search

neustar / tcs-apis

STIR/SHAKEN Authentication & Verification Service APIs
http://neustar.github.io/tcs-apis
MIT License
6 stars 6 forks source link

SHAKEN VS request fails for "URI parsing failed" #168

Open di-shi opened 1 year ago

di-shi commented 1 year ago

We run SHAKEN AS request and feed the generated Identity header in SHAKEN VS request, and get 400/416. Can not find the reasonCode or reasonText in doc.

HTTP/1.1 400 Bad Request Date: Tue, 24 Jan 2023 21:55:10 GMT Server: WSGIServer/0.2 CPython/3.7.15 Content-Type: application/json X-Frame-Options: DENY Content-Length: 139 X-Content-Type-Options: nosniff Referrer-Policy: same-origin

{"verifyResults": [{"verifyResult": {"status": "fail", "ppt": "", "reasonCode": 416, "reasonText": "URI parsing failed", "passport": ""}}]}

rishagit commented 1 year ago

hi @di-shi Can you please share the request that you are sending.

di-shi commented 1 year ago

@rishagit

A sample request and response is attached except the apiKey is removed. 

curl -i -k -s -X POST http://34.233.174.72:8000/stir/v1/verification?apiKey=XXXXXX -H Content-Type: application/json -H Accept: application/json -d {"identityHeader": "eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9jYS1jbXMubmV1c3RhcmxhYi5iaXovY2NpZC9hdXRobi92Mi9jZXJ0cy8xMTA0MS4xMDAzNyJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyIxNDA0NTI2NjA2MCJdfSwiaWF0IjoxNjc1ODY1MTExLCJvcmlnIjp7InRuIjoiMTU1NTEyMzQ1NjcifSwib3JpZ2lkIjoiOThkMDk2MzktZmJhZi0xMWU3LTlmNTQtMDAwYzI5YjFiMzllIn0.NSh_mvXC322sDwT4BGoi0cUoxxmf35EiNd2edaqmaJNhiaL1J7NUibt-YiXaaPN7Nx5S9baDijQ7JxstjdwU1Q;info=<https://ca-cms.neustarlab.biz/ccid/authn/v2/certs/11041.10037>;alg=ES256;ppt=\"shaken\"", "place": "holder", "to": {"tn": ["sip:+14045266060@example.com"]}, "time": 1675865111, "from": {"tn": "sip:+15551234567@example.com"}}

HTTP/1.1 400 Bad Request
Date: Wed, 08 Feb 2023 14:05:11 GMT
Server: WSGIServer/0.2 CPython/3.7.15
Content-Type: application/json
X-Frame-Options: DENY
Content-Length: 139
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin

{"verifyResults": [{"verifyResult": {"status": "fail", "ppt": "", "reasonCode": 416, "reasonText": "URI parsing failed", "passport": ""}}]}
kpolitz commented 1 year ago

I could not reproduce:

{ "verifyResults": [ { "verifyResult": { "ppt": "shaken", "status": "pass", "validClaims": { "attest": "A", "dest": { "tn": [ "14045266060" ] }, "iat": 1675962972, "orig": { "tn": "15551234567" }, "origid": "2088448c-718e-4930-be5d-0ec9b25d2f00" } } } ], "verstatValue": "TN-Validation-Passed" }

di-shi commented 1 year ago

still failed for me just minutes ago.

curl -i -k -s -X POST http://34.233.174.72:8000/stir/v1/verification?apiKey=XXXXXX -H Content-Type: application/json -H Accept: application/json -d {"identityHeader": "eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9jYS1jbXMubmV1c3RhcmxhYi5iaXovY2NpZC9hdXRobi92Mi9jZXJ0cy8xMTA0MS4xMDAzNyJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyIxNDA0NTI2NjA2MCJdfSwiaWF0IjoxNjc1OTY2ODUwLCJvcmlnIjp7InRuIjoiMTU1NTEyMzQ1NjcifSwib3JpZ2lkIjoiOThkMDk2MzktZmJhZi0xMWU3LTlmNTQtMDAwYzI5YjFiMzllIn0.VKdm-NO1z7Ccw2mUpCx9I95QQykskE-C66E7SlN9zdzgzV1ltKECq11QdW-zw0L0RRvXpnpahz_D1ifX5iK76w;info=<https://ca-cms.neustarlab.biz/ccid/authn/v2/certs/11041.10037>;alg=ES256;ppt=\"shaken\"", "place": "holder", "to": {"tn": ["sip:+14045266060@example.com"]}, "time": 1675966850, "from": {"tn": "sip:+15551234567@example.com"}}

HTTP/1.1 400 Bad Request
Date: Thu, 09 Feb 2023 18:20:51 GMT
Server: WSGIServer/0.2 CPython/3.7.15
Content-Type: application/json
X-Frame-Options: DENY
Content-Length: 139
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin

{"verifyResults": [{"verifyResult": {"status": "fail", "ppt": "", "reasonCode": 416, "reasonText": "URI parsing failed", "passport": ""}}]}
kpolitz commented 1 year ago

Is this the correct PASSporT information?

{ "alg": "ES256", "ppt": "shaken", "typ": "passport", "x5u": "https://ca-cms.neustarlab.biz/ccid/authn/v2/certs/11041.10037" }

{ "attest": "A", "dest": { "tn": [ "14045266060" ] }, "iat": 1675966850, "orig": { "tn": "15551234567" }, "origid": "98d09639-fbaf-11e7-9f54-000c29b1b39e" }

kpolitz commented 1 year ago

what does this parameter do in your VS request? "place": "holder",

di-shi commented 1 year ago

> Is this the correct PASSporT information?

I think so.

> what does this parameter do in your VS request? "place": "holder",

We use a shell script for the test. Some use cases need more parameters. If a parameter is not needed, we place a placeholder item in the request.

kpolitz commented 1 year ago

We believe this has something to do with the orig/dest/to/from and will continue to investigate. Thanks.

rishagit commented 1 year ago

As @kpolitz mentioned, this is due to wrong format sent for 'from' field. Currently our system is expecting 'from' as object which contains 'tn' array. We are working to fix this and 'from' would be just an object which will accept 'tn' as string (more like the way you are sending)

In your request if you can just change the 'from' field as below, you will get a response. But we are working on a fix for it and eventually 'from' will just be an object which accepts 'tn' as String (similar to your request). 

"from": {
        "tn": [
            "sip:+15551234567@example.com"
        ]
    }
di-shi commented 1 year ago

@rishagit Thank you for the information. Please let us know when these tickets are fixed. Then we will continue the test.

kpolitz commented 1 year ago

"orig" and "from" parameters will no longer be arrays in next pull request. A note will be sent to test participants when change is available.

kpolitz commented 1 year ago

Changes were deployed on 2/23/23. Please test and confirm.