res_stir_shaken: Add stir_shaken option and general improvements.

Added a new configuration option for PJSIP endpoints - stir_shaken. If set to yes, then STIR/SHAKEN support will be added to inbound and outbound INVITEs. The default is no. Alembic has been updated to include this option. Previously the dialplan function was not trimming the whitespace from the parameters it recieved. Now it does. Also added a conditional that, when TEST_FRAMEWORK is enabled, the timestamp in the identity header will be overlooked. This is just for testing, since the testsuite will rely on a SIPp scenario with a preset identity header to trigger the MISMATCH result. Change-Id: I43d67f1489b8c1c5729ed3ca8d71e35ddf438df1
2025-10-24 13:50:08 +00:00 · 2020-06-24 11:49:11 -05:00
parent e88beedd08
commit 5fbed5af24
9 changed files with 127 additions and 14 deletions
--- a/configs/samples/pjsip.conf.sample
+++ b/configs/samples/pjsip.conf.sample
@@ -345,6 +345,10 @@
 ;device_state_busy_at=1
 ;allow_subscribe=yes
 ;sub_min_expiry=30
+;
+; STIR/SHAKEN support.
+;
+;stir_shaken=no

 ;[6001]
 ;type=auth
@@ -961,6 +965,20 @@
                           ; chan_sip and prevents these 183 responses from
                           ; being forwarded.
                           ; (default: no)
+;stir_shaken =
+                           ; If this is enabled, STIR/SHAKEN operations will be
+                           ; performed on this endpoint. This includes inbound
+                           ; and outbound INVITEs. On an inbound INVITE, Asterisk
+                           ; will check for an Identity header and attempt to
+                           ; verify the call. On an outbound INVITE, Asterisk will
+                           ; add an Identity header that others can use to verify
+                           ; calls from this endpoint. Additional configuration is
+                           ; done in stir_shaken.conf.
+                           ; The STIR_SHAKEN dialplan function must be used to get
+                           ; the verification results on inbound INVITEs. Nothing
+                           ; happens to the call if verification fails; it's up to
+                           ; you to determine what to do with the results.
+                           ; (default: no)

 ;==========================AUTH SECTION OPTIONS=========================
 ;[auth]
--- a/configs/samples/stir_shaken.conf.sample
+++ b/configs/samples/stir_shaken.conf.sample
@@ -14,8 +14,11 @@
 ; Maximum size to use for caching public keys
 ;cache_max_size=1000
 ;
-; Maximum time to wait to CURL certificates
-;curl_timeout
+; Maximum time (in seconds) to wait to CURL certificates
+;curl_timeout=2
+;
+; Amount of time (in seconds) a signature is valid for
+;signature_timeout=15
 ;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;
@@ -48,6 +51,9 @@
 ; URL to the public key
 ;public_key_url=http://mycompany.com/alice.pub
 ;
+; The caller ID number to match on
+;caller_id_number=1234567
+;
 ; Must have an attestation of A, B, or C
 ;attestation=C
 ;