SIP 协议之 注册流程 (二)

前言

本篇主要讲解SIP 的注册流程，认证算法

1、注册流程

（1）终端代理A向代理服务器发送REGISTER 注册请求；

（2）代理服务器收到REGISTER请求后， 便向终端代理回送401 Unauthorized 信息，其中包含安全认证所需的令牌即WWW-Authenticate；

（3）终端代理根据安全认证令牌将其加密后，再次用REGISTER 消息报告给代理服务器即Authorization；

（4）代理服务器收到REGISTER 消息中Authorization，将与数据库中记录的信息匹配，若验证ok将向终端代理A 返回成功响应消息200 OK， 否则401。

2、注册信令参考

REGISTER sip:sh.gg:5061;transport=tls SIP/2.0
Via: SIP/2.0/TLS 192.168.1.104:52400;branch=z9hG4bKccc1e88d4ab68cf2;rport
Contact: ;expires=3600
Max-Forwards: 70
To: 
From: ;tag=24174dec803066c5
Call-ID: 8f8e5fb8ce260308
CSeq: 62430 REGISTER
User-Agent: 1.0.2
Allow: INVITE,ACK,BYE,CANCEL,OPTIONS,REFER,NOTIFY,SUBSCRIBE,INFO,MESSAGE
Keepalive: 30
Content-Length: 0

SIP/2.0 401 Unauthorized
Via: SIP/2.0/TLS 192.168.1.104:52400;branch=z9hG4bKccc1e88d4ab68cf2;rport=43769;received=218.94.29.190
To: 
From: ;tag=24174dec803066c5
Call-ID: 8f8e5fb8ce260308
CSeq: 62430 REGISTER
WWW-Authenticate: Digest realm="sh.gg", nonce="54d8597d-6b64-458b-b6b5-91143e8968c2"
Content-Length: 0

REGISTER sip:sh.gg:5061;transport=tls SIP/2.0
Via: SIP/2.0/TLS 192.168.1.104:52400;branch=z9hG4bK124e2b0912d0db1c;rport
Contact: ;expires=3600
Max-Forwards: 70
Authorization: Digest username="1001", realm="sh.gg", nonce="54d8597d-6b64-458b-b6b5-91143e8968c2", uri="sip:sh.gg:5061;transport=tls", response="ce80353d7bc815052c651b0c26e5dee0"To: 
From: ;tag=24174dec803066c5
Call-ID: 8f8e5fb8ce260308
CSeq: 62431 REGISTER
User-Agent: 1.0.2
Allow: INVITE,ACK,BYE,CANCEL,OPTIONS,REFER,NOTIFY,SUBSCRIBE,INFO,MESSAGE
Keepalive: 30
Content-Length: 0


SIP/2.0 200 OK
Contact: 
Via: SIP/2.0/TLS 192.168.1.104:52400;branch=z9hG4bK124e2b0912d0db1c;rport=43769;received=218.94.29.190
To: 
From: ;tag=24174dec803066c5
Call-ID: 8f8e5fb8ce260308
CSeq: 62431 REGISTER
Content-Length: 0

3、计算方法

• client获取服务端 WWW-Authenticate, client 根据 MD5(ha1:nonce:ha1b) 计算得到response, 同时SIP携带Authorization
• 服务验证Authorization中response， 是否与采用SQL记录计算的结果一致
  

      ha1 = MD5(username:realm:password)
      ha1b = MD5(method:uri)                // method = "REGISTER"
      response = MD5(HA1:nonce:HA2)

参考：

https://www.ietf.org/rfc/rfc3261.txt （RFC3216）

https://www.cnblogs.com/gnuhpc/archive/2012/12/10/2812095.html