From 465b0279cdb969da05bcdf6cb49256a2d70295c8 Mon Sep 17 00:00:00 2001 From: Trial97 Date: Thu, 16 Apr 2020 10:05:10 +0300 Subject: [PATCH] Added STIR authorization --- config/config_defaults.go | 2 + config/config_json_test.go | 44 ++++++++------- config/config_test.go | 44 ++++++++------- config/libconfig_json.go | 52 +++++++++-------- config/sessionscfg.go | 113 +++++++++++++++++++++---------------- sessions/libsessions.go | 25 ++++---- sessions/sessions.go | 25 ++++---- sessions/sessions_test.go | 20 +++++++ utils/consts.go | 67 +++++++++++++++------- utils/coreutils.go | 5 +- utils/errors.go | 5 ++ utils/stir_shaken.go | 8 +-- utils/stir_shaken_utils.go | 3 +- 13 files changed, 240 insertions(+), 173 deletions(-) diff --git a/config/config_defaults.go b/config/config_defaults.go index bc255c654..1dcbbb8b4 100755 --- a/config/config_defaults.go +++ b/config/config_defaults.go @@ -367,6 +367,8 @@ const CGRATES_CFG_JSON = ` "terminate_attempts": 5, // attempts to get the session before terminating it "alterable_fields": [], // the session fields that can be updated //"min_dur_low_balance": "5s", // threshold which will trigger low balance warnings for prepaid calls (needs to be lower than debit_interval) + "stir_attest": "*any", // the default attest for stir/shaken authentification <*any|A|B|C> + "stir_payload_maxduration": "-1", // the duration that stir header is valid after it was created }, diff --git a/config/config_json_test.go b/config/config_json_test.go index 056aeba86..45d48b26a 100755 --- a/config/config_json_test.go +++ b/config/config_json_test.go @@ -673,27 +673,29 @@ func TestDfCdreJsonCfgs(t *testing.T) { func TestSmgJsonCfg(t *testing.T) { eCfg := &SessionSJsonCfg{ - Enabled: utils.BoolPointer(false), - Listen_bijson: utils.StringPointer("127.0.0.1:2014"), - Chargers_conns: &[]string{}, - Rals_conns: &[]string{}, - Cdrs_conns: &[]string{}, - Resources_conns: &[]string{}, - Thresholds_conns: &[]string{}, - Stats_conns: &[]string{}, - Suppliers_conns: &[]string{}, - Attributes_conns: &[]string{}, - Replication_conns: &[]string{}, - Debit_interval: utils.StringPointer("0s"), - Store_session_costs: utils.BoolPointer(false), - Min_call_duration: utils.StringPointer("0s"), - Max_call_duration: utils.StringPointer("3h"), - Session_ttl: utils.StringPointer("0s"), - Session_indexes: &[]string{}, - Client_protocol: utils.Float64Pointer(1.0), - Channel_sync_interval: utils.StringPointer("0"), - Terminate_attempts: utils.IntPointer(5), - Alterable_fields: &[]string{}, + Enabled: utils.BoolPointer(false), + Listen_bijson: utils.StringPointer("127.0.0.1:2014"), + Chargers_conns: &[]string{}, + Rals_conns: &[]string{}, + Cdrs_conns: &[]string{}, + Resources_conns: &[]string{}, + Thresholds_conns: &[]string{}, + Stats_conns: &[]string{}, + Suppliers_conns: &[]string{}, + Attributes_conns: &[]string{}, + Replication_conns: &[]string{}, + Debit_interval: utils.StringPointer("0s"), + Store_session_costs: utils.BoolPointer(false), + Min_call_duration: utils.StringPointer("0s"), + Max_call_duration: utils.StringPointer("3h"), + Session_ttl: utils.StringPointer("0s"), + Session_indexes: &[]string{}, + Client_protocol: utils.Float64Pointer(1.0), + Channel_sync_interval: utils.StringPointer("0"), + Terminate_attempts: utils.IntPointer(5), + Alterable_fields: &[]string{}, + Stir_attest: utils.StringPointer(utils.META_ANY), + Stir_payload_maxduration: utils.StringPointer("-1"), } if cfg, err := dfCgrJsonCfg.SessionSJsonCfg(); err != nil { t.Error(err) diff --git a/config/config_test.go b/config/config_test.go index 0d614bb75..9cc2a21e5 100755 --- a/config/config_test.go +++ b/config/config_test.go @@ -600,27 +600,29 @@ func TestCgrCfgJSONDefaultsCdreProfiles(t *testing.T) { func TestCgrCfgJSONDefaultsSMGenericCfg(t *testing.T) { eSessionSCfg := &SessionSCfg{ - Enabled: false, - ListenBijson: "127.0.0.1:2014", - ChargerSConns: []string{}, - RALsConns: []string{}, - CDRsConns: []string{}, - ResSConns: []string{}, - ThreshSConns: []string{}, - StatSConns: []string{}, - SupplSConns: []string{}, - AttrSConns: []string{}, - ReplicationConns: []string{}, - DebitInterval: 0 * time.Second, - StoreSCosts: false, - MinCallDuration: 0 * time.Second, - MaxCallDuration: 3 * time.Hour, - SessionTTL: 0 * time.Second, - SessionIndexes: utils.StringMap{}, - ClientProtocol: 1.0, - ChannelSyncInterval: 0, - TerminateAttempts: 5, - AlterableFields: utils.NewStringSet([]string{}), + Enabled: false, + ListenBijson: "127.0.0.1:2014", + ChargerSConns: []string{}, + RALsConns: []string{}, + CDRsConns: []string{}, + ResSConns: []string{}, + ThreshSConns: []string{}, + StatSConns: []string{}, + SupplSConns: []string{}, + AttrSConns: []string{}, + ReplicationConns: []string{}, + DebitInterval: 0 * time.Second, + StoreSCosts: false, + MinCallDuration: 0 * time.Second, + MaxCallDuration: 3 * time.Hour, + SessionTTL: 0 * time.Second, + SessionIndexes: utils.StringMap{}, + ClientProtocol: 1.0, + ChannelSyncInterval: 0, + TerminateAttempts: 5, + AlterableFields: utils.NewStringSet([]string{}), + STIRAttest: utils.NewStringSet([]string{utils.META_ANY}), + STIRPayloadMaxduration: -1, } if !reflect.DeepEqual(eSessionSCfg, cgrCfg.sessionSCfg) { t.Errorf("expecting: %s, received: %s", diff --git a/config/libconfig_json.go b/config/libconfig_json.go index 49de31e5c..e9847e25d 100755 --- a/config/libconfig_json.go +++ b/config/libconfig_json.go @@ -195,31 +195,33 @@ type EventReaderJsonCfg struct { // SM-Generic config section type SessionSJsonCfg struct { - Enabled *bool - Listen_bijson *string - Chargers_conns *[]string - Rals_conns *[]string - Resources_conns *[]string - Thresholds_conns *[]string - Stats_conns *[]string - Suppliers_conns *[]string - Cdrs_conns *[]string - Replication_conns *[]string - Attributes_conns *[]string - Debit_interval *string - Store_session_costs *bool - Min_call_duration *string - Max_call_duration *string - Session_ttl *string - Session_ttl_max_delay *string - Session_ttl_last_used *string - Session_ttl_usage *string - Session_indexes *[]string - Client_protocol *float64 - Channel_sync_interval *string - Terminate_attempts *int - Alterable_fields *[]string - Min_dur_low_balance *string + Enabled *bool + Listen_bijson *string + Chargers_conns *[]string + Rals_conns *[]string + Resources_conns *[]string + Thresholds_conns *[]string + Stats_conns *[]string + Suppliers_conns *[]string + Cdrs_conns *[]string + Replication_conns *[]string + Attributes_conns *[]string + Debit_interval *string + Store_session_costs *bool + Min_call_duration *string + Max_call_duration *string + Session_ttl *string + Session_ttl_max_delay *string + Session_ttl_last_used *string + Session_ttl_usage *string + Session_indexes *[]string + Client_protocol *float64 + Channel_sync_interval *string + Terminate_attempts *int + Alterable_fields *[]string + Min_dur_low_balance *string + Stir_attest *string + Stir_payload_maxduration *string } // FreeSWITCHAgent config section diff --git a/config/sessionscfg.go b/config/sessionscfg.go index b10054b8e..31e7f7c79 100644 --- a/config/sessionscfg.go +++ b/config/sessionscfg.go @@ -20,6 +20,7 @@ package config import ( "fmt" + "strings" "time" "github.com/cgrates/cgrates/utils" @@ -73,31 +74,33 @@ func (fs *FsConnCfg) AsMapInterface() map[string]interface{} { } type SessionSCfg struct { - Enabled bool - ListenBijson string - ChargerSConns []string - RALsConns []string - ResSConns []string - ThreshSConns []string - StatSConns []string - SupplSConns []string - AttrSConns []string - CDRsConns []string - ReplicationConns []string - DebitInterval time.Duration - StoreSCosts bool - MinCallDuration time.Duration - MaxCallDuration time.Duration - SessionTTL time.Duration - SessionTTLMaxDelay *time.Duration - SessionTTLLastUsed *time.Duration - SessionTTLUsage *time.Duration - SessionIndexes utils.StringMap - ClientProtocol float64 - ChannelSyncInterval time.Duration - TerminateAttempts int - AlterableFields *utils.StringSet - MinDurLowBalance time.Duration + Enabled bool + ListenBijson string + ChargerSConns []string + RALsConns []string + ResSConns []string + ThreshSConns []string + StatSConns []string + SupplSConns []string + AttrSConns []string + CDRsConns []string + ReplicationConns []string + DebitInterval time.Duration + StoreSCosts bool + MinCallDuration time.Duration + MaxCallDuration time.Duration + SessionTTL time.Duration + SessionTTLMaxDelay *time.Duration + SessionTTLLastUsed *time.Duration + SessionTTLUsage *time.Duration + SessionIndexes utils.StringMap + ClientProtocol float64 + ChannelSyncInterval time.Duration + TerminateAttempts int + AlterableFields *utils.StringSet + MinDurLowBalance time.Duration + STIRAttest *utils.StringSet + STIRPayloadMaxduration time.Duration } func (scfg *SessionSCfg) loadFromJsonCfg(jsnCfg *SessionSJsonCfg) (err error) { @@ -274,37 +277,47 @@ func (scfg *SessionSCfg) loadFromJsonCfg(jsnCfg *SessionSJsonCfg) (err error) { return err } } + if jsnCfg.Stir_attest != nil { + scfg.STIRAttest = utils.NewStringSet(strings.Split(*jsnCfg.Stir_attest, utils.NestingSep)) + } + if jsnCfg.Stir_payload_maxduration != nil { + if scfg.STIRPayloadMaxduration, err = utils.ParseDurationWithNanosecs(*jsnCfg.Stir_payload_maxduration); err != nil { + return err + } + } return nil } func (scfg *SessionSCfg) AsMapInterface() map[string]interface{} { return map[string]interface{}{ - utils.EnabledCfg: scfg.Enabled, - utils.ListenBijsonCfg: scfg.ListenBijson, - utils.ChargerSConnsCfg: scfg.ChargerSConns, - utils.RALsConnsCfg: scfg.RALsConns, - utils.ResSConnsCfg: scfg.ResSConns, - utils.ThreshSConnsCfg: scfg.ThreshSConns, - utils.StatSConnsCfg: scfg.StatSConns, - utils.SupplSConnsCfg: scfg.SupplSConns, - utils.AttrSConnsCfg: scfg.AttrSConns, - utils.CDRsConnsCfg: scfg.CDRsConns, - utils.ReplicationConnsCfg: scfg.ReplicationConns, - utils.DebitIntervalCfg: scfg.DebitInterval, - utils.StoreSCostsCfg: scfg.StoreSCosts, - utils.MinCallDurationCfg: scfg.MinCallDuration, - utils.MaxCallDurationCfg: scfg.MaxCallDuration, - utils.SessionTTLCfg: scfg.SessionTTL, - utils.SessionTTLMaxDelayCfg: scfg.SessionTTLMaxDelay, - utils.SessionTTLLastUsedCfg: scfg.SessionTTLLastUsed, - utils.SessionTTLUsageCfg: scfg.SessionTTLUsage, - utils.SessionIndexesCfg: scfg.SessionIndexes.GetSlice(), - utils.ClientProtocolCfg: scfg.ClientProtocol, - utils.ChannelSyncIntervalCfg: scfg.ChannelSyncInterval, - utils.TerminateAttemptsCfg: scfg.TerminateAttempts, - utils.AlterableFieldsCfg: scfg.AlterableFields.AsSlice(), - utils.MinDurLowBalanceCfg: scfg.MinDurLowBalance, + utils.EnabledCfg: scfg.Enabled, + utils.ListenBijsonCfg: scfg.ListenBijson, + utils.ChargerSConnsCfg: scfg.ChargerSConns, + utils.RALsConnsCfg: scfg.RALsConns, + utils.ResSConnsCfg: scfg.ResSConns, + utils.ThreshSConnsCfg: scfg.ThreshSConns, + utils.StatSConnsCfg: scfg.StatSConns, + utils.SupplSConnsCfg: scfg.SupplSConns, + utils.AttrSConnsCfg: scfg.AttrSConns, + utils.CDRsConnsCfg: scfg.CDRsConns, + utils.ReplicationConnsCfg: scfg.ReplicationConns, + utils.DebitIntervalCfg: scfg.DebitInterval, + utils.StoreSCostsCfg: scfg.StoreSCosts, + utils.MinCallDurationCfg: scfg.MinCallDuration, + utils.MaxCallDurationCfg: scfg.MaxCallDuration, + utils.SessionTTLCfg: scfg.SessionTTL, + utils.SessionTTLMaxDelayCfg: scfg.SessionTTLMaxDelay, + utils.SessionTTLLastUsedCfg: scfg.SessionTTLLastUsed, + utils.SessionTTLUsageCfg: scfg.SessionTTLUsage, + utils.SessionIndexesCfg: scfg.SessionIndexes.GetSlice(), + utils.ClientProtocolCfg: scfg.ClientProtocol, + utils.ChannelSyncIntervalCfg: scfg.ChannelSyncInterval, + utils.TerminateAttemptsCfg: scfg.TerminateAttempts, + utils.AlterableFieldsCfg: scfg.AlterableFields.AsSlice(), + utils.MinDurLowBalanceCfg: scfg.MinDurLowBalance, + utils.STIRAtestCfg: strings.Join(scfg.STIRAttest.AsSlice(), utils.NestingSep), + utils.STIRPayloadMaxdurationCfg: scfg.STIRPayloadMaxduration, } } diff --git a/sessions/libsessions.go b/sessions/libsessions.go index 6b8347c69..668ddb832 100644 --- a/sessions/libsessions.go +++ b/sessions/libsessions.go @@ -20,7 +20,6 @@ package sessions import ( "errors" - "fmt" "math/rand" "strings" "time" @@ -121,13 +120,13 @@ func NewProcessedIdentity(identity string) (pi *ProcessedStirIdentity, err error hdrtoken := strings.Split(utils.RemoveWhiteSpaces(identity), utils.INFIELD_SEP) if len(hdrtoken) == 1 { - err = fmt.Errorf("missing parts of the message header") + err = errors.New("missing parts of the message header") return } pi.Tokens = hdrtoken[1:] btoken := strings.Split(hdrtoken[0], utils.NestingSep) if len(btoken) != 3 { - err = fmt.Errorf("wrong header") + err = errors.New("wrong header format") return } pi.SigningStr = btoken[0] + utils.NestingSep + btoken[1] @@ -151,15 +150,16 @@ func (pi *ProcessedStirIdentity) VerifyHeader() (isValid bool) { continue } switch ptoken[0] { - case "alg": - if ptoken[1] != "ES256" { + case utils.STIRAlgField: + if ptoken[1] != utils.STIRAlg { return false } - case "ppt": - if ptoken[1] != "shaken" && ptoken[1] != "\"shaken\"" { + case utils.STIRPptField: + if ptoken[1] != utils.STIRPpt && + ptoken[1] != "\""+utils.STIRPpt+"\"" { return false } - case "info": + case utils.STIRInfoField: lenParamInfo := len(ptoken[1]) if lenParamInfo <= 2 { return false @@ -171,9 +171,9 @@ func (pi *ProcessedStirIdentity) VerifyHeader() (isValid bool) { } } - return pi.Header.Alg == "ES256" && - pi.Header.Ppt == "shaken" && - pi.Header.Typ == "passport" && + return pi.Header.Alg == utils.STIRAlg && + pi.Header.Ppt == utils.STIRPpt && + pi.Header.Typ == utils.STIRTyp && pi.Header.X5u == x5u } @@ -182,7 +182,6 @@ func (pi *ProcessedStirIdentity) VerifySignature(timeoutVal time.Duration) (err var pubkey interface{} var ok bool if pubkey, ok = engine.Cache.Get(utils.CacheSTIR, pi.Header.X5u); !ok { - fmt.Printf("%q\n", pi.Header.X5u) if pubkey, err = utils.NewECDSAPubKey(pi.Header.X5u, timeoutVal); err != nil { engine.Cache.Set(utils.CacheSTIR, pi.Header.X5u, nil, nil, false, utils.NonTransactional) @@ -255,7 +254,7 @@ func NewIdentity(header *utils.PASSporTHeader, payload *utils.PASSporTPayload, p return } identity += utils.NestingSep + signature - identity += ";info=<" + header.X5u + ">;>alg=ES256;ppt=shaken" + identity += utils.STIRExtraInfoPrefix + header.X5u + utils.STIRExtraInfoSuffix return } diff --git a/sessions/sessions.go b/sessions/sessions.go index b64367581..1e1b58fdb 100644 --- a/sessions/sessions.go +++ b/sessions/sessions.go @@ -2956,19 +2956,22 @@ func (sS *SessionS) BiRPCv1ProcessEvent(clnt rpcclient.ClientConnector, if argsFlagsWithParams, err = utils.FlagsWithParamsFromSlice(args.Flags); err != nil { return } - if argsFlagsWithParams.HasKey("*stir_authorize") { - var attest *utils.StringSet - if uattest := ev.GetStringIgnoreErrors("STIRATest"); uattest != utils.EmptyString { + if argsFlagsWithParams.HasKey(utils.MetaSTIRAuthorize) { + attest := sS.cgrCfg.SessionSCfg().STIRAttest + if uattest := ev.GetStringIgnoreErrors(utils.STIRATest); uattest != utils.EmptyString { attest = utils.NewStringSet(strings.Split(uattest, utils.INFIELD_SEP)) } - if err = authStirShaken(ev.GetStringIgnoreErrors("STIRIdentity"), - utils.FirstNonEmpty(ev.GetStringIgnoreErrors("STIROriginatorTn"), ev.GetStringIgnoreErrors(utils.Account)), - ev.GetStringIgnoreErrors("STIROriginatorURI"), - utils.FirstNonEmpty(ev.GetStringIgnoreErrors("STIRDestinationTn"), ev.GetStringIgnoreErrors(utils.Destination)), - ev.GetStringIgnoreErrors("STIRDestinationURI"), - attest, - -1); err != nil { // configurabil stir_payload_maxduration //nonempty STIRPayloadMaxDuration - return + var stirMaxDur time.Duration + if stirMaxDur, err = ev.GetDuration(utils.STIRPayloadMaxDuration); err != nil { + stirMaxDur = sS.cgrCfg.SessionSCfg().STIRPayloadMaxduration + } + if err = authStirShaken(ev.GetStringIgnoreErrors(utils.STIRIdentity), + utils.FirstNonEmpty(ev.GetStringIgnoreErrors(utils.STIROriginatorTn), ev.GetStringIgnoreErrors(utils.Account)), + ev.GetStringIgnoreErrors(utils.STIROriginatorURI), + utils.FirstNonEmpty(ev.GetStringIgnoreErrors(utils.STIRDestinationTn), ev.GetStringIgnoreErrors(utils.Destination)), + ev.GetStringIgnoreErrors(utils.STIRDestinationURI), + attest, stirMaxDur); err != nil { + return utils.NewSTIRError(err.Error()) } } // check for *attribute diff --git a/sessions/sessions_test.go b/sessions/sessions_test.go index 85fc89e63..c27a47e39 100644 --- a/sessions/sessions_test.go +++ b/sessions/sessions_test.go @@ -30,6 +30,7 @@ import ( "github.com/cgrates/cgrates/engine" "github.com/cgrates/cgrates/utils" "github.com/cgrates/rpcclient" + "github.com/dgrijalva/jwt-go" ) var attrs = &engine.AttrSProcessEventReply{ @@ -2208,3 +2209,22 @@ func TestSessionSfilterSessionsCount(t *testing.T) { t.Errorf("Expected %v , received: %s", 2, utils.ToJSON(noSess)) } } + +func TestStirShaken(t *testing.T) { + pubkeyBuf := []byte(`-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESt8sEh55Yc579vLHjFRWVQO27p4Y +aa+jqv4dwkr/FLEcN1zC76Y/IniI65fId55hVJvN3ORuzUqYEtzD3irmsw== +-----END PUBLIC KEY----- +`) + pubKey, err := jwt.ParseECPublicKeyFromPEM(pubkeyBuf) + if err != nil { + t.Fatal(err) + } + engine.Cache.Set(utils.CacheSTIR, "https://www.example.org/cert.cer", pubKey, + nil, true, utils.NonTransactional) + + if err := authStirShaken( + "eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly93d3cuZXhhbXBsZS5vcmcvY2VydC5jZXIifQ.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyIxMDAyIl19LCJpYXQiOjE1ODcwMTk4MjIsIm9yaWciOnsidG4iOiIxMDAxIn0sIm9yaWdpZCI6IjEyMzQ1NiJ9.4ybtWmgqdkNyJLS9Iv3PuJV8ZxR7yZ_NEBhCpKCEu2WBiTchqwoqoWpI17Q_ALm38tbnpay32t95ZY_LhSgwJg;info=;ppt=shaken", "1001", "", "1002", "", utils.NewStringSet([]string{utils.META_ANY}), -1); err != nil { + t.Fatal(err) + } +} diff --git a/utils/consts.go b/utils/consts.go index e921befed..496223400 100755 --- a/utils/consts.go +++ b/utils/consts.go @@ -669,6 +669,7 @@ const ( MetaRelease = "*release" MetaAllocate = "*allocate" MetaAuthorize = "*authorize" + MetaSTIRAuthorize = "*stir_authorize" MetaInit = "*init" MetaRatingPlanCost = "*rating_plan_cost" RatingPlanIDs = "RatingPlanIDs" @@ -1765,27 +1766,29 @@ const ( // SessionSCfg const ( - ListenBijsonCfg = "listen_bijson" - RALsConnsCfg = "rals_conns" - ResSConnsCfg = "resources_conns" - ThreshSConnsCfg = "thresholds_conns" - SupplSConnsCfg = "suppliers_conns" - AttrSConnsCfg = "attributes_conns" - ReplicationConnsCfg = "replication_conns" - DebitIntervalCfg = "debit_interval" - StoreSCostsCfg = "store_session_costs" - MinCallDurationCfg = "min_call_duration" - MaxCallDurationCfg = "max_call_duration" - SessionTTLCfg = "session_ttl" - SessionTTLMaxDelayCfg = "session_ttl_max_delay" - SessionTTLLastUsedCfg = "session_ttl_last_used" - SessionTTLUsageCfg = "session_ttl_usage" - SessionIndexesCfg = "session_indexes" - ClientProtocolCfg = "client_protocol" - ChannelSyncIntervalCfg = "channel_sync_interval" - TerminateAttemptsCfg = "terminate_attempts" - AlterableFieldsCfg = "alterable_fields" - MinDurLowBalanceCfg = "min_dur_low_balance" + ListenBijsonCfg = "listen_bijson" + RALsConnsCfg = "rals_conns" + ResSConnsCfg = "resources_conns" + ThreshSConnsCfg = "thresholds_conns" + SupplSConnsCfg = "suppliers_conns" + AttrSConnsCfg = "attributes_conns" + ReplicationConnsCfg = "replication_conns" + DebitIntervalCfg = "debit_interval" + StoreSCostsCfg = "store_session_costs" + MinCallDurationCfg = "min_call_duration" + MaxCallDurationCfg = "max_call_duration" + SessionTTLCfg = "session_ttl" + SessionTTLMaxDelayCfg = "session_ttl_max_delay" + SessionTTLLastUsedCfg = "session_ttl_last_used" + SessionTTLUsageCfg = "session_ttl_usage" + SessionIndexesCfg = "session_indexes" + ClientProtocolCfg = "client_protocol" + ChannelSyncIntervalCfg = "channel_sync_interval" + TerminateAttemptsCfg = "terminate_attempts" + AlterableFieldsCfg = "alterable_fields" + MinDurLowBalanceCfg = "min_dur_low_balance" + STIRAtestCfg = "stir_attest" + STIRPayloadMaxdurationCfg = "stir_payload_maxduration" ) // FsAgentCfg @@ -1965,6 +1968,28 @@ const ( CacheDumpFieldsCfg = "cache_dump_fields" ) +// STIR/SHAKEN +const ( + STIRAlg = "ES256" + STIRPpt = "shaken" + STIRTyp = "passport" + + STIRAlgField = "alg" + STIRPptField = "ppt" + STIRInfoField = "info" + + STIRATest = "STIRATest" + STIRPayloadMaxDuration = "STIRPayloadMaxDuration" + STIRIdentity = "STIRIdentity" + STIROriginatorTn = "STIROriginatorTn" + STIROriginatorURI = "STIROriginatorURI" + STIRDestinationTn = "STIRDestinationTn" + STIRDestinationURI = "STIRDestinationURI" + + STIRExtraInfoPrefix = ";info=<" + STIRExtraInfoSuffix = ">;alg=ES256;ppt=shaken" +) + // Strip/Padding strategy var ( // common diff --git a/utils/coreutils.go b/utils/coreutils.go index 64518d7aa..7787bb954 100644 --- a/utils/coreutils.go +++ b/utils/coreutils.go @@ -475,10 +475,7 @@ func Clone(a, b interface{}) error { if err := enc.Encode(a); err != nil { return err } - if err := dec.Decode(b); err != nil { - return err - } - return nil + return dec.Decode(b) } // Used as generic function logic for various fields diff --git a/utils/errors.go b/utils/errors.go index b30559f01..7b5f650f4 100644 --- a/utils/errors.go +++ b/utils/errors.go @@ -261,3 +261,8 @@ func ErrPathNotReachable(path string) error { func ErrNotConvertibleTF(from, to string) error { return fmt.Errorf("%s : from: %s to:%s", ErrNotConvertibleNoCaps.Error(), from, to) } + +// NewSTIRError returns a error with a *stir_authorize prefix +func NewSTIRError(reason string) error { + return fmt.Errorf("<%s> %s", MetaSTIRAuthorize, reason) +} diff --git a/utils/stir_shaken.go b/utils/stir_shaken.go index 19e6a21b7..a85a8494c 100644 --- a/utils/stir_shaken.go +++ b/utils/stir_shaken.go @@ -26,9 +26,9 @@ import ( // extension shaken, ES256 algorithm and the given x5u func NewPASSporTHeader(x5uVal string) *PASSporTHeader { return &PASSporTHeader{ - Alg: "ES256", - Ppt: "shaken", - Typ: "passport", + Alg: STIRAlg, + Ppt: STIRPpt, + Typ: STIRTyp, X5u: x5uVal, } } @@ -88,5 +88,3 @@ type PASSporTPayload struct { Orig PASSporTOriginsIdentity `json:"orig"` // the originator identity OrigID string `json:"origid"` // is an opaque unique identifier representing an element on the path of a given SIP request. Not used for verification } - -// atestare cu set cu `,` si support pt `*any` diff --git a/utils/stir_shaken_utils.go b/utils/stir_shaken_utils.go index c4883572d..18e3b7669 100644 --- a/utils/stir_shaken_utils.go +++ b/utils/stir_shaken_utils.go @@ -94,8 +94,7 @@ func DecodeBase64JSON(data string, val interface{}) (err error) { if b, err = jwt.DecodeSegment(data); err != nil { return } - err = json.Unmarshal(b, val) - return + return json.Unmarshal(b, val) } func RemoveWhiteSpaces(str string) string {