The module implements secure SIP identity specifications - STIR (Secure Telephony Identity Revisited) and SHAKEN (Signature-based Handling of Asserted information using toKENs) IETF extensions for SIP (RFC8224, RFC8588), known together as STIR/SHAKEN. It exports the functions to check and generate SIP Identity header. Note that this module needs "secsipid_proc.so" module to be installed, but without loading the "secsipid_proc.so" via "loadmodule". This module loads "secsipid_proc.so" in child init callback in order to initialize the "libsecsipid" per child process. The libsecsipid is provided by secsipidx project: https://github.com/asipto/secsipidx. In case of failure, the functions in this module return error codes (the negative values) listed in the code of libsecsipid, pretty much at the top of: https://github.com/asipto/secsipidx/blob/main/secsipid/secsipid.go.
| Parámetro | Tipo | Descripción |
|---|---|---|
| expire | int | 3.2. timeout (int) 3.3. cache_dir (str) 3.4. cache_expire (int) 3.5. modproc (str) 3.6. libopt (str) |
| timeout | int | 3.3. cache_dir (str) 3.4. cache_expire (int) 3.5. modproc (str) 3.6. libopt (str) |
| cache_dir | str | 3.4. cache_expire (int) 3.5. modproc (str) 3.6. libopt (str) |
| cache_expire | int | 3.5. modproc (str) 3.6. libopt (str) |
| modproc | str | 3.6. libopt (str) |
| libopt | str | 3.1. expire (int) |
| expire | int | The interval in seconds after which the Identity header JWT is considered to be expired. |
| timeout | int | The interval in seconds after which the HTTP GET operation to download the public key times out. |
| cache_dir | str | The path to the directory where to save cached public keys. If set, it activates the public key file caching in the libsecsipid library. |
| cache_expire | int | The interval in seconds after which a cached public key is considered expired. This value is passed to the libsecsipid library. |
| modproc | str | The name of or the path to the required per-process API module. |
| libopt | str | Set a libsecsipid option. The value has to be name=value. The parameter can be set many times. |
4.2. secsipid_check_identity_pubkey(pubkeyVal) 4.3. secsipid_check(sIdentity, keyPath) 4.4. secsipid_verify(sIdentity, keyVal, opts) 4.5. secsipid_get_url(url, ovar) 4.6. secsipid_add_identity(origTN, destTN, attest, origID, x5u, keyPath)
4.3. secsipid_check(sIdentity, keyPath) 4.4. secsipid_verify(sIdentity, keyVal, opts) 4.5. secsipid_get_url(url, ovar) 4.6. secsipid_add_identity(origTN, destTN, attest, origID, x5u, keyPath)
4.4. secsipid_verify(sIdentity, keyVal, opts) 4.5. secsipid_get_url(url, ovar) 4.6. secsipid_add_identity(origTN, destTN, attest, origID, x5u, keyPath)
4.5. secsipid_get_url(url, ovar) 4.6. secsipid_add_identity(origTN, destTN, attest, origID, x5u, keyPath)
4.6. secsipid_add_identity(origTN, destTN, attest, origID, x5u, keyPath)
4.7. secsipid_build_identity(origTN, destTN, attest, origID, x5u, keyPath)
4.8. secsipid_build_identity_prvkey(origTN, destTN, attest, origID, x5u, keyData)
4.9. secsipid_sign(sheaders, spaypload, keyPath) 4.10. secsipid_sign_prvkey(sheaders, spaypload, keyData)
4.10. secsipid_sign_prvkey(sheaders, spaypload, keyData)
4.1. secsipid_check_identity(keyPath)
Check the validity of the Identity header using the public keys stored in the file specified by "keyPath". If the parameter is empty, the function is downloading the public key using the URL from "info" parameter of the Identity header, using the val
Similar to secsipid_check_identity() with the public key value provided in the parameter.
Check the validity of the "sIdentity" parameter using the public keys stored in the file specified by "keyPath". If the keyPath parameter is empty, the function is downloading the public key using the URL from "info" parameter of the sIdentity, using
Check the validity of the "sIdentity" parameter using the key value given in the parameter "keyVal". The validity of the JWT in the sIdentity value is also checked against the "expire" parameter.
Get the content of a URL and store the result in a variable. The result is cached by libsecsipid, if caching is enabled.
Add Identity header using the private key specified by "keyPath" to sign the JWT body. If origID is empty, a UUID string is generated to fill the field. The origTN represents the origination telephone number; destTN represents the destination telepho
Build Identity value using the key specified by private "keyPath" to sign the JWT body. If origID is empty, a UUID string is generated to fill the field. The origTN represents the origination telephone number; destTN represents the destination teleph
Similar to secsipid_build_identity(), but the private key data is provided as parameter instead to the file path.
Build Identity value using the private key specified by "keyPath" to sign the JWT body. The sheaders and spayload have to be string representation of JSON headers and payload to be signed. On success, the Indentity value is stored in variable $secsip
Build Identity value using the private key given by "keyData" to sign the JWT body. The sheaders and spayload have to be string representation of JSON headers and payload to be signed. On success, the Indentity value is stored in variable $secsipid(v
Copyright © 2020 http://www.asipto.com
