[Asterisk-code-review] res_pjsip_stir_shaken: Use correct Caller ID to lookup certificate. (asterisk[19])

Fri Jul 23 14:30:51 CDT 2021

Sean Bright has uploaded this change for review. ( https://gerrit.asterisk.org/c/asterisk/+/16216 )


Change subject: res_pjsip_stir_shaken: Use correct Caller ID to lookup certificate.
......................................................................

res_pjsip_stir_shaken: Use correct Caller ID to lookup certificate.

Determine the Caller ID to use for certificate lookup based on the
same logic we use when setting up the INVITE session. This allows
Caller ID set via the CALLERID() function to be used for STIR/SHAKEN
certificate lookup.

ASTERISK-29169 #close

Change-Id: I6f1f9c56ceb989d3ad4e16f069b4273166614b9a
---
M res/res_pjsip_stir_shaken.c
1 file changed, 23 insertions(+), 9 deletions(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/16/16216/1

diff --git a/res/res_pjsip_stir_shaken.c b/res/res_pjsip_stir_shaken.c
index b2b2084..8c20061 100644
--- a/res/res_pjsip_stir_shaken.c
+++ b/res/res_pjsip_stir_shaken.c
@@ -26,6 +26,7 @@
 
 #include "asterisk.h"
 
+#include "asterisk/callerid.h"
 #include "asterisk/res_pjsip.h"
 #include "asterisk/res_pjsip_session.h"
 #include "asterisk/module.h"
@@ -208,7 +209,7 @@
 	return 0;
 }
 
-static int add_identity_header(const struct ast_sip_session *session, pjsip_tx_data *tdata)
+static int add_identity_header(pjsip_tx_data *tdata, const struct ast_party_id *party_id)
 {
 	static const pj_str_t identity_str = { "Identity", 8 };
 	pjsip_generic_string_hdr *identity_hdr;
@@ -258,7 +259,7 @@
 	json = ast_json_pack("{s: {s: s, s: s, s: s}, s: {s: {s: [s]}, s: {s: s}}}",
 		"header", "alg", "ES256", "ppt", "shaken", "typ", "passport",
 		"payload", "dest", "tn", dest_tn, "orig", "tn",
-		session->id.number.str);
+		party_id->number.str);
 	if (!json) {
 		ast_log(LOG_ERROR, "Failed to allocate memory for STIR/SHAKEN JSON\n");
 		return -1;
@@ -333,21 +334,34 @@
 
 static void stir_shaken_outgoing_request(struct ast_sip_session *session, pjsip_tx_data *tdata)
 {
+	struct ast_party_id effective_id;
+	struct ast_party_id connected_id;
+
 	if (!session->endpoint->stir_shaken) {
 		return;
 	}
 
-	if (ast_strlen_zero(session->id.number.str) && session->id.number.valid) {
+	ast_party_id_init(&connected_id);
+	ast_channel_lock(session->channel);
+	effective_id = ast_channel_connected_effective_id(session->channel);
+	ast_party_id_copy(&connected_id, &effective_id);
+	ast_channel_unlock(session->channel);
+
+	/* XXX: This if statement is logically the same as the first if statement in
+	   res_pjsip_caller_id.c:add_id_headers. They should be combined. */
+	if (!connected_id.number.valid
+		|| (!session->endpoint->id.trust_outbound
+		   && (ast_party_id_presentation(&connected_id) & AST_PRES_RESTRICTION) != AST_PRES_ALLOWED)) {
+		ast_party_id_free(&connected_id);
 		return;
 	}
 
-	/* If adding the Identity header fails for some reason, there's no point
-	 * adding the Date header.
-	 */
-	if ((add_identity_header(session, tdata)) != 0) {
-		return;
+	if (add_identity_header(tdata, &connected_id) == 0) {
+		/* Only add the Date header if we succeeded in adding the Identity header */
+		add_date_header(session, tdata);
 	}
-	add_date_header(session, tdata);
+
+	ast_party_id_free(&connected_id);
 }
 
 static struct ast_sip_session_supplement stir_shaken_supplement = {

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/16216
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 19
Gerrit-Change-Id: I6f1f9c56ceb989d3ad4e16f069b4273166614b9a
Gerrit-Change-Number: 16216
Gerrit-PatchSet: 1
Gerrit-Owner: Sean Bright <sean at seanbright.com>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20210723/089995d7/attachment-0001.html>
