[sip-comm-dev] [PATCH] fix for callid and authorization header binding


#1

Hi,
This patch is on CredentialsCache.java
I used it in the SipRegistrarConnection.java and SipSecurityManager.java.

Here is the code in SipRegistrarConnection, unregister() method, after the
line 553:

// add authorization header
        CallIdHeader call = (CallIdHeader)unregisterRequest.getHeader(
CallIdHeader.NAME);
        String callid = call.getCallId();
        AuthorizationHeader authorization =
sipProvider.getSipSecurityManager().getCredential(callid);
        if(authorization != null)
            unregisterRequest.addHeader(authorization);

Here is the code in SipSecurityManager, handleChallenge() method, after the
line 260:

// get the unique Call-ID
        CallIdHeader call = (CallIdHeader)reoriginatedRequest.getHeader(
CallIdHeader.NAME);
        String callid = call.getCallId();

cachedCredentials.cacheAuthorizationHeader(callid, authorization);

And one new method in SipSecurityManager:

public AuthorizationHeader getCredential(String callid) {
        return cachedCredentials.getAuthorizationHeader(callid);
    }

myPatch.txt (5.55 KB)

···

--
BR

niepin
TML@HUT, Helsinki, Finland


#2

Hello niepin,

First, please excuse the delay. I know it's been a while since you posted your fix.

This is a very nice catch. I've applied it in my local sandbox (with some minor modifications) and will commit it as soon as I've had the chance to test it.

There are however a few points that need to be addressed there:

1. A request may have to include more than one auth. header. Imagine for example the case where you have cascaded proxies in different realms and they all require authentication. Indeed this is not a common setup but the RFC allows it so we should support it. I guess that the easiest way to do this would be to preview the possibility to map a set of auth. headers for every call id.

2. Your patch takes care of registrations and un-registrations. Yet we should do the same for any request that leaves inside a dialog. This means that we should apply the same semantics for re-IINVITE, ACK, CANCEL, BYE .... and possibly others too.

3. When do you remove a cache entry? I was thinking that we could make the cache implement a SipListener and track all DialogTerminated events. Whenever such an event occurs, the cache would remove all entries for the corresponding CallID. However, this won't work for REGISTER-s ... but since they seem to be the only exception we could also add a removeCacheEntry() method that we'll be calling from unregister().

How does this sound? Care to take a shot at the implementation?

Cheers
Emil

pin nie wrote:

···

Hi,
This patch is on CredentialsCache.java
I used it in the SipRegistrarConnection.java and SipSecurityManager.java.

Here is the code in SipRegistrarConnection, unregister() method, after the line 553:

// add authorization header
        CallIdHeader call = (CallIdHeader)unregisterRequest.getHeader(CallIdHeader.NAME);
        String callid = call.getCallId(); AuthorizationHeader authorization = sipProvider.getSipSecurityManager().getCredential(callid);
        if(authorization != null)
            unregisterRequest.addHeader(authorization);

Here is the code in SipSecurityManager, handleChallenge() method, after the line 260:

// get the unique Call-ID
        CallIdHeader call = (CallIdHeader)reoriginatedRequest.getHeader(CallIdHeader.NAME);
        String callid = call.getCallId();

cachedCredentials.cacheAuthorizationHeader (callid, authorization);

And one new method in SipSecurityManager:

public AuthorizationHeader getCredential(String callid) {
        return cachedCredentials.getAuthorizationHeader(callid);
    }

--
BR

niepin
TML@HUT, Helsinki, Finland

------------------------------------------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net