Comments (8)
Not sure I got exactly the kind of function you look for. One that still takes the Identity header value and verifies only the signature, with the key provided as parameter? Or the key has to be takes from the Identity header parameter? Maybe you can give the function prototype (or the list of parameters you want to provide to the function).
On the hand hand, can you look at the jwt module and see if it can already help with what you need?
from kamailio.
I'll give the JWT module a peek. Lack of caching is maybe an issue (but can be 'farmed out' to something else for caching purposes).
Perhaps this would be better considered as an error with the existing secsipid_check()
function in that it will only validate shaken
passport types, and the ask should be simply to eliminate this check.
secsipid_check(sIdentity, keyPath)
Check the validity of the "sIdentity" parameter using the keys stored in the file specified by "keyPath". If the keyPath parameter is empty, the function is downloading the key using the URL from "info" parameter of the sIdentity, using the value of "timeout" parameter to limit the download time. The validity of the JWT in the sIdentity value is also checked against the "expire" parameter.
The function notes, "Further checks can be done with config operations, decoding the JWT header and payload using {s.select} and {s.decode.base64t} transformations together with jansson module.", which is a very clean waay to handle this, and the function here should just be less opinionated on what is and isn't a valid Identity header?
from kamailio.
I added the function secsipid_verify(...)
that should allow disabling the checks on the jwt header attributes. I haven't tested though, report if you get any issues. You have to use the latest git versions of both kamailio and libsecsipid.
from kamailio.
Sorry for the delayed reply - I had a few small issues compiling, but kamailio then fails to start with secsipid_verify() not found:
During startup:
0(1) ERROR: <core> [core/cfg.y:3870]: yyparse(): cfg. parser: failed to find command secsipid_verify (params 2)
The function is called like this:
secsipid_verify("$var(identity)", "")
Versions:
[ben@NV0162~/projects/cnam_relay]$ dc exec cnam-sti-vs kamailio -v
version: kamailio 5.9.0-dev0 (x86_64/linux) 951ab1
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_SEND_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: 951ab1
compiled on 21:42:15 Mar 19 2024 with gcc 12.2.0
[ben@NV0162~/projects/cnam_relay]$ dc exec cnam-sti-vs secsipidx -version
secsipidx v1.3.2
This is my Dockerfile in case I'm missing something in compilation:
FROM golang:1.22.1-bookworm AS secsipidbuilder
ENV GO111MODULE=off
RUN cd / \
&& git clone https://github.com/asipto/secsipidx.git \
&& cd secsipidx \
&& make \
&& make install \
&& cd / \
&& apt update \
&& apt upgrade -y \
&& apt install -y git make automake autoconf libtool libcurl4-openssl-dev \
sngrep gnupg2 wget lsb-release openssl libssl-dev \
pkg-config uuid-dev sip-tester \
&& apt install -y pkg-config gcc bison flex g++ libssl-dev libxml2-dev \
libjson-c-dev libpcre3 libjansson-dev libpcre3-dev \
libhiredis-dev libsqlite3-dev libpq-dev libevent-dev \
sqlite3 uuid-dev \
&& cd /secsipidx \
&& make install \
&& git clone \
-b master \
--single-branch https://github.com/kamailio/kamailio.git /kamailio \
&& cd /kamailio \
&& make include_modules="jansson json ndb_redis db_sqlite db_postgres \
secsipid secsipid_proc http_async_client avpops \
uuid" prefix="/" cfg \
&& make all \
&& make install \
&& apt clean \
&& apt-get autoremove --yes \
&& cd / \
&& rm -rf /var/lib/{apt,dpkg,cache,log}/ \
&& rm -rf /kamailio \
&& rm -rf /secsipidx
COPY etc/kamailio /etc/kamailio
from kamailio.
Ah - I see the function takes three arguments. The third argument only has "A" as an allowed value?
from kamailio.
Is it possible to use the same logic for downloading (and caching) of the key as the secsipid_check
function:
If the keyPath parameter is empty, the function is downloading the key using the URL from "info" parameter of the sIdentity, using the value of "timeout" parameter to limit the download time
from kamailio.
This function is with key value as parameter, not file path. There is also a function in the secsipid module to download:
from kamailio.
Confirmed that this is working. Will it get ported to 5.8 or will it be the next major.minor
release?
from kamailio.
Related Issues (20)
- [FEATURE] mid-call self-redirect call to new nexthop HOT 1
- Not enough parameters for htable.seti HOT 3
- PKG Memory Leak with RTPEngine Module with WebSocket HOT 6
- Wrong Route header order in called party re-INVITE when using topos HOT 2
- support zero media stream for sdp parsing module HOT 1
- TSILO: ts_append_to(): transaction 11743:1310842517: error updating dset (-1) HOT 2
- ERROR: acc [acc_extra.c:169]: parse_acc_extra() HOT 3
- Less predictive algorithm for carrierroute hashing HOT 2
- kamcmd keepalive.list the last up and down time reversed HOT 3
- TLS crash in Kamailio 5.6.3 (5.7.4) on Debian 12 HOT 3
- Chaining Transformations {uri.param,received}{uri.host} does not work for IPv6 HOT 1
- Kamailio 5.7 TLS fail to compile HOT 2
- sipdump.enable will not dump HOT 3
- corex.list_sockets broken output HOT 2
- DBURL can't read env params HOT 2
- kamailio tls connection uses too much shared memory HOT 2
- app_python module still needs Python 2 HOT 1
- Kamailio ims_charging module Ro Interface User-Equipment-Info-Type AVP HOT 2
- db_mysql: failed build on CentOS 7 HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kamailio.