Hi all, Let me explain, authorization.
Lets consider these informations are provided: username="[email protected]" realm="ericsson.com" uri="sip:ericsson.com" password:"alice" REGISTER sip:ericsson.com SIP/2.0 Max-Forwards: 20 CSeq: 1 REGISTER Expires: 3600 Content-Length: 0 Contact: "Alice" <sip:[email protected]:5060>;+sip.instance=e7def040-f226-4927-bd52-a37f0fdf0067 Authorization: Digest username="[email protected]",realm="ericsson.com",nonce="",response="",uri="sip:ericsson.com" User-Agent: Fokus MONSTER Version: 0.9.13 From: "Alice" <sip:[email protected]>;tag=1000 To: "Alice" <sip:[email protected]> Call-ID: [email protected] Via: SIP/2.0/UDP 127.0.0.1:5060;branch=z9hG4bK3b39625cc9b75f78d0789f5a93554dfb3536 ]]] [SDS] [INFO ] <-- Sent message on UDP [Local: 0.0.0.0:5081 | Remote: 127.0.0.1:5060] [[[ SIP/2.0 401 Unauthorized - Respond to challenge CSeq: 1 REGISTER Via: SIP/2.0/UDP 127.0.0.1:5060;branch=z9hG4bK3b39625cc9b75f78d0789f5a93554dfb3536;received_port_ext=5081;received=127.0.0.1 WWW-Authenticate: Digest realm="ericsson.com",stale=false, algorithm=MD5,nonce="fe176678b1b5fe0738666a70e05248c4", opaque="d77e6f9d33d5f3baadf33be71aa52403",domain="sip:ericsson.com",qop="auth" Content-Length: 0 Call-ID: [email protected] From: "Alice" <sip:[email protected]>;tag=1000 To: "Alice"<sip:[email protected]>;tag=5066 ]]] [SDS] [INFO ] --> Received message on UDP [Local: 127.0.0.1:5081 | Remote: 127.0.0.1:5060] [[[ REGISTER sip:ericsson.com SIP/2.0 Max-Forwards: 20 CSeq: 2 REGISTER Expires: 3600 Content-Length: 0 Contact: "Alice" <sip:[email protected]:5060>;+sip.instance=e7def040-f226-4927-bd52-a37f0fdf0067 Authorization: Digest username="[email protected]",realm="ericsson.com", nonce="fe176678b1b5fe0738666a70e05248c4",uri="sip:ericsson.com", opaque="d77e6f9d33d5f3baadf33be71aa52403",algoritm=MD5, response="16e5c07af53f578bf1c08dedc636ffa7",qop=auth,nc=00000001,cnonce="101102559755515299" User-Agent: Fokus MONSTER Version: 0.9.13 From: "Alice" <sip:[email protected]>;tag=1001 To: "Alice" <sip:[email protected]> Call-ID: [email protected] Via: SIP/2.0/UDP 127.0.0.1:5060;branch=z9hG4bKf739c2091e946a283db7449f256244003536 In this message flows, to calculate response paramater you should use the following algorithm: String str1 = MD5( [email protected]:ericsson.com:alice ) // str1 Equals: 1 2e7d687bd567bc61f7675a58cca337d7 // MD5(<username> + ":" + <realm> + ":" + <password>) String str2 = MD5( REGISTER:sip:ericsson.com ) // str2 Equals: 1 e3939fcee16f943b7fc61ad777e2b7eb // MD5(REGISTER:<sip uri>) String str3 = MD5( 2e7d687bd567bc61f7675a58cca337d7:fe176678b1b5fe0738666a70e05248c4:00000001:101102559755515299:auth:e3939fcee16f943b7fc61ad777e2b7eb ) // str3 Equals: 16e5c07af53f578bf1c08dedc636ffa7 // MD5( str1 + ":" + <nonce> + ":" + <cnonce> + ":" + <qop> + ":" + str2 ) STR3 is your response parameter. I hope it will help you ;)) Thanks, Kutay -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Peter Krebs Sent: 31 Mart 2011 Perşembe 21:07 To: [email protected] Subject: [Sip-implementors] Digest-URI questions Hello, I have a question regarding the Digest-URI used to calculate the response parameter which is put into an Authorization header. From RFC 3665 it seems to me that the Digest-URI is the same as the Request-URI. However, in draft-smit-sip-auth-examples the From-URI is clearly used in all calculations and in the Authorization header. Which one should a UAC use, or is it only required that whatever URI is used in the digest calculation is conveyed in the uri parameter of the Authorization header? Another related question: In all examples I have seen so far, the Digest-URI consisted only of user and host. What form of the URI should be used in the calculation and Authorization header respectively, if there are URI parameters and/or headers present? Should the parameters/headers be stripped off and only the user+host (+password?) be used? Is there a canonical URI format for digest authentication? Thanks in advance for all answers. Best regards, Peter _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
