o dic @sUddlZddlZddlZddlZddlZddlZddlZddlmZm Z ddl m Z m Z m Z mZmZddlZddlmZddlmZddlmZddlmZddlmZdd lmZdd lmZmZd d lm Z m!Z!d d l"m#Z#d dl$m%Z%m&Z&d dl!m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/d dl0m1Z1m2Z2edddZ3edZ4edZ5e6e7Z8e9e:e;dZddddZ?e=ej@dd ddZAe=ejBd!d d"dZCgZDeEe=eFd#<e?eAeCfD]ZGzeeGjHd$Wn ejIyYqweDJeGqd%ejKd&eLd'eLfd(d)ZMd*ejNd'ejKfd+d,ZOGd-d.d.ejPZQeGd/d0d0ZRGd1ddZSeGd2d3d3ZTGd4d5d5e ZUGd6d7d7e ZVGd8d9d9e ZWGd:d;d;ZXGdN) dataclassfield)OptionalProtocolTypeTypeVarUnion)x509)default_backend)hashes)ec)SSL)AsyncIOEventEmitter)PolicySession)clockrtp)RTCIceTransport)RTCRtpReceiveParametersRTCRtpSendParameters) AnyRtcpPacket RtcpByePacket RtcpPacketRtcpPsfbPacket RtcpRrPacketRtcpRtpfbPacket RtcpSrPacket RtpPacketis_rtcp)RTCStatsReportRTCTransportStats CERTIFICATE_TRTCCertificate)boundKV)zsha-256zsha-384zsha-512T)frozenc@sDeZdZUeed<eed<eed<eed<dededefdd Zd S) SRTPProtectionProfilelibsrtp_profileopenssl_profile key_length salt_lengthsrcidxreturncCsB||j}d|j||j}||||j||||jS)N)r+r,)selfr-r. key_start salt_startr4K/home/ubuntu/.local/lib/python3.10/site-packages/aiortc/rtcdtlstransport.pyget_key_and_salt:s z&SRTPProtectionProfile.get_key_and_saltN)__name__ __module__ __qualname__int__annotations__bytesr6r4r4r4r5r(3s r(sSRTP_AEAD_AES_256_GCM )r)r*r+r,sSRTP_AEAD_AES_128_GCMsSRTP_AES128_CM_SHA1_80 SRTP_PROFILES) srtp_profile certificate algorithmr/cs:|t|dfddtdtdDS)N:c3s |] }||dVqdS)r0Nr4.0x hexstringr4r5 gsz%certificate_digest..rr0) fingerprintX509_DIGEST_ALGORITHMShexupperjoinrangelen)rCrDr4rIr5certificate_digestes$rSkeyc Cstttjjttd dg}t j j t j j d}t|||t|t jdd|t jdd}||ttS)Nr?ascii)tzr)days)r Name NameAttributeNameOID COMMON_NAMEbinasciihexlifyosurandomdecodedatetimenowtimezoneutcCertificateBuilder subject_name issuer_name public_key serial_numberrandom_serial_numbernot_valid_before timedeltanot_valid_aftersignr SHA256r )rTnamercbuilderr4r4r5generate_certificatejs"   rsc@s eZdZdZdZdZdZdZdS)Staterrr0N)r7r8r9NEW CONNECTING CONNECTEDCLOSEDFAILEDr4r4r4r5rts rtc@s$eZdZUdZeed< eed<dS)RTCDtlsFingerprintzz The :class:`RTCDtlsFingerprint` dictionary includes the hash function algorithm and certificate fingerprint. rDvalueN)r7r8r9__doc__strr;r4r4r4r5r|s r|c@seZdZdZdejdejddfddZe de j fdd Z de e fd d Zed eedefd dZde edejfddZdS)r#z The :class:`RTCCertificate` interface enables the certificates used by an :class:`RTCDtlsTransport`. To generate a certificate and the corresponding private key use :func:`generateCertificate`. rTcertr/NcCs||_||_dSN)_key_cert)r1rTrr4r4r5__init__s zRTCCertificate.__init__cCs|jjS)z[ The date and time after which the certificate will be considered invalid. )rnot_valid_after_utcr1r4r4r5expiresszRTCCertificate.expirescsfddtDS)z Returns the list of certificate fingerprints, one of which is computed with the digest algorithm used in the certificate signature. cs g|] }t|tj|dqS))rDr})r|rSr)rGrDrr4r5 s z2RTCCertificate.getFingerprints..)rMkeysrr4rr5getFingerprintss zRTCCertificate.getFingerprintsclscCs&ttt}t|}|||dS)zw Create and return an X.509 certificate and corresponding private key. :rtype: RTCCertificate )rTr)r generate_private_key SECP256R1r rs)rrTrr4r4r5generateCertificates z"RTCCertificate.generateCertificate srtp_profilescCsdttj}|tjtjBdd||j||j | d| d dd|D|S)NcWsdS)NTr4)argsr4r4r5z4RTCCertificate._create_ssl_context..siECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:css|]}|jVqdSr)r*rFr4r4r5rKsz5RTCCertificate._create_ssl_context..) r Context DTLS_METHOD set_verify VERIFY_PEERVERIFY_FAIL_IF_NO_PEER_CERTuse_certificateruse_privatekeyrset_cipher_listset_tlsext_use_srtprP)r1rctxr4r4r5_create_ssl_contexts   z"RTCCertificate._create_ssl_context)r7r8r9r~r EllipticCurvePrivateKeyr Certificaterpropertyrbrlistr|r classmethodrr"rr(r rrr4r4r4r5r#s  c@s6eZdZUdZeedZeeed< dZ e ed<dS)RTCDtlsParameterszl The :class:`RTCDtlsParameters` dictionary includes information relating to DTLS configuration. )default_factory fingerprintsautoroleN) r7r8r9r~rrrr|r;rrr4r4r4r5rs  rc@seZdZdeddfddZdS) DataReceiverdatar/NcdSrr4r1rr4r4r5 _handle_datazDataReceiver._handle_data)r7r8r9r<rr4r4r4r5rsrc@s>eZdZd ddZdeddfddZdededdfd d ZdS) RtpReceiverr/NcCsdSrr4rr4r4r5_handle_disconnectrzRtpReceiver._handle_disconnectpacketcrrr4r1rr4r4r5_handle_rtcp_packetrzRtpReceiver._handle_rtcp_packetarrival_time_mscrrr4)r1rrr4r4r5_handle_rtp_packetszRtpReceiver._handle_rtp_packetr/N) r7r8r9rrrrr:rr4r4r4r5rs rc@s(eZdZUeed<deddfddZdS) RtpSender_ssrcrr/Ncrrr4rr4r4r5rrzRtpSender._handle_rtcp_packet)r7r8r9r:r;rrr4r4r4r5rs rc @seZdZdZdddZ ddedeedeed ee ddf d d Z d e d eddfddZ de deeee ffddZdedeefddZdeddfddZd e ddfddZdeeefdeddfddZdS) RtpRouterz Router to associate RTP/RTCP packets with streams. https://tools.ietf.org/html/draft-ietf-mmusic-sdp-bundle-negotiation-53 r/NcCs$t|_i|_i|_i|_i|_dSr)set receiverssenders mid_table ssrc_tablepayload_type_tablerr4r4r5rs  zRtpRouter.__init__receiverssrcs payload_typesmidcCsf|j||dur||j|<|D]}||j|<q|D]}||jvr(t|j|<|j||qdSr)raddrrrr)r1rrrrssrc payload_typer4r4r5register_receivers     zRtpRouter.register_receiversenderrcCs||j|<dSr)r)r1rrr4r4r5register_senderszRtpRouter.register_senderrcstdttttfddffdd }t|tr#||j|j nt|t r6|j D] }||j|q+t|t tfrN|j D] }||j|j q@St|ttfr||j|jt|tr|jtjkrzt|jdD] }||j|qrWStyYSwS)N recipientr/cs|dur |dSdSr)r)r recipientsr4r5 add_recipientsz+RtpRouter.route_rtcp..add_recipientr)rrrrr isinstancerrgetrrsourcesrreportsrrr media_ssrcfmtr RTCP_PSFB_APPunpack_remb_fcifci ValueError)r1rrsourcereportrr4rr5 route_rtcps0"      zRtpRouter.route_rtcpcCsh|j|j}|j|jt}|dur||vr|S|dur2t|dkr2t|d}||j|j<|SdS)Nrr)rrrrrrrRr)r1r ssrc_receiver pt_receivers pt_receiverr4r4r5 route_rtp4s  zRtpRouter.route_rtpcCsJ|j|||j|||j||jD] \}}||qdSr)rdiscard_RtpRouter__discardrrritems)r1rptrr4r4r5unregister_receiverEs  zRtpRouter.unregister_receivercCs||j|dSr)rrr1rr4r4r5unregister_senderLszRtpRouter.unregister_senderdr}cCs,t|D] \}}||kr||qdSr)rrpop)r1rr}kvr4r4r5 __discardOs  zRtpRouter.__discardrr)r7r8r9r~rrrr:rrrrrrrrrrrrrdictr%r&rr4r4r4r5rs*   "rcseZdZdZdedeeddffdd Zede fdd Z edefd d Z de fd d Z dFddZde ddfddZdFddZde ddfddZdFddZdFddZdefddZdeddfddZded eddfd!d"ZdFd#d$Zd%eddfd&d'Zd%ed(eddfd)d*Zd+e d(e!ddfd,d-Z"deddfd.d/Z#deddfd0d1Z$d2e ddfd3d4Z%d5e&ddfd6d7Z'd%eddfd8d9Z(d%eddfd:d;Z)d+e ddfdd?Z+d@e dAe,ddfdBdCZ-d@e dAe,ddfdDdEZ.Z/S)GRTCDtlsTransporta The :class:`RTCDtlsTransport` object includes information relating to Datagram Transport Layer Security (DTLS) transport. :param transport: An :class:`RTCIceTransport`. :param certificates: A list of :class:`RTCCertificate` (only one is allowed currently). transport certificatesr/Ncst|dksJ|d}td|_d|_d|_t|_t |_ t j |_ dtt||_d|_||_d|_d|_d|_d|_d|_d|_t|_d|_||_dS)NrrFr transport_)rRsuperr encrypted_data_receiver_rolerHeaderExtensionsMap_rtp_header_extensions_mapr _rtp_routerrtrw_staterid _stats_id_task _transport_RTCDtlsTransport__rx_bytes_RTCDtlsTransport__rx_packets_RTCDtlsTransport__tx_bytes_RTCDtlsTransport__tx_packets_rx_srtp_tx_srtprA_srtp_profiles_ssl$_RTCDtlsTransport__local_certificate)r1rrrC __class__r4r5r_s*   zRTCDtlsTransport.__init__cCst|jddS)z The current state of the DTLS transport. One of `'new'`, `'connecting'`, `'connected'`, `'closed'` or `'failed'`. N)rrlowerrr4r4r5stateszRTCDtlsTransport.statecCs|jS)zC The associated :class:`RTCIceTransport` instance. )rrr4r4r5rszRTCDtlsTransport.transportcCst|jdS)zm Get the local parameters of the DTLS transport. :rtype: :class:`RTCDtlsParameters` )r)rrrrr4r4r5getLocalParameterssz#RTCDtlsTransport.getLocalParametersc szO|jsNz|jWn8tjy$|IdH|IdHYn$tjyD}z|d|| t j WYd}~WdSd}~wwd|_|jrWdSWdSt ye|d| t j YdSw)z9 Attempt to complete the DTLS handshake. Nz"x DTLS handshake failed (error %s)Tz*x DTLS handshake failed (connection error)) rr do_handshaker WantReadError _write_ssl _recv_nextError_RTCDtlsTransport__log_debug _set_statertr{ConnectionError)r1excr4r4r5 _do_handshakes*    zRTCDtlsTransport._do_handshakeremoteParameterscCs|jjdd}d}d}|jD]}|j}|tvr+|d7}|jt||kr+|d7}q|r2||kr?| d| t j dSdS)z Check remote fingerprints. There must be at least one fingerprint with a supported algorithm, and all supported fingerprints must match. T)as_cryptographyrrz.x DTLS handshake failed (fingerprint mismatch)N) rget_peer_certificaterrDrrMr}rOrSrrrtr{)r1rrCfingerprint_supportedfingerprint_validfrDr4r4r5_validate_peer_identitys     z(RTCDtlsTransport._validate_peer_identitycCs|j}|jD]}|j|kr|d|jnq|d|tjdS|j dd|j |j }|j dkrG| |d}| |d}n | |d}| |d}t|tj|jd }d |_d |_t||_t|tj|jd }d |_d |_t||_dS) zO Extract the SRTP keying material and setup the SRTP sessions. zx DTLS handshake negotiated %sz4x DTLS handshake failed (no SRTP profile negotiated)NsEXTRACTOR-dtls_srtpr0serverrr)rT ssrc_typerBTi)rget_selected_srtp_profilerr*rrarrtr{export_keying_materialr+r,rr6rSSRC_ANY_INBOUNDr)allow_repeat_tx window_sizerrSSRC_ANY_OUTBOUNDr)r1r*rBview srtp_tx_key srtp_rx_key rx_policy tx_policyr4r4r5 _setup_srtpsJ          zRTCDtlsTransport._setup_srtpcs |jtjks Jt|jsJ|jdkr&|jjdkr!|dn|dt |j j |j d|_|jdkr=|jn|j|tj|IdH|jtjkrWdS|||jtjkrddS||jtjkrpdS|d|tjt||_dS)z Start DTLS transport negotiation with the parameters of the remote DTLS transport. :param remoteParameters: An :class:`RTCDtlsParameters`. r controllingrclient)rNz- DTLS handshake complete)rrtrwrRrrrr _set_roler Connectionrrrrset_accept_stateset_connect_staterrxrr{rr)rryasyncio ensure_future_RTCDtlsTransport__runr)r1rr4r4r5starts8              zRTCDtlsTransport.startcs|jdur|jd|_|jrF|jtjtjfvrHz|jWn tj y+Ynwz | IdHWn t y>Ynw| ddSdSdS)z4 Stop and close the DTLS transport. Nz- DTLS shutdown complete) rcancelrrrtrxryshutdownr rr rrrr4r4r5stop$s"   zRTCDtlsTransport.stopc szAz |IdHqty|jjD]}|qYnty9}zt|tjs3| t |d}~wwW| t jdS| t jwr)rrrrr Exceptionrr0CancelledError_RTCDtlsTransport__log_warning traceback format_excrrtrz)r1rrr4r4r5__run7s"    zRTCDtlsTransport.__runc Cs>t}|ttd|j|j|j|j|j |j j |j d |S)Nr) timestamptyper packetsSentpacketsReceived bytesSent bytesReceivediceRole dtlsState) r rr!rcurrent_datetimerrrrrrrr )r1rr4r4r5 _get_statsEszRTCDtlsTransport._get_statsrc stzt|}Wnty!}z |d|WYd}~dSd}~ww|D]}|j|D] }||IdHq,q$dS)Nzx RTCP parsing failed: %s)rparserrrrr)r1rpacketsrrrr4r4r5_handle_rtcp_dataXs z"RTCDtlsTransport._handle_rtcp_datarc sxz t||j}Wnty#}z |d|WYd}~dSd}~ww|j|}|dur:|j||dIdHdSdS)Nzx RTP parsing failed: %sr)rrGrrrrrr)r1rrrrrr4r4r5_handle_rtp_datads  z!RTCDtlsTransport._handle_rtp_datac s d}|js |j}|dur;ztj|j|dIdH}Wn$tjy:|d|j | IdHYdSw|jIdH}|j t |7_ |j d7_ |d}|dkr|dkr|j|z|jd}Wntjyyd}Yn tjyd}Ynw| IdH|dur|d t|r|jr|j|IdHdSdSdS|d kr|d kr|jrt}z(t|r|j|}||IdHWdS|j|}|j||d IdHWdStjy}z |d |WYd}~dSd}~wwdSdSdS)N)timeoutzx DTLS handling timeoutrr@z- DTLS shutdown by remote partyrJzx SRTP unprotect failed: %s)rrDTLSv1_get_timeoutr0wait_forr_recv TimeoutErrorrDTLSv1_handle_timeoutr rrRr bio_writerecvr ZeroReturnErrorrrrrrr current_msrunprotect_rtcprI unprotectrK pylibsrtp)r1rLr first_byterrr4r4r5rps\         zRTCDtlsTransport._recv_nextrcCs|jdusJ||_dSrrr1rr4r4r5_register_data_receivers z(RTCDtlsTransport._register_data_receiver parameterscCsTt}|jD]}||jq|j||jj|t|dd|j D|j ddS)NcSsg|]}|jqSr4) payloadType)rGcodecr4r4r5rsz;RTCDtlsTransport._register_rtp_receiver..)rrr) r encodingsrrr configurerrrcodecsmuxId)r1rrcrencodingr4r4r5_register_rtp_receivers   z'RTCDtlsTransport._register_rtp_receiverrcCs"|j||jj||jddS)N)r)rrgrrr)r1rrcr4r4r5_register_rtp_senders z%RTCDtlsTransport._register_rtp_sendercs4|jtjkr td|j||IdHdS)Nz)Cannot send encrypted data, not connected)rrtryrrsendr rr4r4r5 _send_datas   zRTCDtlsTransport._send_datacsn|jtjkr tdt|r|j|}n|j|}|j |IdH|j t |7_ |j d7_ dS)Nz(Cannot send encrypted RTP, not connectedr) rrtryrrr protect_rtcpprotectr_sendrrRrrr4r4r5 _send_rtps  zRTCDtlsTransport._send_rtprcCs ||_dSr)r)r1rr4r4r5r,s zRTCDtlsTransport._set_roler cCs2||jkr|d|j|||_|ddSdS)Nz - %s -> %s statechange)rremit)r1r r4r4r5rs zRTCDtlsTransport._set_statecCs|j|kr d|_dSdSrr`rar4r4r5_unregister_data_receivers  z*RTCDtlsTransport._unregister_data_receivercC|j|dSr)rrrar4r4r5_unregister_rtp_receiverz)RTCDtlsTransport._unregister_rtp_receivercCrvr)rrrr4r4r5_unregister_rtp_senderrxz'RTCDtlsTransport._unregister_rtp_sendercsjz|jd}Wn tjyd}Ynw|r3|j|IdH|jt|7_|jd7_dSdS)zT Flush outgoing data which OpenSSL put in our BIO to the transport. rOrPNr) rbio_readr rrrqrrRrrr4r4r5r szRTCDtlsTransport._write_sslmsgrcG tjd||jg|RdSNzRTCDtlsTransport(%s) )loggerdebugrr1r{rr4r4r5 __log_debug zRTCDtlsTransport.__log_debugcGr|r})r~warningrrr4r4r5 __log_warningrzRTCDtlsTransport.__log_warningr)0r7r8r9r~rrr#rrrr rrr rrr)r3r6r2r rFr<rIr:rKrrrbrrrkrrrlrnrrr,rtrrurwryr objectrr9 __classcell__r4r4rr5rUsb    - 4  2     r)Zr0r]rbenumloggingr_r: dataclassesrrtypingrrrrrr^ cryptographyr cryptography.hazmat.backendsr cryptography.hazmat.primitivesr )cryptography.hazmat.primitives.asymmetricr OpenSSLr pyee.asynciorrrrrrtcicetransportrrtcrtpparametersrrrrrrrrrrrstatsr r!r"r%r& getLoggerr7r~rpSHA384SHA512rMr(SRTP_PROFILE_AEAD_AES_256_GCMSRTP_AEAD_AES_256_GCMSRTP_PROFILE_AEAD_AES_128_GCMSRTP_AEAD_AES_128_GCMSRTP_PROFILE_AES128_CM_SHA1_80SRTP_AES128_CM_SHA1_80rArr;rBr)rappendrrrSrrsEnumrtr|r#rrrrrrr4r4r4r5s        ,    = b