On Tue, 2009-12-01 at 14:34 -0500, Carolyn Beeton wrote: > I am trying to generate a signed SipXauthIdentity header from > sipXbridge, and am stuck on the shared secret. > > The signature is an md5 hash of > "<timestamp><secret><from-tag><call-id><identity>", but it is the > secret part that has me stumped. > > The <secret> part looks like it is supposed to be the base64 decoded > value of the shared-secret from domain-config > (sipXcommserverLib/src/sipXecsService.cpp decodes it). But I don't > seem to be able to make sipxbridge decode it into the same thing. > Could be that Java Strings are messing me up, or just messing with my > head. > > sipregistrar.log: > SipRegistrar:"SipXauthIdentity::setSecret(Ù(T^Uj^I<81>Ðü^W1ÿ<9d>$¬õ^ED)" > > sipxbridge.log: > SipXauthIdentity:"SipXauthIdentity.setSecret (decoded) (T^Uj^I^W1$"
Please take those log statements out before you check in the code (even if they were there before you started). General rule: NEVER log secrets! > When generating the signature, this is what is being encoded in sipxbridge: > > "SipXauthIdentity.encode: create md5hash of token > 4B156BBC(t^uj^i^w1$839038841122994322194bf9488-2f879805-13c4-20e8af-725d1e20-20e...@[email protected]" > > and this is what sipregistar uses to check: > > SipRegistrar:"SipXauthIdentity::decode md5hash of > 4B156BBCÙ(T^Uj^I<81>Ðü^W1ÿ<9d>$¬õ^ed839038841122994322194bf9488-2f879805-13c4-20e8af-725d1e20-20e...@[email protected]" > > So the piece that does not match is the piece that is the secret. > > To decode the secret, I read it from domain-config into a String, then do > sSignatureSecretDecoded = new String(Base64.decodeBase64(secret.getBytes())); > > Any suggestions? Surely we have some java component that's already done these headers? _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
