我正在开发一个 SIP 用户代理应用程序,该应用程序连接到 Asterisk 服务器并尝试进行拨出调用。我正在使用 JAIN SIP API 的 NIST 实现。
当应用程序自行注册时,401(未经授权)响应会使用 WWW-Authenticate header 对其进行质询。应用程序将 Authorization header 插入下一个 REGISTER 请求中。这次 Asterisk 返回 200(OK)响应 - 注册成功。
当应用程序传输 INVITE 请求时,Asterisk 会使用 407(需要代理身份验证)响应进行响应。这次响应包含 Proxy-Authenticate header 。我的应用程序再次发送 INVITE,但这次带有 Authorization header ,Asterisk 会使用相同的 407(需要代理身份验证)响应进行响应。
以下是传输的 SIP 消息(“>>”表示传出消息;“<<”表示传入消息):
<强>>>
REGISTER sip:10.0.84.30:5060 SIP/2.0
Call-ID: <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="b3d2d0d580d083d68ad08280808bd781d0818bd78ad0868087d2d68b85d0d1d78bf382839d839d8b869d80" rel="noreferrer noopener nofollow">[email protected]</a>
CSeq: 1 REGISTER
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:301@asterisk>
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKc7dd178d3d444ccc059a191e700fc8b73230
Max-Forwards: 70
Contact: <sip:10.0.85.3:5060>
Expires: 300
Content-Length: 0
<强><<
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKc7dd178d3d444ccc059a191e700fc8b73230;received=10.0.85.3
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:301@asterisk>
Call-ID: <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="1170727722722174287220222229752372232975287224222570742927727375295120213f213f29243f22" rel="noreferrer noopener nofollow">[email protected]</a>
CSeq: 1 REGISTER
User-Agent: Asterisk PBX (switchvox)
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,REFER,SUBSCRIBE,NOTIFY
Contact: <sip:<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="467576770677766876687e72687576" rel="noreferrer noopener nofollow">[email protected]</a>>
Content-Length: 0
<强><<
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKc7dd178d3d444ccc059a191e700fc8b73230;received=10.0.85.3
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:301@asterisk>;tag=as3c458716
Call-ID: <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="5a3b393c69396a3f63396b6969623e683968623e63396f696e3b3f626c39383e621a6b6a746a74626f7469" rel="noreferrer noopener nofollow">[email protected]</a>
CSeq: 1 REGISTER
User-Agent: Asterisk PBX (switchvox)
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,REFER,SUBSCRIBE,NOTIFY
Contact: <sip:<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="794a4948394849574957414d574a49" rel="noreferrer noopener nofollow">[email protected]</a>>
WWW-Authenticate: Digest realm="asterisk",nonce="6fbe5a68"
Content-Length: 0
<强>>>
REGISTER sip:10.0.84.30:5060 SIP/2.0
CSeq: 2 REGISTER
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:301@asterisk>
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKffb0be254f93f61fa0dc7ac32b9078a43230
Max-Forwards: 70
Contact: <sip:10.0.85.3:5060>
Expires: 300
Authorization: Digest username="301",realm="asterisk",nonce="6fbe5a68",response="bc7075e8e241a4109dfa24d6ae95e78c",algorithm=MD5,uri="sip:10.0.84.30:5060",nc=00000001
Call-ID: <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="b8d9dbde8bdb88dd81db898b8b80dc8adb8a80dc81db8d8b8cd9dd808edbdadc80f88988968896808d968b" rel="noreferrer noopener nofollow">[email protected]</a>
Content-Length: 0
<强><<
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKffb0be254f93f61fa0dc7ac32b9078a43230;received=10.0.85.3
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:301@asterisk>
Call-ID: <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="33525055005003560a500200000b570150010b570a5006000752560b055051570b7302031d031d0b061d00" rel="noreferrer noopener nofollow">[email protected]</a>
CSeq: 2 REGISTER
User-Agent: Asterisk PBX (switchvox)
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,REFER,SUBSCRIBE,NOTIFY
Contact: <sip:<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="102320215021203e203e28243e2320" rel="noreferrer noopener nofollow">[email protected]</a>>
Content-Length: 0
<强><<
SIP/2.0 200 OK
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKffb0be254f93f61fa0dc7ac32b9078a43230;received=10.0.85.3
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:301@asterisk>;tag=as3c458716
Call-ID: <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="29484a4f1a4a194c104a181a1a114d1b4a1b114d104a1c1a1d484c111f4a4b4d11691819071907111c071a" rel="noreferrer noopener nofollow">[email protected]</a>
CSeq: 2 REGISTER
User-Agent: Asterisk PBX (switchvox)
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,REFER,SUBSCRIBE,NOTIFY
Expires: 300
Contact: <sip:10.0.85.3:5060>;expires=300
Date: Tue, 03 May 2011 06:42:33 GMT
Content-Length: 0
<强>>>
INVITE sip:302@asterisk SIP/2.0
Call-ID: <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="dbb8e9ebbfbde9ececb9b9edbde2bdb9ede2bfe3e8ebebebbeeee9eeeebeb9e3ed9beaebf5ebf5e3eef5e8" rel="noreferrer noopener nofollow">[email protected]</a>
CSeq: 3 INVITE
From: <sip:301@asterisk>;tag=KOZWxg
To: <sip:302@asterisk>
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKaa0520efde83907b71d1f76315188c413230
Max-Forwards: 70
Contact: <sip:10.0.85.3:5060>
Route: <sip:10.0.84.30:5060;lr>
Content-Type: application/sdp
Content-Length: 106
<强>>>
v=0
o=- 3513393083 3513393083 IN IP4 10.0.85.3
s=-
c=IN IP4 10.0.85.3
t=0 0
m=audio 40000 RTP/AVP 3
<强><<
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKaa0520efde83907b71d1f76315188c413230;received=10.0.85.3
From: <sip:301@asterisk>;tag=KOZWxg
To: <sip:302@asterisk>;tag=as5de9ed83
Call-ID: <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="046736346062363333666632623d6266323d603c37343434613136313161663c324435342a342a3c312a37" rel="noreferrer noopener nofollow">[email protected]</a>
CSeq: 3 INVITE
User-Agent: Asterisk PBX (switchvox)
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,REFER,SUBSCRIBE,NOTIFY
Contact: <sip:<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="774447453746475947594f43594447" rel="noreferrer noopener nofollow">[email protected]</a>>
Proxy-Authenticate: Digest realm="asterisk",nonce="74986b64"
Content-Length: 0
<强>>>
INVITE sip:302@asterisk SIP/2.0
CSeq: 4 INVITE
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:302@asterisk>
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bK86f9dbdff9eeca422fbb67321dd45f7a3230
Max-Forwards: 70
Contact: <sip:10.0.85.3:5060>
Route: <sip:10.0.84.30:5060;lr>
Content-Type: application/sdp
Authorization: Digest username="301",realm="asterisk",nonce="74986b64",response="a08b8d7ce96cae00e7d334e132bf7358",algorithm=MD5,uri="sip:302@asterisk",nc=00000001
Call-ID: <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="d8b9bbbeebbbe8bde1bbe9ebebe0bceabbeae0bce1bbedebecb9bde0eebbbabce098e9e8f6e8f6e0edf6eb" rel="noreferrer noopener nofollow">[email protected]</a>
Content-Length: 106
<强>>>
v=0
o=- 3513393083 3513393083 IN IP4 10.0.85.3
s=-
c=IN IP4 10.0.85.3
t=0 0
m=audio 40000 RTP/AVP 3
<强><<
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bK86f9dbdff9eeca422fbb67321dd45f7a3230;received=10.0.85.3
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:302@asterisk>;tag=as3c458716
Call-ID: <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="bfdedcd98cdc8fda86dc8e8c8c87db8ddc8d87db86dc8a8c8bdeda8789dcdddb87ff8e8f918f91878a918c" rel="noreferrer noopener nofollow">[email protected]</a>
CSeq: 4 INVITE
User-Agent: Asterisk PBX (switchvox)
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,REFER,SUBSCRIBE,NOTIFY
Contact: <sip:10.0.85.3:5060>
Proxy-Authenticate: Digest realm="asterisk",nonce="1bd30f50"
Content-Length: 0
在这两种情况下,授权 header 的构造方式完全相同(执行的代码相同)。 我使用请求的 request-URI 作为“digestURI”。 我尝试使用代理授权 header 而不是授权 header ,但结果是相同的。
有人能看出我做错了什么吗? 提前致谢。
最佳答案
要对代理进行身份验证(换句话说,您需要407需要代理身份验证,您需要一个Proxy-Authorization header 。
如RFC 2617也就是说,您可以按照与 Authorization header 相同的方式构建此 header 。
您提到在问题中使用 From URI。 RFC 2617 section 3.2.2表示您使用请求 URI (sip:302@asterisk)。请注意 RFC 3261 section 22.4 中特定于 SIP 的更改.
关于sip - SIP代理认证失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/5829630/