|
|
@@ -297,6 +297,52 @@ request_route {
|
|
|
...
|
|
|
}
|
|
|
...
|
|
|
+</programlisting>
|
|
|
+ </example>
|
|
|
+ <para>
|
|
|
+ Further checks can be done with config operations, decoding the JWT header
|
|
|
+ and payload using {s.select} and {s.decode.base64t} transformations
|
|
|
+ together with jansson module.
|
|
|
+ </para>
|
|
|
+ </section>
|
|
|
+ <section id="secsipid.f.secsipid_verify">
|
|
|
+ <title>
|
|
|
+ <function moreinfo="none">secsipid_verify(sIdentity, keyVal, opts)</function>
|
|
|
+ </title>
|
|
|
+ <para>
|
|
|
+ Check the validity of the "sIdentity" parameter using the key value
|
|
|
+ given in the parameter "keyVal". The validity of the JWT
|
|
|
+ in the sIdentity value is also checked against the "expire"
|
|
|
+ parameter.
|
|
|
+ </para>
|
|
|
+ <para>
|
|
|
+ The "opts" parameter provides the verify options:
|
|
|
+ <itemizedlist>
|
|
|
+ <listitem>
|
|
|
+ <para>
|
|
|
+ <emphasis>A</emphasis> (uppercase) - skip verifying the attributes
|
|
|
+ in the JWT header.
|
|
|
+ </para>
|
|
|
+ </listitem>
|
|
|
+ </itemizedlist>
|
|
|
+ </para>
|
|
|
+ <para>
|
|
|
+ The parameters can contain pseudo-variables.
|
|
|
+ </para>
|
|
|
+ <para>
|
|
|
+ This function can be used from ANY_ROUTE.
|
|
|
+ </para>
|
|
|
+ <example>
|
|
|
+ <title><function>secsipid_verify</function> usage</title>
|
|
|
+ <programlisting format="linespecific">
|
|
|
+...
|
|
|
+request_route {
|
|
|
+ ...
|
|
|
+ http_client_query("https://provider.com/stir-shaken/cert.pem", "$var(pubkey)");
|
|
|
+ if(secsipid_verify("$hdr(Identity)", "$var(pubkey)", "A")) { ... }
|
|
|
+ ...
|
|
|
+}
|
|
|
+...
|
|
|
</programlisting>
|
|
|
</example>
|
|
|
<para>
|
|
|
@@ -541,4 +587,3 @@ make install
|
|
|
</section>
|
|
|
|
|
|
</chapter>
|
|
|
-
|
Daniel-Constantin Mierla