Sip协议(四) -注册流程

Sip协议(四) -注册流程

本文主要介绍下sip协议中, agent的注册流程.

一: 流程图

简单的流程图如下:

1. agent发起注册
2. fs 返回401 ,并携带WWW-Authenticate
3. agent第二次发起注册,增加Authorization
4. fs返回授权成功, 或者失败.

二: sip流程

1. 发起注册REGISTER

   首先agent发起注册请求,此时没有携带鉴权信息.

   REGISTER sip:10.0.0.1 SIP/2.0
   Via: SIP/2.0/TCP 127.0.0.1:40000;rport;branch=z9hG4bK0000
   Max-Forwards: 70
   To: <sip:2000000@10.0.0.1>
   From: <sip:2000000@10.0.0.1>;tag=z9hG4bK35336846
   Call-ID: 006050992005@127.0.0.1
   CSeq: 1 REGISTER
   Contact: <sip:2000000@127.0.0.1:40000;transport=tcp>
   Expires: 3600
   User-Agent: AgentTest/1.0/V2318A
   Content-Length: 0
   

2. 收到返回401

   resp: 401代表未经授权：只供注册机构使用，代理服务器应使用代理服务器授权407

   Via: SIP/2.0/TCP 127.0.0.1:40000;rport=31494;branch=z9hG4bK08100;received=0.0.0.0
   From: <sip:2000000@10.0.0.1>;tag=z9hG4bK00314471
   To: <sip:2000000@10.0.0.1>;tag=QH8t6KQvye0jm
   Call-ID: 792925391612@127.0.0.1
   CSeq: 1 REGISTER
   User-Agent: FreeSWITCH-mod_sofia/1.10.10-release~64bit
   Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
   Supported: path, replaces
   WWW-Authenticate: Digest realm="10.0.0.1", nonce="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx", algorithm=MD5, qop="auth"
   Content-Length: 0
   

   我们可以注意到fs服务器返回值中多了WWW-Authenticate这一条,其中包含了realm/nonce/algorithm/qop.

3. 重新REGISTER

   关于授权这块可以查看 https://sipp.sourceforge.net/doc/reference.html#SIP+authentication
   SIPp supports SIP authentication. Two authentication algorithm are supported: Digest/MD5 ("algorithm="MD5"") and Digest/AKA ("algorithm="AKAv1-MD5"", as specified by 3GPP for IMS).
   Enabling authentication is simple. When receiving a 401 (Unauthorized) or a 407 (Proxy Authentication Required), you must add auth="true" in the command to take the challenge into account. Then, the authorization header can be re-injected in the next message by using [authentication] keyword.
   Computing the authorization header is done through the usage of the "[authentication]" keyword. Depending on the algorithm ("MD5" or "AKAv1-MD5"), different parameters must be passed next to the authentication keyword:

   • Digest/MD5 (example: [authentication username=joe password=schmo])
     • username: username: if no username is specified, the username is taken from the '-au' (authentication username) or '-s' (service) command line parameter
     • password: password: if no password is specified, the password is taken from the '-ap' (authentication password) command line parameter
   • Digest/AKA: (example: [authentication username=HappyFeet aka_OP=0xCDC202D5123E20F62B6D676AC72CB318 aka_K=0x465B5CE8B199B49FAA5F0A2EE238A6BC aka_AMF=0xB9B9])
     • username: username: if no username is specified, the username is taken from the '-au' (authentication username) or '-s' (service) command line parameter
     • aka_K: Permanent secret key. If no aka_K is provided, the "password" attributed is used as aka_K.
     • aka_OP: OPerator variant key
     • aka_AMF: Authentication Management Field (indicates the algorithm and key in use)

   可以看到第二次的请求增加了"Authorization"

   REGISTER sip:10.0.0.1 SIP/2.0
   Via: SIP/2.0/TCP 127.0.0.1:40000;rport;branch=z9hG4bK85085
   Max-Forwards: 70
   To: <sip:2000000@10.0.0.1>
   From: <sip:2000000@10.0.0.1>;tag=z9hG4bK40316239
   Call-ID: 375559501680@127.0.0.1
   CSeq: 2 REGISTER
   Contact: <sip:2000000@127.0.0.1:40000;transport=tcp>
   Expires: 3600
   User-Agent: AgentTest/1.0/V2318A
   Authorization: Digest username="2000000", realm="10.0.0.1", nonce="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx", uri="sip:10.0.0.1", algorithm=MD5, qop=auth, nc=1111, cnonce="xxxx", response="xxxxxxxxxxx"
   Content-Length: 0
   

   这里我们根据首次注册返回的realm/nonce/algorithm/qop 等数值, 计算了response digest ,cnonce 报给fs.

4. fs返回403

   这里由于注册的账户在fs中没有,默认是禁止注册的.所以返回了403

   SIP/2.0 403 Forbidden
   Via: SIP/2.0/TCP 127.0.0.1:40000;rport=1111;branch=z9hG4bK85085;received=0.0.0.0
   From: <sip:2000000@10.0.0.1>;tag=z9hG4bK40316239
   To: <sip:2000000@10.0.0.1>;tag=38ttccB02SD8c
   Call-ID: 375559501680@127.0.0.1
   CSeq: 2 REGISTER
   User-Agent: FreeSWITCH-mod_sofia/1.10.10-release~64bit
   Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
   Supported: path, replaces
   Content-Length: 0
   

5. 200

   更新注册账户后,回执成功.

   SIP/2.0 200 OK
   Via: SIP/2.0/TCP 127.0.0.1:40280;rport=12095;branch=z9hG4bK17148;received=0.0.0.0
   From: <sip:1000@10.0.0.1>;tag=z9hG4bK99284187
   To: <sip:1000@10.0.0.1>;tag=H6m55XXU7vS0j
   Call-ID: 194385787164@127.0.0.1
   CSeq: 2 REGISTER
   Contact: <sip:1000@127.0.0.1:40280;transport=tcp>;expires=3600
   Date: Thu, 20 Jun 2024 06:52:14 GMT
   User-Agent: FreeSWITCH-mod_sofia/1.10.10-release~64bit
   Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
   Supported: path, replaces
   Content-Length: 0