我正在开发一个SIP用户代理应用程序,它连接到Asterisk服务器并尝试拨打电话。我正在使用JAIN SIP API的NIST实现。
当应用程序注册自身时,401(未授权)响应会使用WWW-Authenticate标头对其进行质询。应用程序将Authorization标头插入下一个REGISTER请求。这次Asterisk返回200(OK)响应 - 注册成功。
当应用程序发送INVITE请求时,Asterisk会响应407(需要代理身份验证)响应。这次响应包含Proxy-Authenticate标头。我的应用程序再次发送INVITE,但这次使用Authorization标头,Asterisk响应时使用相同的407(需要代理身份验证)响应。
以下是传输的SIP消息('>>'表示外发消息;'<<<<'表示传入消息):
>>
REGISTER sip:10.0.84.30:5060 SIP/2.0
Call-ID: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3
CSeq: 1 REGISTER
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:301@asterisk>
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKc7dd178d3d444ccc059a191e700fc8b73230
Max-Forwards: 70
Contact: <sip:10.0.85.3:5060>
Expires: 300
Content-Length: 0
&LT;&LT;
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKc7dd178d3d444ccc059a191e700fc8b73230;received=10.0.85.3
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:301@asterisk>
Call-ID: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3
CSeq: 1 REGISTER
User-Agent: Asterisk PBX (switchvox)
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,REFER,SUBSCRIBE,NOTIFY
Contact: <sip:301@10.0.84.30>
Content-Length: 0
&LT;&LT;
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKc7dd178d3d444ccc059a191e700fc8b73230;received=10.0.85.3
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:301@asterisk>;tag=as3c458716
Call-ID: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3
CSeq: 1 REGISTER
User-Agent: Asterisk PBX (switchvox)
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,REFER,SUBSCRIBE,NOTIFY
Contact: <sip:301@10.0.84.30>
WWW-Authenticate: Digest realm="asterisk",nonce="6fbe5a68"
Content-Length: 0
&GT;&GT;
REGISTER sip:10.0.84.30:5060 SIP/2.0
CSeq: 2 REGISTER
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:301@asterisk>
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKffb0be254f93f61fa0dc7ac32b9078a43230
Max-Forwards: 70
Contact: <sip:10.0.85.3:5060>
Expires: 300
Authorization: Digest username="301",realm="asterisk",nonce="6fbe5a68",response="bc7075e8e241a4109dfa24d6ae95e78c",algorithm=MD5,uri="sip:10.0.84.30:5060",nc=00000001
Call-ID: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3
Content-Length: 0
&LT;&LT;
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKffb0be254f93f61fa0dc7ac32b9078a43230;received=10.0.85.3
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:301@asterisk>
Call-ID: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3
CSeq: 2 REGISTER
User-Agent: Asterisk PBX (switchvox)
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,REFER,SUBSCRIBE,NOTIFY
Contact: <sip:301@10.0.84.30>
Content-Length: 0
&LT;&LT;
SIP/2.0 200 OK
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKffb0be254f93f61fa0dc7ac32b9078a43230;received=10.0.85.3
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:301@asterisk>;tag=as3c458716
Call-ID: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3
CSeq: 2 REGISTER
User-Agent: Asterisk PBX (switchvox)
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,REFER,SUBSCRIBE,NOTIFY
Expires: 300
Contact: <sip:10.0.85.3:5060>;expires=300
Date: Tue, 03 May 2011 06:42:33 GMT
Content-Length: 0
&GT;&GT;
INVITE sip:302@asterisk SIP/2.0
Call-ID: c20df277bb6f9fb69d83000e5255eb86@10.0.85.3
CSeq: 3 INVITE
From: <sip:301@asterisk>;tag=KOZWxg
To: <sip:302@asterisk>
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKaa0520efde83907b71d1f76315188c413230
Max-Forwards: 70
Contact: <sip:10.0.85.3:5060>
Route: <sip:10.0.84.30:5060;lr>
Content-Type: application/sdp
Content-Length: 106
&GT;&GT;
v=0
o=- 3513393083 3513393083 IN IP4 10.0.85.3
s=-
c=IN IP4 10.0.85.3
t=0 0
m=audio 40000 RTP/AVP 3
&LT;&LT;
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bKaa0520efde83907b71d1f76315188c413230;received=10.0.85.3
From: <sip:301@asterisk>;tag=KOZWxg
To: <sip:302@asterisk>;tag=as5de9ed83
Call-ID: c20df277bb6f9fb69d83000e5255eb86@10.0.85.3
CSeq: 3 INVITE
User-Agent: Asterisk PBX (switchvox)
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,REFER,SUBSCRIBE,NOTIFY
Contact: <sip:302@10.0.84.30>
Proxy-Authenticate: Digest realm="asterisk",nonce="74986b64"
Content-Length: 0
&GT;&GT;
INVITE sip:302@asterisk SIP/2.0
CSeq: 4 INVITE
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:302@asterisk>
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bK86f9dbdff9eeca422fbb67321dd45f7a3230
Max-Forwards: 70
Contact: <sip:10.0.85.3:5060>
Route: <sip:10.0.84.30:5060;lr>
Content-Type: application/sdp
Authorization: Digest username="301",realm="asterisk",nonce="74986b64",response="a08b8d7ce96cae00e7d334e132bf7358",algorithm=MD5,uri="sip:302@asterisk",nc=00000001
Call-ID: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3
Content-Length: 106
&GT;&GT;
v=0
o=- 3513393083 3513393083 IN IP4 10.0.85.3
s=-
c=IN IP4 10.0.85.3
t=0 0
m=audio 40000 RTP/AVP 3
&LT;&LT;
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 10.0.85.3:5060;branch=z9hG4bK86f9dbdff9eeca422fbb67321dd45f7a3230;received=10.0.85.3
From: <sip:301@asterisk>;tag=2B3n8g
To: <sip:302@asterisk>;tag=as3c458716
Call-ID: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3
CSeq: 4 INVITE
User-Agent: Asterisk PBX (switchvox)
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,REFER,SUBSCRIBE,NOTIFY
Contact: <sip:10.0.85.3:5060>
Proxy-Authenticate: Digest realm="asterisk",nonce="1bd30f50"
Content-Length: 0
在两种情况下(与执行的代码相同),Authorization标头的构造方式完全相同。 我正在使用请求的'digestURI'的URI请求。 我尝试使用Proxy-Authorization标头而不是Authorization标头,但结果是一样的。
谁能看到我做错了什么? 提前谢谢。
答案 0 :(得分:3)
要对代理进行身份验证(换句话说,您有407 Proxy Authentication Required
,您需要Proxy-Authorization
标题。
正如RFC 2617所述,您使用与Authorization
标题相同的方式构建此内容。
您提到在问题中使用From URI。 RFC 2617 section 3.2.2表示您使用了Request-URI(sip:302@asterisk
)。请注意RFC 3261 section 22.4中的SIP特定更改。
答案 1 :(得分:1)
我已经解决了这个问题。 似乎Asterisk无法将我的第二个INVITE请求与前面的407(需要代理身份验证)响应相关联,该响应包含Proxy-Authentication头的nonce值。
这是因为我没有使用相同的Call-ID值和两个INVITE请求的From-header标签。对于包含代理验证头的第二个INVITE请求,我不小心使用了第一个REGISTER请求的Call-ID和From-header标记值,而不是第一个INVITE请求。
但INVITE尚未成功。对于第二个回复,我现在得到488(这里不可接受),但我会尝试在另一个问题中找出现在的错误。
答案 2 :(得分:0)
有点奇怪的是,你的Asterisk服务器正在响应我刚检查过的407,它用401响应.Asterisk毕竟是B2BUA而不是代理。我建议在经过身份验证的请求中尝试使用Authorization标头,而不是代理授权,因为它与我的Asterisk服务器一起使用。
此外,您需要在摘要中使用请求URI,而不是From头URI。所以在你的情况下它应该是uri = sip:302 @ asterisk。