2

我正在开发一个连接到 Asterisk 服务器并尝试拨打电话的 SIP 用户代理应用程序。我正在使用 JAIN SIP API 的 NIST 实现。

当应用程序注册自己时,401(未授权)响应会使用 WWW-Authenticate 标头对其进行质询。应用程序将 Authorization 标头插入到下一个 REGISTER 请求中。这次 Asterisk 返回一个 200 (OK) 响应——注册成功。

当应用程序发送 INVITE 请求时,Asterisk 会以 407(需要代理身份验证)响应进行响应。这次响应包含一个 Proxy-Authenticate 标头。我的应用程序再次发送了一个 INVITE,但这次带有 Authorization 标头,Asterisk 使用相同的 407(需要代理身份验证)响应进行响应。

以下是传输的 SIP 消息('>>' 表示传出消息;'<<' 表示传入消息):

>>

REGISTER sip:10.0.84.30:5060 SIP/2.0
Call-ID: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3
CSeq: 1 REGISTER
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:301@asterisk>
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKc7dd178d3d444ccc059a191e700fc8b73230
Max-Forwards: 70
Contact: <sip:10.0.85.3:5060>
Expires: 300
Content-Length: 0

<<

SIP/2.0 100 Trying
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKc7dd178d3d444ccc059a191e700fc8b73230;received=10.0.85.3
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:301@asterisk>
Call-ID: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3
CSeq: 1 REGISTER
User-Agent: Asterisk PBX (switchvox)
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,REFER,SUBSCRIBE,NOTIFY
Contact: <sip:301@10.0.84.30>
Content-Length: 0

<<

SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKc7dd178d3d444ccc059a191e700fc8b73230;received=10.0.85.3
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:301@asterisk>;tag=as3c458716
Call-ID: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3
CSeq: 1 REGISTER
User-Agent: Asterisk PBX (switchvox)
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,REFER,SUBSCRIBE,NOTIFY
Contact: <sip:301@10.0.84.30>
WWW-Authenticate: Digest realm="asterisk",nonce="6fbe5a68"
Content-Length: 0

>>

REGISTER sip:10.0.84.30:5060 SIP/2.0
CSeq: 2 REGISTER
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:301@asterisk>
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKffb0be254f93f61fa0dc7ac32b9078a43230
Max-Forwards: 70
Contact: <sip:10.0.85.3:5060>
Expires: 300
Authorization: Digest username="301",realm="asterisk",nonce="6fbe5a68",response="bc7075e8e241a4109dfa24d6ae95e78c",algorithm=MD5,uri="sip:10.0.84.30:5060",nc=00000001
Call-ID: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3
Content-Length: 0

<<

SIP/2.0 100 Trying
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKffb0be254f93f61fa0dc7ac32b9078a43230;received=10.0.85.3
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:301@asterisk>
Call-ID: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3
CSeq: 2 REGISTER
User-Agent: Asterisk PBX (switchvox)
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,REFER,SUBSCRIBE,NOTIFY
Contact: <sip:301@10.0.84.30>
Content-Length: 0

<<

SIP/2.0 200 OK
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKffb0be254f93f61fa0dc7ac32b9078a43230;received=10.0.85.3
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:301@asterisk>;tag=as3c458716
Call-ID: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3
CSeq: 2 REGISTER
User-Agent: Asterisk PBX (switchvox)
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,REFER,SUBSCRIBE,NOTIFY
Expires: 300
Contact: <sip:10.0.85.3:5060>;expires=300
Date: Tue, 03 May 2011 06:42:33 GMT
Content-Length: 0

>>

INVITE sip:302@asterisk SIP/2.0
Call-ID: c20df277bb6f9fb69d83000e5255eb86@10.0.85.3  
CSeq: 3 INVITE
From: <sip:301@asterisk>;tag=KOZWxg
To: <sip:302@asterisk>
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKaa0520efde83907b71d1f76315188c413230
Max-Forwards: 70
Contact: <sip:10.0.85.3:5060>
Route: <sip:10.0.84.30:5060;lr>
Content-Type: application/sdp
Content-Length: 106

>>

v=0
o=- 3513393083 3513393083 IN IP4 10.0.85.3
s=-
c=IN IP4 10.0.85.3
t=0 0
m=audio 40000 RTP/AVP 3

<<

SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKaa0520efde83907b71d1f76315188c413230;received=10.0.85.3
From: <sip:301@asterisk>;tag=KOZWxg
To: <sip:302@asterisk>;tag=as5de9ed83
Call-ID: c20df277bb6f9fb69d83000e5255eb86@10.0.85.3
CSeq: 3 INVITE
User-Agent: Asterisk PBX (switchvox)
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,REFER,SUBSCRIBE,NOTIFY
Contact: <sip:302@10.0.84.30>
Proxy-Authenticate: Digest realm="asterisk",nonce="74986b64"
Content-Length: 0

>>

INVITE sip:302@asterisk SIP/2.0
CSeq: 4 INVITE
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:302@asterisk>
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bK86f9dbdff9eeca422fbb67321dd45f7a3230
Max-Forwards: 70
Contact: <sip:10.0.85.3:5060>
Route: <sip:10.0.84.30:5060;lr>
Content-Type: application/sdp
Authorization: Digest   username="301",realm="asterisk",nonce="74986b64",response="a08b8d7ce96cae00e7d334e132bf7358",algorithm=MD5,uri="sip:302@asterisk",nc=00000001
Call-ID: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3
Content-Length: 106

>>

v=0
o=- 3513393083 3513393083 IN IP4 10.0.85.3
s=-
c=IN IP4 10.0.85.3
t=0 0
m=audio 40000 RTP/AVP 3

<<

SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bK86f9dbdff9eeca422fbb67321dd45f7a3230;received=10.0.85.3
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:302@asterisk>;tag=as3c458716
Call-ID: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3
CSeq: 4 INVITE
User-Agent: Asterisk PBX (switchvox)
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,REFER,SUBSCRIBE,NOTIFY
Contact: <sip:10.0.85.3:5060>
Proxy-Authenticate: Digest realm="asterisk",nonce="1bd30f50"
Content-Length: 0

在这两种情况下,Authorization 标头的构造方式完全相同(执行相同的代码)。我将请求的请求 URI 用于“digestURI”。我尝试使用 Proxy-Authorization 标头而不是 Authorization 标头,但结果是一样的。

谁能看到我做错了什么?提前致谢。

4

3 回答 3

3

为了对代理进行身份验证(换句话说,407 Proxy Authentication Required您需要一个Proxy-Authorization标头。

正如RFC 2617所说,您构建它的方式与构建Authorization标头的方式相同。

您在问题中提到使用 From URI。RFC 2617 第 3.2.2 节说您使用 Request-URI ( sip:302@asterisk)。注意RFC 3261 第 22.4 节中特定于 SIP 的更改。

于 2011-04-29T09:45:45.677 回答
1

我已经解决了这个问题。似乎 Asterisk 无法将我的第二个 INVITE 请求与前面的 407(需要代理身份验证)响应相关联,其中包含 Proxy-Authentication 标头的 nonce 值。

这是因为我没有为两个 INVITE 请求使用相同的 Call-ID 值和 From-header 的标签。对于包含 Proxy-Authentication Header 的第二个 INVITE 请求,我不小心使用了第一个 REGISTER 请求的 Call-ID 和 From-header 标记值,而不是第一个 INVITE 请求。

不过,INVITE 尚未成功。对于第二个响应,我现在得到 488(此处不可接受),但我会尝试在另一个问题中找出问题所在。

于 2011-05-03T09:27:14.170 回答
0

有点奇怪的是,您的 Asterisk 服务器响应 407 我刚刚检查了我的,它响应 401。Asterisk 毕竟是 B2BUA 而不是代理。我建议在经过身份验证的请求中尝试 Authorization 标头,而不是 Proxy-Authorization,因为它适用于我的 Asterisk 服务器。

您还需要在摘要中使用请求 URI,而不是 From 标头 URI。所以在你的情况下,它应该是 uri=sip:302@asterisk。

于 2011-04-29T23:13:41.643 回答