0

Asterisk and NSS integration

It is straightforward to add support for STIR/SHAKEN in Asterisk using Sansay's NSS. While there are different ways to accomplish this task the below solution delivers the functionality with 1 line to your dialplan in extensions.conf and using a shell script to interface with Sansay's STI-AS API. 

  

Welcome any suggestions from the community.

extensions.conf:

  • Add SIP Identity Header calling get_shaken.sh script. This line in your dialplan should precede your outbound carrier dialplan entry. An example is shown below: 
[custom-context]

exten => s,1,Noop(Entering user defined context macro-dialout-trunk-predial-hook)
exten => s,n,Set(signature=${SHELL(/var/lib/asterisk/bin/get_shaken.sh ${CALLERID(num)} ${CALLERID(dnid)})}) ; get s/s signature using Sansay bash script and assign to channel var
exten => s,n,Set(sig_length=${LEN(${signature})})
exten => s,n,Set(signature=${signature:0:$[${sig_length}-1]})      ; in testing, the script always returns sig with a trailing <cr> character which malforms the SIP INVITE, this line removes it
exten => s,n,GoSub(func-set-sipheader,s,1(Identity,${signature}))  ; add signature to outbound SIP channel Identity header using FreePBX built in subroutine
exten => s,n,MacroExit()
; end macro-dialout-trunk-predial-hook

get_shaken.sh

This shell script creates a valid payload while interacting with Asterisk's channel variables to obtain an Identity header per call. 

get_shaken.sh:
(Replace your-nss.sansay.com) with your actual NSS URL.

#!/bin/bash
# Bash client to use Sansay NSS API with Asterisk
# version 1.1
# Script arguments are orig_tn and dest_tn as follows "get_shaken.sh 8587542200 8587542211"
# Generate unique Request ID
Request_ID=`echo $RANDOM | md5sum | head -c 10`
# Send Request to Sansay NSS
curl --silent https://your-nss.sansay.com:3334/stir/v1/signing -k -X POST -H "Content-Type: application/json" -H "Accept: application/json" -H "X-RequestID: $Request_ID" -d "{\"signingRequest\":{\"orig\":{\"tn\":\"$1\"},\"dest\":{\"tn\":[\"$2\"]},\"iat\":$(date +%s)}}" |  jq .signingResponse.identity | sed 's/\"//g; s/\\//g'

 

VitalPBX Implementation

VitalPBX is an Asterisk-based multi-tenant PBX. The same concepts used for the Asterisk implementation apply for VitalPBX. One important difference is that the Identity Header is added in the Trunk instead of the dialplan as follows.

 

Reply

null
Login to reply

Content aside

Related Articles
NSS Simplified Flow Diagram
NSS Configuration Backup and Restore
Implementing DNO blocking in NSS
Freeswitch and NSS integration
Asterisk and NSS integration
Using NSS for STI-AS/STI-VS with ACME SBC
STI-VS Call Presentation Options
STI-AS Attestation Policy Options
Sansay STI-CA