...
| No Format |
|---|
# ----------------- setting module-specific parameters ---------------
modparam("auth_identity","privatekey_path","/etc/certs/key.pem")
modparam("auth_identity","certificate_path","/etc/certs/cert.pem")
modparam("auth_identity","cainfo_path","/etc/certs/ca_list.pem")
modparam("auth_identity","certificate_url","http://sip.domainA.net/cert.pem")
|
Add the identity
| No Format |
|---|
if (!uri==myself) {
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
if (from_uri==myself) {
#insert authentication HERE
route(IDENTITY);
route(FORWARD);
}
else {sl_reply("400", "Not Relay");}
}
|
| No Format |
|---|
route[IDENTITY]
{
if (method=="INVITE" || method=="BYE" || method=="OPTION" || method=="ACK") {
# Identity and Identity-info headers must not exist
if (@identity) {
t_reply("403", "Invalid Identity header");
drop;
}
if (@identity_info) {
t_reply("403", "Invalid Identity-info header");
drop;
}
if (!auth_date_proc()) {
t_reply("403", "Invalid Date value");
drop;
}
if (!auth_add_identity()) {
t_reply("480", "Authentication error");
drop;
}
}
}
|
Verificator
| No Format |
|---|
if (uri==myself) {
if (@identity) {
route(VERIFY);
}
....
|
| No Format |
|---|
route[VERIFY]
{
# if we've already processed this message then we drop it
if (!t_newtran()) {
sl_reply("500", "Internal error newtran");
drop;
}
if (method=="INVITE" || method=="BYE" || method=="OPTION" || method=="ACK") {
# Identity and Identity-info are required for verification
if (!@identity) {
t_reply("428", "Use Identity Header");
drop;
}
if (!@identity_info) {
t_reply("436", "Bad Identity-Info");
drop;
}
if (!vrfy_check_date()) {
t_reply("403", "Outdated Date header value");
drop;
}
if (!vrfy_get_certificate()) {
t_reply("436", "Bad Identity-Info");
drop;
}
if (!vrfy_check_certificate()) {
t_reply("437", "Unsupported Certificate");
drop;
}
if (!vrfy_check_msgvalidity()) {
t_reply("438", "Invalid Identity Header");
drop;
}
if (!vrfy_check_callid()) {
t_reply("403", "Message is replayed");
drop;
}
}
}
|