[Asterisk-code-review] res_stir_shaken: Improve dialplan function and add test conditions. (asterisk[master])

Benjamin Keith Ford asteriskteam at digium.com
Wed Jun 24 14:45:48 CDT 2020 

Benjamin Keith Ford has uploaded this change for review. ( https://gerrit.asterisk.org/c/asterisk/+/14574 )


Change subject: res_stir_shaken: Improve dialplan function and add test conditions.
......................................................................

res_stir_shaken: Improve dialplan function and add test conditions.

Previously the dialplan function was not trimming the whitespace from
the parameters it recieved. Now it does.

Also added a conditional that, when TEST_FRAMEWORK is enabled, the
timestamp in the identity header will be overlooked. This is just for
testing, since the testsuite will rely on a SIPp scenario with a preset
identity header to trigger the MISMATCH result.

Change-Id: I43d67f1489b8c1c5729ed3ca8d71e35ddf438df1
---
M res/res_pjsip_stir_shaken.c
M res/res_stir_shaken.c
2 files changed, 31 insertions(+), 12 deletions(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/74/14574/1

diff --git a/res/res_pjsip_stir_shaken.c b/res/res_pjsip_stir_shaken.c
index 3620579..e40f3d1 100644
--- a/res/res_pjsip_stir_shaken.c
+++ b/res/res_pjsip_stir_shaken.c
@@ -95,6 +95,11 @@
 	long int timestamp;
 	struct timeval now = ast_tvnow();
 
+#ifdef TEST_FRAMEWORK
+	ast_debug(3, "Ignoring STIR/SHAKEN timestamp\n");
+	return 0;
+#endif
+
 	json = ast_json_load_string(json_str, NULL);
 	timestamp = ast_json_integer_get(ast_json_object_get(json, "iat"));
 
diff --git a/res/res_stir_shaken.c b/res/res_stir_shaken.c
index 632fd1b..2ad082b 100644
--- a/res/res_stir_shaken.c
+++ b/res/res_stir_shaken.c
@@ -153,6 +153,11 @@
 /* The maximum length for path storage */
 #define MAX_PATH_LEN 256
 
+/* The amount of time (in seconds) to add if no cache data is found for
+ * certificate expiration
+ */
+#define EXPIRATION_BUFFER 15
+
 struct ast_stir_shaken_payload {
 	/*! The JWT header */
 	struct ast_json *header;
@@ -381,6 +386,10 @@
 		}
 	}
 
+	if (ast_strlen_zero(value)) {
+		actual_expires.tv_sec += EXPIRATION_BUFFER;
+	}
+
 	snprintf(time_buf, sizeof(time_buf), "%30lu", actual_expires.tv_sec);
 
 	ast_db_put(hash, "expiration", time_buf);
@@ -1133,6 +1142,8 @@
 	struct stir_shaken_datastore *ss_datastore;
 	struct ast_datastore *datastore;
 	char *parse;
+	char *first;
+	char *second;
 	unsigned int target_index, current_index = 0;
 	AST_DECLARE_APP_ARGS(args,
 		AST_APP_ARG(first_param);
@@ -1153,17 +1164,20 @@
 
 	AST_STANDARD_APP_ARGS(args, parse);
 
-	if (ast_strlen_zero(args.first_param)) {
+	first = ast_strip(args.first_param);
+	if (ast_strlen_zero(first)) {
 		ast_log(LOG_ERROR, "An argument must be passed to %s\n", function);
 		return -1;
 	}
 
+	second = ast_strip(args.second_param);
+
 	/* Check if we are only looking for the number of STIR/SHAKEN verification results */
-	if (!strcasecmp(args.first_param, "count")) {
+	if (!strcasecmp(first, "count")) {
 
 		size_t count = 0;
 
-		if (!ast_strlen_zero(args.second_param)) {
+		if (!ast_strlen_zero(second)) {
 			ast_log(LOG_ERROR, "%s only takes 1 paramater for 'count'\n", function);
 			return -1;
 		}
@@ -1184,15 +1198,15 @@
 	/* If we aren't doing a count, then there should be two parameters. The field
 	 * we are searching for will be the second parameter. The index is the first.
 	 */
-	if (ast_strlen_zero(args.second_param)) {
+	if (ast_strlen_zero(second)) {
 		ast_log(LOG_ERROR, "Retrieving a value using %s requires two paramaters (index, value) "
-			"- only index was given (%s)\n", function, args.second_param);
+			"- only index was given (%s)\n", function, second);
 		return -1;
 	}
 
-	if (ast_str_to_uint(args.first_param, &target_index)) {
+	if (ast_str_to_uint(first, &target_index)) {
 		ast_log(LOG_ERROR, "Failed to convert index %s to integer for function %s\n",
-			args.first_param, function);
+			first, function);
 		return -1;
 	}
 
@@ -1211,19 +1225,19 @@
 	}
 	ast_channel_unlock(chan);
 	if (current_index != target_index || !datastore) {
-		ast_log(LOG_WARNING, "No STIR/SHAKEN results for index '%s'\n", args.first_param);
+		ast_log(LOG_WARNING, "No STIR/SHAKEN results for index '%s'\n", first);
 		return -1;
 	}
 	ss_datastore = datastore->data;
 
-	if (!strcasecmp(args.second_param, "identity")) {
+	if (!strcasecmp(second, "identity")) {
 		ast_copy_string(buf, ss_datastore->identity, len);
-	} else if (!strcasecmp(args.second_param, "attestation")) {
+	} else if (!strcasecmp(second, "attestation")) {
 		ast_copy_string(buf, ss_datastore->attestation, len);
-	} else if (!strcasecmp(args.second_param, "verify_result")) {
+	} else if (!strcasecmp(second, "verify_result")) {
 		ast_copy_string(buf, stir_shaken_verification_result_to_string(ss_datastore->verify_result), len);
 	} else {
-		ast_log(LOG_ERROR, "No such value '%s' for %s\n", args.second_param, function);
+		ast_log(LOG_ERROR, "No such value '%s' for %s\n", second, function);
 		return -1;
 	}
 

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/14574
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: I43d67f1489b8c1c5729ed3ca8d71e35ddf438df1
Gerrit-Change-Number: 14574
Gerrit-PatchSet: 1
Gerrit-Owner: Benjamin Keith Ford <bford at digium.com>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20200624/3098a6fb/attachment.html>

More information about the asterisk-code-review mailing list