kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-04 11:58:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

STIR/SHAKEN: Fix certificate type and storage.

Browse Source 
During OpenSIPit, we found out that the public certificates must be of
type X.509. When reading in public keys, we use the corresponding X.509
functions now.

We also discovered that we needed a better naming scheme for the
certificates since certificates with the same name would cause issues
(overwriting certs, etc.). Now when we download a public certificate, we
get the serial number from it and use that as the name of the cached
certificate.

The configuration option public_key_url in stir_shaken.conf has also
been renamed to public_cert_url, which better describes what the option
is for.

https://wiki.asterisk.org/wiki/display/AST/OpenSIPit+2021

Change-Id: Ia00b20835f5f976e3603797f2f2fb19672d8114d
This commit is contained in:
Ben Ford
2021-04-21 11:12:55 -05:00
committed by George Joseph
parent 40bdfff73b
commit 5e6508b56f
12 changed files with 376 additions and 163 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
include/asterisk/res_stir_shaken.h
View File

@@ -43,13 +43,13 @@ struct ast_json;
unsigned char *ast_stir_shaken_payload_get_signature(const struct ast_stir_shaken_payload *payload);
/*!
* \brief Retrieve the value for 'public_key_url' from an ast_stir_shaken_payload
* \brief Retrieve the value for 'public_cert_url' from an ast_stir_shaken_payload
*
* \param payload The payload
*
* \retval The public key URL
*/
char *ast_stir_shaken_payload_get_public_key_url(const struct ast_stir_shaken_payload *payload);
char *ast_stir_shaken_payload_get_public_cert_url(const struct ast_stir_shaken_payload *payload);
/*!
* \brief Retrieve the value for 'signature_timeout' from 'general' config object
@@ -79,13 +79,13 @@ int ast_stir_shaken_add_verification(struct ast_channel *chan, const char *ident
* \param payload The payload section
* \param signature The payload signature
* \param algorithm The signature algorithm
* \param public_key_url The public key URL
* \param public_cert_url The public key URL
*
* \retval ast_stir_shaken_payload on success
* \retval NULL on failure
*/
struct ast_stir_shaken_payload *ast_stir_shaken_verify(const char *header, const char *payload, const char *signature,
const char *algorithm, const char *public_key_url);
const char *algorithm, const char *public_cert_url);
/*!
* \brief Retrieve the stir/shaken sorcery context