stir_shaken: Add test for unknown_tn_attest_level

tests/channels/pjsip/stir_shaken/stir_shaken_success_unknown_tn/configs/ast1/extensions.conf

@@ -0,0 +1,3 @@
+[default]
+exten => _X.,1,Dial(PJSIP/${EXTEN}@ast2,,)
+ same => n,Hangup()

tests/channels/pjsip/stir_shaken/stir_shaken_success_unknown_tn/configs/ast1/pjsip.conf

@@ -0,0 +1,42 @@
+[system]
+type=system
+timer_t1=100
+timer_b=6400
+
+[transport-udp]
+type=transport
+protocol=udp
+bind=127.0.0.1:5060
+
+[sipp]
+type=endpoint
+context=default
+allow=!all,ulaw
+send_pai = yes
+direct_media = no
+connected_line_method = update
+send_connected_line = no
+send_diversion = no
+trust_id_inbound = true
+trust_id_outbound = true
+identify_by = ip
+
+[sipp]
+type = identify
+endpoint=sipp
+match=127.0.0.4
+
+
+[ast2]
+type=endpoint
+aors=ast2
+context=default
+allow=!all,ulaw
+send_pai = yes
+stir_shaken_profile=to-ast2
+trust_id_inbound = true
+trust_id_outbound = true
+
+[ast2]
+type = aor
+contact=sip:ast2@127.0.0.2:5060

tests/channels/pjsip/stir_shaken/stir_shaken_success_unknown_tn/configs/ast1/stir_shaken.conf

@@ -0,0 +1,28 @@
+
+[verification]
+load_system_certs = no
+ca_file=<<astetcdir>>/stir/astdev-ca.crt
+curl_timeout=2
+max_iat_age=60
+max_date_header_age=60
+max_cache_entry_age = 300
+max_cache_size=666
+failure_action = continue
+x5u_deny=0.0.0.0/0.0.0.0
+x5u_permit = 127.0.0.0/8
+relax_x5u_path_restrictions = yes
+relax_x5u_port_scheme_restrictions = yes
+
+[attestation]
+global_disable = no
+check_tn_cert_public_url = no
+private_key_file=<<astetcdir>>/stir/SPAST1-key.pem
+public_cert_url=http://localhost:8087/SPAST1-cert.pem
+unknown_tn_attest_level = B
+
+[to-ast2]
+type = profile
+endpoint_behavior = attest
+send_mky = no
+use_rfc9410_responses = no
+unknown_tn_attest_level = C

tests/channels/pjsip/stir_shaken/stir_shaken_success_unknown_tn/configs/ast2/extensions.conf

@@ -0,0 +1,4 @@
+[default]
+exten => _X.,1,Answer()
+ same => n,UserEvent(TestResult, result: ${STIR_SHAKEN(0,verify_result)})
+ same => n,Hangup()

tests/channels/pjsip/stir_shaken/stir_shaken_success_unknown_tn/configs/ast2/pjsip.conf

@@ -0,0 +1,23 @@
+[system]
+type=system
+timer_t1=100
+timer_b=6400
+
+[transport-udp]
+type=transport
+protocol=udp
+bind=127.0.0.2:5060
+
+[ast1]
+type=endpoint
+context=default
+allow=!all,ulaw
+stir_shaken_profile=from-ast1
+send_pai = yes
+trust_id_inbound = true
+identify_by = ip
+
+[ast1]
+type = identify
+endpoint = ast1
+match =	127.0.0.1

tests/channels/pjsip/stir_shaken/stir_shaken_success_unknown_tn/configs/ast2/stir_shaken.conf

@@ -0,0 +1,25 @@
+
+[verification]
+load_system_certs = no
+ca_file=<<astetcdir>>/stir/astdev-ca.crt
+curl_timeout=2
+max_iat_age=60
+max_date_header_age=60
+max_cache_entry_age = 300
+max_cache_size=666
+failure_action = continue
+x5u_deny=0.0.0.0/0.0.0.0
+x5u_permit = 127.0.0.0/8
+relax_x5u_path_restrictions = yes
+relax_x5u_port_scheme_restrictions = yes
+
+[attestation]
+global_disable = no
+check_tn_cert_public_url = no
+
+[from-ast1]
+type = profile
+endpoint_behavior = verify
+failure_action = continue_return_reason
+send_mky = no
+use_rfc9410_responses = no

tests/channels/pjsip/stir_shaken/stir_shaken_success_unknown_tn/files/ast1/astetcdir/stir/SPAST1-cert.pem

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAc+gAwIBAgIUcpOXM0sSHMJ8bs7lTqoeDktMmYIwDQYJKoZIhvcNAQEL
+BQAwbDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FsYWJhbWExEzARBgNVBAcTCkh1
+bnRzdmlsbGUxDzANBgNVBAoTBkFTVERFVjELMAkGA1UECxMCQ0ExGDAWBgNVBAMT
+D2NhLmFzdGVyaXNrLm9yZzAeFw0yNDAyMjcxNjIzMjZaFw0yNjA2MDExNjIzMjZa
+MGExCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdBbGFiYW1hMRMwEQYDVQQHDApIdW50
+c3ZpbGxlMQswCQYDVQQKDAJTUzELMAkGA1UECwwCU1MxETAPBgNVBAMMCFNIQUtF
+TiAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8RwuFYtKh9wU/CHcYwUMR3pU
+ZhZSwil3kiJOL4jqFmjDZ1Hz2qEPY4j7t4MySPSp/R2axgWDsF5DujzqjDbYE6NX
+MFUwEwYIKwYBBQUHARoEBzAFoAMWATEwHQYDVR0OBBYEFAbk2SiJkOYPYu8MItPn
+sEziKfAiMB8GA1UdIwQYMBaAFNC/TYnoYNZETem8vtFC8tHCN9iAMA0GCSqGSIb3
+DQEBCwUAA4IBAQBqQHm3ORS8nc9LP4LOfHP0wwmcscjA2m69M7abi9IXf2tqtEkL
+J9m9G7K8tZrx+EbWS+yr9n5Nonryjq8Llglgk8wLcQYXhiNp0IdVj/uZS2/25rn9
+MjrJ8y0P+QMXMbI2lnlGbDgxsqSAK3+k2qK0m38WvMo6kw+A8FLZJaDIWNJouo5j
+Op6HCR3JfrbpfDzilqs7aJfp3VqFVchmmjjnh1NqCIDJvuje9XJJGoka0P1DWO2A
+eb4kTzt2+sXw+IeJOYEk75jI7UfZadZGFj18goxWT+wN5RoJ9iDXDE/jFd5K8k8p
+9a7S+PB8Cj56GXxwjm/Bui3T1t+6blrbaeil
+-----END CERTIFICATE-----

tests/channels/pjsip/stir_shaken/stir_shaken_success_unknown_tn/files/ast1/astetcdir/stir/SPAST1-key.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIGZKwJflBBppQYlkZm7rbeRCnQrv4Hp0ZdvRJRmrAqYWoAoGCCqGSM49
+AwEHoUQDQgAE8RwuFYtKh9wU/CHcYwUMR3pUZhZSwil3kiJOL4jqFmjDZ1Hz2qEP
+Y4j7t4MySPSp/R2axgWDsF5DujzqjDbYEw==
+-----END EC PRIVATE KEY-----

tests/channels/pjsip/stir_shaken/stir_shaken_success_unknown_tn/files/ast1/astetcdir/stir/astdev-ca.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzDCCArSgAwIBAgIIQhCQxx6KXYowDQYJKoZIhvcNAQELBQAwbDELMAkGA1UE
+BhMCVVMxEDAOBgNVBAgTB0FsYWJhbWExEzARBgNVBAcTCkh1bnRzdmlsbGUxDzAN
+BgNVBAoTBkFTVERFVjELMAkGA1UECxMCQ0ExGDAWBgNVBAMTD2NhLmFzdGVyaXNr
+Lm9yZzAeFw0yNDAyMDgxNTE2MDBaFw0zNDAyMDgxNTE2MDBaMGwxCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIEwdBbGFiYW1hMRMwEQYDVQQHEwpIdW50c3ZpbGxlMQ8wDQYD
+VQQKEwZBU1RERVYxCzAJBgNVBAsTAkNBMRgwFgYDVQQDEw9jYS5hc3Rlcmlzay5v
+cmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY1c9RZhSdCzfGuYHV
+SnOn6hgSbpJNeOjiEIX6mvvqZ/d8g7tIBiuuNh07c9gNz44ogEq09ul5CmGCsNYy
+m/ntFbIfJGnLY5WwULe+avgwB3GtcIc/simk9VEXhgC+K72iWA3GTJ9ljMIkmlQC
+mQBVvNm9nBamwYM202j0ss0GWd+M6dSpDQeSjo2QniJDRTDLrskfr+LiEL0wZbxL
+VCZtSNJjgie4t8Gz1OMpTNOJBrqfTUP5xiJ9vAw6SoK90qO63IAMYu+06VoKlX6L
+QkirzlFjzdRMr76IOg7fs7qgAdLJKWzd89qGva9Xj2luJj4GPHYgZBsriPCbDCuj
+UCs/AgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNC/TYnoYNZE
+Tem8vtFC8tHCN9iAMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJ
+YIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEA
+enOAWpTslHDUxtxXACZoEBC9oDOzQbFX1ZjSsCPVDEy6AFckA/VQY9Dr2kKKIS9z
+tNLPilUh5cX4IviSj91VO9XwRYpyWWWQWhVNxmKszKvEBEFzI/x5b0d9ybj/++X9
+dnD/jJNZQfoFnXsaH0uTpZ92bQkrVETfyS1C0iJRhL1LxBT93CvT83ykqoq3cd2M
+WqPARPBkU9wnaG68wD6M8YIctRwM5xkjcNfgRGclwxzh+CvfUJgKD6RzZpcE4UEm
+adAVALmtLSxysZkSzt8dGh1PpFJTWLBAkBf5oKss+cGU0t5SZZHn3qMaWYISin12
+O8LXzdeikMIwRBcwnpRXrw==
+-----END CERTIFICATE-----

tests/channels/pjsip/stir_shaken/stir_shaken_success_unknown_tn/files/ast2/astetcdir/stir/astdev-ca.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzDCCArSgAwIBAgIIQhCQxx6KXYowDQYJKoZIhvcNAQELBQAwbDELMAkGA1UE
+BhMCVVMxEDAOBgNVBAgTB0FsYWJhbWExEzARBgNVBAcTCkh1bnRzdmlsbGUxDzAN
+BgNVBAoTBkFTVERFVjELMAkGA1UECxMCQ0ExGDAWBgNVBAMTD2NhLmFzdGVyaXNr
+Lm9yZzAeFw0yNDAyMDgxNTE2MDBaFw0zNDAyMDgxNTE2MDBaMGwxCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIEwdBbGFiYW1hMRMwEQYDVQQHEwpIdW50c3ZpbGxlMQ8wDQYD
+VQQKEwZBU1RERVYxCzAJBgNVBAsTAkNBMRgwFgYDVQQDEw9jYS5hc3Rlcmlzay5v
+cmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY1c9RZhSdCzfGuYHV
+SnOn6hgSbpJNeOjiEIX6mvvqZ/d8g7tIBiuuNh07c9gNz44ogEq09ul5CmGCsNYy
+m/ntFbIfJGnLY5WwULe+avgwB3GtcIc/simk9VEXhgC+K72iWA3GTJ9ljMIkmlQC
+mQBVvNm9nBamwYM202j0ss0GWd+M6dSpDQeSjo2QniJDRTDLrskfr+LiEL0wZbxL
+VCZtSNJjgie4t8Gz1OMpTNOJBrqfTUP5xiJ9vAw6SoK90qO63IAMYu+06VoKlX6L
+QkirzlFjzdRMr76IOg7fs7qgAdLJKWzd89qGva9Xj2luJj4GPHYgZBsriPCbDCuj
+UCs/AgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNC/TYnoYNZE
+Tem8vtFC8tHCN9iAMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJ
+YIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEA
+enOAWpTslHDUxtxXACZoEBC9oDOzQbFX1ZjSsCPVDEy6AFckA/VQY9Dr2kKKIS9z
+tNLPilUh5cX4IviSj91VO9XwRYpyWWWQWhVNxmKszKvEBEFzI/x5b0d9ybj/++X9
+dnD/jJNZQfoFnXsaH0uTpZ92bQkrVETfyS1C0iJRhL1LxBT93CvT83ykqoq3cd2M
+WqPARPBkU9wnaG68wD6M8YIctRwM5xkjcNfgRGclwxzh+CvfUJgKD6RzZpcE4UEm
+adAVALmtLSxysZkSzt8dGh1PpFJTWLBAkBf5oKss+cGU0t5SZZHn3qMaWYISin12
+O8LXzdeikMIwRBcwnpRXrw==
+-----END CERTIFICATE-----

tests/channels/pjsip/stir_shaken/stir_shaken_success_unknown_tn/sipp/invite.xml

@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<!DOCTYPE scenario SYSTEM "sipp.dtd">
+<scenario name="INVITE to echo with SDP in initial INVITE">
+
+  <send retrans="0">
+    <![CDATA[
+
+      INVITE sip:[dest]@[remote_ip]:[remote_port] SIP/2.0
+      Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
+      From: <sip:[service]@[local_ip]:[local_port]>;tag=[call_number]
+      To: <sip:[dest]@[remote_ip]:[remote_port]>
+      Call-ID: [call_id]
+      CSeq: 1 INVITE
+      Max-Forwards: 70
+      Contact: <sip:[service]@[local_ip]:[local_port]>
+      Subject: Test
+      Allow: OPTIONS, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, PRACK, REGISTER, REFER, MESSAGE
+      User-Agent: Test
+      P-Asserted-Identity: "Bob Barker" <sip:18005551212@[local_ip]>
+      Content-Type: application/sdp
+      Content-Length: [len]
+
+v=0
+o=- 20110306451 20110306451 IN IP[media_ip_type] [media_ip]
+s=-
+c=IN IP[media_ip_type] [media_ip]
+t=0 0
+m=audio [media_port] RTP/AVP 18 0 8 101
+a=rtpmap:0 PCMU/8000
+a=rtpmap:8 PCMA/8000
+a=rtpmap:101 telephone-event/8000
+a=fmtp:18 annexb=no
+a=fmtp:101 0-16
+a=ptime:20
+a=sendrecv
+    ]]>
+  </send>
+
+  <recv response="100"
+        optional="true">
+  </recv>
+
+  <recv response="180"
+        optional="true">
+  </recv>
+
+  <recv response="183"
+        optional="true">
+  </recv>
+
+  <recv response="200"  rtd="true"/>
+
+
+  <send>
+    <![CDATA[
+
+      ACK sip:[dest]@[remote_ip]:[remote_port] SIP/2.0
+      [last_Via:]
+      [last_From:]
+      [last_To:]
+      [last_Call-ID:]
+      CSeq: 1 ACK
+      [last_Contact:]
+      [last_Allow:]
+      Content-Length: 0
+
+    ]]>
+  </send>
+
+
+  <recv request="BYE"/>
+
+  <send>
+    <![CDATA[
+
+      SIP/2.0 200 OK
+      [last_Via:]
+      [last_From:]
+      [last_To:]
+      [last_Call-ID:]
+      [last_CSeq:]
+      Contact: <sip:test@[local_ip]:[local_port];transport=[transport]>
+      Content-Length: 0
+
+    ]]>
+  </send>
+
+</scenario>

tests/channels/pjsip/stir_shaken/stir_shaken_success_unknown_tn/test-config.yaml

@@ -0,0 +1,62 @@
+testinfo:
+    summary:     'Tests success'
+    description: |
+        'Run two instances of Asterisk and set up an outgoing call
+        via PJSIP. The outgoing side will have STIR/SHAKEN
+        configured with unknown_tn-attest_level, but the callerid
+        TN NOT configured so an identity header should be present. The
+        incoming side will test this with the STIR_SHAKEN dialplan
+        function, ensuring that "success" is the result.'
+
+test-modules:
+    test-object:
+        config-section: test-object-config
+        typename: sipp.SIPpTestCase
+    modules:
+        -
+            config-section: 'ami-config'
+            typename: 'ami.AMIEventModule'
+        -
+            config-section: 'http-server'
+            typename: 'http_static_server.HTTPStaticServer'
+        -
+            config-section: 'hangup-monitor'
+            typename: 'pluggable_modules.HangupMonitor'
+
+test-object-config:
+    memcheck-delay-stop: 7
+    asterisk-instances: 2
+    test-iterations:
+        -
+            scenarios:
+                - { 'key-args': {'scenario': 'invite.xml', '-p': '5060', '-i': '127.0.0.4', '-timeout': '20s', '-mi': '127.0.0.4', '-s': 'sipp'},
+                    'ordered-args': ['-timeout_error', '-key', 'dest', '18005556666'] }
+
+hangup-monitor:
+    ids: [ '1', ]
+
+http-server:
+    port: 8087
+    root-directory: 'tests/channels/pjsip/stir_shaken/webroot'
+
+
+ami-config:
+    -
+        type: 'headermatch'
+        id: '1'
+        conditions:
+            match:
+                Event: 'UserEvent'
+                UserEvent: 'TestResult'
+        requirements:
+            match:
+                result: 'success'
+        count: '1'
+
+properties:
+    dependencies:
+        - asterisk : 'res_pjsip'
+        - asterisk : 'res_stir_shaken'
+    tags:
+        - pjsip
+        - stir_shaken

tests/channels/pjsip/stir_shaken/tests.yaml

@@ -1,5 +1,6 @@
 tests:
     - test: 'stir_shaken_success'
+    - test: 'stir_shaken_success_unknown_tn'
     - test: 'stir_shaken_exp_ca'
     - test: 'stir_shaken_no_identity'
     - test: 'stir_shaken_tn_mismatch'