Sip协议(四) -注册流程
本文主要介绍下sip协议中, agent的注册流程.
一: 流程图
简单的流程图如下:
- agent发起注册
- fs 返回401 ,并携带WWW-Authenticate
- agent第二次发起注册,增加Authorization
- fs返回授权成功, 或者失败.
二: sip流程
-
发起注册REGISTER
首先agent发起注册请求,此时没有携带鉴权信息.
REGISTER sip:10.0.0.1 SIP/2.0 Via: SIP/2.0/TCP 127.0.0.1:40000;rport;branch=z9hG4bK0000 Max-Forwards: 70 To: <sip:2000000@10.0.0.1> From: <sip:2000000@10.0.0.1>;tag=z9hG4bK35336846 Call-ID: 006050992005@127.0.0.1 CSeq: 1 REGISTER Contact: <sip:2000000@127.0.0.1:40000;transport=tcp> Expires: 3600 User-Agent: AgentTest/1.0/V2318A Content-Length: 0
-
收到返回401
resp: 401代表未经授权:只供注册机构使用,代理服务器应使用代理服务器授权407
Via: SIP/2.0/TCP 127.0.0.1:40000;rport=31494;branch=z9hG4bK08100;received=0.0.0.0 From: <sip:2000000@10.0.0.1>;tag=z9hG4bK00314471 To: <sip:2000000@10.0.0.1>;tag=QH8t6KQvye0jm Call-ID: 792925391612@127.0.0.1 CSeq: 1 REGISTER User-Agent: FreeSWITCH-mod_sofia/1.10.10-release~64bit Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE Supported: path, replaces WWW-Authenticate: Digest realm="10.0.0.1", nonce="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx", algorithm=MD5, qop="auth" Content-Length: 0
我们可以注意到fs服务器返回值中多了WWW-Authenticate这一条,其中包含了realm/nonce/algorithm/qop.
-
重新REGISTER
关于授权这块可以查看 https://sipp.sourceforge.net/doc/reference.html#SIP+authentication
SIPp supports SIP authentication. Two authentication algorithm are supported: Digest/MD5 ("algorithm=“MD5"”) and Digest/AKA ("algorithm=“AKAv1-MD5"”, as specified by 3GPP for IMS).
Enabling authentication is simple. When receiving a 401 (Unauthorized) or a 407 (Proxy Authentication Required), you must add auth=“true” in the command to take the challenge into account. Then, the authorization header can be re-injected in the next message by using [authentication] keyword.
Computing the authorization header is done through the usage of the “[authentication]” keyword. Depending on the algorithm (“MD5” or “AKAv1-MD5”), different parameters must be passed next to the authentication keyword:
- Digest/MD5 (example: [authentication username=joe password=schmo])
- username: username: if no username is specified, the username is taken from the ‘-au’ (authentication username) or ‘-s’ (service) command line parameter
- password: password: if no password is specified, the password is taken from the ‘-ap’ (authentication password) command line parameter
- Digest/AKA: (example: [authentication username=HappyFeet aka_OP=0xCDC202D5123E20F62B6D676AC72CB318 aka_K=0x465B5CE8B199B49FAA5F0A2EE238A6BC aka_AMF=0xB9B9])
- username: username: if no username is specified, the username is taken from the ‘-au’ (authentication username) or ‘-s’ (service) command line parameter
- aka_K: Permanent secret key. If no aka_K is provided, the “password” attributed is used as aka_K.
- aka_OP: OPerator variant key
- aka_AMF: Authentication Management Field (indicates the algorithm and key in use)
可以看到第二次的请求增加了"Authorization"
REGISTER sip:10.0.0.1 SIP/2.0 Via: SIP/2.0/TCP 127.0.0.1:40000;rport;branch=z9hG4bK85085 Max-Forwards: 70 To: <sip:2000000@10.0.0.1> From: <sip:2000000@10.0.0.1>;tag=z9hG4bK40316239 Call-ID: 375559501680@127.0.0.1 CSeq: 2 REGISTER Contact: <sip:2000000@127.0.0.1:40000;transport=tcp> Expires: 3600 User-Agent: AgentTest/1.0/V2318A Authorization: Digest username="2000000", realm="10.0.0.1", nonce="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx", uri="sip:10.0.0.1", algorithm=MD5, qop=auth, nc=1111, cnonce="xxxx", response="xxxxxxxxxxx" Content-Length: 0
这里我们根据首次注册返回的realm/nonce/algorithm/qop 等数值, 计算了response digest ,cnonce 报给fs.
- Digest/MD5 (example: [authentication username=joe password=schmo])
-
fs返回403
这里由于注册的账户在fs中没有,默认是禁止注册的.所以返回了403
SIP/2.0 403 Forbidden Via: SIP/2.0/TCP 127.0.0.1:40000;rport=1111;branch=z9hG4bK85085;received=0.0.0.0 From: <sip:2000000@10.0.0.1>;tag=z9hG4bK40316239 To: <sip:2000000@10.0.0.1>;tag=38ttccB02SD8c Call-ID: 375559501680@127.0.0.1 CSeq: 2 REGISTER User-Agent: FreeSWITCH-mod_sofia/1.10.10-release~64bit Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE Supported: path, replaces Content-Length: 0
-
200
更新注册账户后,回执成功.
SIP/2.0 200 OK Via: SIP/2.0/TCP 127.0.0.1:40280;rport=12095;branch=z9hG4bK17148;received=0.0.0.0 From: <sip:1000@10.0.0.1>;tag=z9hG4bK99284187 To: <sip:1000@10.0.0.1>;tag=H6m55XXU7vS0j Call-ID: 194385787164@127.0.0.1 CSeq: 2 REGISTER Contact: <sip:1000@127.0.0.1:40280;transport=tcp>;expires=3600 Date: Thu, 20 Jun 2024 06:52:14 GMT User-Agent: FreeSWITCH-mod_sofia/1.10.10-release~64bit Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE Supported: path, replaces Content-Length: 0