Validating the “response” in an incoming SIP request is not so much complicated. the main part is recreating the
public boolean isAuthorizationValid(String inputResponse, String method, String username,String plainPassword, String realm, String inputNonce, String inputCNonce, String uri) throws Exception
{
MD5 md5 = new MD5();
String HA1 = md5.getMD5(username+":"+realm+":"+plainPassword);
String HA2 = md5.getMD5(method.toUpperCase() + ":" + uri);
String temp1 = HA1 + ":" + inputNonce;
if (inputCNonce != null)
{
temp1 += ":" + inputCNonce;
}
temp1 += ":" + HA2;
String recreatedResponse = md5.getMD5(temp1);
System.out.println("recreated Response :"+recreatedResponse);
return inputResponse.equals(recreatedResponse);
}
Calling the method with the parameters like below reveal that the first parameter and the response created with the rest of the parameter are the same.
md5.isAuthorizationValid("375fdfc61c98416748e436f1960082a7", "REGISTER", "testusername","testpassword", "testrealm.example.com","62886a59552fb3f51S43f5f55577d8bb798d25e9e8aa93d75611b5","faaaa525","sip:testrealm.example.com");
References:
No comments:
Post a Comment