kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2026-06-09 03:45:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
5f8cabc232b3e2ebcfca18dcd96848c32dd06681
asterisk/include/asterisk/res_stir_shaken.h
Ben Ford 259ecfa289 STIR/SHAKEN: Fix certificate type and storage. 
During OpenSIPit, we found out that the public certificates must be of
type X.509. When reading in public keys, we use the corresponding X.509
functions now.

We also discovered that we needed a better naming scheme for the
certificates since certificates with the same name would cause issues
(overwriting certs, etc.). Now when we download a public certificate, we
get the serial number from it and use that as the name of the cached
certificate.

The configuration option public_key_url in stir_shaken.conf has also
been renamed to public_cert_url, which better describes what the option
is for.

https://wiki.asterisk.org/wiki/display/AST/OpenSIPit+2021

Change-Id: Ia00b20835f5f976e3603797f2f2fb19672d8114d
2021-05-11 09:29:57 -05:00

115 lines
3.4 KiB
C
Raw Blame History

/*
* Asterisk -- An open source telephony toolkit.
*
* Copyright (C) 2020, Sangoma Technologies Corporation
*
* Kevin Harwell <kharwell@sangoma.com>
*
* See http://www.asterisk.org for more information about
* the Asterisk project. Please do not directly contact
* any of the maintainers of this project for assistance;
* the project provides a web site, mailing lists and IRC
* channels for your use.
*
* This program is free software, distributed under the terms of
* the GNU General Public License Version 2. See the LICENSE file
* at the top of the source tree.
*/
#ifndef _RES_STIR_SHAKEN_H
#define _RES_STIR_SHAKEN_H
#define STIR_SHAKEN_ENCRYPTION_ALGORITHM "ES256"
#define STIR_SHAKEN_PPT "shaken"
#define STIR_SHAKEN_TYPE "passport"
enum ast_stir_shaken_verification_result {
AST_STIR_SHAKEN_VERIFY_NOT_PRESENT, /*! No STIR/SHAKEN information was available */
AST_STIR_SHAKEN_VERIFY_SIGNATURE_FAILED, /*! Signature verification failed */
AST_STIR_SHAKEN_VERIFY_MISMATCH, /*! Contents of the signaling and the STIR/SHAKEN payload did not match */
AST_STIR_SHAKEN_VERIFY_PASSED, /*! Signature verified and contents match signaling */
};
struct ast_stir_shaken_payload;
struct ast_json;
/*!
* \brief Retrieve the value for 'signature' from an ast_stir_shaken_payload
*
* \param payload The payload
*
* \retval The signature
*/
unsigned char *ast_stir_shaken_payload_get_signature(const struct ast_stir_shaken_payload *payload);
/*!
* \brief Retrieve the value for 'public_cert_url' from an ast_stir_shaken_payload
*
* \param payload The payload
*
* \retval The public key URL
*/
char *ast_stir_shaken_payload_get_public_cert_url(const struct ast_stir_shaken_payload *payload);
/*!
* \brief Retrieve the value for 'signature_timeout' from 'general' config object
*
* \retval The signature timeout
*/
unsigned int ast_stir_shaken_get_signature_timeout(void);
/*!
* \brief Add a STIR/SHAKEN verification result to a channel
*
* \param chan The channel
* \param identity The identity
* \param attestation The attestation
* \param result The verification result
*
* \retval -1 on failure
* \retval 0 on success
*/
int ast_stir_shaken_add_verification(struct ast_channel *chan, const char *identity, const char *attestation,
enum ast_stir_shaken_verification_result result);
/*!
* \brief Verify a JSON STIR/SHAKEN payload
*
* \param header The payload header
* \param payload The payload section
* \param signature The payload signature
* \param algorithm The signature algorithm
* \param public_cert_url The public key URL
*
* \retval ast_stir_shaken_payload on success
* \retval NULL on failure
*/
struct ast_stir_shaken_payload *ast_stir_shaken_verify(const char *header, const char *payload, const char *signature,
const char *algorithm, const char *public_cert_url);
/*!
* \brief Retrieve the stir/shaken sorcery context
*
* \retval The stir/shaken sorcery context
*/
struct ast_sorcery *ast_stir_shaken_sorcery(void);
/*!
* \brief Free a STIR/SHAKEN payload
*/
void ast_stir_shaken_payload_free(struct ast_stir_shaken_payload *payload);
/*!
* \brief Sign a JSON STIR/SHAKEN payload
*
* \note This function will automatically add the "attest", "iat", and "origid" fields.
*
* \param json The JWT to sign
*
* \retval ast_stir_shaken_payload on success
* \retval NULL on failure
*/
struct ast_stir_shaken_payload *ast_stir_shaken_sign(struct ast_json *json);
#endif /* _RES_STIR_SHAKEN_H */
Reference in New Issue View Git Blame Copy Permalink