[OpenSIPS-Users] Fwd: STIR/Shaken payload issue.

Mon May 24 12:42:08 EST 2021

 Sunil, 
I was having a similar issue... it looks like part 2 of the base64 string decodes to:
{"attest"8""Â&FW7B#§²'Fâ#¥²#““S333ƒ#sR%×ÒÂ&–B#£c#“ssrÂ&÷&–r#§²'Fâ#¢#““S333ƒ#sb'ÒÂ&÷&–v–B#¢&G6F66fG2ÖG6F6B×5ds"}

My problem was that I was using sngrep to find my identity header and it appears to have been truncating my string. upon using ngrep to get the raw packet data I found the identity string was totally different and decoded properly. 
    On Monday, May 24, 2021, 02:13:08 AM EDT, Sunil More <sunil.more64sinfo at gmail.com> wrote:  

 Hello All,
I tried the same with Opensips version 3.1.2 , Still the same result. The Payload is not a valid JSON.

version: opensips 3.1.2 (x86_64/linux)
flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll, sigio_rt, select.
git revision: 539ab0b3a
main.c compiled on 05:43:20 May 24 2021 with gcc 7
Regards,Sunil More
---------- Forwarded message ---------
From: Sunil More <sunil.more64sinfo at gmail.com>
Date: Thu, 20 May 2021 at 15:55
Subject: STIR/Shaken payload issue.
To: users at lists.opensips.org <users at lists.opensips.org>

Hello All, 

I was working to use stir shaken module. The certificates are put in place and Identity Header is also created. However the Identity when tried to put on JWT.io for validation , I can observe that the payload is not good.  

Here is the identity Heade
Identity: eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9hcHBzLnNhbWVzcGFjZS5jb20vc2VydmVyLmNydCJ9.eyJhdHRlc3QiOCIiwiZGVzdCI6eyJ0biI6WyI5MTk1MDMzMzgyNzUiXX0sImlhdCI6MTYyMDkxMDc3Nywib3JpZyI6eyJ0biI6IjkxOTUwMzMzODI3NiJ9LCJvcmlnaWQiOiJkc2FkYXNhc2Zkcy1kc2FkYXNkLXNWRzIn0.JzYHlbStXK7gpmRWVZY_IC8VmeZfaKWBzGTOfGU82OQ3w28lctaYv-YAzBdjqjUGJKISid327KSzUGGvpXYBSg;info=<https://apps.samespace.com/server.crt>;ppt="shaken"

After JWT.io 
Header for algorithm and token type  looks ok ..
{

  "alg": "ES256",

  "ppt": "shaken",

  "typ": "passport",

  "x5u": "https://apps.samespace.com/server.crt"

}

However payload looks like this which is probably some invalid JSON, I am not sure what could cause this.

"{\"attest\"8\"\"�&FW7B#��'F�#��#�\u0013�S\u0003333�#sR%���&�\u0017B#�\u0013c#\u0003�\u0013\u0003ssr�&�&�r#��'F�#�#�\u0013�S\u0003333�#sb'��&�&�v�B#�&G6\u0016F\u00176\u00176fG2�G6\u0016F\u00176B�5ds\"}"

Here is the code snippet used .

stir_shaken_auth("B", $var(origid),$var(cert), $var(privKey),"https://apps.samespace.com/server.crt","919503338276","919503338275"); 

I am using opensips version as below 

version: opensips 3.1.1 (x86_64/linux)

flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT

ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535

poll method support: poll, epoll, sigio_rt, select.

git revision: 229ec0793

main.c compiled on 11:50:44 Jan 15 2021 with gcc 7

Kindly let me know if there is something wrong that I could be doing. I checked the sample from https://transnexus.com/whitepapers/understanding-stir-shaken/

The Identity from this example shows a good payload. 

Regards,

Sunil More

Phone : 919503338275

Sent from Mail for Windows 10

_______________________________________________
Users mailing list
Users at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20210524/7ac5fb9d/attachment-0001.html>