All Downloads are FREE. Search and download functionalities are using the official Maven repository.

test.unit.gov.nist.javax.sip.stack.tls.Shootist Maven / Gradle / Ivy

package test.unit.gov.nist.javax.sip.stack.tls;
import gov.nist.javax.sip.ClientTransactionExt;
import gov.nist.javax.sip.TlsSecurityPolicy;
import gov.nist.javax.sip.header.HeaderExt;
import gov.nist.javax.sip.stack.NioMessageProcessorFactory;
import gov.nist.javax.sip.stack.SIPTransactionStack;

import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;

import javax.net.ssl.SSLPeerUnverifiedException;
import javax.sip.ClientTransaction;
import javax.sip.Dialog;
import javax.sip.DialogTerminatedEvent;
import javax.sip.IOExceptionEvent;
import javax.sip.ListeningPoint;
import javax.sip.PeerUnavailableException;
import javax.sip.RequestEvent;
import javax.sip.ResponseEvent;
import javax.sip.ServerTransaction;
import javax.sip.SipFactory;
import javax.sip.SipListener;
import javax.sip.SipProvider;
import javax.sip.SipStack;
import javax.sip.Transaction;
import javax.sip.TransactionTerminatedEvent;
import javax.sip.address.Address;
import javax.sip.address.AddressFactory;
import javax.sip.address.SipURI;
import javax.sip.header.CSeqHeader;
import javax.sip.header.CallIdHeader;
import javax.sip.header.ContactHeader;
import javax.sip.header.ContentTypeHeader;
import javax.sip.header.FromHeader;
import javax.sip.header.Header;
import javax.sip.header.HeaderFactory;
import javax.sip.header.MaxForwardsHeader;
import javax.sip.header.RouteHeader;
import javax.sip.header.ToHeader;
import javax.sip.header.ViaHeader;
import javax.sip.message.MessageFactory;
import javax.sip.message.Request;
import javax.sip.message.Response;



/**
 * This class is a UAC template. Shootist is the guy that shoots and shootme
 * is the guy that gets shot.
 *
 *@author Daniel Martinez
 *@author Ivelin Ivanov
 */

public class Shootist implements SipListener, TlsSecurityPolicy {

    private static SipProvider tlsProvider;
    private static AddressFactory addressFactory;
    private static MessageFactory messageFactory;
    private static HeaderFactory headerFactory;
    private static SipStack sipStack;
    private int reInviteCount;
    private ContactHeader contactHeader;
    private ListeningPoint tlsListeningPoint;
    private int counter;
    private String domain;

    protected ClientTransaction inviteTid;
	private boolean byeSeen;
	private boolean enforceTlsPolicyCalled;

    protected static final String usageString =
        "java "
            + "examples.shootistTLS.Shootist \n"
            + ">>>> is your class path set to the root?";

  


    public void processRequest(RequestEvent requestReceivedEvent) {
        Request request = requestReceivedEvent.getRequest();
        ServerTransaction serverTransactionId =
            requestReceivedEvent.getServerTransaction();

        System.out.println(
            "\n\nRequest "
                + request.getMethod()
                + " received at "
                + sipStack.getStackName()
                + " with server transaction id "
                + serverTransactionId);

        // We are the UAC so the only request we get is the BYE.
        if (request.getMethod().equals(Request.BYE))
            processBye(request, serverTransactionId);

    }

    public void processBye(
        Request request,
        ServerTransaction serverTransactionId) {
        try {
            System.out.println("shootist:  got a bye .");
            if (serverTransactionId == null) {
                System.out.println("shootist:  null TID.");
                return;
            }
            Dialog dialog = serverTransactionId.getDialog();
            System.out.println("Dialog State = " + dialog.getState());
            Response response = messageFactory.createResponse
                        (200, request);
            serverTransactionId.sendResponse(response);
            System.out.println("shootist:  Sending OK.");
            System.out.println("Dialog State = " + dialog.getState());

            this.byeSeen = true;

        } catch (Exception ex) {
            ex.printStackTrace();
            TlsTest.fail("unepxected exception");

        }
    }

    public void processResponse(ResponseEvent responseReceivedEvent) {
        System.out.println("Got a response");
        Response response = (Response) responseReceivedEvent.getResponse();
        Transaction tid = responseReceivedEvent.getClientTransaction();
        CSeqHeader cseq = (CSeqHeader) response.getHeader(CSeqHeader.NAME);

        System.out.println(
            "Response received with client transaction id "
                + tid
                + ":\n"
                + response.getStatusCode());
        if (tid == null) {
            System.out.println("Stray response -- dropping ");
            return;
        }
        System.out.println("transaction state is " + tid.getState());
        System.out.println("Dialog = " + tid.getDialog());
        System.out.println("Dialog State is " + tid.getDialog().getState());

        try {
            if (response.getStatusCode() == Response.OK
                && ((CSeqHeader) response.getHeader(CSeqHeader.NAME))
                    .getMethod()
                    .equals(
                    Request.INVITE)) {
                Dialog dialog = tid.getDialog();
                Request ackRequest = dialog.createAck( cseq.getSeqNumber() );
                System.out.println("Sending ACK");
                dialog.sendAck(ackRequest);

                // Send a Re INVITE
                if (reInviteCount == 0) {
                    Request inviteRequest = dialog.createRequest(Request.INVITE);
                    //((SipURI)inviteRequest.getRequestURI()).removeParameter("transport");
                    //((ViaHeader)inviteRequest.getHeader(ViaHeader.NAME)).setTransport("tls");
                    // inviteRequest.addHeader(contactHeader);

                    try {Thread.sleep(100); } catch (Exception ex) {}
                    ClientTransaction ct =
                    tlsProvider.getNewClientTransaction(inviteRequest);
                    dialog.sendRequest(ct);
                    reInviteCount ++;
                }

            }
        } catch (Exception ex) {
            ex.printStackTrace();
            TlsTest.fail("unexpected exception");
        }

    }

    public void processTimeout(javax.sip.TimeoutEvent timeoutEvent) {
        System.out.println("Transaction Time out" );
    }

    
    public void init(String domain) {
        init(domain, null);
    }
    
    public void init(String domain, Properties props) {
    	this.domain = domain;
        SipFactory sipFactory = null;
        sipStack = null;
        sipFactory = SipFactory.getInstance();
        sipFactory.setPathName("gov.nist");
       
        String transport = "tls";
        int port = 5061;
        String peerHostPort = "127.0.0.1:5071";
        Properties properties = new Properties(); 
        if(props == null) {                   
            properties.setProperty(
                "javax.sip.OUTBOUND_PROXY",
                peerHostPort + "/" + transport);
            // If you want to use UDP then uncomment this.
            //properties.setProperty(
            //  "javax.sip.ROUTER_PATH",
            //  "examples.shootistTLS.MyRouter");
            properties.setProperty("javax.sip.STACK_NAME", "shootist");
       
            // The following properties are specific to nist-sip
            // and are not necessarily part of any other jain-sip
            // implementation.
            // You can set a max message size for tcp transport to
            // guard against denial of service attack.
            properties.setProperty("gov.nist.javax.sip.MAX_MESSAGE_SIZE",
                        "1048576");
            properties.setProperty(
                "gov.nist.javax.sip.DEBUG_LOG",
                "logs/shootistdebug.txt");
            properties.setProperty(
                "gov.nist.javax.sip.SERVER_LOG",
                "logs/shootistlog.txt");
            properties.setProperty(
                    "gov.nist.javax.sip.SSL_HANDSHAKE_TIMEOUT", "10000");
            properties.setProperty("gov.nist.javax.sip.TCP_POST_PARSING_THREAD_POOL_SIZE", "20");
            properties.setProperty("gov.nist.javax.sip.TLS_SECURITY_POLICY",
                    this.getClass().getName());
    
            // Drop the client connection after we are done with the transaction.
            properties.setProperty("gov.nist.javax.sip.CACHE_CLIENT_CONNECTIONS", "false");
            // Set to 0 in your production code for max speed.
            // You need  16 for logging traces. 32 for debug + traces.
            // Your code will limp at 32 but it is best for debugging.
            properties.setProperty("gov.nist.javax.sip.TRACE_LEVEL", "LOG4J");
            if(System.getProperty("enableNIO") != null && System.getProperty("enableNIO").equalsIgnoreCase("true")) {
            	properties.setProperty("gov.nist.javax.sip.MESSAGE_PROCESSOR_FACTORY", NioMessageProcessorFactory.class.getName());
            }
        } else {
            properties = props;
        }
        try {
            // Create SipStack object
            sipStack = sipFactory.createSipStack(properties);
            System.out.println("createSipStack " + sipStack);
        } catch (PeerUnavailableException e) {
            // could not find
            // gov.nist.jain.protocol.ip.sip.SipStackImpl
            // in the classpath
            e.printStackTrace();
            System.err.println(e.getMessage());
            TlsTest.fail("unexpected Exception");
        }

        try {
            headerFactory = sipFactory.createHeaderFactory();
            addressFactory = sipFactory.createAddressFactory();
            messageFactory = sipFactory.createMessageFactory();
            Shootist listener = this;

            tlsListeningPoint = sipStack.createListeningPoint
                                ("127.0.0.1", port, transport);
            tlsProvider = sipStack.createSipProvider(tlsListeningPoint);
            tlsProvider.addSipListener(listener);

            SipProvider sipProvider = tlsProvider;

            String fromName = "BigGuy";
            String fromSipAddress = "here.com";
            String fromDisplayName = "The Master Blaster";

            String toSipAddress = "there.com";
            String toUser = "LittleGuy";
            String toDisplayName = "The Little Blister";

            // create >From Header
            SipURI fromAddress =
                addressFactory.createSipURI(fromName, fromSipAddress);
            //fromAddress.setSecure(true);

            Address fromNameAddress = addressFactory.createAddress(fromAddress);
            fromNameAddress.setDisplayName(fromDisplayName);
            FromHeader fromHeader =
                headerFactory.createFromHeader(fromNameAddress, "12345");

            // create To Header
            SipURI toAddress =
                addressFactory.createSipURI(toUser, toSipAddress);
            //toAddress.setSecure(true);
            Address toNameAddress = addressFactory.createAddress(toAddress);
            toNameAddress.setDisplayName(toDisplayName);
            ToHeader toHeader =
                headerFactory.createToHeader(toNameAddress, null);

            // create Request URI
            SipURI requestURI =
                addressFactory.createSipURI(toUser, peerHostPort);
            //requestURI.setSecure( true );

            // Create ViaHeaders

           ArrayList viaHeaders = new ArrayList();
           ViaHeader viaHeader =
                headerFactory.createViaHeader(
                    "127.0.0.1",
                    port,
                    transport,
                    null);


            // add via headers
            viaHeaders.add(viaHeader);

            // Create ContentTypeHeader
            ContentTypeHeader contentTypeHeader =
                headerFactory.createContentTypeHeader("application", "sdp");

            // Create a new CallId header
            CallIdHeader callIdHeader = sipProvider.getNewCallId();

            // Create a new Cseq header
            CSeqHeader cSeqHeader =
                headerFactory.createCSeqHeader(1L, Request.INVITE);

            // Create a new MaxForwardsHeader
            MaxForwardsHeader maxForwards =
                headerFactory.createMaxForwardsHeader(70);

            // Create the request.
            Request request =
                messageFactory.createRequest(
                    requestURI,
                    Request.INVITE,
                    callIdHeader,
                    cSeqHeader,
                    fromHeader,
                    toHeader,
                    viaHeaders,
                    maxForwards);
            // Create contact headers
            String host = "127.0.0.1";

            //SipURI contactUrl = addressFactory.createSipURI(fromName, host);
            //contactUrl.setPort(tlsListeningPoint.getPort());

            // Create the contact name address.
            SipURI contactURI = addressFactory.createSipURI(fromName, host);
            //contactURI.setSecure( true );
            contactURI.setPort(port);
            contactURI.setTransportParam(transport);

            Address contactAddress = addressFactory.createAddress(contactURI);

            // Add the contact address.
            contactAddress.setDisplayName(fromName);

            contactHeader =
                headerFactory.createContactHeader(contactAddress);
            request.addHeader(contactHeader);

            // Add the extension header.
            Header extensionHeader =
                headerFactory.createHeader("Certificate-Check", domain);
            request.addHeader(extensionHeader);

            String sdpData =
                "v=0\r\n"
                    + "o=4855 13760799956958020 13760799956958020"
                    + " IN IP4  129.6.55.78\r\n"
                    + "s=mysession session\r\n"
                    + "p=+46 8 52018010\r\n"
                    + "c=IN IP4  129.6.55.78\r\n"
                    + "t=0 0\r\n"
                    + "m=audio 6022 RTP/AVP 0 4 18\r\n"
                    + "a=rtpmap:0 PCMU/8000\r\n"
                    + "a=rtpmap:4 G723/8000\r\n"
                    + "a=rtpmap:18 G729A/8000\r\n"
                    + "a=ptime:20\r\n";
            
            // Make large body to force TLS fragmentation
            for(int q=0;q<7;q++) {
            	sdpData += sdpData;
            }
            
            byte[]  contents = sdpData.getBytes();
            //byte[]  contents = sdpBuff.toString().getBytes();

            request.setContent(contents, contentTypeHeader);

            Header callInfoHeader =
                headerFactory.createHeader(
                    "Call-Info",
                    "");
            request.addHeader(callInfoHeader);
            
            SipURI routeUri = (SipURI) requestURI.clone();
            routeUri.setLrParam();
            routeUri.setTransportParam(transport);
            Address peerAddress = addressFactory.createAddress(routeUri);
           
            
            RouteHeader routeHeader = headerFactory.createRouteHeader(peerAddress);
            request.setHeader(routeHeader);


            // Create the client transaction.
            listener.inviteTid = sipProvider.getNewClientTransaction(request);

            Thread.sleep(100);
            // send the request out.
            listener.inviteTid.sendRequest();
            
            System.out.println("isSecure = " + ((ClientTransactionExt)listener.inviteTid).isSecure());
            if(!((SIPTransactionStack)sipStack).getMessageProcessorFactory().getClass().getName().equals(NioMessageProcessorFactory.class.getName())) {
                if ( ((ClientTransactionExt)listener.inviteTid).isSecure() ) {
                    System.out.println("cipherSuite = " + ((ClientTransactionExt)listener.inviteTid).getCipherSuite());
                    if(((ClientTransactionExt)listener.inviteTid).getLocalCertificates() != null) {
    	                for ( Certificate cert : ((ClientTransactionExt)listener.inviteTid).getLocalCertificates()) {
    	                    System.out.println("localCert =" + cert);
    	                }
                    }
                    if(((ClientTransactionExt)listener.inviteTid).getPeerCertificates() != null) {
    	                for ( Certificate cert : ((ClientTransactionExt)listener.inviteTid).getPeerCertificates()) {
    	                    System.out.println("remoteCerts = " + cert);
    	                }
                    }
                }
            }
        } catch (Exception ex) {
            System.out.println(ex.getMessage());
            ex.printStackTrace();
            TlsTest.fail("unexpected exception ");
        }
    }

  

    public void processIOException(IOExceptionEvent exceptionEvent) {
        System.out.println("IOException occured while retransmitting requests:" + exceptionEvent);
    }

    public void processTransactionTerminated(TransactionTerminatedEvent transactionTerminatedEvent) {
        System.out.println("Transaction Terminated event: " + transactionTerminatedEvent );
    }

    public void processDialogTerminated(DialogTerminatedEvent dialogTerminatedEvent) {
        System.out.println("Dialog Terminated event: " + dialogTerminatedEvent);
    }

    public void enforceTlsPolicy(ClientTransactionExt transaction) throws SecurityException {
        System.out.println("enforceTlsPolicy");
        this.enforceTlsPolicyCalled = true;
        List certIdentities;
		try {
			certIdentities = transaction.extractCertIdentities();
		} catch (SSLPeerUnverifiedException e) {
			throw new SecurityException(e);
		}
        if (certIdentities.isEmpty()) {
            System.out.println("Could not find any identities in the TLS certificate");
        }
        else {
            System.out.println("found identities: " + certIdentities);
        }

        // the destination IP address should match one of the certIdentities
        boolean foundPeerIdentity = false;
        String expectedIpAddress = ((SipURI)transaction.getRequest().getRequestURI()).getHost();
        String certificateDomain = ((HeaderExt)transaction.getRequest().getHeader("Certificate-Check")).getValue();
        for (String identity : certIdentities) {
        	 System.out.println("identity " + identity);
            // identities must be resolved to dotted quads before comparing: this is faked here
//            String peerIpAddress = "10.10.10.0";
//            if (identity.equals("localhost")) {
//                peerIpAddress = "127.0.0.1";
//            } else 
            if (identity.equalsIgnoreCase(certificateDomain)) {
//                peerIpAddress = domain;
                foundPeerIdentity = true;
            }
//            if (expectedIpAddress.equals(peerIpAddress)) {
//                foundPeerIdentity = true;
//            }
        }
        if (!foundPeerIdentity) {
            throw new SecurityException("Certificate identity does not match requested domain " + certificateDomain);
        }
    }
    
    public void checkState() {
    	TlsTest.assertTrue("enforceTlsPolicy should be called ", this.enforceTlsPolicyCalled);
    }
    
	public void stop() {
		this.sipStack.stop();
	}
	
	public static void main(String args[]) throws Exception {
		// setup TLS properties
        System.setProperty( "javax.net.ssl.keyStore",  TlsTest.class.getResource("testkeys").getPath() );
        System.setProperty( "javax.net.ssl.trustStore", TlsTest.class.getResource("testkeys").getPath() );
        System.setProperty( "javax.net.ssl.keyStorePassword", "passphrase" );
        System.setProperty( "javax.net.ssl.keyStoreType", "jks" );
        Shootist shootist = new Shootist();
        shootist.init("localhost");
	}
	
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy