From 237285a9a8dafbf5fbf16e4d59e8fb7f689188e8 Mon Sep 17 00:00:00 2001
From: Sean Bright <sean.bright@gmail.com>
Date: Thu, 15 Jul 2021 16:04:01 -0400
Subject: [PATCH] res_pjsip_stir_shaken: RFC 8225 compliance and error message
cleanup.
From RFC 8225 Section 5.2.1:
The "dest" claim is a JSON object with the claim name of "dest"
and MUST have at least one identity claim object. The "dest"
claim value is an array containing one or more identity claim JSON
objects representing the destination identities of any type
(currently "tn" or "uri"). If the "dest" claim value array
contains both "tn" and "uri" claim names, the JSON object should
list the "tn" array first and the "uri" array second. Within the
"tn" and "uri" arrays, the identity strings should be put in
lexicographical order, including the scheme-specific portion of
the URI characters.
Additionally, make it clear that there was a failure to sign the JWT
payload and not necessarily a memory allocation failure.
Change-Id: Ia8733b861aef6edfaa9c2136e97b447a01578dc9
---
res/res_pjsip_stir_shaken.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/res/res_pjsip_stir_shaken.c b/res/res_pjsip_stir_shaken.c
index de1513bd7d..b2b208424e 100644
--- a/res/res_pjsip_stir_shaken.c
+++ b/res/res_pjsip_stir_shaken.c
@@ -255,7 +255,7 @@ static int add_identity_header(const struct ast_sip_session *session, pjsip_tx_d
ast_copy_pj_str(dest_tn, &uri->user, uri->user.slen + 1);
/* x5u (public key URL), attestation, and origid will be added by ast_stir_shaken_sign */
- json = ast_json_pack("{s: {s: s, s: s, s: s}, s: {s: {s: s}, s: {s: s}}}",
+ json = ast_json_pack("{s: {s: s, s: s, s: s}, s: {s: {s: [s]}, s: {s: s}}}",
"header", "alg", "ES256", "ppt", "shaken", "typ", "passport",
"payload", "dest", "tn", dest_tn, "orig", "tn",
session->id.number.str);
@@ -266,7 +266,7 @@ static int add_identity_header(const struct ast_sip_session *session, pjsip_tx_d
ss_payload = ast_stir_shaken_sign(json);
if (!ss_payload) {
- ast_log(LOG_ERROR, "Failed to allocate memory for STIR/SHAKEN payload\n");
+ ast_log(LOG_ERROR, "Failed to sign STIR/SHAKEN payload\n");
return -1;
}
--
GitLab