HP-UX C SIP Stack Programmer's Guide (Novembery 2007)
198 HP-UX C SIP Stack Programmer’s Guide
Server Authentication Implementation
When the SIP Stack receives a new request message, the server assumes a
suitable state that indicates that the request was received. For example the
OFFERING state of a call-leg indicates that an INVITE request was received.
At this point, if the application wishes to verify the authenticity of the originator,
it may begin the server authentication procedure.
Note The server authentication procedure can be implemented above the
Call-leg, Subscription or Transaction layers. In the following description, the
RvSipXXX prefix is added to the API and callback functions. This prefix can be
replaced by RvSipCallLeg, RvSipSubs or RvSipTransaction.
SERVER
AUTHENTICATION
P
ROCESS
The server authentication procedure steps are as follows:
1. To start the authentication process after a request was received,
the application should call the function,
RvSipXXXAuthBegin().
2. This triggers the SIP Stack to locate the first Authorization
header in the incoming request message.
3. If the SIP Stack fails to find an Authorization header, it
continues to step 7. Otherwise, the SIP Stack calls the
RvSipXXXAuthCredentialsFoundEv() callback and supplies
the application with the retrieved header. This header includes
the sender userName, realm, and other credentials parameters.
The SIP Stack also indicates whether it is capable of verifying
the credentials.
1
4. The application should look for the user in its database and
retrieve the user password, if such a user exists in the database.
5. The application should then instruct the SIP Stack on how to
proceed the authentication process. The application can choose
one of the following options:
If the user was found in the database, the application
may call the RvSipXXXAuthProceed(USE_PW)
function, giving the user password. This instructs the
SIP Stack to try to authenticate the user with the
supplied password.
1. If, for example, the SIP Stack does not support the credentials algorithm, it will
indicate that it is incapable of verifying the credentials.