<p>Sean Bright has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/18863">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">res_pjsip_stir_shaken: Use correct Caller ID to lookup certificate.<br><br>Determine the Caller ID to use for certificate lookup based on the<br>same logic we use when setting up the INVITE session. This allows<br>Caller ID set via the CALLERID() function to be used for STIR/SHAKEN<br>certificate lookup.<br><br>ASTERISK-29169 #close<br><br>Change-Id: I6f1f9c56ceb989d3ad4e16f069b4273166614b9a<br>---<br>M res/res_pjsip_stir_shaken.c<br>1 file changed, 22 insertions(+), 9 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/63/18863/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/res/res_pjsip_stir_shaken.c b/res/res_pjsip_stir_shaken.c</span><br><span>index 82c8df0..eb6228d 100644</span><br><span>--- a/res/res_pjsip_stir_shaken.c</span><br><span>+++ b/res/res_pjsip_stir_shaken.c</span><br><span>@@ -26,6 +26,7 @@</span><br><span> </span><br><span> #include "asterisk.h"</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+#include "asterisk/callerid.h"</span><br><span> #include "asterisk/res_pjsip.h"</span><br><span> #include "asterisk/res_pjsip_session.h"</span><br><span> #include "asterisk/module.h"</span><br><span>@@ -355,7 +356,7 @@</span><br><span> return 0;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-static int add_identity_header(const struct ast_sip_session *session, pjsip_tx_data *tdata)</span><br><span style="color: hsl(120, 100%, 40%);">+static int add_identity_header(pjsip_tx_data *tdata, const struct ast_party_id *party_id)</span><br><span> {</span><br><span> static const pj_str_t identity_str = { "Identity", 8 };</span><br><span> pjsip_generic_string_hdr *identity_hdr;</span><br><span>@@ -405,7 +406,7 @@</span><br><span> json = ast_json_pack("{s: {s: s, s: s, s: s}, s: {s: {s: [s]}, s: {s: s}}}",</span><br><span> "header", "alg", "ES256", "ppt", "shaken", "typ", "passport",</span><br><span> "payload", "dest", "tn", dest_tn, "orig", "tn",</span><br><span style="color: hsl(0, 100%, 40%);">- session->id.number.str);</span><br><span style="color: hsl(120, 100%, 40%);">+ party_id->number.str);</span><br><span> if (!json) {</span><br><span> ast_log(LOG_ERROR, "Failed to allocate memory for STIR/SHAKEN JSON\n");</span><br><span> return -1;</span><br><span>@@ -481,6 +482,8 @@</span><br><span> static void stir_shaken_outgoing_request(struct ast_sip_session *session, pjsip_tx_data *tdata)</span><br><span> {</span><br><span> RAII_VAR(struct stir_shaken_profile *, profile, NULL, ao2_cleanup);</span><br><span style="color: hsl(120, 100%, 40%);">+ struct ast_party_id effective_id;</span><br><span style="color: hsl(120, 100%, 40%);">+ struct ast_party_id connected_id;</span><br><span> </span><br><span> profile = ast_stir_shaken_get_profile(session->endpoint->stir_shaken_profile);</span><br><span> /* Profile should be checked first as it takes priority over anything else.</span><br><span>@@ -493,17 +496,27 @@</span><br><span> return;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- if (ast_strlen_zero(session->id.number.str) && session->id.number.valid) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_party_id_init(&connected_id);</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_channel_lock(session->channel);</span><br><span style="color: hsl(120, 100%, 40%);">+ effective_id = ast_channel_connected_effective_id(session->channel);</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_party_id_copy(&connected_id, &effective_id);</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_channel_unlock(session->channel);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ /* XXX: This if statement is logically the same as the first if statement in</span><br><span style="color: hsl(120, 100%, 40%);">+ res_pjsip_caller_id.c:add_id_headers. They should be combined. */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!connected_id.number.valid</span><br><span style="color: hsl(120, 100%, 40%);">+ || (!session->endpoint->id.trust_outbound</span><br><span style="color: hsl(120, 100%, 40%);">+ && (ast_party_id_presentation(&connected_id) & AST_PRES_RESTRICTION) != AST_PRES_ALLOWED)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_party_id_free(&connected_id);</span><br><span> return;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- /* If adding the Identity header fails for some reason, there's no point</span><br><span style="color: hsl(0, 100%, 40%);">- * adding the Date header.</span><br><span style="color: hsl(0, 100%, 40%);">- */</span><br><span style="color: hsl(0, 100%, 40%);">- if ((add_identity_header(session, tdata)) != 0) {</span><br><span style="color: hsl(0, 100%, 40%);">- return;</span><br><span style="color: hsl(120, 100%, 40%);">+ if (add_identity_header(tdata, &connected_id) == 0) {</span><br><span style="color: hsl(120, 100%, 40%);">+ /* Only add the Date header if we succeeded in adding the Identity header */</span><br><span style="color: hsl(120, 100%, 40%);">+ add_date_header(session, tdata);</span><br><span> }</span><br><span style="color: hsl(0, 100%, 40%);">- add_date_header(session, tdata);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_party_id_free(&connected_id);</span><br><span> }</span><br><span> </span><br><span> static struct ast_sip_session_supplement stir_shaken_supplement = {</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/18863">change 18863</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/18863"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 20 </div>
<div style="display:none"> Gerrit-Change-Id: I6f1f9c56ceb989d3ad4e16f069b4273166614b9a </div>
<div style="display:none"> Gerrit-Change-Number: 18863 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Sean Bright <sean@seanbright.com> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>