[SR-Users] SECSIPID Identity Decode

Daniel W. Graham dan at cmsinter.net
Fri Jul 2 19:54:14 CEST 2021


I checked twice but nothing. I will test again in case I am missing something, I found it odd too that its failing but no error in debug.

I tried adding another header and msg_apply_changes() before the call to secsipid_add_identity(), and that doesnt show up in $mb or accessible by $hdr() either.

Daniel W. Graham, CTO
CMSInter.net LLC
DIRECT (989) 400-4230

INTERNET | TELEPHONE | MANAGED IT


From: "miconda at gmail.com" <miconda at gmail.com>
Reply-To: "miconda at gmail.com" <miconda at gmail.com>
Date: Friday, July 2, 2021 at 1:46 PM
To: Daniel Graham <dan at cmsinter.net>
Cc: "Kamailio (SER) - Users Mailing List" <sr-users at lists.kamailio.org>
Subject: Re: [SR-Users] SECSIPID Identity Decode


If msg_apply_changes() fails, then there has to be other error messages in the logs. Don't you see any?

Cheers,
Daniel
On 02.07.21 18:18, Daniel W. Graham wrote:
Sorry. msg_apply_changes() was in config and I didn’t see the execution in debug.

I just changed to this and receive “Failed to apply changes”.

    if (!msg_apply_changes()) {
        xlogl("L_WARN", "Failed to apply changes\n");
    }

-dan


From: "miconda at gmail.com"<mailto:miconda at gmail.com> <miconda at gmail.com><mailto:miconda at gmail.com>
Reply-To: "miconda at gmail.com"<mailto:miconda at gmail.com> <miconda at gmail.com><mailto:miconda at gmail.com>
Date: Friday, July 2, 2021 at 9:24 AM
To: Daniel Graham <dan at cmsinter.net><mailto:dan at cmsinter.net>
Cc: "Kamailio (SER) - Users Mailing List" <sr-users at lists.kamailio.org><mailto:sr-users at lists.kamailio.org>
Subject: Re: [SR-Users] SECSIPID Identity Decode


What do you mean? Do you have msg_apply_changes() in the config, it is executed but has no effect?

Or you don't have msg_apply_changes() in the config and thus not executed?

Cheers,
Daniel
On 02.07.21 15:10, Daniel W. Graham wrote:
Its not being executed. Version 5.5

Daniel W. Graham, CTO
CMS Internet LLC
DIRECT (989) 400-4230

INTERNET | TELEPHONE | MANAGED IT



On Jul 2, 2021, at 3:12 AM, Daniel-Constantin Mierla <miconda at gmail.com><mailto:miconda at gmail.com> wrote:

Can you doublecheck msg_apply_changes() is executed?

What version are you using?

Cheers,
Daniel
On 02.07.21 08:58, Daniel W. Graham wrote:
I don’t see any issues in the log.

The identity header is being sent but still nothing in $mb

Daniel W. Graham, CTO
CMSInter.net LLC
DIRECT (989) 400-4230

INTERNET | TELEPHONE | MANAGED IT


From: "miconda at gmail.com"<mailto:miconda at gmail.com> <miconda at gmail.com><mailto:miconda at gmail.com>
Reply-To: "miconda at gmail.com"<mailto:miconda at gmail.com> <miconda at gmail.com><mailto:miconda at gmail.com>
Date: Friday, July 2, 2021 at 2:41 AM
To: Daniel Graham <dan at cmsinter.net><mailto:dan at cmsinter.net>, "Kamailio (SER) - Users Mailing List" <sr-users at lists.kamailio.org><mailto:sr-users at lists.kamailio.org>
Subject: Re: [SR-Users] SECSIPID Identity Decode


Then secsipid_add_identity() or msg_apply_changes() failed -- do you get error messages? Try to run with debug=3 for seeing more details in the logs.

Cheers,
Daniel
On 02.07.21 08:19, Daniel W. Graham wrote:
Identity is not in $mb.

Daniel W. Graham, CTO
CMSInter.net LLC
DIRECT (989) 400-4230

INTERNET | TELEPHONE | MANAGED IT


From: "miconda at gmail.com"<mailto:miconda at gmail.com> <miconda at gmail.com><mailto:miconda at gmail.com>
Reply-To: "miconda at gmail.com"<mailto:miconda at gmail.com> <miconda at gmail.com><mailto:miconda at gmail.com>
Date: Friday, July 2, 2021 at 2:09 AM
To: "Kamailio (SER) - Users Mailing List" <sr-users at lists.kamailio.org><mailto:sr-users at lists.kamailio.org>, Daniel Graham <dan at cmsinter.net><mailto:dan at cmsinter.net>
Subject: Re: [SR-Users] SECSIPID Identity Decode


Hello,

try to print $mb after secsipid_add_identity() and msg_apply_changes(), is the Identity header there?

Cheers,
Daniel
On 02.07.21 07:53, Daniel W. Graham wrote:
I need to immediately get the uuid created by secsipid_add_identity().

Is there a way to immediately read a header after its added?

I tried msg_apply_changes() but $hdr(Identity) is null.

-dan


From: sr-users <sr-users-bounces at lists.kamailio.org><mailto:sr-users-bounces at lists.kamailio.org> on behalf of Daniel Graham <dan at cmsinter.net><mailto:dan at cmsinter.net>
Reply-To: "Kamailio (SER) - Users Mailing List" <sr-users at lists.kamailio.org><mailto:sr-users at lists.kamailio.org>
Date: Thursday, July 1, 2021 at 6:11 PM
To: "Kamailio (SER) - Users Mailing List" <sr-users at lists.kamailio.org><mailto:sr-users at lists.kamailio.org>
Subject: Re: [SR-Users] SECSIPID Identity Decode

Confirmed it was due to the sngrep copy. Thanks for mentioning it!

-dan


From: sr-users <sr-users-bounces at lists.kamailio.org><mailto:sr-users-bounces at lists.kamailio.org> on behalf of Ben Kaufman <bkaufman at nexvortex.com><mailto:bkaufman at nexvortex.com>
Reply-To: "Kamailio (SER) - Users Mailing List" <sr-users at lists.kamailio.org><mailto:sr-users at lists.kamailio.org>
Date: Thursday, July 1, 2021 at 12:49 PM
To: "Kamailio (SER) - Users Mailing List" <sr-users at lists.kamailio.org><mailto:sr-users at lists.kamailio.org>
Subject: Re: [SR-Users] SECSIPID Identity Decode

Dump the header to your log file, and copy it from there.  I don’t know what happens with the ncurses in sngrep, but I finally looked them side by side and …. “Hey!  This one’s missing bytes!”

Ben Kaufman

Sr. VoIP Engineer


P:

E: bkaufman at nexvortex.com<mailto:bkaufman at nexvortex.com>

24 hour client support: 855.639.6300<tel:+18556396300>



From: sr-users <sr-users-bounces at lists.kamailio.org><mailto:sr-users-bounces at lists.kamailio.org> On Behalf Of Daniel W. Graham
Sent: Thursday, July 1, 2021 10:25 AM
To: Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org><mailto:sr-users at lists.kamailio.org>
Subject: Re: [SR-Users] SECSIPID Identity Decode

Haha, yep :) I wondered if that was biting me.

-dan








On Jul 1, 2021, at 11:07 AM, Ben Kaufman <bkaufman at nexvortex.com<mailto:bkaufman at nexvortex.com>> wrote:
I observed a similar behavior, but it was the result of my cutting and pasting the identity header from sngrep, which looks to have dropped a few bytes on the line break.  Any chance that’s what you’re doing, too?

Ben Kaufman

Sr. VoIP Engineer


P:

E: bkaufman at nexvortex.com<mailto:bkaufman at nexvortex.com>

24 hour client support: 855.639.6300<tel:+18556396300>



From: sr-users <sr-users-bounces at lists.kamailio.org<mailto:sr-users-bounces at lists.kamailio.org>> On Behalf Of Daniel W. Graham
Sent: Wednesday, June 30, 2021 10:31 PM
To: Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>>; David Villasmil <david.villasmil.work at gmail.com<mailto:david.villasmil.work at gmail.com>>; Daniel-Constantin Mierla <miconda at gmail.com<mailto:miconda at gmail.com>>
Subject: Re: [SR-Users] SECSIPID Identity Decode

Here is an example, payload taken from Identity header.

Identity was added with secsipid_add_identity

Payload test:
$var(test) = "eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6I5ODkyODkyMjgwIl19LCJpYXQiOjE2MjUxMDk2MzQsIm9yaWciOnsidG4iOiI5ODk0MDA0MjMwIn0sIm9yaWdpZCI6IjNmYmE4NTg0LTRkNzMtNGU2NC04NDc5LTQ5MjU2ZGIyMWFhYSJ9";
xlogl("L_WARN", "$(var(test){s.decode.base64t})\n");

Result is:
{"attest":"A","dest":{"tn":#���#��##�#002%���&�#027B#�#023c#S#023#003�#023sB�&�&�r#��'F�#�#���C#003#003C#3#002'��&�&�v�B#�&#026Vc�s#006f"�&6#026#022�CVCB�#023c3#022�3#0066#�#026#6#026S�r'

-dan


From: sr-users <sr-users-bounces at lists.kamailio.org<mailto:sr-users-bounces at lists.kamailio.org>> on behalf of Daniel Graham <dan at cmsinter.net<mailto:dan at cmsinter.net>>
Reply-To: "Kamailio (SER) - Users Mailing List" <sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>>
Date: Wednesday, June 30, 2021 at 5:32 PM
To: David Villasmil <david.villasmil.work at gmail.com<mailto:david.villasmil.work at gmail.com>>, "miconda at gmail.com<mailto:miconda at gmail.com>" <miconda at gmail.com<mailto:miconda at gmail.com>>, "Kamailio (SER) - Users Mailing List" <sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>>
Subject: Re: [SR-Users] SECSIPID Identity Decode

That’s the same way I am doing it, I was just trying to do a verification that the identity header/payload was correct before activating new changes.

I will do further testing and share results. Just found it odd that the header would decode but payload wouldn’t.

Daniel W. Graham, CTO
CMSInter.net LLC
DIRECT (989) 400-4230

INTERNET | TELEPHONE | MANAGED IT


From: David Villasmil <david.villasmil.work at gmail.com<mailto:david.villasmil.work at gmail.com>>
Date: Wednesday, June 30, 2021 at 4:06 PM
To: "miconda at gmail.com<mailto:miconda at gmail.com>" <miconda at gmail.com<mailto:miconda at gmail.com>>, "Kamailio (SER) - Users Mailing List" <sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>>
Cc: Daniel Graham <dan at cmsinter.net<mailto:dan at cmsinter.net>>
Subject: Re: [SR-Users] SECSIPID Identity Decode

I DO IT WITH:

# Break JWT
            $var(jwt1) = $(hdr(Identity){s.select,0,.}{s.decode.base64t});
            $var(jwt2) = $(hdr(Identity){s.select,1,.}{s.decode.base64t});


Regards,

David Villasmil
email: david.villasmil.work at gmail.com<mailto:david.villasmil.work at gmail.com>
phone: +34669448337


On Wed, Jun 30, 2021 at 8:48 PM Daniel-Constantin Mierla <miconda at gmail.com<mailto:miconda at gmail.com>> wrote:

Hello,

not familiar with python functions, have you tried with Kamailio transformation?

https://www.kamailio.org/wiki/cookbooks/5.5.x/transformations#sdecodebase64url

Maybe you have to specify in Python that it is ASCII, I remember I had to do decoding when porting kamcli to work with Python3 -- had to change from using directly the variables received as parameter to a decoded value, something like:

prefix = tprefix.encode("ascii", "ignore").decode()

Also, if you can, share the identity header here to test with and see if can be reproduced.

Cheers,
Daniel
On 30.06.21 21:14, Daniel W. Graham wrote:
I am unable to base64url decode the json payload in identity header generated by secsipid.

(Using python for test)
decoded_payload = url64.decode(‘payload’)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xc2 in position 27: invalid continuation byte

Header decodes fine this way but not payload.

Is this an issue with the payload encoding?

Kamailio 5.5

Daniel W. Graham, CTO
CMSInter.net LLC
DIRECT (989) 400-4230

INTERNET | TELEPHONE | MANAGED IT











__________________________________________________________

Kamailio - Users Mailing List - Non Commercial Discussions

  * sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>

Important: keep the mailing list in the recipients, do not reply only to the sender!

Edit mailing list options or unsubscribe:

  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

--

Daniel-Constantin Mierla -- www.asipto.com<http://www.asipto.com>

www.twitter.com/miconda<http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda<http://www.linkedin.com/in/miconda>
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
 * sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
 * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users






__________________________________________________________

Kamailio - Users Mailing List - Non Commercial Discussions

  * sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>

Important: keep the mailing list in the recipients, do not reply only to the sender!

Edit mailing list options or unsubscribe:

  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

--

Daniel-Constantin Mierla -- www.asipto.com<http://www.asipto.com>

www.twitter.com/miconda<http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda<http://www.linkedin.com/in/miconda>

--

Daniel-Constantin Mierla -- www.asipto.com<http://www.asipto.com>

www.twitter.com/miconda<http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda<http://www.linkedin.com/in/miconda>

--

Daniel-Constantin Mierla -- www.asipto.com<http://www.asipto.com>

www.twitter.com/miconda<http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda<http://www.linkedin.com/in/miconda>

--

Daniel-Constantin Mierla -- www.asipto.com<http://www.asipto.com>

www.twitter.com/miconda<http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda<http://www.linkedin.com/in/miconda>

--

Daniel-Constantin Mierla -- www.asipto.com<http://www.asipto.com>

www.twitter.com/miconda<http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda<http://www.linkedin.com/in/miconda>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20210702/291daf81/attachment.htm>


More information about the sr-users mailing list