0

Freeswitch and NSS integration

It is straightforward to add support for STIR/SHAKEN in Freeswitch using Sansay's NSS. While there are different ways to accomplish this task the below solution delivers the functionality with minor changes to your dialplan.

  

Welcome any suggestions from the community.

/etc/freeswitch/dialplan/default.xml

default.xml or other dialplan file you are using. The below extension is to be added before you bridge the call to your downstream carrier(s). 

<extension name="get_shaken">
     <! -- Optional: This first condition limits the scope of changes restricting it at the beginning just to add STIR/SHAKEN's Identity Header when calling Sansay -->
     <condition field="destination_number" expression="^8587542200$">
     <! -- get_shaken.sh uses NSS REST API and Freeswitch's channel variables to obtain the Identity Header -->
     <action application="set" data="shaken=${system(/etc/freeswitch/scripts/get_shaken.sh ${caller_id_number} ${destination_number})}"/>
     <! -- Optional: For debugging purposes it will save the obtained STIR/SHAKEN Identity hdr to log -->
     <action application="log" data="${shaken} ${caller_id_number}"/>
     <! -- This condition will make sure that we only insert SIP Identity: when an Identity header has been obtained successfully -->
     <condition field="shaken" expression="^ey">
     <! -- Insert SIP Identity with the saved shaken variable -->
     <action application="set" data="sip_h_Identity=${shaken}"/>
      </condition>
      </condition>
    </extension>   

get_shaken.sh

This shell script creates a valid payload while interacting with Asterisk's channel variables to obtain an Identity header per call. 

get_shaken.sh:
(Replace your-nss.sansay.com) with your actual NSS URL.

#!/bin/bash
# Bash client to use Sansay NSS API with Asterisk
# version 1.0
# Script arguments are orig_tn and dest_tn as follows "get_shaken.sh 8587542200 8587542211"
# Generate unique Request ID
Request_ID=`echo $RANDOM | md5sum | head -c 20`
# Send Request to Sansay NSS
curl --silent https://your-nss.sansay.com:3334/stir/v1/signing -k -X POST -H "Content-Type: application/json" -H "Accept: application/json" -H "X-RequestID: $Request_ID" -d "{\"signingRequest\":{\"orig\":{\"tn\":\"$1\"},\"dest\":{\"tn\":[\"$2\"]},\"iat\":$(date +%s)}}" | jq .signingResponse.identity | sed 's/\"//g; s/\\//g'

Reply

null
Login to reply

Content aside

Related Articles
NSS Simplified Flow Diagram
NSS Configuration Backup and Restore
Implementing DNO blocking in NSS
Freeswitch and NSS integration
Asterisk and NSS integration
Using NSS for STI-AS/STI-VS with ACME SBC
STI-VS Call Presentation Options
STI-AS Attestation Policy Options
Sansay STI-CA