<p>George Joseph has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/7528">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">secure_calling: Add off-nominal call tests<br><br>Change-Id: I898602f411b68a60fab1cc99fffec1714d5999d9<br>---<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.key<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/extensions.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/pjsip.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.key<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.key<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/extensions.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/pjsip.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/test-config.yaml<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.key<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/extensions.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/pjsip.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.key<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/extensions.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/pjsip.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/test-config.yaml<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.key<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/extensions.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/pjsip.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.key<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/extensions.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/pjsip.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/test-config.yaml<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.key<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/extensions.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/pjsip.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.key<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.key<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2.crt<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/extensions.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/pjsip.conf<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/test-config.yaml<br>A tests/channels/pjsip/secure_calling/calls/off-nominal/tests.yaml<br>51 files changed, 712 insertions(+), 0 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/testsuite refs/changes/28/7528/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.crt<br>new file mode 120000<br>index 0000000..7373cdc<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.key<br>new file mode 120000<br>index 0000000..e7956fb<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1-ast1.key<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast1.key<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1.crt<br>new file mode 120000<br>index 0000000..f28c13f<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/ca1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/extensions.conf<br>new file mode 100644<br>index 0000000..b90594a<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/extensions.conf<br>@@ -0,0 +1,19 @@<br>+; I'm Alice<br>+; When the testsuite calls originate, this instance will call bob (ast3) via<br>+; the pbx (ast2) and the created channel will be connected to start@default.<br>+<br>+[default]<br>+exten => start,1,Answer()<br>+same => n,BackgroundDetect(tt-weasels,1,20,,5000)<br>+same => n,NoOp(Talking was NOT detected! Trying again)<br>+same => n,BackgroundDetect(tt-weasels,1,20,,5000)<br>+same => n,NoOp(Talking was NOT detected!)<br>+same => n,UserEvent(TalkDetect, result: fail)<br>+same => n,Hangup()<br>+<br>+; If talking is detected then it jumps here<br>+exten => talk,1,NoOp(Talking was detected!)<br>+same => n,UserEvent(TalkDetect, result: pass)<br>+same => n,Playback(tt-weasels)<br>+same => n,Wait(2)<br>+same => n,Hangup()<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/pjsip.conf<br>new file mode 100644<br>index 0000000..ed41c88<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast1/pjsip.conf<br>@@ -0,0 +1,37 @@<br>+; I'm Alice (ast1) with a connection to the pbx (ast2)<br>+<br>+[local-transport-tls]<br>+type = transport<br>+protocol = tls<br>+method = tlsv1<br>+cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256,AES256-SHA256<br>+priv_key_file = <<astetcdir>>/ca1-ast1.key<br>+cert_file = <<astetcdir>>/ca1-ast1.crt<br>+ca_list_file = <<astetcdir>>/ca1.crt<br>+verify_client = yes<br>+verify_server = yes<br>+require_client_cert = yes<br>+async_operations = 20<br>+bind = 127.0.0.1:5061<br>+<br>+[pbx-ast2]<br>+type=endpoint<br>+transport=local-transport-tls<br>+context=default<br>+allow=!all,ulaw,alaw<br>+media_address=127.0.0.1<br>+direct_media=no<br>+from_user=alice<br>+from_domain=127.0.0.1<br>+aors=pbx-ast2<br>+trust_id_inbound = yes<br>+trust_id_outbound = yes<br>+media_encryption = dtls<br>+dtls_private_key = <<astetcdir>>/ca1-ast1.key<br>+dtls_cert_file = <<astetcdir>>/ca1-ast1.crt<br>+dtls_ca_file = <<astetcdir>>/ca1.crt<br>+dtls_verify = yes<br>+<br>+[pbx-ast2]<br>+type=aor<br>+contact=sips:127.0.0.1:5062\;transport=tls<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.crt<br>new file mode 120000<br>index 0000000..48e3817<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast2.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.key<br>new file mode 120000<br>index 0000000..2963fc7<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1-ast2.key<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast2.key<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1.crt<br>new file mode 120000<br>index 0000000..f28c13f<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.crt<br>new file mode 120000<br>index 0000000..439d604<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca2/ca2-ast2.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.key<br>new file mode 120000<br>index 0000000..309b783<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2-ast2.key<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca2/ca2-ast2.key<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2.crt<br>new file mode 120000<br>index 0000000..8a70e54<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/ca2.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca2/ca2.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/extensions.conf<br>new file mode 100644<br>index 0000000..e379760<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/extensions.conf<br>@@ -0,0 +1,5 @@<br>+<br>+[default]<br>+exten => bob,1,Answer()<br>+ same => n,Playback(tt-weasels)<br>+ same => n,Hangup()<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/pjsip.conf<br>new file mode 100644<br>index 0000000..7d44391<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/configs/ast2/pjsip.conf<br>@@ -0,0 +1,38 @@<br>+; I'm the pbx (ast2) expecting connections from alice (ast1)<br>+<br>+[local-transport-tls]<br>+type = transport<br>+protocol = tls<br>+method = tlsv1<br>+cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256,AES256-SHA256<br>+priv_key_file = <<astetcdir>>/ca1-ast2.key<br>+cert_file = <<astetcdir>>/ca1-ast2.crt<br>+ca_list_file = <<astetcdir>>/ca1.crt<br>+verify_client = yes<br>+verify_server = yes<br>+require_client_cert = yes<br>+async_operations = 20<br>+bind = 127.0.0.1:5062<br>+<br>+[endpoint-template-tls](!)<br>+type=endpoint<br>+transport=local-transport-tls<br>+context=default<br>+allow=!all,ulaw,alaw<br>+media_address=127.0.0.1<br>+direct_media=no<br>+trust_id_inbound = yes<br>+trust_id_outbound = yes<br>+<br>+[alice](endpoint-template-tls)<br>+aors=alice<br>+from_user=pbx-ast2<br>+media_encryption = dtls<br>+dtls_private_key = <<astetcdir>>/ca2-ast2.key<br>+dtls_cert_file = <<astetcdir>>/ca2-ast2.crt<br>+dtls_ca_file = <<astetcdir>>/ca2.crt<br>+dtls_verify = yes<br>+<br>+[alice]<br>+type = aor<br>+contact = sips:alice@127.0.0.1:5061\;transport=tls<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/test-config.yaml b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/test-config.yaml<br>new file mode 100644<br>index 0000000..957da30<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/dtls_verify_failure/test-config.yaml<br>@@ -0,0 +1,77 @@<br>+testinfo:<br>+ summary: 'Tests sips/tls and dtls/sdes'<br>+ description: |<br>+ 'Run two instances of Asterisk, "alice" and "pbx" to test<br>+ dtls verify failure.<br>+ alice has certs and keys from ca1.<br>+ pbx has them for both ca1 and ca2 and uses ca1 for sips<br>+ then uses ca2 for dtls.<br>+ Both have verify enabled.<br>+<br>+ pbx answers and sends audio back to alice.<br>+ alice should NOT detect any since the sdp negotiation should have<br>+ failed.<br>+<br>+test-modules:<br>+ test-object:<br>+ config-section: test-object-config<br>+ typename: 'test_case.TestCaseModule'<br>+ modules:<br>+ -<br>+ config-section: originator-config-tls<br>+ typename: 'pluggable_modules.Originator'<br>+ -<br>+ config-section: 'ami-config'<br>+ typename: 'pluggable_modules.EventActionModule'<br>+<br>+test-object-config:<br>+ asterisk-instances: 2<br>+ connect-ami: True<br>+<br>+# Alice calls bob via pbx1 then connects the call to the "start"<br>+# extension which does the audio detection.<br>+originator-config-tls:<br>+ trigger: 'ami_connect'<br>+ ignore-originate-failure: 'no'<br>+ id: '0'<br>+ channel: 'PJSIP/bob@pbx-ast2'<br>+ context: 'default'<br>+ exten: 'start'<br>+ priority: '1'<br>+ async: 'True'<br>+<br>+ami-config:<br>+ # Alice events<br>+ -<br>+ ami-events:<br>+ type: 'headermatch'<br>+ id: '0'<br>+ conditions:<br>+ match:<br>+ Event: 'UserEvent'<br>+ Channel: 'PJSIP/pbx-ast2.*'<br>+ UserEvent: 'TalkDetect'<br>+# We must NOT get a TalkDetect Userevent <br>+ count: '0'<br>+ -<br>+ ami-events:<br>+ type: 'headermatch'<br>+ id: '1'<br>+ conditions:<br>+ match:<br>+ Event: 'TestEvent'<br>+ State: 'SESSION_DESTROYED'<br>+ Endpoint: 'alice'<br>+ count: '1'<br>+ stop_test:<br>+<br>+properties:<br>+ minversion: '12.0.0'<br>+ dependencies:<br>+ - asterisk : 'chan_pjsip'<br>+ - asterisk : 'res_pjsip'<br>+ - asterisk : 'res_pjsip_session'<br>+ - asterisk : 'res_pjsip_sips_contact'<br>+ - asterisk : 'res_srtp'<br>+ tags:<br>+ - pjsip<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.crt<br>new file mode 120000<br>index 0000000..7373cdc<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.key<br>new file mode 120000<br>index 0000000..e7956fb<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1-ast1.key<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast1.key<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1.crt<br>new file mode 120000<br>index 0000000..f28c13f<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/ca1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/extensions.conf<br>new file mode 100644<br>index 0000000..b90594a<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/extensions.conf<br>@@ -0,0 +1,19 @@<br>+; I'm Alice<br>+; When the testsuite calls originate, this instance will call bob (ast3) via<br>+; the pbx (ast2) and the created channel will be connected to start@default.<br>+<br>+[default]<br>+exten => start,1,Answer()<br>+same => n,BackgroundDetect(tt-weasels,1,20,,5000)<br>+same => n,NoOp(Talking was NOT detected! Trying again)<br>+same => n,BackgroundDetect(tt-weasels,1,20,,5000)<br>+same => n,NoOp(Talking was NOT detected!)<br>+same => n,UserEvent(TalkDetect, result: fail)<br>+same => n,Hangup()<br>+<br>+; If talking is detected then it jumps here<br>+exten => talk,1,NoOp(Talking was detected!)<br>+same => n,UserEvent(TalkDetect, result: pass)<br>+same => n,Playback(tt-weasels)<br>+same => n,Wait(2)<br>+same => n,Hangup()<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/pjsip.conf<br>new file mode 100644<br>index 0000000..0cb86d4<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast1/pjsip.conf<br>@@ -0,0 +1,38 @@<br>+; I'm Alice (ast1) with a connection to the pbx (ast2)<br>+<br>+[local-transport-tls]<br>+type = transport<br>+protocol = tls<br>+method = tlsv1<br>+cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256<br>+priv_key_file = <<astetcdir>>/ca1-ast1.key<br>+cert_file = <<astetcdir>>/ca1-ast1.crt<br>+ca_list_file = <<astetcdir>>/ca1.crt<br>+verify_client = yes<br>+verify_server = yes<br>+require_client_cert = yes<br>+async_operations = 20<br>+bind = 127.0.0.1:5061<br>+<br>+[pbx-ast2]<br>+type=endpoint<br>+transport=local-transport-tls<br>+context=default<br>+allow=!all,ulaw,alaw<br>+media_address=127.0.0.1<br>+direct_media=no<br>+from_user=alice<br>+from_domain=127.0.0.1<br>+aors=pbx-ast2<br>+trust_id_inbound = yes<br>+trust_id_outbound = yes<br>+media_encryption = dtls<br>+dtls_private_key = <<astetcdir>>/ca1-ast1.key<br>+dtls_cert_file = <<astetcdir>>/ca1-ast1.crt<br>+dtls_ca_file = <<astetcdir>>/ca1.crt<br>+dtls_verify = yes<br>+dtls_cipher = AES256-SHA256<br>+<br>+[pbx-ast2]<br>+type=aor<br>+contact=sips:127.0.0.1:5062\;transport=tls<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.crt<br>new file mode 120000<br>index 0000000..48e3817<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast2.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.key<br>new file mode 120000<br>index 0000000..2963fc7<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1-ast2.key<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast2.key<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1.crt<br>new file mode 120000<br>index 0000000..f28c13f<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/ca1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/extensions.conf<br>new file mode 100644<br>index 0000000..e379760<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/extensions.conf<br>@@ -0,0 +1,5 @@<br>+<br>+[default]<br>+exten => bob,1,Answer()<br>+ same => n,Playback(tt-weasels)<br>+ same => n,Hangup()<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/pjsip.conf<br>new file mode 100644<br>index 0000000..3b4819f<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/configs/ast2/pjsip.conf<br>@@ -0,0 +1,39 @@<br>+; I'm the pbx (ast2) expecting connections from alice (ast1)<br>+<br>+[local-transport-tls]<br>+type = transport<br>+protocol = tls<br>+method = tlsv1<br>+cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256<br>+priv_key_file = <<astetcdir>>/ca1-ast2.key<br>+cert_file = <<astetcdir>>/ca1-ast2.crt<br>+ca_list_file = <<astetcdir>>/ca1.crt<br>+verify_client = yes<br>+verify_server = yes<br>+require_client_cert = yes<br>+async_operations = 20<br>+bind = 127.0.0.1:5062<br>+<br>+[endpoint-template-tls](!)<br>+type=endpoint<br>+transport=local-transport-tls<br>+context=default<br>+allow=!all,ulaw,alaw<br>+media_address=127.0.0.1<br>+direct_media=no<br>+trust_id_inbound = yes<br>+trust_id_outbound = yes<br>+<br>+[alice](endpoint-template-tls)<br>+aors=alice<br>+from_user=pbx-ast2<br>+media_encryption = dtls<br>+dtls_private_key = <<astetcdir>>/ca1-ast2.key<br>+dtls_cert_file = <<astetcdir>>/ca1-ast2.crt<br>+dtls_ca_file = <<astetcdir>>/ca1.crt<br>+dtls_verify = yes<br>+dtls_cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256<br>+<br>+[alice]<br>+type = aor<br>+contact = sips:alice@127.0.0.1:5061\;transport=tls<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/test-config.yaml b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/test-config.yaml<br>new file mode 100644<br>index 0000000..95c1dd0<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_dtls_ciphers_in_common/test-config.yaml<br>@@ -0,0 +1,78 @@<br>+testinfo:<br>+ summary: 'Tests sips/tls and dtls/sdes'<br>+ description: |<br>+ 'Run two instances of Asterisk, "alice" and "pbx" to test<br>+ dtls cipher failure.<br>+ alice<>pbx uses dtls for media.<br>+ alice has only the AES256-SHA256 dtls cipher enabled.<br>+ pbx has only the AES128 ciphers enabled.<br>+<br>+ sips tls negotiation should pass.<br>+ pbx answers and sends audio back to alice.<br>+ alice should NOT detect any since the sdp negotiation should have<br>+ failed.<br>+<br>+test-modules:<br>+ test-object:<br>+ config-section: test-object-config<br>+ typename: 'test_case.TestCaseModule'<br>+ modules:<br>+ -<br>+ config-section: originator-config-tls<br>+ typename: 'pluggable_modules.Originator'<br>+ -<br>+ config-section: 'ami-config'<br>+ typename: 'pluggable_modules.EventActionModule'<br>+<br>+test-object-config:<br>+ asterisk-instances: 2<br>+ connect-ami: True<br>+<br>+# Alice calls bob via pbx1 then connects the call to the "start"<br>+# extension which does the audio detection.<br>+originator-config-tls:<br>+ trigger: 'ami_connect'<br>+ ignore-originate-failure: 'no'<br>+ id: '0'<br>+ channel: 'PJSIP/bob@pbx-ast2'<br>+ context: 'default'<br>+ exten: 'start'<br>+ priority: '1'<br>+ async: 'True'<br>+<br>+ami-config:<br>+ # Alice events<br>+ -<br>+ ami-events:<br>+ type: 'headermatch'<br>+ id: '0'<br>+ conditions:<br>+ match:<br>+ Event: 'UserEvent'<br>+ Channel: 'PJSIP/pbx-ast2.*'<br>+ UserEvent: 'TalkDetect'<br>+# We must NOT get a TalkDetect UserEvent.<br>+ count: '0'<br>+ -<br>+ ami-events:<br>+ type: 'headermatch'<br>+ id: '1'<br>+ conditions:<br>+ match:<br>+ Event: 'TestEvent'<br>+ State: 'SESSION_DESTROYED'<br>+ Endpoint: 'alice'<br>+ count: '1'<br>+ stop_test:<br>+<br>+properties:<br>+ minversion: '12.0.0'<br>+ dependencies:<br>+ - buildoption: 'TEST_FRAMEWORK'<br>+ - asterisk : 'chan_pjsip'<br>+ - asterisk : 'res_pjsip'<br>+ - asterisk : 'res_pjsip_session'<br>+ - asterisk : 'res_pjsip_sips_contact'<br>+ - asterisk : 'res_srtp'<br>+ tags:<br>+ - pjsip<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.crt<br>new file mode 120000<br>index 0000000..7373cdc<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.key<br>new file mode 120000<br>index 0000000..e7956fb<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1-ast1.key<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast1.key<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1.crt<br>new file mode 120000<br>index 0000000..f28c13f<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/ca1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/extensions.conf<br>new file mode 100644<br>index 0000000..b90594a<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/extensions.conf<br>@@ -0,0 +1,19 @@<br>+; I'm Alice<br>+; When the testsuite calls originate, this instance will call bob (ast3) via<br>+; the pbx (ast2) and the created channel will be connected to start@default.<br>+<br>+[default]<br>+exten => start,1,Answer()<br>+same => n,BackgroundDetect(tt-weasels,1,20,,5000)<br>+same => n,NoOp(Talking was NOT detected! Trying again)<br>+same => n,BackgroundDetect(tt-weasels,1,20,,5000)<br>+same => n,NoOp(Talking was NOT detected!)<br>+same => n,UserEvent(TalkDetect, result: fail)<br>+same => n,Hangup()<br>+<br>+; If talking is detected then it jumps here<br>+exten => talk,1,NoOp(Talking was detected!)<br>+same => n,UserEvent(TalkDetect, result: pass)<br>+same => n,Playback(tt-weasels)<br>+same => n,Wait(2)<br>+same => n,Hangup()<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/pjsip.conf<br>new file mode 100644<br>index 0000000..ca981ec<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast1/pjsip.conf<br>@@ -0,0 +1,37 @@<br>+; I'm Alice (ast1) with a connection to the pbx (ast2)<br>+<br>+[local-transport-tls]<br>+type = transport<br>+protocol = tls<br>+method = tlsv1<br>+cipher = AES256-SHA256<br>+priv_key_file = <<astetcdir>>/ca1-ast1.key<br>+cert_file = <<astetcdir>>/ca1-ast1.crt<br>+ca_list_file = <<astetcdir>>/ca1.crt<br>+verify_client = yes<br>+verify_server = yes<br>+require_client_cert = yes<br>+async_operations = 20<br>+bind = 127.0.0.1:5061<br>+<br>+[pbx-ast2]<br>+type=endpoint<br>+transport=local-transport-tls<br>+context=default<br>+allow=!all,ulaw,alaw<br>+media_address=127.0.0.1<br>+direct_media=no<br>+from_user=alice<br>+from_domain=127.0.0.1<br>+aors=pbx-ast2<br>+trust_id_inbound = yes<br>+trust_id_outbound = yes<br>+media_encryption = dtls<br>+dtls_private_key = <<astetcdir>>/ca1-ast1.key<br>+dtls_cert_file = <<astetcdir>>/ca1-ast1.crt<br>+dtls_ca_file = <<astetcdir>>/ca1.crt<br>+dtls_verify = yes<br>+<br>+[pbx-ast2]<br>+type=aor<br>+contact=sips:127.0.0.1:5062\;transport=tls<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.crt<br>new file mode 120000<br>index 0000000..48e3817<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast2.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.key<br>new file mode 120000<br>index 0000000..2963fc7<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1-ast2.key<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast2.key<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1.crt<br>new file mode 120000<br>index 0000000..f28c13f<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/ca1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/extensions.conf<br>new file mode 100644<br>index 0000000..e379760<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/extensions.conf<br>@@ -0,0 +1,5 @@<br>+<br>+[default]<br>+exten => bob,1,Answer()<br>+ same => n,Playback(tt-weasels)<br>+ same => n,Hangup()<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/pjsip.conf<br>new file mode 100644<br>index 0000000..c5793d0<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/configs/ast2/pjsip.conf<br>@@ -0,0 +1,38 @@<br>+; I'm the pbx (ast2) with a connections to Alice (ast1) and Bob (ast2)<br>+<br>+[local-transport-tls]<br>+type = transport<br>+protocol = tls<br>+method = tlsv1<br>+cipher = cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256<br>+priv_key_file = <<astetcdir>>/ca1-ast2.key<br>+cert_file = <<astetcdir>>/ca1-ast2.crt<br>+ca_list_file = <<astetcdir>>/ca1.crt<br>+verify_client = yes<br>+verify_server = yes<br>+require_client_cert = yes<br>+async_operations = 20<br>+bind = 127.0.0.1:5062<br>+<br>+[endpoint-template-tls](!)<br>+type=endpoint<br>+transport=local-transport-tls<br>+context=default<br>+allow=!all,ulaw,alaw<br>+media_address=127.0.0.1<br>+direct_media=no<br>+trust_id_inbound = yes<br>+trust_id_outbound = yes<br>+<br>+[alice](endpoint-template-tls)<br>+aors=alice<br>+from_user=pbx-ast2<br>+media_encryption = dtls<br>+dtls_private_key = <<astetcdir>>/ca1-ast2.key<br>+dtls_cert_file = <<astetcdir>>/ca1-ast2.crt<br>+dtls_ca_file = <<astetcdir>>/ca1.crt<br>+dtls_verify = yes<br>+<br>+[alice]<br>+type = aor<br>+contact = sips:alice@127.0.0.1:5061\;transport=tls<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/test-config.yaml b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/test-config.yaml<br>new file mode 100644<br>index 0000000..dab7ad5<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/no_sips_ciphers_in_common/test-config.yaml<br>@@ -0,0 +1,62 @@<br>+testinfo:<br>+ summary: 'Tests sips/tls and dtls/sdes'<br>+ description: |<br>+ 'Run two instances of Asterisk, "alice" and "pbx" to test<br>+ sips cipher failure.<br>+ alice has only the AES256-SHA256 sips cipher enabled.<br>+ pbx has only the AES128 ciphers enabled.<br>+<br>+ The call should fail OriginateResponse failure.<br>+<br>+test-modules:<br>+ test-object:<br>+ config-section: test-object-config<br>+ typename: 'test_case.TestCaseModule'<br>+ modules:<br>+ -<br>+ config-section: originator-config-tls<br>+ typename: 'pluggable_modules.Originator'<br>+ -<br>+ config-section: 'ami-config'<br>+ typename: 'pluggable_modules.EventActionModule'<br>+<br>+test-object-config:<br>+ asterisk-instances: 2<br>+ connect-ami: True<br>+<br>+# Alice calls bob via pbx1 then connects the call to the "start"<br>+# extension which does the audio detection.<br>+originator-config-tls:<br>+ trigger: 'ami_connect'<br>+ ignore-originate-failure: 'no'<br>+ id: '0'<br>+ channel: 'PJSIP/bob@pbx-ast2'<br>+ context: 'default'<br>+ exten: 'start'<br>+ priority: '1'<br>+ async: 'True'<br>+<br>+ami-config:<br>+ # Alice events<br>+ -<br>+ ami-events:<br>+ type: 'headermatch'<br>+ id: '0'<br>+ conditions:<br>+ match:<br>+ Event: 'OriginateResponse'<br>+ Channel: 'PJSIP/bob@pbx-ast2'<br>+ Response: 'Failure'<br>+ count: '1'<br>+ stop_test:<br>+<br>+properties:<br>+ minversion: '12.0.0'<br>+ dependencies:<br>+ - asterisk : 'chan_pjsip'<br>+ - asterisk : 'res_pjsip'<br>+ - asterisk : 'res_pjsip_session'<br>+ - asterisk : 'res_pjsip_sips_contact'<br>+ - asterisk : 'res_srtp'<br>+ tags:<br>+ - pjsip<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.crt<br>new file mode 120000<br>index 0000000..7373cdc<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.key<br>new file mode 120000<br>index 0000000..e7956fb<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1-ast1.key<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast1.key<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1.crt<br>new file mode 120000<br>index 0000000..f28c13f<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/ca1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/extensions.conf<br>new file mode 100644<br>index 0000000..b90594a<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/extensions.conf<br>@@ -0,0 +1,19 @@<br>+; I'm Alice<br>+; When the testsuite calls originate, this instance will call bob (ast3) via<br>+; the pbx (ast2) and the created channel will be connected to start@default.<br>+<br>+[default]<br>+exten => start,1,Answer()<br>+same => n,BackgroundDetect(tt-weasels,1,20,,5000)<br>+same => n,NoOp(Talking was NOT detected! Trying again)<br>+same => n,BackgroundDetect(tt-weasels,1,20,,5000)<br>+same => n,NoOp(Talking was NOT detected!)<br>+same => n,UserEvent(TalkDetect, result: fail)<br>+same => n,Hangup()<br>+<br>+; If talking is detected then it jumps here<br>+exten => talk,1,NoOp(Talking was detected!)<br>+same => n,UserEvent(TalkDetect, result: pass)<br>+same => n,Playback(tt-weasels)<br>+same => n,Wait(2)<br>+same => n,Hangup()<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/pjsip.conf<br>new file mode 100644<br>index 0000000..ca981ec<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast1/pjsip.conf<br>@@ -0,0 +1,37 @@<br>+; I'm Alice (ast1) with a connection to the pbx (ast2)<br>+<br>+[local-transport-tls]<br>+type = transport<br>+protocol = tls<br>+method = tlsv1<br>+cipher = AES256-SHA256<br>+priv_key_file = <<astetcdir>>/ca1-ast1.key<br>+cert_file = <<astetcdir>>/ca1-ast1.crt<br>+ca_list_file = <<astetcdir>>/ca1.crt<br>+verify_client = yes<br>+verify_server = yes<br>+require_client_cert = yes<br>+async_operations = 20<br>+bind = 127.0.0.1:5061<br>+<br>+[pbx-ast2]<br>+type=endpoint<br>+transport=local-transport-tls<br>+context=default<br>+allow=!all,ulaw,alaw<br>+media_address=127.0.0.1<br>+direct_media=no<br>+from_user=alice<br>+from_domain=127.0.0.1<br>+aors=pbx-ast2<br>+trust_id_inbound = yes<br>+trust_id_outbound = yes<br>+media_encryption = dtls<br>+dtls_private_key = <<astetcdir>>/ca1-ast1.key<br>+dtls_cert_file = <<astetcdir>>/ca1-ast1.crt<br>+dtls_ca_file = <<astetcdir>>/ca1.crt<br>+dtls_verify = yes<br>+<br>+[pbx-ast2]<br>+type=aor<br>+contact=sips:127.0.0.1:5062\;transport=tls<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.crt<br>new file mode 120000<br>index 0000000..48e3817<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast2.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.key<br>new file mode 120000<br>index 0000000..2963fc7<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1-ast2.key<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1-ast2.key<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1.crt<br>new file mode 120000<br>index 0000000..f28c13f<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca1.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca1/ca1.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.crt<br>new file mode 120000<br>index 0000000..439d604<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca2/ca2-ast2.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.key b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.key<br>new file mode 120000<br>index 0000000..309b783<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2-ast2.key<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca2/ca2-ast2.key<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2.crt b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2.crt<br>new file mode 120000<br>index 0000000..8a70e54<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/ca2.crt<br>@@ -0,0 +1 @@<br>+../../../../../../../../../configs/keys/ca2/ca2.crt<br>\ No newline at end of file<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/extensions.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/extensions.conf<br>new file mode 100644<br>index 0000000..e379760<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/extensions.conf<br>@@ -0,0 +1,5 @@<br>+<br>+[default]<br>+exten => bob,1,Answer()<br>+ same => n,Playback(tt-weasels)<br>+ same => n,Hangup()<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/pjsip.conf b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/pjsip.conf<br>new file mode 100644<br>index 0000000..f095548<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/configs/ast2/pjsip.conf<br>@@ -0,0 +1,38 @@<br>+; I'm the pbx (ast2) expecting connections from alice (ast1)<br>+<br>+[local-transport-tls]<br>+type = transport<br>+protocol = tls<br>+method = tlsv1<br>+cipher = cipher = AES128-CCM,AES128-CCM8,AES128-GCM-SHA256,AES128-SHA256,AES256-SHA256<br>+priv_key_file = <<astetcdir>>/ca2-ast2.key<br>+cert_file = <<astetcdir>>/ca2-ast2.crt<br>+ca_list_file = <<astetcdir>>/ca2.crt<br>+verify_client = yes<br>+verify_server = yes<br>+require_client_cert = yes<br>+async_operations = 20<br>+bind = 127.0.0.1:5062<br>+<br>+[endpoint-template-tls](!)<br>+type=endpoint<br>+transport=local-transport-tls<br>+context=default<br>+allow=!all,ulaw,alaw<br>+media_address=127.0.0.1<br>+direct_media=no<br>+trust_id_inbound = yes<br>+trust_id_outbound = yes<br>+<br>+[alice](endpoint-template-tls)<br>+aors=alice<br>+from_user=pbx-ast2<br>+media_encryption = dtls<br>+dtls_private_key = <<astetcdir>>/ca1-ast2.key<br>+dtls_cert_file = <<astetcdir>>/ca1-ast2.crt<br>+dtls_ca_file = <<astetcdir>>/ca1.crt<br>+dtls_verify = yes<br>+<br>+[alice]<br>+type = aor<br>+contact = sips:alice@127.0.0.1:5061\;transport=tls<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/test-config.yaml b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/test-config.yaml<br>new file mode 100644<br>index 0000000..1d2bed5<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/sips_verify_failure/test-config.yaml<br>@@ -0,0 +1,62 @@<br>+testinfo:<br>+ summary: 'Tests sips/tls and dtls/sdes'<br>+ description: |<br>+ 'Run two instances of Asterisk, "alice" and "pbx" to test<br>+ sips verify failure.<br>+ alice has only the AES256-SHA256 sips cipher enabled.<br>+ pbx has only the AES128 ciphers enabled.<br>+<br>+ The call should fail with OriginateResponse failure.<br>+<br>+test-modules:<br>+ test-object:<br>+ config-section: test-object-config<br>+ typename: 'test_case.TestCaseModule'<br>+ modules:<br>+ -<br>+ config-section: originator-config-tls<br>+ typename: 'pluggable_modules.Originator'<br>+ -<br>+ config-section: 'ami-config'<br>+ typename: 'pluggable_modules.EventActionModule'<br>+<br>+test-object-config:<br>+ asterisk-instances: 2<br>+ connect-ami: True<br>+<br>+# Alice calls bob via pbx1 then connects the call to the "start"<br>+# extension which does the audio detection.<br>+originator-config-tls:<br>+ trigger: 'ami_connect'<br>+ ignore-originate-failure: 'no'<br>+ id: '0'<br>+ channel: 'PJSIP/bob@pbx-ast2'<br>+ context: 'default'<br>+ exten: 'start'<br>+ priority: '1'<br>+ async: 'True'<br>+<br>+ami-config:<br>+ # Alice events<br>+ -<br>+ ami-events:<br>+ type: 'headermatch'<br>+ id: '0'<br>+ conditions:<br>+ match:<br>+ Event: 'OriginateResponse'<br>+ Channel: 'PJSIP/bob@pbx-ast2'<br>+ Response: 'Failure'<br>+ count: '1'<br>+ stop_test:<br>+<br>+properties:<br>+ minversion: '12.0.0'<br>+ dependencies:<br>+ - asterisk : 'chan_pjsip'<br>+ - asterisk : 'res_pjsip'<br>+ - asterisk : 'res_pjsip_session'<br>+ - asterisk : 'res_pjsip_sips_contact'<br>+ - asterisk : 'res_srtp'<br>+ tags:<br>+ - pjsip<br>diff --git a/tests/channels/pjsip/secure_calling/calls/off-nominal/tests.yaml b/tests/channels/pjsip/secure_calling/calls/off-nominal/tests.yaml<br>new file mode 100644<br>index 0000000..a8df9fc<br>--- /dev/null<br>+++ b/tests/channels/pjsip/secure_calling/calls/off-nominal/tests.yaml<br>@@ -0,0 +1,5 @@<br>+tests:<br>+ - test: 'no_dtls_ciphers_in_common'<br>+ - test: 'no_sips_ciphers_in_common'<br>+ - test: 'dtls_verify_failure'<br>+ - test: 'sips_verify_failure'<br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/7528">change 7528</a>. To unsubscribe, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/7528"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: testsuite </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: I898602f411b68a60fab1cc99fffec1714d5999d9 </div>
<div style="display:none"> Gerrit-Change-Number: 7528 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: George Joseph <gjoseph@digium.com> </div>