ERROR;
190 }
191 }
192
193 std::string hoststring;
194 ServiceType service_type;
195 if (!GetServiceTypeAndHostnameFromUri(uri_without_transport, &service_type,
196 &hoststring)) {
Mirko Bonadei675513b2017-11-09 11:09:25 +0100197 RTC_LOG(LS_WARNING) << "Invalid transport parameter in ICE URI: " << url;
deadbeef1dcb1642017-03-29 21:08:16 -0700198 return RTCErrorType::SYNTAX_ERROR;
199 }
200
201 // GetServiceTypeAndHostnameFromUri should never give an empty hoststring
202 RTC_DCHECK(!hoststring.empty());
203
deadbeef1dcb1642017-03-29 21:08:16 -0700204 int port = kDefaultStunPort;
205 if (service_type == TURNS) {
206 port = kDefaultStunTlsPort;
207 turn_transport_type = cricket::PROTO_TLS;
208 }
209
Niels Möllerdb4def92019-03-18 16:53:59 +0100210 if (hoststring.find('@') != std::string::npos) {
211 RTC_LOG(WARNING) << "Invalid url: " << uri_without_transport;
212 RTC_LOG(WARNING)
213 << "Note that user-info@ in turn:-urls is long-deprecated.";
214 return RTCErrorType::SYNTAX_ERROR;
215 }
deadbeef1dcb1642017-03-29 21:08:16 -0700216 std::string address;
217 if (!ParseHostnameAndPortFromString(hoststring, &address, &port)) {
Mirko Bonadei675513b2017-11-09 11:09:25 +0100218 RTC_LOG(WARNING) << "Invalid hostname format: " << uri_without_transport;
deadbeef1dcb1642017-03-29 21:08:16 -0700219 return RTCErrorType::SYNTAX_ERROR;
220 }
221
222 if (port <= 0 || port > 0xffff) {
Mirko Bonadei675513b2017-11-09 11:09:25 +0100223 RTC_LOG(WARNING) << "Invalid port: " << port;
deadbeef1dcb1642017-03-29 21:08:16 -0700224 return RTCErrorType::SYNTAX_ERROR;
225 }
226
227 switch (service_type) {
228 case STUN:
229 case STUNS:
230 stun_servers->insert(rtc::SocketAddress(address, port));
231 break;
232 case TURN:
233 case TURNS: {
Niels Möllerdb4def92019-03-18 16:53:59 +0100234 if (server.username.empty() || server.password.empty()) {
deadbeef1dcb1642017-03-29 21:08:16 -0700235 // The WebRTC spec requires throwing an InvalidAccessError when username
236 // or credential are ommitted; this is the native equivalent.
Niels Möllerdb4def92019-03-18 16:53:59 +0100237 RTC_LOG(LS_ERROR) << "TURN server with empty username or password";
deadbeef1dcb1642017-03-29 21:08:16 -0700238 return RTCErrorType::INVALID_PARAMETER;
239 }
Emad Omaradab1d2d2017-06-16 15:43:11 -0700240 // If the hostname field is not empty, then the server address must be
241 // the resolved IP for that host, the hostname is needed later for TLS
242 // handshake (SNI and Certificate verification).
243 const std::string& hostname =
244 server.hostname.empty() ? address : server.hostname;
245 rtc::SocketAddress socket_address(hostname, port);
246 if (!server.hostname.empty()) {
247 rtc::IPAddress ip;
248 if (!IPFromString(address, &ip)) {
249 // When hostname is set, the server address must be a
250 // resolved ip address.
Mirko Bonadei675513b2017-11-09 11:09:25 +0100251 RTC_LOG(LS_ERROR)
252 << "IceServer has hostname field set, but URI does not "
253 "contain an IP address.";
Emad Omaradab1d2d2017-06-16 15:43:11 -0700254 return RTCErrorType::INVALID_PARAMETER;
255 }
256 socket_address.SetResolvedIP(ip);
257 }
Niels Möllerdb4def92019-03-18 16:53:59 +0100258 cricket::RelayServerConfig config =
259 cricket::RelayServerConfig(socket_address, server.username,
260 server.password, turn_transport_type);
deadbeef1dcb1642017-03-29 21:08:16 -0700261 if (server.tls_cert_policy ==
262 PeerConnectionInterface::kTlsCertPolicyInsecureNoCheck) {
Sergey Silkin9c147dd2018-09-12 10:45:38 +0000263 config.tls_cert_policy =
264 cricket::TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK;
deadbeef1dcb1642017-03-29 21:08:16 -0700265 }
Sergey Silkin9c147dd2018-09-12 10:45:38 +0000266 config.tls_alpn_protocols = server.tls_alpn_protocols;
267 config.tls_elliptic_curves = server.tls_elliptic_curves;
Diogo Real1dca9d52017-08-29 12:18:32 -0700268
deadbeef1dcb1642017-03-29 21:08:16 -0700269 turn_servers->push_back(config);
270 break;
271 }
272 default:
273 // We shouldn't get to this point with an invalid service_type, we should
274 // have returned an error already.
275 RTC_NOTREACHED() << "Unexpected service type";
276 return RTCErrorType::INTERNAL_ERROR;
277 }
278 return RTCErrorType::NONE;
279}
280
281RTCErrorType ParseIceServers(
282 const PeerConnectionInterface::IceServers& servers,
283 cricket::ServerAddresses* stun_servers,
284 std::vector<cricket::RelayServerConfig>* turn_servers) {
285 for (const PeerConnectionInterface::IceServer& server : servers) {
286 if (!server.urls.empty()) {
287 for (const std::string& url : server.urls) {
288 if (url.empty()) {
Mirko Bonadei675513b2017-11-09 11:09:25 +0100289 RTC_LOG(LS_ERROR) << "Empty uri.";
deadbeef1dcb1642017-03-29 21:08:16 -0700290 return RTCErrorType::SYNTAX_ERROR;
291 }
292 RTCErrorType err =
293 ParseIceServerUrl(server, url, stun_servers, turn_servers);
294 if (err != RTCErrorType::NONE) {
295 return err;
296 }
297 }
298 } else if (!server.uri.empty()) {
299 // Fallback to old .uri if new .urls isn't present.
300 RTCErrorType err =
301 ParseIceServerUrl(server, server.uri, stun_servers, turn_servers);
302 if (err != RTCErrorType::NONE) {
303 return err;
304 }
305 } else {
Mirko Bonadei675513b2017-11-09 11:09:25 +0100306 RTC_LOG(LS_ERROR) << "Empty uri.";
deadbeef1dcb1642017-03-29 21:08:16 -0700307 return RTCErrorType::SYNTAX_ERROR;
308 }
309 }
310 // Candidates must have unique priorities, so that connectivity checks
311 // are performed in a well-defined order.
312 int priority = static_cast<int>(turn_servers->size() - 1);
313 for (cricket::RelayServerConfig& turn_server : *turn_servers) {
314 // First in the list gets highest priority.
315 turn_server.priority = priority--;
316 }
317 return RTCErrorType::NONE;
318}
319
320} // namespace webrtc