1. Fixed the issue caused by network ID.

2. Fixed the issue caused by without certificate files. 3. Fixed the issue caused by number portability parameters in user part of RURI. 4. Updated for OSP Toolkit 3.5. git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.6.0@190576 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2025-11-08 02:48:29 +00:00 · 2009-04-27 06:14:17 +00:00
parent 08c9634115
commit ab344908be
2 changed files with 397 additions and 320 deletions
--- a/apps/app_osplookup.c
+++ b/apps/app_osplookup.c
@@ -39,6 +39,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
 #include <osp/osp.h>
 #include <osp/osputils.h>
 #include <osp/ospb64.h>
 #include "asterisk/paths.h"
 #include "asterisk/lock.h"
@@ -55,6 +56,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
 /* OSP Buffer Sizes */
 #define OSP_INTSTR_SIZE		((unsigned int)16)		/* OSP signed/unsigned int string buffer size */
 #define OSP_NORSTR_SIZE		((unsigned int)256)		/* OSP normal string buffer size */
 #define OSP_KEYSTR_SIZE		((unsigned int)1024)	/* OSP certificate string buffer size */
 #define OSP_TOKSTR_SIZE		((unsigned int)4096)	/* OSP token string buffer size */
 #define OSP_TECHSTR_SIZE	((unsigned int)32)		/* OSP signed/unsigned int string buffer size */
 #define OSP_UUID_SIZE		((unsigned int)16)		/* UUID size */
@@ -144,7 +146,7 @@ struct osp_provider {
 /* Call ID */
 struct osp_callid {
 	unsigned char buf[OSPC_CALLID_MAXSIZE];		/* Call ID string */
-	unsigned int len;					/* Call ID length */
+	unsigned int len;							/* Call ID length */
 };
 /* OSP Application In/Output Results */
@@ -167,9 +169,15 @@ struct osp_result {
 AST_MUTEX_DEFINE_STATIC(osplock);							/* Lock of OSP provider list */
 static int osp_initialized = 0;								/* Init flag */
 static int osp_hardware = 0;								/* Hardware accelleration flag */
 static int osp_security = 0;								/* Using security features flag */
 static struct osp_provider* ospproviders = NULL;			/* OSP provider list */
 static unsigned int osp_tokenformat = TOKEN_ALGO_SIGNED;	/* Token format supported */
 /* OSP default certificates */
 const char* B64PKey = "MIIBOgIBAAJBAK8t5l+PUbTC4lvwlNxV5lpl+2dwSZGW46dowTe6y133XyVEwNiiRma2YNk3xKs/TJ3Wl9Wpns2SYEAJsFfSTukCAwEAAQJAPz13vCm2GmZ8Zyp74usTxLCqSJZNyMRLHQWBM0g44Iuy4wE3vpi7Wq+xYuSOH2mu4OddnxswCP4QhaXVQavTAQIhAOBVCKXtppEw9UaOBL4vW0Ed/6EA/1D8hDW6St0h7EXJAiEAx+iRmZKhJD6VT84dtX5ZYNVk3j3dAcIOovpzUj9a0CECIEduTCapmZQ5xqAEsLXuVlxRtQgLTUD4ZxDElPn8x0MhAiBE2HlcND0+qDbvtwJQQOUzDgqg5xk3w8capboVdzAlQQIhAMC+lDL7+gDYkNAft5Mu+NObJmQs4Cr+DkDFsKqoxqrm";
 const char* B64LCert = "MIIBeTCCASMCEHqkOHVRRWr+1COq3CR/xsowDQYJKoZIhvcNAQEEBQAwOzElMCMGA1UEAxMcb3NwdGVzdHNlcnZlci50cmFuc25leHVzLmNvbTESMBAGA1UEChMJT1NQU2VydmVyMB4XDTA1MDYyMzAwMjkxOFoXDTA2MDYyNDAwMjkxOFowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCvLeZfj1G0wuJb8JTcVeZaZftncEmRluOnaME3ustd918lRMDYokZmtmDZN8SrP0yd1pfVqZ7NkmBACbBX0k7pAgMBAAEwDQYJKoZIhvcNAQEEBQADQQDnV8QNFVVJx/+7IselU0wsepqMurivXZzuxOmTEmTVDzCJx1xhA8jd3vGAj7XDIYiPub1PV23eY5a2ARJuw5w9";
 const char* B64CACert = "MIIBYDCCAQoCAQEwDQYJKoZIhvcNAQEEBQAwOzElMCMGA1UEAxMcb3NwdGVzdHNlcnZlci50cmFuc25leHVzLmNvbTESMBAGA1UEChMJT1NQU2VydmVyMB4XDTAyMDIwNDE4MjU1MloXDTEyMDIwMzE4MjU1MlowOzElMCMGA1UEAxMcb3NwdGVzdHNlcnZlci50cmFuc25leHVzLmNvbTESMBAGA1UEChMJT1NQU2VydmVyMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAPGeGwV41EIhX0jEDFLRXQhDEr50OUQPq+f55VwQd0TQNts06BP29+UiNdRW3c3IRHdZcJdC1Cg68ME9cgeq0h8CAwEAATANBgkqhkiG9w0BAQQFAANBAGkzBSj1EnnmUxbaiG1N4xjIuLAWydun7o3bFk2tV8dBIhnuh445obYyk1EnQ27kI7eACCILBZqi2MHDOIMnoN0=";
 /* OSP Client Wrapper APIs */
 /*!
@@ -182,25 +190,29 @@ static int osp_create_provider(
 	struct ast_config* cfg,
 	const char* provider)
 {
-	int res;
+	int res = 0;
 	unsigned int t, i, j;
 	struct osp_provider* p;
 	struct ast_variable* v;
 	struct osp_provider* p;
 	OSPTPRIVATEKEY privatekey;
-	OSPTCERT localcert;
+	OSPT_CERT localcert;
 	OSPT_CERT cacerts[OSP_MAX_CERTS];
 	const OSPT_CERT* pcacerts[OSP_MAX_CERTS];
 	const char* psrvpoints[OSP_MAX_SRVS];
-	OSPTCERT cacerts[OSP_MAX_CERTS];
+	unsigned char privatekeydata[OSP_KEYSTR_SIZE];
-	const OSPTCERT* pcacerts[OSP_MAX_CERTS];
+	unsigned char localcertdata[OSP_KEYSTR_SIZE];
-	int error = OSPC_ERR_NO_ERROR;
+	unsigned char cacertdata[OSP_KEYSTR_SIZE];
 	int i, t, error = OSPC_ERR_NO_ERROR;
 	if (!(p = ast_calloc(1, sizeof(*p)))) {
 		ast_log(LOG_ERROR, "Out of memory\n");
 		return -1;
 	}
 	/* ast_calloc has set 0 in p */
 	ast_copy_string(p->name, provider, sizeof(p->name));
 	snprintf(p->privatekey, sizeof(p->privatekey), "%s/%s-privatekey.pem", ast_config_AST_KEY_DIR, provider);
 	snprintf(p->localcert, sizeof(p->localcert), "%s/%s-localcert.pem", ast_config_AST_KEY_DIR, provider);
 	snprintf(p->cacerts[0], sizeof(p->cacerts[0]), "%s/%s-cacert_0.pem", ast_config_AST_KEY_DIR, provider);
 	p->maxconnections = OSP_DEF_MAXCONNECTIONS;
 	p->retrydelay = OSP_DEF_RETRYDELAY;
 	p->retrylimit = OSP_DEF_RETRYLIMIT;
@@ -212,30 +224,36 @@ static int osp_create_provider(
 	v = ast_variable_browse(cfg, provider);
 	while(v) {
 		if (!strcasecmp(v->name, "privatekey")) {
-			if (v->value[0] == '/') {
+			if (osp_security) {
 				ast_copy_string(p->privatekey, v->value, sizeof(p->privatekey));
 			} else {
 				snprintf(p->privatekey, sizeof(p->privatekey), "%s/%s", ast_config_AST_KEY_DIR, v->value);
 			}
 			ast_debug(1, "OSP: privatekey '%s'\n", p->privatekey);
 		} else if (!strcasecmp(v->name, "localcert")) {
 			if (v->value[0] == '/') {
 				ast_copy_string(p->localcert, v->value, sizeof(p->localcert));
 			} else {
 				snprintf(p->localcert, sizeof(p->localcert), "%s/%s", ast_config_AST_KEY_DIR, v->value);
 			}
 			ast_debug(1, "OSP: localcert '%s'\n", p->localcert);
 		} else if (!strcasecmp(v->name, "cacert")) {
 			if (p->cacount < OSP_MAX_CERTS) {
 				if (v->value[0] == '/') {
-					ast_copy_string(p->cacerts[p->cacount], v->value, sizeof(p->cacerts[0]));
+					ast_copy_string(p->privatekey, v->value, sizeof(p->privatekey));
 				} else {
-					snprintf(p->cacerts[p->cacount], sizeof(p->cacerts[0]), "%s/%s", ast_config_AST_KEY_DIR, v->value);
+					snprintf(p->privatekey, sizeof(p->privatekey), "%s/%s", ast_config_AST_KEY_DIR, v->value);
 				}
 				ast_debug(1, "OSP: privatekey '%s'\n", p->privatekey);
 			}
 		} else if (!strcasecmp(v->name, "localcert")) {
 			if (osp_security) {
 				if (v->value[0] == '/') {
 					ast_copy_string(p->localcert, v->value, sizeof(p->localcert));
 				} else {
 					snprintf(p->localcert, sizeof(p->localcert), "%s/%s", ast_config_AST_KEY_DIR, v->value);
 				}
 				ast_debug(1, "OSP: localcert '%s'\n", p->localcert);
 			}
 		} else if (!strcasecmp(v->name, "cacert")) {
 			if (osp_security) {
 				if (p->cacount < OSP_MAX_CERTS) {
 					if (v->value[0] == '/') {
 						ast_copy_string(p->cacerts[p->cacount], v->value, sizeof(p->cacerts[0]));
 					} else {
 						snprintf(p->cacerts[p->cacount], sizeof(p->cacerts[0]), "%s/%s", ast_config_AST_KEY_DIR, v->value);
 					}
 					ast_debug(1, "OSP: cacerts[%d]: '%s'\n", p->cacount, p->cacerts[p->cacount]);
 					p->cacount++;
 				} else {
 					ast_log(LOG_WARNING, "OSP: Too many CA Certificates at line %d\n", v->lineno);
 				}
 				ast_debug(1, "OSP: cacert[%d]: '%s'\n", p->cacount, p->cacerts[p->cacount]);
 				p->cacount++;
 			} else {
 				ast_log(LOG_WARNING, "OSP: Too many CA Certificates at line %d\n", v->lineno);
 			}
 		} else if (!strcasecmp(v->name, "servicepoint")) {
 			if (p->spcount < OSP_MAX_SRVS) {
@@ -306,95 +324,109 @@ static int osp_create_provider(
 		v = v->next;
 	}
-	error = OSPPUtilLoadPEMPrivateKey((unsigned char*)p->privatekey, &privatekey);
+	if (p->cacount == 0) {
-	if (error != OSPC_ERR_NO_ERROR) {
+		p->cacount = 1;
 		ast_log(LOG_WARNING, "OSP: Unable to load privatekey '%s', error '%d'\n", p->privatekey, error);
 		ast_free(p);
 		return 0;
 	}
 	error = OSPPUtilLoadPEMCert((unsigned char*)p->localcert, &localcert);
 	if (error != OSPC_ERR_NO_ERROR) {
 		ast_log(LOG_WARNING, "OSP: Unable to load localcert '%s', error '%d'\n", p->localcert, error);
 		if (privatekey.PrivateKeyData) {
 			ast_free(privatekey.PrivateKeyData);
 		}
 		ast_free(p);
 		return 0;
 	}
 	if (p->cacount < 1) {
 		snprintf(p->cacerts[p->cacount], sizeof(p->cacerts[0]), "%s/%s-cacert.pem", ast_config_AST_KEY_DIR, provider);
 		ast_debug(1, "OSP: cacert[%d]: '%s'\n", p->cacount, p->cacerts[p->cacount]);
 		p->cacount++;
 	}
 	for (i = 0; i < p->cacount; i++) {
 		error = OSPPUtilLoadPEMCert((unsigned char*)p->cacerts[i], &cacerts[i]);
 		if (error != OSPC_ERR_NO_ERROR) {
 			ast_log(LOG_WARNING, "OSP: Unable to load cacert '%s', error '%d'\n", p->cacerts[i], error);
 			for (j = 0; j < i; j++) {
 				if (cacerts[j].CertData) {
 					ast_free(cacerts[j].CertData);
 				}
 			}
 			if (localcert.CertData) {
 				ast_free(localcert.CertData);
 			}
 			if (privatekey.PrivateKeyData) {
 				ast_free(privatekey.PrivateKeyData);
 			}
 			ast_free(p);
 			return 0;
 		}
 		pcacerts[i] = &cacerts[i];
 	}
 	for (i = 0; i < p->spcount; i++) {
 		psrvpoints[i] = p->srvpoints[i];
 	}
-	error = OSPPProviderNew(
+	if (osp_security) {
-				p->spcount,
+		privatekey.PrivateKeyData = NULL;
-				psrvpoints,
+		privatekey.PrivateKeyLength = 0;
 				NULL,
 				OSP_AUDIT_URL,
 				&privatekey,
 				&localcert,
 				p->cacount,
 				pcacerts,
 				OSP_LOCAL_VALIDATION,
 				OSP_SSL_LIFETIME,
 				p->maxconnections,
 				OSP_HTTP_PERSISTENCE,
 				p->retrydelay,
 				p->retrylimit,
 				p->timeout,
 				OSP_CUSTOMER_ID,
 				OSP_DEVICE_ID,
 				&p->handle);
 	if (error != OSPC_ERR_NO_ERROR) {
 		ast_log(LOG_WARNING, "OSP: Unable to create provider '%s', error '%d'\n", provider, error);
 		ast_free(p);
 		res = -1;
 	} else {
 		ast_debug(1, "OSP: provider '%s'\n", provider);
 		ast_mutex_lock(&osplock);
 		p->next = ospproviders;
 		ospproviders = p;
 		ast_mutex_unlock(&osplock);
 		res = 1;
 	}
-	for (i = 0; i < p->cacount; i++) {
+		localcert.CertData = NULL;
-		if (cacerts[i].CertData) {
+		localcert.CertDataLength = 0;
-			ast_free(cacerts[i].CertData);
+
 		for (i = 0; i < p->cacount; i++) {
 			cacerts[i].CertData = NULL;
 			cacerts[i].CertDataLength = 0;
 		}
 		if ((error = OSPPUtilLoadPEMPrivateKey((unsigned char*)p->privatekey, &privatekey)) != OSPC_ERR_NO_ERROR) {
 			ast_log(LOG_WARNING, "OSP: Unable to load privatekey '%s', error '%d'\n", p->privatekey, error);
 		} else if ((error = OSPPUtilLoadPEMCert((unsigned char*)p->localcert, &localcert)) != OSPC_ERR_NO_ERROR) { 
 			ast_log(LOG_WARNING, "OSP: Unable to load localcert '%s', error '%d'\n", p->localcert, error);
 		} else {
 			for (i = 0; i < p->cacount; i++) {
 				if ((error = OSPPUtilLoadPEMCert((unsigned char*)p->cacerts[i], &cacerts[i])) != OSPC_ERR_NO_ERROR) {
 					ast_log(LOG_WARNING, "OSP: Unable to load cacert '%s', error '%d'\n", p->cacerts[i], error);
 					break;
 				} else {
 					pcacerts[i] = &cacerts[i];
 				}
 			}
 		}
 	} else {
 		privatekey.PrivateKeyData = privatekeydata;
 		privatekey.PrivateKeyLength = sizeof(privatekeydata);
 		localcert.CertData = localcertdata;
 		localcert.CertDataLength = sizeof(localcertdata);
 		cacerts[0].CertData = cacertdata;
 		cacerts[0].CertDataLength = sizeof(cacertdata);
 		pcacerts[0] = &cacerts[0];
 		if ((error = OSPPBase64Decode(B64PKey, strlen(B64PKey), privatekey.PrivateKeyData, &privatekey.PrivateKeyLength)) != OSPC_ERR_NO_ERROR) {
 			ast_log(LOG_WARNING, "OSP: Unable to decode private key, error '%d'\n", error);
 		} else if ((error = OSPPBase64Decode(B64LCert, strlen(B64LCert), localcert.CertData, &localcert.CertDataLength)) != OSPC_ERR_NO_ERROR) {
 			ast_log(LOG_WARNING, "OSP: Unable to decode local cert, error '%d'\n", error);
 		} else if ((error = OSPPBase64Decode(B64CACert, strlen(B64CACert), cacerts[0].CertData, &cacerts[0].CertDataLength)) != OSPC_ERR_NO_ERROR) {
 			ast_log(LOG_WARNING, "OSP: Unable to decode cacert, error '%d'\n", error);
 		}
 	}
-	if (localcert.CertData) {
+
-		ast_free(localcert.CertData);
+	if (error == OSPC_ERR_NO_ERROR) {
 		error = OSPPProviderNew(
 			p->spcount,
 			psrvpoints,
 			NULL,
 			OSP_AUDIT_URL,
 			&privatekey,
 			&localcert,
 			p->cacount,
 			pcacerts,
 			OSP_LOCAL_VALIDATION,
 			OSP_SSL_LIFETIME,
 			p->maxconnections,
 			OSP_HTTP_PERSISTENCE,
 			p->retrydelay,
 			p->retrylimit,
 			p->timeout,
 			OSP_CUSTOMER_ID,
 			OSP_DEVICE_ID,
 			&p->handle);
 		if (error != OSPC_ERR_NO_ERROR) {
 			ast_log(LOG_WARNING, "OSP: Unable to create provider '%s', error '%d'\n", provider, error);
 			res = -1;
 		} else {
 			ast_debug(1, "OSP: provider '%s'\n", provider);
 			ast_mutex_lock(&osplock);
 			p->next = ospproviders;
 			ospproviders = p;
 			ast_mutex_unlock(&osplock);
 			res = 1;
 		}
 	}
-	if (privatekey.PrivateKeyData) {
+
-		ast_free(privatekey.PrivateKeyData);
+	if (osp_security) {
 		for (i = 0; i < p->cacount; i++) {
 			if (cacerts[i].CertData) {
 				ast_free(cacerts[i].CertData);
 			}
 		}
 		if (localcert.CertData) {
 			ast_free(localcert.CertData);
 		}
 		if (privatekey.PrivateKeyData) {
 			ast_free(privatekey.PrivateKeyData);
 		}
 	}
 	if (res != 1) {
 		ast_free(p);
 	}
 	return res;
@@ -524,26 +556,26 @@ static int osp_validate_token(
 	osp_convert_address(source, src, sizeof(src));
 	osp_convert_address(destination, dst, sizeof(dst));
 	error = OSPPTransactionValidateAuthorisation(
-				transaction,
+		transaction,
-				src,
+		src,
-				dst,
+		dst,
-				NULL,
+		NULL,
-				NULL,
+		NULL,
-				calling ? calling : "",
+		calling ? calling : "",
-				OSPC_E164,
+		OSPC_NFORMAT_E164,
-				called,
+		called,
-				OSPC_E164,
+		OSPC_NFORMAT_E164,
-				0,
+		0,
-				NULL,
+		NULL,
-				tokenlen,
+		tokenlen,
-				(char*)tokenstr,
+		(char*)tokenstr,
-				&authorised,
+		&authorised,
-				timelimit,
+		timelimit,
-				&dummy,
+		&dummy,
-				NULL,
+		NULL,
-				osp_tokenformat);
+		osp_tokenformat);
 	if (error != OSPC_ERR_NO_ERROR) {
-		ast_debug(1, "OSP: Unable to validate inbound token\n");
+		ast_debug(1, "OSP: Unable to validate inbound token, error '%d'\n", error);
 		res = -1;
 	} else if (authorised) {
 		ast_debug(1, "OSP: Authorised\n");
@@ -594,12 +626,12 @@ static int osp_check_destination(
 	char* destination,
 	unsigned int tokenlen,
 	const char* token,
-	enum OSPEFAILREASON* reason,
+	OSPEFAILREASON* reason,
 	struct osp_result* result)
 {
 	int res;
-	OSPE_DEST_OSP_ENABLED enabled;
+	OSPE_DEST_OSPENABLED enabled;
-	OSPE_DEST_PROT protocol;
+	OSPE_DEST_PROTOCOL protocol;
 	int error;
 	if (strlen(destination) <= 2) {
@@ -614,7 +646,7 @@ static int osp_check_destination(
 		return -1;
 	}
-	if (enabled == OSPE_OSP_FALSE) {
+	if (enabled == OSPC_DOSP_FALSE) {
 		result->token[0] = '\0';
 	} else {
 		ast_base64encode(result->token, (const unsigned char*)token, tokenlen, sizeof(result->token) - 1);
@@ -637,45 +669,45 @@ static int osp_check_destination(
 	/* Strip leading and trailing brackets */
 	destination[strlen(destination) - 1] = '\0';
 	switch(protocol) {
-		case OSPE_DEST_PROT_H323_SETUP:
+	case OSPC_DPROT_Q931:
-			ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_H323);
+		ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_H323);
-			ast_copy_string(result->tech, OSP_TECH_H323, sizeof(result->tech));
+		ast_copy_string(result->tech, OSP_TECH_H323, sizeof(result->tech));
-			ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
+		ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
-			ast_copy_string(result->called, called, sizeof(result->called));
+		ast_copy_string(result->called, called, sizeof(result->called));
-			ast_copy_string(result->calling, calling, sizeof(result->calling));
+		ast_copy_string(result->calling, calling, sizeof(result->calling));
-			break;
+		break;
-		case OSPE_DEST_PROT_SIP:
+	case OSPC_DPROT_SIP:
-			ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_SIP);
+		ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_SIP);
-			ast_copy_string(result->tech, OSP_TECH_SIP, sizeof(result->tech));
+		ast_copy_string(result->tech, OSP_TECH_SIP, sizeof(result->tech));
-			ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
+		ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
-			ast_copy_string(result->called, called, sizeof(result->called));
+		ast_copy_string(result->called, called, sizeof(result->called));
-			ast_copy_string(result->calling, calling, sizeof(result->calling));
+		ast_copy_string(result->calling, calling, sizeof(result->calling));
-			break;
+		break;
-		case OSPE_DEST_PROT_IAX:
+	case OSPC_DPROT_IAX:
-			ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_IAX);
+		ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_IAX);
-			ast_copy_string(result->tech, OSP_TECH_IAX, sizeof(result->tech));
+		ast_copy_string(result->tech, OSP_TECH_IAX, sizeof(result->tech));
-			ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
+		ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
-			ast_copy_string(result->called, called, sizeof(result->called));
+		ast_copy_string(result->called, called, sizeof(result->called));
-			ast_copy_string(result->calling, calling, sizeof(result->calling));
+		ast_copy_string(result->calling, calling, sizeof(result->calling));
-			break;
+		break;
-		case OSPE_DEST_PROT_UNDEFINED:
+	case OSPC_DPROT_UNDEFINED:
-		case OSPE_DEST_PROT_UNKNOWN:
+	case OSPC_DPROT_UNKNOWN:
-			ast_debug(1, "OSP: unknown/undefined protocol '%d'\n", protocol);
+		ast_debug(1, "OSP: unknown/undefined protocol '%d'\n", protocol);
-			ast_debug(1, "OSP: use default protocol '%s'\n", provider->defaultprotocol);
+		ast_debug(1, "OSP: use default protocol '%s'\n", provider->defaultprotocol);
-			ast_copy_string(result->tech, provider->defaultprotocol, sizeof(result->tech));
+		ast_copy_string(result->tech, provider->defaultprotocol, sizeof(result->tech));
-			ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
+		ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
-			ast_copy_string(result->called, called, sizeof(result->called));
+		ast_copy_string(result->called, called, sizeof(result->called));
-			ast_copy_string(result->calling, calling, sizeof(result->calling));
+		ast_copy_string(result->calling, calling, sizeof(result->calling));
-			break;
+		break;
-		case OSPE_DEST_PROT_H323_LRQ:
+	case OSPC_DPROT_LRQ:
-		default:
+	default:
-			ast_log(LOG_WARNING, "OSP: unsupported protocol '%d'\n", protocol);
+		ast_log(LOG_WARNING, "OSP: unsupported protocol '%d'\n", protocol);
-			*reason = OSPC_FAIL_PROTOCOL_ERROR;
+		*reason = OSPC_FAIL_PROTOCOL_ERROR;
-			result->token[0] = '\0';
+		result->token[0] = '\0';
-			result->networkid[0] = '\0';
+		result->networkid[0] = '\0';
-			res = 0;
+		res = 0;
-			break;
+		break;
 	}
 	return res;
@@ -686,10 +718,10 @@ static int osp_check_destination(
 * \param cause Asterisk hangup cause
 * \return OSP TC code
 */
-static enum OSPEFAILREASON asterisk2osp(
+static OSPEFAILREASON asterisk2osp(
 	int cause)
 {
-	return (enum OSPEFAILREASON)cause;
+	return (OSPEFAILREASON)cause;
 }
 /*!
@@ -725,32 +757,32 @@ static int osp_auth(
 	}
 	switch (p->authpolicy) {
-		case OSP_AUTH_NO:
+	case OSP_AUTH_NO:
 		res = 1;
 		break;
 	case OSP_AUTH_EXCLUSIVE:
 		if (ast_strlen_zero(token)) {
 			res = 0;
 		} else if ((res = osp_create_transaction(provider, transaction, sizeof(dest), dest)) <= 0) {
 			ast_debug(1, "OSP: Unable to generate transaction handle\n");
 			*transaction = OSP_INVALID_HANDLE;
 			res = 0;
 		} else if((res = osp_validate_token(*transaction, source, dest, calling, called, token, timelimit)) <= 0) {
 			OSPPTransactionRecordFailure(*transaction, OSPC_FAIL_CALL_REJECTED);
 		}
 		break;
 	case OSP_AUTH_YES:
 	default:
 		if (ast_strlen_zero(token)) {
 			res = 1;
-			break;
+		} else if ((res = osp_create_transaction(provider, transaction, sizeof(dest), dest)) <= 0) {
-		case OSP_AUTH_EXCLUSIVE:
+			ast_debug(1, "OSP: Unable to generate transaction handle\n");
-			if (ast_strlen_zero(token)) {
+			*transaction = OSP_INVALID_HANDLE;
-				res = 0;
+			res = 0;
-			} else if ((res = osp_create_transaction(provider, transaction, sizeof(dest), dest)) <= 0) {
+		} else if((res = osp_validate_token(*transaction, source, dest, calling, called, token, timelimit)) <= 0) {
-				ast_debug(1, "OSP: Unable to generate transaction handle\n");
+			OSPPTransactionRecordFailure(*transaction, OSPC_FAIL_CALL_REJECTED);
-				*transaction = OSP_INVALID_HANDLE;
+		}
-				res = 0;
+		break;
 			} else if((res = osp_validate_token(*transaction, source, dest, calling, called, token, timelimit)) <= 0) {
 				OSPPTransactionRecordFailure(*transaction, OSPC_FAIL_CALL_REJECTED);
 			}
 			break;
 		case OSP_AUTH_YES:
 		default:
 			if (ast_strlen_zero(token)) {
 				res = 1;
 			} else if ((res = osp_create_transaction(provider, transaction, sizeof(dest), dest)) <= 0) {
 				ast_debug(1, "OSP: Unable to generate transaction handle\n");
 				*transaction = OSP_INVALID_HANDLE;
 				res = 0;
 			} else if((res = osp_validate_token(*transaction, source, dest, calling, called, token, timelimit)) <= 0) {
 				OSPPTransactionRecordFailure(*transaction, OSPC_FAIL_CALL_REJECTED);
 			}
 			break;
 	}
 	return res;
@@ -823,15 +855,15 @@ static int osp_create_callid(
 	callid->len = sizeof(callid->buf);
 	switch (type) {
-		case OSP_CALLID_H323:
+	case OSP_CALLID_H323:
-			res = osp_create_uuid(callid->buf, &callid->len);
+		res = osp_create_uuid(callid->buf, &callid->len);
-			break;
+		break;
-		case OSP_CALLID_SIP:
+	case OSP_CALLID_SIP:
-		case OSP_CALLID_IAX:
+	case OSP_CALLID_IAX:
-			res = 0;
+		res = 0;
-		default:
+	default:
-			res = -1;
+		res = -1;
-			break;
+		break;
 	}
 	if ((res != 1) && (callid->len != 0)) {
@@ -848,6 +880,8 @@ static int osp_create_callid(
 * \param srcdev Source device of outbound call
 * \param calling Calling number
 * \param called Called number
 * \param snetid Source network ID
 * \param rnumber Routing number
 * \param callidtypes Call ID types
 * \param result Lookup results
 * \return 1 Found , 0 No route, -1 Error
@@ -857,6 +891,8 @@ static int osp_lookup(
 	const char* srcdev,
 	const char* calling,
 	const char* called,
 	const char* snetid,
 	const char* rnumber,
 	unsigned int callidtypes,
 	struct osp_result* result)
 {
@@ -873,9 +909,9 @@ static int osp_lookup(
 	unsigned int i, type;
 	struct osp_callid callid;
 	unsigned int callidnum;
-	OSPTCALLID* callids[OSP_CALLID_MAXNUM];
+	OSPT_CALL_ID* callids[OSP_CALLID_MAXNUM];
 	unsigned int dummy = 0;
-	enum OSPEFAILREASON reason;
+	OSPEFAILREASON reason;
 	int error;
 	result->outhandle = OSP_INVALID_HANDLE;
@@ -902,6 +938,14 @@ static int osp_lookup(
 		return -1;
 	}
 	if (!ast_strlen_zero(snetid)) {
 		OSPPTransactionSetNetworkIds(result->outhandle, snetid, "");
 	}
 	if (!ast_strlen_zero(rnumber)) {
 		OSPPTransactionSetRoutingNumber(result->outhandle, rnumber);
 	}
 	callidnum = 0;
 	callids[0] = NULL;
 	for (i = 0; i < OSP_CALLID_MAXNUM; i++) {
@@ -919,27 +963,27 @@ static int osp_lookup(
 	osp_convert_address(srcdev, dev, sizeof(dev));
 	result->numresults = OSP_DEF_DESTINATIONS;
 	error = OSPPTransactionRequestAuthorisation(
-				result->outhandle,
+		result->outhandle,
-				src,
+		src,
-				dev,
+		dev,
-				calling ? calling : "",
+		calling ? calling : "",
-				OSPC_E164,
+		OSPC_NFORMAT_E164,
-				called,
+		called,
-				OSPC_E164,
+		OSPC_NFORMAT_E164,
-				NULL,
+		NULL,
-				callidnum,
+		callidnum,
-				callids,
+		callids,
-				NULL,
+		NULL,
-				&result->numresults,
+		&result->numresults,
-				&dummy,
+		&dummy,
-				NULL);
+		NULL);
 	for (i = 0; i < callidnum; i++) {
 		OSPPCallIdDelete(&callids[i]);
 	}
 	if (error != OSPC_ERR_NO_ERROR) {
-		ast_debug(1, "OSP: Unable to request authorization\n");
+		ast_debug(1, "OSP: Unable to request authorization, error '%d'\n", error);
 		result->numresults = 0;
 		if (result->inhandle != OSP_INVALID_HANDLE) {
 			OSPPTransactionRecordFailure(result->inhandle, OSPC_FAIL_NORMAL_UNSPECIFIED);
@@ -958,25 +1002,25 @@ static int osp_lookup(
 	result->outcallid.len = sizeof(result->outcallid.buf);
 	tokenlen = sizeof(token);
 	error = OSPPTransactionGetFirstDestination(
-				result->outhandle,
+		result->outhandle,
-				0,
+		0,
-				NULL,
+		NULL,
-				NULL,
+		NULL,
-				&result->outtimelimit,
+		&result->outtimelimit,
-				&result->outcallid.len,
+		&result->outcallid.len,
-				result->outcallid.buf,
+		result->outcallid.buf,
-				sizeof(callednum),
+		sizeof(callednum),
-				callednum,
+		callednum,
-				sizeof(callingnum),
+		sizeof(callingnum),
-				callingnum,
+		callingnum,
-				sizeof(destination),
+		sizeof(destination),
-				destination,
+		destination,
-				0,
+		0,
-				NULL,
+		NULL,
-				&tokenlen,
+		&tokenlen,
-				token);
+		token);
 	if (error != OSPC_ERR_NO_ERROR) {
-		ast_debug(1, "OSP: Unable to get first route\n");
+		ast_debug(1, "OSP: Unable to get first route, error '%d'\n", error);
 		result->numresults = 0;
 		result->outtimelimit = OSP_DEF_TIMELIMIT;
 		if (result->inhandle != OSP_INVALID_HANDLE) {
@@ -1011,24 +1055,24 @@ static int osp_lookup(
 		result->outcallid.len = sizeof(result->outcallid.buf);
 		tokenlen = sizeof(token);
 		error = OSPPTransactionGetNextDestination(
-					result->outhandle,
+			result->outhandle,
-					reason,
+			reason,
-					0,
+			0,
-					NULL,
+			NULL,
-					NULL,
+			NULL,
-					&result->outtimelimit,
+			&result->outtimelimit,
-					&result->outcallid.len,
+			&result->outcallid.len,
-					result->outcallid.buf,
+			result->outcallid.buf,
-					sizeof(callednum),
+			sizeof(callednum),
-					callednum,
+			callednum,
-					sizeof(callingnum),
+			sizeof(callingnum),
-					callingnum,
+			callingnum,
-					sizeof(destination),
+			sizeof(destination),
-					destination,
+			destination,
-					0,
+			0,
-					NULL,
+			NULL,
-					&tokenlen,
+			&tokenlen,
-					token);
+			token);
 		if (error == OSPC_ERR_NO_ERROR) {
 			result->numresults--;
 			result->outtimelimit = osp_choose_timelimit(result->intimelimit, result->outtimelimit);
@@ -1082,7 +1126,7 @@ static int osp_next(
 	char destination[OSP_NORSTR_SIZE];
 	unsigned int tokenlen;
 	char token[OSP_TOKSTR_SIZE];
-	enum OSPEFAILREASON reason;
+	OSPEFAILREASON reason;
 	int error;
 	result->tech[0] = '\0';
@@ -1122,24 +1166,24 @@ static int osp_next(
 		result->outcallid.len = sizeof(result->outcallid.buf);
 		tokenlen = sizeof(token);
 		error = OSPPTransactionGetNextDestination(
-					result->outhandle,
+			result->outhandle,
-					reason,
+			reason,
-					0,
+			0,
-					NULL,
+			NULL,
-					NULL,
+			NULL,
-					&result->outtimelimit,
+			&result->outtimelimit,
-					&result->outcallid.len,
+			&result->outcallid.len,
-					result->outcallid.buf,
+			result->outcallid.buf,
-					sizeof(callednum),
+			sizeof(callednum),
-					callednum,
+			callednum,
-					sizeof(callingnum),
+			sizeof(callingnum),
-					callingnum,
+			callingnum,
-					sizeof(destination),
+			sizeof(destination),
-					destination,
+			destination,
-					0,
+			0,
-					NULL,
+			NULL,
-					&tokenlen,
+			&tokenlen,
-					token);
+			token);
 		if (error == OSPC_ERR_NO_ERROR) {
 			result->numresults--;
 			result->outtimelimit = osp_choose_timelimit(result->intimelimit, result->outtimelimit);
@@ -1198,7 +1242,7 @@ static int osp_finish(
 	unsigned int release)
 {
 	int res;
-	enum OSPEFAILREASON reason;
+	OSPEFAILREASON reason;
 	time_t alert = 0;
 	unsigned isPddInfoPresent = 0;
 	unsigned pdd = 0;
@@ -1215,22 +1259,22 @@ static int osp_finish(
 	}
 	error = OSPPTransactionReportUsage(
-				handle,
+		handle,
-				difftime(end, connect),
+		difftime(end, connect),
-				start,
+		start,
-				end,
+		end,
-				alert,
+		alert,
-				connect,
+		connect,
-				isPddInfoPresent,
+		isPddInfoPresent,
-				pdd,
+		pdd,
-				release,
+		release,
-				(unsigned char*)"",
+		NULL,
-				0,
+		-1,
-				0,
+		-1,
-				0,
+		-1,
-				0,
+		-1,
-				&dummy,
+		&dummy,
-				NULL);
+		NULL);
 	if (error == OSPC_ERR_NO_ERROR) {
 		ast_debug(1, "OSP: Usage reported\n");
 		res = 1;
@@ -1340,7 +1384,8 @@ static int osplookup_exec(
 	struct varshead* headp;
 	struct ast_var_t* current;
 	const char* srcdev = "";
-	const char* netid = "";
+	const char* snetid = "";
 	const char* rnumber = "";
 	char buffer[OSP_TOKSTR_SIZE];
 	unsigned int callidtypes = OSP_CALLID_UNDEFINED;
 	struct osp_result result;
@@ -1399,21 +1444,24 @@ static int osplookup_exec(
 				result.intimelimit = OSP_DEF_TIMELIMIT;
 			}
 		} else if (!strcasecmp(ast_var_name(current), "OSPINNETWORKID")) {
-			netid = ast_var_value(current);
+			snetid = ast_var_value(current);
 		} else if (!strcasecmp(ast_var_name(current), "OSPROUTINGNUMBER")) {
 			rnumber = ast_var_value(current);
 		} else if (!strcasecmp(ast_var_name(current), "OSPPEERIP")) {
 			srcdev = ast_var_value(current);
 		}
 	}
 	ast_debug(1, "OSPLookup: OSPINHANDLE '%d'\n", result.inhandle);
 	ast_debug(1, "OSPLookup: OSPINTIMELIMIT '%d'\n", result.intimelimit);
-	ast_debug(1, "OSPLookup: OSPINNETWORKID '%s'\n", netid);
+	ast_debug(1, "OSPLookup: OSPINNETWORKID '%s'\n", snetid);
 	ast_debug(1, "OSPLookup: OSPROUTINGNUMBER '%s'\n", rnumber);
 	ast_debug(1, "OSPLookup: source device '%s'\n", srcdev);
 	if ((cres = ast_autoservice_start(chan)) < 0) {
 		return -1;
 	}
-	if ((res = osp_lookup(provider, srcdev, chan->cid.cid_num, args.exten, callidtypes, &result)) > 0) {
+	if ((res = osp_lookup(provider, srcdev, chan->cid.cid_num, args.exten, snetid, rnumber, callidtypes, &result)) > 0) {
 		status = AST_OSP_SUCCESS;
 	} else {
 		result.tech[0] = '\0';
@@ -1444,6 +1492,8 @@ static int osplookup_exec(
 	ast_debug(1, "OSPLookup: OSPCALLED '%s'\n", result.called);
 	pbx_builtin_setvar_helper(chan, "OSPCALLING", result.calling);
 	ast_debug(1, "OSPLookup: OSPCALLING '%s'\n", result.calling);
 	pbx_builtin_setvar_helper(chan, "OSPOUTNETWORKID", result.networkid);
 	ast_debug(1, "OSPLookup: OSPOUTNETWORKID '%s'\n", result.networkid);
 	pbx_builtin_setvar_helper(chan, "OSPOUTTOKEN", result.token);
 	ast_debug(1, "OSPLookup: OSPOUTTOKEN size '%zd'\n", strlen(result.token));
 	snprintf(buffer, sizeof(buffer), "%d", result.numresults);
@@ -1605,6 +1655,8 @@ static int ospnext_exec(
 	ast_debug(1, "OSPNext: OSPCALLED'%s'\n", result.called);
 	pbx_builtin_setvar_helper(chan, "OSPCALLING", result.calling);
 	ast_debug(1, "OSPNext: OSPCALLING '%s'\n", result.calling);
 	pbx_builtin_setvar_helper(chan, "OSPOUTNETWORKID", result.networkid);
 	ast_debug(1, "OSPLookup: OSPOUTNETWORKID '%s'\n", result.networkid);
 	pbx_builtin_setvar_helper(chan, "OSPOUTTOKEN", result.token);
 	ast_debug(1, "OSPNext: OSPOUTTOKEN size '%zd'\n", strlen(result.token));
 	snprintf(buffer, sizeof(buffer), "%d", result.numresults);
@@ -1734,11 +1786,11 @@ static int ospfinished_exec(
 		ast_debug(1, "OSPFinish: Unable to report usage for outbound call\n");
 	}
 	switch (cause) {
-		case AST_CAUSE_NORMAL_CLEARING:
+	case AST_CAUSE_NORMAL_CLEARING:
-			break;
+		break;
-		default:
+	default:
-			cause = AST_CAUSE_NO_ROUTE_DESTINATION;
+		cause = AST_CAUSE_NO_ROUTE_DESTINATION;
-			break;
+		break;
 	}
 	if (osp_finish(inhandle, recorded, cause, start, connect, end, release) <= 0) {
 		ast_debug(1, "OSPFinish: Unable to report usage for inbound call\n");
@@ -1796,6 +1848,12 @@ static int osp_load(int reload)
 		}
 		ast_debug(1, "OSP: osp_hardware '%d'\n", osp_hardware);
 		t = ast_variable_retrieve(cfg, OSP_GENERAL_CAT, "securityfeatures");
 		if (t && ast_true(t)) {
 			osp_security = 1;
 		}
 		ast_debug(1, "OSP: osp_security '%d'\n", osp_security);
 		t = ast_variable_retrieve(cfg, OSP_GENERAL_CAT, "tokenformat");
 		if (t) {
 			if ((sscanf(t, "%d", &v) == 1) &&
@@ -1849,6 +1907,7 @@ static int osp_unload(void)
 		OSPPCleanup();
 		osp_tokenformat = TOKEN_ALGO_SIGNED;
 		osp_security = 0;
 		osp_hardware = 0;
 		osp_initialized = 0;
 	}
@@ -1880,19 +1939,22 @@ static char *handle_cli_osp_show(struct ast_cli_entry *e, int cmd, struct ast_cl
 		provider = a->argv[2];
 	if (!provider) {
 		switch (osp_tokenformat) {
-			case TOKEN_ALGO_BOTH:
+		case TOKEN_ALGO_BOTH:
-				tokenalgo = "Both";
+			tokenalgo = "Both";
-				break;
+			break;
-			case TOKEN_ALGO_UNSIGNED:
+		case TOKEN_ALGO_UNSIGNED:
-				tokenalgo = "Unsigned";
+			tokenalgo = "Unsigned";
-				break;
+			break;
-			case TOKEN_ALGO_SIGNED:
+		case TOKEN_ALGO_SIGNED:
-			default:
+		default:
-				tokenalgo = "Signed";
+			tokenalgo = "Signed";
-				break;
+			break;
 		}
-		ast_cli(a->fd, "OSP: %s %s %s\n",
+		ast_cli(a->fd, "OSP: %s/%s/%s/%s\n",
-			osp_initialized ? "Initialized" : "Uninitialized", osp_hardware ? "Accelerated" : "Normal", tokenalgo);
+			osp_initialized ? "Initialized" : "Uninitialized", 
 			osp_hardware ? "Accelerated" : "Normal", 
 			osp_security ? "Enabled" : "Disabled", 
 			tokenalgo);
 	}
 	ast_mutex_lock(&osplock);
@@ -1903,10 +1965,12 @@ static char *handle_cli_osp_show(struct ast_cli_entry *e, int cmd, struct ast_cl
 				ast_cli(a->fd, "\n");
 			}
 			ast_cli(a->fd, " == OSP Provider '%s' == \n", p->name);
-			ast_cli(a->fd, "Local Private Key: %s\n", p->privatekey);
+			if (osp_security) {
-			ast_cli(a->fd, "Local Certificate: %s\n", p->localcert);
+				ast_cli(a->fd, "Local Private Key: %s\n", p->privatekey);
-			for (i = 0; i < p->cacount; i++) {
+				ast_cli(a->fd, "Local Certificate: %s\n", p->localcert);
-				ast_cli(a->fd, "CA Certificate %d:  %s\n", i + 1, p->cacerts[i]);
+				for (i = 0; i < p->cacount; i++) {
 					ast_cli(a->fd, "CA Certificate %d:  %s\n", i + 1, p->cacerts[i]);
 				}
 			}
 			for (i = 0; i < p->spcount; i++) {
 				ast_cli(a->fd, "Service Point %d:   %s\n", i + 1, p->srvpoints[i]);
@@ -1930,7 +1994,7 @@ static char *handle_cli_osp_show(struct ast_cli_entry *e, int cmd, struct ast_cl
 			ast_cli(a->fd, "Unable to find OSP provider '%s'\n", provider);
 		} else {
 			ast_cli(a->fd, "No OSP providers configured\n");
-		}	
+		}
 	}
 	return CLI_SUCCESS;
 }
--- a/configs/osp.conf.sample
+++ b/configs/osp.conf.sample
@@ -12,14 +12,23 @@
 [general]
 ;
 ; Enable cryptographic acceleration hardware.  
 ; The default value is no.
 ;
 ;accelerate=no
 ;
 ; Enable security features.
 ; If security features are disabled, Asterisk cannot validate signed tokens and
 ; all certificate file name parameters are ignored.
 ; The default value is no.
 ;
 ;securityfeatures=no
 ;
 ; Defines the status of tokens that Asterisk will validate. 
 ; 0 - signed tokens only 
 ; 1 - unsigned tokens only 
 ; 2 - both signed and unsigned
 ; The default value is 0, i.e. the Asterisk will only validate signed tokens.
 ; If securityfeatures are disabled, Asterisk cannot validate signed tokens.
 ;
 ;tokenformat=0
 ;
@@ -43,6 +52,7 @@
 ; If this parameter is unspecified or not present, the default name will be the 
 ; osp.conf section name followed by "-privatekey.pem" (for example: 
 ; default-privatekey.pem)
 ; If securityfeatures are disabled, this parameter is ignored.
 ;
 ;privatekey=pkey.pem
 ;
@@ -50,6 +60,7 @@
 ; If this parameter is unspecified or not present, the default name will be the 
 ; osp.conf section name followed by "- localcert.pem " (for example: 
 ; default-localcert.pem)  
 ; If securityfeatures are disabled, this parameter is ignored.
 ;
 ;localcert=localcert.pem
 ;
@@ -57,6 +68,7 @@
 ; a single Certificate Authority key file name is added with the default name of 
 ; the osp.conf section name followed by "-cacert_0.pem " (for example: 
 ; default-cacert_0.pem)
 ; If securityfeatures are disabled, this parameter is ignored.
 ;
 ;cacert=cacert_0.pem
 ;
@@ -81,6 +93,7 @@
 ; 2 - EXCLUSIVE - Accept calls with valid token. Block calls with invalid token 
 ;                 or no token.
 ; Default is 1,
 ; If securityfeatures are disabled, Asterisk cannot validate signed tokens.
 ;
 ;authpolicy=1
 ;