[Asterisk-code-review] res_stir_shaken: Implemented signature verification. (asterisk[master])

Benjamin Keith Ford asteriskteam at digium.com
Wed Apr 29 12:47:47 CDT 2020 

Hello Joshua Colp, George Joseph, Kevin Harwell, Friendly Automation, 

I'd like you to reexamine a change. Please visit

    https://gerrit.asterisk.org/c/asterisk/+/14220

to look at the new patch set (#7).

Change subject: res_stir_shaken: Implemented signature verification.
......................................................................

res_stir_shaken: Implemented signature verification.

There are a lot of moving parts in this patch, but the focus of it is on
the verification of the signature using a public key located at the
public key URL provided in the JSON payload. First, we check the
database to see if we have already downloaded the key. If so, check to
see if it has expired. If it has, redownload from the URL. If we don't
have an entry in the database, just go ahead and download the public
key. The expiration is tested each time we download the file. After
that, read the public key from the file and use it to verify the
signature. All sanity checking is done when the payload is first
received, so the verification is complete once this point is reached.

The XML has also been added since a new config option was added to
general (curl_timeout). The maximum amount of time to wait for a
download can be configured through this option, with a low value by
default.

Change-Id: I3ba4c63880493bf8c7d17a9cfca1af0e934d1a1c
---
M Makefile
A doc/UPGRADE-staging/res_stir_shaken_directory.txt
M include/asterisk/res_stir_shaken.h
M res/res_stir_shaken.c
M res/res_stir_shaken/certificate.c
A res/res_stir_shaken/curl.c
A res/res_stir_shaken/curl.h
M res/res_stir_shaken/general.c
M res/res_stir_shaken/general.h
M res/res_stir_shaken/stir_shaken.c
M res/res_stir_shaken/stir_shaken.h
11 files changed, 832 insertions(+), 18 deletions(-)


  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/20/14220/7
-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/14220
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: I3ba4c63880493bf8c7d17a9cfca1af0e934d1a1c
Gerrit-Change-Number: 14220
Gerrit-PatchSet: 7
Gerrit-Owner: Benjamin Keith Ford <bford at digium.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Joshua Colp <jcolp at sangoma.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
Gerrit-MessageType: newpatchset
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20200429/dcf9e980/attachment-0001.html>

More information about the asterisk-code-review mailing list