|
@@ -24,9 +24,10 @@
|
|
|
<para>
|
|
<para>
|
|
|
stirshaken module exports the functions to check and to generate PASSporT, wrapped into SIP Identity header.
|
|
stirshaken module exports the functions to check and to generate PASSporT, wrapped into SIP Identity header.
|
|
|
For call authentication two functions are available: stirshaken_add_identity(...) and stirshaken_add_identity_with_key(key).
|
|
For call authentication two functions are available: stirshaken_add_identity(...) and stirshaken_add_identity_with_key(key).
|
|
|
- stirshaken_add_identity() uses default key (through Authentication Service), stirshaken_add_identity_with_key(..., key) uses specifoed key.
|
|
|
|
|
|
|
+ stirshaken_add_identity() uses default key (through Authentication Service), stirshaken_add_identity_with_key(..., key) uses key specified as argument.
|
|
|
For call verification three methods are available: stirshaken_check_identity() (through Verification Service),
|
|
For call verification three methods are available: stirshaken_check_identity() (through Verification Service),
|
|
|
stirshaken_check_identity_with_key(key) and stirshaken_check_identity_with_cert(cert).
|
|
stirshaken_check_identity_with_key(key) and stirshaken_check_identity_with_cert(cert).
|
|
|
|
|
+ Only stirshaken_check_identity() may download certificate (if needed) and check it with X509 certificate path check algorithm.
|
|
|
</para>
|
|
</para>
|
|
|
</section>
|
|
</section>
|
|
|
<section>
|
|
<section>
|
|
@@ -291,7 +292,11 @@ modparam("stirshaken", "vs_cache_expire_s", 100)
|
|
|
|
|
|
|
|
request_route {
|
|
request_route {
|
|
|
...
|
|
...
|
|
|
- if(stirshaken_check_identity()) { // bad identity }
|
|
|
|
|
|
|
+ if (1 == stirshaken_check_identity()) {
|
|
|
|
|
+ xlog("Shaken Identity is OK\n");
|
|
|
|
|
+ } else {
|
|
|
|
|
+ xlog("Shaken Identity is invalid\n");
|
|
|
|
|
+ }
|
|
|
...
|
|
...
|
|
|
}
|
|
}
|
|
|
...
|
|
...
|
|
@@ -326,7 +331,11 @@ request_route {
|
|
|
...
|
|
...
|
|
|
request_route {
|
|
request_route {
|
|
|
...
|
|
...
|
|
|
- if(stirshaken_check_identity_with_key("/path/to/key")) { // bad identity }
|
|
|
|
|
|
|
+ if (1 == stirshaken_check_identity_with_key("/path/to/key")) {
|
|
|
|
|
+ xlog("Shaken Identity is OK\n");
|
|
|
|
|
+ } else {
|
|
|
|
|
+ xlog("Shaken Identity is invalid\n");
|
|
|
|
|
+ }
|
|
|
...
|
|
...
|
|
|
}
|
|
}
|
|
|
...
|
|
...
|
|
@@ -352,7 +361,11 @@ request_route {
|
|
|
...
|
|
...
|
|
|
request_route {
|
|
request_route {
|
|
|
...
|
|
...
|
|
|
- if(stirshaken_check_identity_with_cert("/path/to/cert")) { // bad identity }
|
|
|
|
|
|
|
+ if (1 == stirshaken_check_identity_with_cert("/path/to/cert")) {
|
|
|
|
|
+ xlog("Shaken Identity is OK\n");
|
|
|
|
|
+ } else {
|
|
|
|
|
+ xlog("Shaken Identity is invalid\n");
|
|
|
|
|
+ }
|
|
|
...
|
|
...
|
|
|
}
|
|
}
|
|
|
...
|
|
...
|
|
@@ -382,7 +395,11 @@ request_route {
|
|
|
...
|
|
...
|
|
|
request_route {
|
|
request_route {
|
|
|
...
|
|
...
|
|
|
- stirshaken_add_identity("https://sp.com/sp.pem", "B", "+44100", "+44200", "origid");
|
|
|
|
|
|
|
+ if (1 == stirshaken_add_identity("https://sp.com/sp.pem", "B", "+44100", "+44200", "origid")) {
|
|
|
|
|
+ xlog("Shaken authentication added (SIP Identity Header created)\n");
|
|
|
|
|
+ } else {
|
|
|
|
|
+ xlog("Failed\n");
|
|
|
|
|
+ }
|
|
|
...
|
|
...
|
|
|
}
|
|
}
|
|
|
...
|
|
...
|
|
@@ -397,7 +414,11 @@ request_route {
|
|
|
...
|
|
...
|
|
|
request_route {
|
|
request_route {
|
|
|
...
|
|
...
|
|
|
- stirshaken_add_identity("https://sp.com/sp.pem", "B", "+44100", "+44200", "");
|
|
|
|
|
|
|
+ if (1 == stirshaken_add_identity("https://sp.com/sp.pem", "B", "+44100", "+44200", "")) {
|
|
|
|
|
+ xlog("Shaken authentication added (SIP Identity Header created)\n");
|
|
|
|
|
+ } else {
|
|
|
|
|
+ xlog("Failed\n");
|
|
|
|
|
+ }
|
|
|
...
|
|
...
|
|
|
}
|
|
}
|
|
|
...
|
|
...
|
Piotr Gregor