Sip协议(四) -注册流程

夏沫琅琊2024-06-21 16:07

Sip协议(四) -注册流程

本文主要介绍下sip协议中, agent的注册流程.

一: 流程图

简单的流程图如下:

  1. agent发起注册
  2. fs 返回401 ,并携带WWW-Authenticate
  3. agent第二次发起注册,增加Authorization
  4. fs返回授权成功, 或者失败.

二: sip流程

  1. 发起注册REGISTER

    首先agent发起注册请求,此时没有携带鉴权信息.

    复制代码 
    REGISTER sip:10.0.0.1 SIP/2.0
Via: SIP/2.0/TCP 127.0.0.1:40000;rport;branch=z9hG4bK0000
Max-Forwards: 70
To: <sip:2000000@10.0.0.1>
From: <sip:2000000@10.0.0.1>;tag=z9hG4bK35336846
Call-ID: 006050992005@127.0.0.1
CSeq: 1 REGISTER
Contact: <sip:2000000@127.0.0.1:40000;transport=tcp>
Expires: 3600
User-Agent: AgentTest/1.0/V2318A
Content-Length: 0

  2. 收到返回401

    resp: 401代表未经授权:只供注册机构使用,代理服务器应使用代理服务器授权407

    复制代码 
    Via: SIP/2.0/TCP 127.0.0.1:40000;rport=31494;branch=z9hG4bK08100;received=0.0.0.0
From: <sip:2000000@10.0.0.1>;tag=z9hG4bK00314471
To: <sip:2000000@10.0.0.1>;tag=QH8t6KQvye0jm
Call-ID: 792925391612@127.0.0.1
CSeq: 1 REGISTER
User-Agent: FreeSWITCH-mod_sofia/1.10.10-release~64bit
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
Supported: path, replaces
WWW-Authenticate: Digest realm="10.0.0.1", nonce="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx", algorithm=MD5, qop="auth"
Content-Length: 0

    我们可以注意到fs服务器返回值中多了WWW-Authenticate这一条,其中包含了realm/nonce/algorithm/qop.

  3. 重新REGISTER

    关于授权这块可以查看 https://sipp.sourceforge.net/doc/reference.html#SIP+authentication
    SIPp supports SIP authentication. Two authentication algorithm are supported: Digest/MD5 ("algorithm="MD5"") and Digest/AKA ("algorithm="AKAv1-MD5"", as specified by 3GPP for IMS).
    Enabling authentication is simple. When receiving a 401 (Unauthorized) or a 407 (Proxy Authentication Required), you must add auth="true" in the command to take the challenge into account. Then, the authorization header can be re-injected in the next message by using authentication keyword.
    Computing the authorization header is done through the usage of the "authentication" keyword. Depending on the algorithm ("MD5" or "AKAv1-MD5"), different parameters must be passed next to the authentication keyword:

    • Digest/MD5 (example: authentication username=joe password=schmo)
      • username: username: if no username is specified, the username is taken from the '-au' (authentication username) or '-s' (service) command line parameter
      • password: password: if no password is specified, the password is taken from the '-ap' (authentication password) command line parameter
    • Digest/AKA: (example: authentication username=HappyFeet aka_OP=0xCDC202D5123E20F62B6D676AC72CB318 aka_K=0x465B5CE8B199B49FAA5F0A2EE238A6BC aka_AMF=0xB9B9)
      • username: username: if no username is specified, the username is taken from the '-au' (authentication username) or '-s' (service) command line parameter
      • aka_K: Permanent secret key. If no aka_K is provided, the "password" attributed is used as aka_K.
      • aka_OP: OPerator variant key
      • aka_AMF: Authentication Management Field (indicates the algorithm and key in use)

    可以看到第二次的请求增加了"Authorization"

    复制代码 
    REGISTER sip:10.0.0.1 SIP/2.0
Via: SIP/2.0/TCP 127.0.0.1:40000;rport;branch=z9hG4bK85085
Max-Forwards: 70
To: <sip:2000000@10.0.0.1>
From: <sip:2000000@10.0.0.1>;tag=z9hG4bK40316239
Call-ID: 375559501680@127.0.0.1
CSeq: 2 REGISTER
Contact: <sip:2000000@127.0.0.1:40000;transport=tcp>
Expires: 3600
User-Agent: AgentTest/1.0/V2318A
Authorization: Digest username="2000000", realm="10.0.0.1", nonce="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx", uri="sip:10.0.0.1", algorithm=MD5, qop=auth, nc=1111, cnonce="xxxx", response="xxxxxxxxxxx"
Content-Length: 0

    这里我们根据首次注册返回的realm/nonce/algorithm/qop 等数值, 计算了response digest ,cnonce 报给fs.

  4. fs返回403

    这里由于注册的账户在fs中没有,默认是禁止注册的.所以返回了403

    复制代码 
    SIP/2.0 403 Forbidden
Via: SIP/2.0/TCP 127.0.0.1:40000;rport=1111;branch=z9hG4bK85085;received=0.0.0.0
From: <sip:2000000@10.0.0.1>;tag=z9hG4bK40316239
To: <sip:2000000@10.0.0.1>;tag=38ttccB02SD8c
Call-ID: 375559501680@127.0.0.1
CSeq: 2 REGISTER
User-Agent: FreeSWITCH-mod_sofia/1.10.10-release~64bit
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
Supported: path, replaces
Content-Length: 0

  5. 200

    更新注册账户后,回执成功.

    复制代码 
    SIP/2.0 200 OK
Via: SIP/2.0/TCP 127.0.0.1:40280;rport=12095;branch=z9hG4bK17148;received=0.0.0.0
From: <sip:1000@10.0.0.1>;tag=z9hG4bK99284187
To: <sip:1000@10.0.0.1>;tag=H6m55XXU7vS0j
Call-ID: 194385787164@127.0.0.1
CSeq: 2 REGISTER
Contact: <sip:1000@127.0.0.1:40280;transport=tcp>;expires=3600
Date: Thu, 20 Jun 2024 06:52:14 GMT
User-Agent: FreeSWITCH-mod_sofia/1.10.10-release~64bit
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
Supported: path, replaces
Content-Length: 0
相关推荐
吃饱了得干活1 天前
Spring Cloud Gateway 微服务网关:路由、断言、过滤器
java·spring cloud
lwx572801 天前
探秘InnoDB:搞懂它的内存、线程、磁盘与日志刷盘策略
java·后端
Flynt1 天前
从Spring Boot 4.0升到4.1,我在Maven和gRPC上栽了跟头
java·spring boot·后端
plainGeekDev1 天前
Activity 间传值 → Navigation 参数
android·java·kotlin
plainGeekDev1 天前
onActivityResult → ActivityResult API
android·java·kotlin
Sunia1 天前
《AgentX 专栏》10-生产部署:3台2C4G云服务器把企业级Agent真正跑起来的完整方案
java·架构
ZhengEnCi1 天前
J7A-高级Java工程师面试三道灵魂拷问-深度广度与工程素养的终极检验
java·后端
狼爷2 天前
吃透 Java Function 接口,搞定 99% 的 Stream 场景
java·函数式编程
祎雪双十Gy2 天前
从 DataX 的配置加载说起:我用 FastJson2 做了一个轻量级动态配置管理库
java·后端
小锋java12342 天前
分享一套锋哥原创的SpringBoot4+Vue3宠物领养网站系统
java
热门推荐
012026年6月AI大模型全景报告:GPT-5.6、Claude Opus 4.8、Gemini 3.5,中美AI三足鼎立谁主沉浮?022026年6月AI行业全景:从百模大战到Agent元年,这30天发生了什么?032026 年 AI 编程工具终极横评:Cursor vs Claude Code vs Copilot vs Windsurf04飞书长连接_事件订阅(接收消息,审批任务状态变更)05Trae国际版与国内版深度测评:AI原生IDE的双生花06【AI】2026 年具身智能模型和世界模型总结07GitHub 镜像站点08Claude Code、Codex、Cursor三分天下:2026年AI编程Agent生态全景剖析092026年AI架构实战:彻底解决OpenAI接口超时与封号,Python调用GPT-5.2/Sora2企业级架构详解(附源码+压测报告)102026 AI 编程工具终极实战指南:Cursor vs Claude Code vs Copilot,开发者该怎么选?