Sip协议(四) -注册流程

夏沫琅琊2024-06-21 16:07

Sip协议(四) -注册流程

本文主要介绍下sip协议中, agent的注册流程.

一: 流程图

简单的流程图如下:

  1. agent发起注册
  2. fs 返回401 ,并携带WWW-Authenticate
  3. agent第二次发起注册,增加Authorization
  4. fs返回授权成功, 或者失败.

二: sip流程

  1. 发起注册REGISTER

    首先agent发起注册请求,此时没有携带鉴权信息.

    复制代码 
    REGISTER sip:10.0.0.1 SIP/2.0
Via: SIP/2.0/TCP 127.0.0.1:40000;rport;branch=z9hG4bK0000
Max-Forwards: 70
To: <sip:2000000@10.0.0.1>
From: <sip:2000000@10.0.0.1>;tag=z9hG4bK35336846
Call-ID: 006050992005@127.0.0.1
CSeq: 1 REGISTER
Contact: <sip:2000000@127.0.0.1:40000;transport=tcp>
Expires: 3600
User-Agent: AgentTest/1.0/V2318A
Content-Length: 0

  2. 收到返回401

    resp: 401代表未经授权:只供注册机构使用,代理服务器应使用代理服务器授权407

    复制代码 
    Via: SIP/2.0/TCP 127.0.0.1:40000;rport=31494;branch=z9hG4bK08100;received=0.0.0.0
From: <sip:2000000@10.0.0.1>;tag=z9hG4bK00314471
To: <sip:2000000@10.0.0.1>;tag=QH8t6KQvye0jm
Call-ID: 792925391612@127.0.0.1
CSeq: 1 REGISTER
User-Agent: FreeSWITCH-mod_sofia/1.10.10-release~64bit
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
Supported: path, replaces
WWW-Authenticate: Digest realm="10.0.0.1", nonce="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx", algorithm=MD5, qop="auth"
Content-Length: 0

    我们可以注意到fs服务器返回值中多了WWW-Authenticate这一条,其中包含了realm/nonce/algorithm/qop.

  3. 重新REGISTER

    关于授权这块可以查看 https://sipp.sourceforge.net/doc/reference.html#SIP+authentication
    SIPp supports SIP authentication. Two authentication algorithm are supported: Digest/MD5 ("algorithm="MD5"") and Digest/AKA ("algorithm="AKAv1-MD5"", as specified by 3GPP for IMS).
    Enabling authentication is simple. When receiving a 401 (Unauthorized) or a 407 (Proxy Authentication Required), you must add auth="true" in the command to take the challenge into account. Then, the authorization header can be re-injected in the next message by using [authentication] keyword.
    Computing the authorization header is done through the usage of the "[authentication]" keyword. Depending on the algorithm ("MD5" or "AKAv1-MD5"), different parameters must be passed next to the authentication keyword:

    • Digest/MD5 (example: [authentication username=joe password=schmo])
      • username: username: if no username is specified, the username is taken from the '-au' (authentication username) or '-s' (service) command line parameter
      • password: password: if no password is specified, the password is taken from the '-ap' (authentication password) command line parameter
    • Digest/AKA: (example: [authentication username=HappyFeet aka_OP=0xCDC202D5123E20F62B6D676AC72CB318 aka_K=0x465B5CE8B199B49FAA5F0A2EE238A6BC aka_AMF=0xB9B9])
      • username: username: if no username is specified, the username is taken from the '-au' (authentication username) or '-s' (service) command line parameter
      • aka_K: Permanent secret key. If no aka_K is provided, the "password" attributed is used as aka_K.
      • aka_OP: OPerator variant key
      • aka_AMF: Authentication Management Field (indicates the algorithm and key in use)

    可以看到第二次的请求增加了"Authorization"

    复制代码 
    REGISTER sip:10.0.0.1 SIP/2.0
Via: SIP/2.0/TCP 127.0.0.1:40000;rport;branch=z9hG4bK85085
Max-Forwards: 70
To: <sip:2000000@10.0.0.1>
From: <sip:2000000@10.0.0.1>;tag=z9hG4bK40316239
Call-ID: 375559501680@127.0.0.1
CSeq: 2 REGISTER
Contact: <sip:2000000@127.0.0.1:40000;transport=tcp>
Expires: 3600
User-Agent: AgentTest/1.0/V2318A
Authorization: Digest username="2000000", realm="10.0.0.1", nonce="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx", uri="sip:10.0.0.1", algorithm=MD5, qop=auth, nc=1111, cnonce="xxxx", response="xxxxxxxxxxx"
Content-Length: 0

    这里我们根据首次注册返回的realm/nonce/algorithm/qop 等数值, 计算了response digest ,cnonce 报给fs.

  4. fs返回403

    这里由于注册的账户在fs中没有,默认是禁止注册的.所以返回了403

    复制代码 
    SIP/2.0 403 Forbidden
Via: SIP/2.0/TCP 127.0.0.1:40000;rport=1111;branch=z9hG4bK85085;received=0.0.0.0
From: <sip:2000000@10.0.0.1>;tag=z9hG4bK40316239
To: <sip:2000000@10.0.0.1>;tag=38ttccB02SD8c
Call-ID: 375559501680@127.0.0.1
CSeq: 2 REGISTER
User-Agent: FreeSWITCH-mod_sofia/1.10.10-release~64bit
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
Supported: path, replaces
Content-Length: 0

  5. 200

    更新注册账户后,回执成功.

    复制代码 
    SIP/2.0 200 OK
Via: SIP/2.0/TCP 127.0.0.1:40280;rport=12095;branch=z9hG4bK17148;received=0.0.0.0
From: <sip:1000@10.0.0.1>;tag=z9hG4bK99284187
To: <sip:1000@10.0.0.1>;tag=H6m55XXU7vS0j
Call-ID: 194385787164@127.0.0.1
CSeq: 2 REGISTER
Contact: <sip:1000@127.0.0.1:40280;transport=tcp>;expires=3600
Date: Thu, 20 Jun 2024 06:52:14 GMT
User-Agent: FreeSWITCH-mod_sofia/1.10.10-release~64bit
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
Supported: path, replaces
Content-Length: 0
相关推荐
一铭111996 分钟前
gpt-claude-gemini 超级大模型安装使用教程
java·python·gpt·ai编程·claude·gemini
weisian1517 分钟前
Java并发编程--44-分布式限流:令牌桶与漏桶算法在网关层的落地
java·分布式·令牌桶算法·漏桶算法·固定窗口算法·滑动窗口算法
SamDeepThinking8 分钟前
秒杀系统怎么区分真实用户和黄牛脚本?
java·后端·架构
2301_7926748610 分钟前
java学习day31(redis)
java·redis·学习
小碗羊肉11 分钟前
【从零开始学Java | 第四十一篇】深入多线程
java·开发语言
xuhaoyu_cpp_java13 分钟前
MyBatis学习(一)
java·经验分享·笔记·学习·mybatis
奇妙之二进制17 分钟前
zmq源码分析之消息可读通知机制
服务器·网络
wuxinyan12318 分钟前
Java面试题50:Kubernetes 全栈知识体系之一
java·kubernetes·面试题
techdashen23 分钟前
不开端口,不配 DNS,用树莓派在家搭一个公网可访问的 Web 服务
前端·网络·智能路由器
笨熊呆呆瓜25 分钟前
【可靠性配置】华为M-LAG防环机制
网络
热门推荐
01GitHub 镜像站点022026年4月技术前沿:AI大模型爆发、智能体革命与量子安全新纪元03近期有什么ai的新消息,新动态? 2026.4月042026年4月AI大事件深度解读:大模型竞争进入“深水区“052026年AI前瞻:量子AI、具身智能与科学发现的新纪元06codex app每次打开重连5次Reconnecting问题解决07AI Weekly | 2026年4月第二周 · GitHub热门项目与AI发展趋势深度解析082026 年 AI 辅助编程工具全景对比:Copilot、Cursor、Claude Code 与 Codex 深度解析09CC-Switch & Claude 基于 Linux 服务器安装使用指南102026 年 AI 编程助手全面对比评测:Cursor vs Copilot vs Claude Code vs GitHub Copilot Free