kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-20 16:50:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

res_stir_shaken: Implemented signature verification.

Browse Source 
There are a lot of moving parts in this patch, but the focus of it is on
the verification of the signature using a public key located at the
public key URL provided in the JSON payload. First, we check the
database to see if we have already downloaded the key. If so, check to
see if it has expired. If it has, redownload from the URL. If we don't
have an entry in the database, just go ahead and download the public
key. The expiration is tested each time we download the file. After
that, read the public key from the file and use it to verify the
signature. All sanity checking is done when the payload is first
received, so the verification is complete once this point is reached.

The XML has also been added since a new config option was added to
general (curl_timeout). The maximum amount of time to wait for a
download can be configured through this option, with a low value by
default.

Change-Id: I3ba4c63880493bf8c7d17a9cfca1af0e934d1a1c
This commit is contained in:
Ben Ford
2020-04-15 13:15:21 -05:00
committed by Joshua Colp
parent 7baf2c4bf1
commit 9acf840f7c
11 changed files with 832 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
include/asterisk/res_stir_shaken.h
View File

@@ -25,6 +25,21 @@ struct ast_stir_shaken_payload;
struct ast_json;
/*!
* \brief Verify a JSON STIR/SHAKEN payload
*
* \param header The payload header
* \param payload The payload section
* \param signature The payload signature
* \param algorithm The signature algorithm
* \param public_key_url The public key URL
*
* \retval ast_stir_shaken_payload on success
* \retval NULL on failure
*/
struct ast_stir_shaken_payload *ast_stir_shaken_verify(const char *header, const char *payload, const char *signature,
const char *algorithm, const char *public_key_url);
/*!
* \brief Retrieve the stir/shaken sorcery context
*
@@ -41,6 +56,11 @@ void ast_stir_shaken_payload_free(struct ast_stir_shaken_payload *payload);
* \brief Sign a JSON STIR/SHAKEN payload
*
* \note This function will automatically add the "attest", "iat", and "origid" fields.
*
* \param json The JWT to sign
*
* \retval ast_stir_shaken_payload on success
* \retval NULL on failure
*/
struct ast_stir_shaken_payload *ast_stir_shaken_sign(struct ast_json *json);