### Description
Currently secsipid has a method to sign arbitrary (json) data
(`secsipid_sign`), however it has no converse method to check the signature.
Currently, an attempt to check a `div` signature for example will yield a
`-303` error (`SIPHdrInfo`). Rather than trying to have full parsing for every
possible type of Identity header (which are likely to increase in variety), it
would be good to simply check "is this signature valid by trusted key",
possibly validating the `iat` timestamp as well, but without any other opinions
on the header values.
### Expected behavior
A feature to check only the signature of an identity header.
#### Actual observed behavior
Currently the `secsipid_check_` family of functions fails for non- `shaken`
passport types.
#### Debugging Data
The following DIV identity header was generated by secsipid's
`secsipid_sign()` function, so it should be possible to reverse this to
validate the signature:
```
Identity:
eyJhbGciOiJFUzI1NiIsInBwdCI6ImRpdiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9kLm10c2VjLm1lL2QzYTkvQmZUeGJVTlozS1FMLnBlbSJ9.eyJkZXN0Ijp7InRuIjpbIjE2MTI1NTU0MzIxIl19LCJpYXQiOiIxNzEwMTY5MzQ1Iiwib3JpZyI6eyJ0biI6IjE1NTU3MzU5MzA5In0sImRpdiI6eyJ0biI6IjE5NTI1NTU5ODc2In19.-0QF6-u6zgAQNoAhdiETuhAu7FuRDzxmFch_cTdhcbeWvUZ60NQXxdPM-JucpOtFaEdn9wnFreAZ_6vZoc_Phg;info=<https://d.mtsec.me/d3a9/BfTxbUNZ3KQL.pem>;alg=ES256;ppt=div
```
### Possible Solutions
Because it's fairly straight forward to investigate the JWT, it's not necessary
to try to account for every possible passport type, etc. The act of validating
the signature is the complicated part, so a function that does only that would
be convenient.
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
```
version: kamailio 5.7.4 (x86_64/linux)
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE,
USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC,
F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT,
USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES,
TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024,
BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown
compiled with gcc 12.2.0
```
* **Operating System**:
Currently alpine linux 3.19 in a docker container, but it should be pretty
reproducible everywhere.
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3784
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3...@github.com>
_______________________________________________
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
