search

zbkoong / android-rcs-ims-stack

Automatically exported from code.google.com/p/android-rcs-ims-stack
0 stars 0 forks source link

Register Authorization qop parameter not compliant with RFC2617 #3

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
This problem has been encountered when trying to register an android phone 
emulator using the android-rcs-ims-stack in an openIMS network.

What steps will reproduce the problem?
1.use of a openIMS network. 
2.configuration of the user in order to use the network server. 
3.start the RCS service application on the android emulator.

What is the expected output? What do you see instead?
After receiving a REGISTER message from the android phone emulator, the openIMS 
network responds with a challenge request "401 unauthorized". This request 
contains authentication rules where the qop is equal to "Auth, Auth-int". The 
android phone responds with a REGISTER request that contains a response to the 
challenge request. This response contains the option qop with one of the values 
listed in the challenge: "Auth" or "Auth-Int".

The problem is that the response to the challenge returns the list of qop 
values except one of them. This is not compliant with the RFC2617 where it is 
written that:

 qop :Indicates what "quality of protection" the client has applied to
 the message. If present, its value MUST be one of the alternatives
 the server indicated it supports in the WWW-Authenticate header.
 [...]. Note that this is a single token, not a quoted list of 
 alternatives as in WWW- Authenticate. [...].

What version of the product are you using? On what operating system?
The version used is the 2.0.8 available for download.
This is used with an android emulator 2.2

Please provide any additional information below.
The error has been localized in the method writeSecurityHeader of the class 
HttpDigestRegistrationProcedure called from the method createRegister of the 
SipMessageFactory class. This class is localized under directory 
core\src\com\orangelabs\rcs\core\ims\network\registration.
The qop value is retrieved from the 401 SIP response, if its value starts with 
"auth", the complete value is pasted in the REGISTER SIP request.

String qop = digest.getQop();
if ((qop != null) && qop.startsWith("auth")) {  
    auth += ",nc=" + digest.buildNonceCounter() +
    ",qop=" + qop +

Original issue reported on code.google.com by rouxel.jerome@gmail.com on 18 Nov 2010 at 3:12

Attachments:

GoogleCodeExporter commented 9 years ago 
This issue is linked to the problem described in issue4 and depends of its 
correction.

Original comment by rouxel.jerome@gmail.com on 19 Nov 2010 at 2:38

GoogleCodeExporter commented 9 years ago 
See issue 4

Original comment by jmauffret@gmail.com on 5 Jan 2011 at 6:59