At this moment, if using jansson/json modules feels complicated, then try to leverage inline execution of a JavaScript snippet via app_jsdt (which has no external library). The JSON can be parsed into a JS structure, making it easy to access the fields. I use this mechanism every time I need to do complex operations with json documents.

An unrelated example, which can help getting started, was posted in another discussion a while ago:

  * https://lists.kamailio.org/pipermail/sr-users/2021-March/112156.html

Of course, having the attributes accessible via native cfg variables would be good, but from my point of view it doesn't look like having any spare time anytime soon. Obviously, contributions are welcome!

Cheers,
Daniel

On 06.07.21 16:21, Ben Kaufman wrote:

As a convenience fact, having all the common values from the header and payload would be nice.  Decoding base64 and JSON is not particularly taxing, but when it comes to verification and subsequent fraud mitigation, the ability to grab the data from the token is necessary.  Knowing the attestation, iat, orig and dest values become very useful here, and having quick accessors for the value would eliminate a few lines of boiler plate and enhance script readability.

 

Ben Kaufman

Sr. VoIP Engineer


P:

E: bkaufman@nexvortex.com

24 hour client support: 855.639.6300


 

From: sr-users <sr-users-bounces@lists.kamailio.org> On Behalf Of Daniel-Constantin Mierla
Sent: Monday, July 5, 2021 2:44 AM
To: Daniel W. Graham <dan@cmsinter.net>; Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Subject: Re: [SR-Users] SECSIPID Identity Decode

 

Hello,

On 02.07.21 22:40, Daniel W. Graham wrote:

Found it. record_route bit me.

 

ERROR: <core> [core/msg_translator.c:3355]: sip_msg_apply_changes(): cannot apply msg changes after adding record-route header - it breaks conditional 2nd header

 

Assuming not but thought I’d ask, any way to access a header before its added to the message?

the devel version has a function that stores the result in a variable and then can be added to the headers via append_hf():

  * https://www.kamailio.org/docs/modules/devel/modules/secsipid.html#secsipid.f.secsipid_build_identity

 

Future request, that secsipid_add_identity() returns the auto generated uuid for origid.

An option would be to add it the variable $secsipid(...) for convenience.

Right now you can parse the result with transformations and jannson/json modules to extract the origid field.

Or use the uuid module to generate the origid yourself in kamailio.cfg and provided as parameter.

Cheers,
Daniel

 

-dan

 

 

From: sr-users <sr-users-bounces@lists.kamailio.org> on behalf of Daniel Graham <dan@cmsinter.net>
Reply-To: "Kamailio (SER) - Users Mailing List" <sr-users@lists.kamailio.org>
Date: Friday, July 2, 2021 at 1:54 PM
To: "miconda@gmail.com" <miconda@gmail.com>
Cc: "Kamailio (SER) - Users Mailing List" <sr-users@lists.kamailio.org>
Subject: Re: [SR-Users] SECSIPID Identity Decode

 

I checked twice but nothing. I will test again in case I am missing something, I found it odd too that its failing but no error in debug.

 

I tried adding another header and msg_apply_changes() before the call to secsipid_add_identity(), and that doesnt show up in $mb or accessible by $hdr() either.

 

Daniel W. Graham, CTO

CMSInter.net LLC

DIRECT (989) 400-4230

 

INTERNET | TELEPHONE | MANAGED IT

 

 

From: "miconda@gmail.com" <miconda@gmail.com>
Reply-To: "miconda@gmail.com" <miconda@gmail.com>
Date: Friday, July 2, 2021 at 1:46 PM
To: Daniel Graham <dan@cmsinter.net>
Cc: "Kamailio (SER) - Users Mailing List" <sr-users@lists.kamailio.org>
Subject: Re: [SR-Users] SECSIPID Identity Decode

 

If msg_apply_changes() fails, then there has to be other error messages in the logs. Don't you see any?

Cheers,
Daniel

On 02.07.21 18:18, Daniel W. Graham wrote:

Sorry. msg_apply_changes() was in config and I didn’t see the execution in debug.

 

I just changed to this and receive “Failed to apply changes”.

 

    if (!msg_apply_changes()) {

        xlogl("L_WARN", "Failed to apply changes\n");

    }

 

-dan

 

 

From: "miconda@gmail.com" <miconda@gmail.com>
Reply-To: "miconda@gmail.com" <miconda@gmail.com>
Date: Friday, July 2, 2021 at 9:24 AM
To: Daniel Graham <dan@cmsinter.net>
Cc: "Kamailio (SER) - Users Mailing List" <sr-users@lists.kamailio.org>
Subject: Re: [SR-Users] SECSIPID Identity Decode

 

What do you mean? Do you have msg_apply_changes() in the config, it is executed but has no effect?

Or you don't have msg_apply_changes() in the config and thus not executed?

Cheers,
Daniel

On 02.07.21 15:10, Daniel W. Graham wrote:

Its not being executed. Version 5.5

 

Daniel W. Graham, CTO

CMS Internet LLC

DIRECT (989) 400-4230

 

INTERNET | TELEPHONE | MANAGED IT






On Jul 2, 2021, at 3:12 AM, Daniel-Constantin Mierla <miconda@gmail.com> wrote:

Can you doublecheck msg_apply_changes() is executed?

What version are you using?

Cheers,
Daniel

On 02.07.21 08:58, Daniel W. Graham wrote:

I don’t see any issues in the log.

 

The identity header is being sent but still nothing in $mb

 

Daniel W. Graham, CTO

CMSInter.net LLC

DIRECT (989) 400-4230

 

INTERNET | TELEPHONE | MANAGED IT

 

 

From: "miconda@gmail.com" <miconda@gmail.com>
Reply-To: "miconda@gmail.com" <miconda@gmail.com>
Date: Friday, July 2, 2021 at 2:41 AM
To: Daniel Graham <dan@cmsinter.net>, "Kamailio (SER) - Users Mailing List" <sr-users@lists.kamailio.org>
Subject: Re: [SR-Users] SECSIPID Identity Decode

 

Then secsipid_add_identity() or msg_apply_changes() failed -- do you get error messages? Try to run with debug=3 for seeing more details in the logs.

Cheers,
Daniel

On 02.07.21 08:19, Daniel W. Graham wrote:

Identity is not in $mb.

 

Daniel W. Graham, CTO

CMSInter.net LLC

DIRECT (989) 400-4230

 

INTERNET | TELEPHONE | MANAGED IT

 

 

From: "miconda@gmail.com" <miconda@gmail.com>
Reply-To: "miconda@gmail.com" <miconda@gmail.com>
Date: Friday, July 2, 2021 at 2:09 AM
To: "Kamailio (SER) - Users Mailing List" <sr-users@lists.kamailio.org>, Daniel Graham <dan@cmsinter.net>
Subject: Re: [SR-Users] SECSIPID Identity Decode

 

Hello,

try to print $mb after secsipid_add_identity() and msg_apply_changes(), is the Identity header there?

Cheers,
Daniel

On 02.07.21 07:53, Daniel W. Graham wrote:

I need to immediately get the uuid created by secsipid_add_identity().

 

Is there a way to immediately read a header after its added?

 

I tried msg_apply_changes() but $hdr(Identity) is null.

 

-dan

 

 

From: sr-users <sr-users-bounces@lists.kamailio.org> on behalf of Daniel Graham <dan@cmsinter.net>
Reply-To: "Kamailio (SER) - Users Mailing List" <sr-users@lists.kamailio.org>
Date: Thursday, July 1, 2021 at 6:11 PM
To: "Kamailio (SER) - Users Mailing List" <sr-users@lists.kamailio.org>
Subject: Re: [SR-Users] SECSIPID Identity Decode

 

Confirmed it was due to the sngrep copy. Thanks for mentioning it!

 

-dan

 

 

From: sr-users <sr-users-bounces@lists.kamailio.org> on behalf of Ben Kaufman <bkaufman@nexvortex.com>
Reply-To: "Kamailio (SER) - Users Mailing List" <sr-users@lists.kamailio.org>
Date: Thursday, July 1, 2021 at 12:49 PM
To: "Kamailio (SER) - Users Mailing List" <sr-users@lists.kamailio.org>
Subject: Re: [SR-Users] SECSIPID Identity Decode

 

Dump the header to your log file, and copy it from there.  I don’t know what happens with the ncurses in sngrep, but I finally looked them side by side and …. “Hey!  This one’s missing bytes!”

 

Ben Kaufman

Sr. VoIP Engineer


P:

E: bkaufman@nexvortex.com

24 hour client support: 855.639.6300


 

From: sr-users <sr-users-bounces@lists.kamailio.org> On Behalf Of Daniel W. Graham
Sent: Thursday, July 1, 2021 10:25 AM
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Subject: Re: [SR-Users] SECSIPID Identity Decode

 

Haha, yep :) I wondered if that was biting me.

 

-dan











On Jul 1, 2021, at 11:07 AM, Ben Kaufman <bkaufman@nexvortex.com> wrote:

I observed a similar behavior, but it was the result of my cutting and pasting the identity header from sngrep, which looks to have dropped a few bytes on the line break.  Any chance that’s what you’re doing, too?

 

Ben Kaufman

Sr. VoIP Engineer


P:

E: bkaufman@nexvortex.com

24 hour client support: 855.639.6300


 

From: sr-users <sr-users-bounces@lists.kamailio.org> On Behalf Of Daniel W. Graham
Sent: Wednesday, June 30, 2021 10:31 PM
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>; David Villasmil <david.villasmil.work@gmail.com>; Daniel-Constantin Mierla <miconda@gmail.com>
Subject: Re: [SR-Users] SECSIPID Identity Decode

 

Here is an example, payload taken from Identity header.

 

Identity was added with secsipid_add_identity

 

Payload test:

$var(test) = "eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6I5ODkyODkyMjgwIl19LCJpYXQiOjE2MjUxMDk2MzQsIm9yaWciOnsidG4iOiI5ODk0MDA0MjMwIn0sIm9yaWdpZCI6IjNmYmE4NTg0LTRkNzMtNGU2NC04NDc5LTQ5MjU2ZGIyMWFhYSJ9";

xlogl("L_WARN", "$(var(test){s.decode.base64t})\n");

 

Result is:

{"attest":"A","dest":{"tn":#���#��###002%���&#027B##023c#S#023#003#023sB&&r#��'F##���C#003#003C#3#002'��&&vB#&#026Vcs#006f"&6#026#022CVCB#023c3#0223#0066##026#6#026Sr'

 

-dan

 

 

From: sr-users <sr-users-bounces@lists.kamailio.org> on behalf of Daniel Graham <dan@cmsinter.net>
Reply-To: "Kamailio (SER) - Users Mailing List" <sr-users@lists.kamailio.org>
Date: Wednesday, June 30, 2021 at 5:32 PM
To: David Villasmil <david.villasmil.work@gmail.com>, "miconda@gmail.com" <miconda@gmail.com>, "Kamailio (SER) - Users Mailing List" <sr-users@lists.kamailio.org>
Subject: Re: [SR-Users] SECSIPID Identity Decode

 

That’s the same way I am doing it, I was just trying to do a verification that the identity header/payload was correct before activating new changes.

 

I will do further testing and share results. Just found it odd that the header would decode but payload wouldn’t.

 

Daniel W. Graham, CTO

CMSInter.net LLC

DIRECT (989) 400-4230

 

INTERNET | TELEPHONE | MANAGED IT

 

 

From: David Villasmil <david.villasmil.work@gmail.com>
Date: Wednesday, June 30, 2021 at 4:06 PM
To: "miconda@gmail.com" <miconda@gmail.com>, "Kamailio (SER) - Users Mailing List" <sr-users@lists.kamailio.org>
Cc: Daniel Graham <dan@cmsinter.net>
Subject: Re: [SR-Users] SECSIPID Identity Decode

 

I DO IT WITH:

 

# Break JWT
            $var(jwt1) = $(hdr(Identity){s.select,0,.}{s.decode.base64t});
            $var(jwt2) = $(hdr(Identity){s.select,1,.}{s.decode.base64t});

 


Regards,

 

David Villasmil

phone: +34669448337

 

 

On Wed, Jun 30, 2021 at 8:48 PM Daniel-Constantin Mierla <miconda@gmail.com> wrote:

Hello,

not familiar with python functions, have you tried with Kamailio transformation?

https://www.kamailio.org/wiki/cookbooks/5.5.x/transformations#sdecodebase64url

Maybe you have to specify in Python that it is ASCII, I remember I had to do decoding when porting kamcli to work with Python3 -- had to change from using directly the variables received as parameter to a decoded value, something like:

prefix = tprefix.encode("ascii", "ignore").decode()

Also, if you can, share the identity header here to test with and see if can be reproduced.

Cheers,
Daniel

On 30.06.21 21:14, Daniel W. Graham wrote:

I am unable to base64url decode the json payload in identity header generated by secsipid.

 

(Using python for test)

decoded_payload = url64.decode(‘payload’)

UnicodeDecodeError: 'utf-8' codec can't decode byte 0xc2 in position 27: invalid continuation byte

 

Header decodes fine this way but not payload.

 

Is this an issue with the payload encoding?

 

Kamailio 5.5

 

Daniel W. Graham, CTO

CMSInter.net LLC

DIRECT (989) 400-4230

 

INTERNET | TELEPHONE | MANAGED IT

 












__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda

__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
 * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
 * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users








__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda

__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda