<div dir="ltr">Hello vlad <br><br><div>Thank you so much For your response , Verification Service works using those certificates .<br><br>Regards,<br>Devang Dhandhalya</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Nov 23, 2021 at 10:32 PM Vlad Patrascu <<a href="mailto:vladp@opensips.org">vladp@opensips.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Hello Devang,</p>
<p>The cache_fetch() functions returns -2 when the key is not found
so it's normal when getting the certificate the first time.</p>
<p>STIR/SHAKEN requires that the certificates have the TnAuthList
extension. You can check out some examples on how to generate such
certificates in this document [1] at Appendix A or this script
[2].</p>
<p>[1]
<a href="https://cstga.ca/wp-content/uploads/2020/07/ATIS-1000080.v002_SHAKEN-Governance-Model.pdf" target="_blank">https://cstga.ca/wp-content/uploads/2020/07/ATIS-1000080.v002_SHAKEN-Governance-Model.pdf</a></p>
<p>[2]
<a href="https://github.com/OpenSIPIt/OpenSIPIt_00/blob/master/STIR_SHAKEN/Certgen/gencert.sh" target="_blank">https://github.com/OpenSIPIt/OpenSIPIt_00/blob/master/STIR_SHAKEN/Certgen/gencert.sh</a><br>
</p>
<p>Regards,</p>
<pre cols="72">--
Vlad Patrascu
OpenSIPS Core Developer
<a href="http://www.opensips-solutions.com" target="_blank">http://www.opensips-solutions.com</a></pre>
<div>On 22.11.2021 14:41, Devang Dhandhalya
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hello Vlad <br>
<br>
Authentication service works fine. Now I am getting an error in
the stir_shaken_verify function , after fetching a certificate,
I am getting below error . I generated private keys and X509
certificates using prime256v1" EC. <br>
After fetching the certificate I am getting var(found) = -2 can
you please tell me about this too . <br>
<br>
OpenSIPS Logs :<br>
<b><br>
</b>
<div><b>var(found) = [-2]<br>
<a>INFO:stir_shaken:validate_certificate</a>: The certificate is
missing the TnAuthList extension<br>
<a>INFO:stir_shaken:w_stir_verify</a>: Invalid certificate<br>
return code : [-8] stir_shaken_verify() failed:437,
Unsupported Credential<br>
</b><br>
below opensips script snippet :<br>
<br>
$var(found) = cache_fetch("local",$identity(x5u),$var(cert));<br>
<br>
<br>
if (!$var(found) || !stir_shaken_check_cert("$var(cert)")) {<br>
rest_get("$identity(x5u)",$var(cert),$var(ctype),
$var(http_rc));<br>
if ($rc<0 ) {<br>
send_reply(436, "Bad Identity
Info");<br>
exit;<br>
}<br>
cache_store("local", $identity(x5u),"$var(cert)");<br>
}<br>
<br>
<br>
$var(rc_verify)= stir_shaken_verify($var(cert),
$var(err_sip_code),$var(err_sip_reason),"$var(orig)","$var(dest)");<br>
if ($var(rc_verify) < 0) {<br>
<br>
send_reply(
$var(err_sip_code),$var(err_sip_reason));<br>
exit;<br>
}<br>
<br>
Kindly inform me why I am getting this error . Please suggest
a solution to this .<br>
<br>
<br>
Regards <br>
Devang Dhandhalya<br>
</div>
</div>
<br>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Nov 19, 2021 at 3:16
PM Devang Dhandhalya <<a href="mailto:devang.dhandhalya@ecosmob.com" target="_blank">devang.dhandhalya@ecosmob.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div dir="ltr">Hello Vlad <br>
<br>
Thanks for your response . Authentication service works .<br>
<br>
Regards ,<br>
Devang Dhandhalya</div>
<div dir="ltr"> </div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Nov 17, 2021 at
8:57 PM Devang Dhandhalya <<a href="mailto:devang.dhandhalya@ecosmob.com" target="_blank">devang.dhandhalya@ecosmob.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<pre style="white-space:pre-wrap;color:rgb(0,0,0)">hello all
Above E.164 Error still getting .Right now I'm getting the below error .
Can anyone tell me why I am getting this error ? as far as i know this
error for x5u parameter in stir_shaken_auth function , this issue coming
for certificate path or certificate file format .
I check the certificate file with .der and .cer format also .</pre>
<pre style="white-space:pre-wrap;color:rgb(0,0,0)"><p class="MsoNormal" style="font-family:helvetica,arial,sans-serif;font-size:14px;white-space:normal">Here is the code snippet used .</p>
<div>$var(rc_auth)=stir_shaken_auth("A", "GWID-123456","$var(cert)", "$var(pkey)","<a href="http://localhost/certificate.pem" target="_blank">http://localhost/certificate.pem</a>","$var(orig)","$var(dest)");
</div><div>
</div>
Below Error i am getting .
ERROR:stir_shaken:add_identity_hf: Failed to convert from DER to internal format
ERROR:stir_shaken:w_stir_auth: Failed to add Identity header
STIR_SHAKEN AUTHENTICATION SERVICE return code : -1
<p class="MsoNormal" style="font-family:helvetica,arial,sans-serif;font-size:14px;white-space:normal">Kindly let me know if there is something wrong that I could be doing.
Many Thanks
Devang Dhandhalya</p></pre>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Nov 17, 2021
at 11:37 AM Devang Dhandhalya <<a href="mailto:devang.dhandhalya@ecosmob.com" target="_blank">devang.dhandhalya@ecosmob.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div>Hi All</div>
<div><br>
</div>
<div>I configured the e164 strict mode module
parameter as 0 (disabled) . but still i am
getting errors related to its e164 format .While
if orig/dest number is not in e164 format then
also opensips have to accept it but it is not
accepting . I have a user like extension123 for
this function I have to perform authentication
service . if i have a user extension123 is it
possible to perform authenticate service for
this kind of user ?</div>
<div><br>
</div>
<div>I think this is a bug for the e164 strict
mode module parameter . I am getting the below
error .</div>
<div><br>
</div>
<div>opensips version : 3.2.2<br>
</div>
<div><br>
</div>
<div>ERROR :</div>
<div> ERROR:stir_shaken:check_passport_phonenum:
number is not in E.164 format: extension123</div>
ERROR:stir_shaken:w_stir_auth: failed to validate
Originator number (extension123)
<div><br>
</div>
<div><br>
</div>
loadmodule "stir_shaken.so"<br>
modparam("stir_shaken", "auth_date_freshness",
300)<br>
modparam("stir_shaken", "verify_date_freshness",
300)<br>
modparam("stir_shaken", "require_date_hdr", 0)<br>
modparam("stir_shaken", "e164_strict_mode", 0)<br>
<div><br>
</div>
<div>$var(orig) = $fU;<br>
$var(dest) = $tU<br>
</div>
<div> $var(rc_auth)=stir_shaken_auth("A",
"GWID-123456","$var(cert)", "$var(pkey)","<a href="http://localhost/certificate.pem" target="_blank">http://localhost/certificate.pem</a>","$var(orig)","$var(dest)");<br>
</div>
<div><br>
</div>
<div>
<div>Please suggest a solution to this .</div>
</div>
<div><br>
</div>
<div>Many Thanks</div>
<div>Devang</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</blockquote>
</div>
<br>
<div><font style="background-color:white" size="2" face="Arial" color="#808080"><b>Disclaimer</b></font></div>
<div>
<div><span style="background-color:white;color:rgb(128,128,128);font-family:Arial;font-size:small">In
addition to generic Disclaimer which you have agreed on our
website, any views or opinions presented in this email are
solely those of the originator and do not necessarily
represent those of the Company or its sister concerns. Any
liability (in negligence, contract or otherwise) arising
from any third party taking any action, or refraining from
taking any action on the basis of any of the information
contained in this email is hereby excluded.</span></div>
</div>
<div><span style="background-color:white;color:rgb(128,128,128);font-family:Arial;font-size:small"><br>
</span></div>
<div><font style="background-color:white" size="2" face="Arial" color="#808080"><b>Confidentiality</b></font></div>
<div><font style="background-color:white" size="2" face="Arial" color="#808080">This communication (including any
attachment/s) is intended only for the use of the addressee(s)
and contains information that is PRIVILEGED AND CONFIDENTIAL.
Unauthorized reading, dissemination, distribution, or copying
of this communication is prohibited. Please inform originator
if you have received it in error.</font></div>
<div><font style="background-color:white" size="2" face="Arial" color="#808080"><br>
</font></div>
<div><span style="background-color:white;color:rgb(128,128,128);font-family:Arial;font-size:small"><b>Caution
for viruses, malware etc.</b></span></div>
<div><font style="background-color:white" size="2" face="Arial" color="#808080">This communication, including any attachments,
may not be free of viruses, trojans, similar or new
contaminants/malware, interceptions or interference, and may
not be compatible with your systems. You shall carry out
virus/malware scanning on your own before opening any
attachment to this e-mail. The sender of this e-mail and
Company including its sister concerns shall not be liable for
any damage that may incur to you as a result of viruses,
incompleteness of this message, a delay in receipt of this
message or any other computer problems. </font></div>
</blockquote>
</div>
</blockquote></div>
<br>
<div><font face="Arial" size="2" style="background-color:white" color="#808080"><b>Disclaimer</b></font></div><div><div><span style="background-color:white;color:rgb(128,128,128);font-family:Arial;font-size:small">In addition to generic Disclaimer which you have agreed on our website, any views or opinions presented in this email are solely those of the originator and do not necessarily represent those of the Company or its sister concerns. Any liability (in negligence, contract or otherwise) arising from any third party taking any action, or refraining from taking any action on the basis of any of the information contained in this email is hereby excluded.</span></div></div><div><span style="background-color:white;color:rgb(128,128,128);font-family:Arial;font-size:small"><br></span></div><div><font face="Arial" size="2" style="background-color:white" color="#808080"><b>Confidentiality</b></font></div><div><font face="Arial" size="2" style="background-color:white" color="#808080">This communication (including any attachment/s) is intended only for the use of the addressee(s) and contains information that is PRIVILEGED AND CONFIDENTIAL. Unauthorized reading, dissemination, distribution, or copying of this communication is prohibited. Please inform originator if you have received it in error.</font></div><div><font face="Arial" size="2" style="background-color:white" color="#808080"><br></font></div><div><span style="background-color:white;color:rgb(128,128,128);font-family:Arial;font-size:small"><b>Caution for viruses, malware etc.</b></span></div><div><font face="Arial" size="2" style="background-color:white" color="#808080">This communication, including any attachments, may not be free of viruses, trojans, similar or new contaminants/malware, interceptions or interference, and may not be compatible with your systems. You shall carry out virus/malware scanning on your own before opening any attachment to this e-mail. The sender of this e-mail and Company including its sister concerns shall not be liable for any damage that may incur to you as a result of viruses, incompleteness of this message, a delay in receipt of this message or any other computer problems. </font></div>