From ef2cbd1ee3f8d15c5532ffd1a3fdbe9104d444c8 Mon Sep 17 00:00:00 2001 From: Pedro Sanders Date: Mon, 26 Feb 2024 18:37:43 -0500 Subject: [PATCH] chore: add lab for securing sip.js with jwt tokens --- .gitignore | 1 + .../compose.yaml | 22 +++ .../work/create-jwt.js | 19 +++ .../work/package-lock.json | 158 ++++++++++++++++++ .../work/package.json | 15 ++ .../work/private.key | 52 ++++++ .../work/public.key | 14 ++ 7 files changed, 281 insertions(+) create mode 100644 .gitignore create mode 100644 securing_sipjs_with_ephemeral_agents/compose.yaml create mode 100644 securing_sipjs_with_ephemeral_agents/work/create-jwt.js create mode 100644 securing_sipjs_with_ephemeral_agents/work/package-lock.json create mode 100644 securing_sipjs_with_ephemeral_agents/work/package.json create mode 100644 securing_sipjs_with_ephemeral_agents/work/private.key create mode 100644 securing_sipjs_with_ephemeral_agents/work/public.key diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b512c09 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +node_modules \ No newline at end of file diff --git a/securing_sipjs_with_ephemeral_agents/compose.yaml b/securing_sipjs_with_ephemeral_agents/compose.yaml new file mode 100644 index 0000000..7bb9507 --- /dev/null +++ b/securing_sipjs_with_ephemeral_agents/compose.yaml @@ -0,0 +1,22 @@ +version: "3" + +services: + routr: + image: fonoster/routr-one:latest + environment: + EXTERNAL_ADDRS: ${DOCKER_HOST_ADDRESS} + CONNECT_VERIFIER_PUBLIC_KEY_PATH: /keys/public.key + ports: + - 51908:51908 + - 5062:5062 + volumes: + - shared:/var/lib/postgresql/data + - ./work/public.key:/keys/public.key + + simplephone: + image: psanders/simplephone:latest + ports: + - 8080:8080 + +volumes: + shared: \ No newline at end of file diff --git a/securing_sipjs_with_ephemeral_agents/work/create-jwt.js b/securing_sipjs_with_ephemeral_agents/work/create-jwt.js new file mode 100644 index 0000000..a9a747f --- /dev/null +++ b/securing_sipjs_with_ephemeral_agents/work/create-jwt.js @@ -0,0 +1,19 @@ +const fs = require("fs"); +const jwt = require("jsonwebtoken"); + +const privateKey = fs.readFileSync("private.key"); + +const payload = { + ref: "agent-01", + domainRef: "domain-01", + aor: "sip:1001@sip.local", + aorLink: "sip:asterisk@sip.local", + domain: "sip.local", + privacy: "NONE", + allowedMethods: ["INVITE", "REGISTER"] +}; + +const signOptions = { expiresIn: "1h", algorithm: "RS256" }; +const token = jwt.sign(payload, privateKey, signOptions); + +console.log("Token: " + token); \ No newline at end of file diff --git a/securing_sipjs_with_ephemeral_agents/work/package-lock.json b/securing_sipjs_with_ephemeral_agents/work/package-lock.json new file mode 100644 index 0000000..f5ae9a8 --- /dev/null +++ b/securing_sipjs_with_ephemeral_agents/work/package-lock.json @@ -0,0 +1,158 @@ +{ + "name": "tokens", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "tokens", + "version": "1.0.0", + "license": "ISC", + "dependencies": { + "jsonwebtoken": "^9.0.2" + } + }, + "node_modules/buffer-equal-constant-time": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz", + "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==" + }, + "node_modules/ecdsa-sig-formatter": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz", + "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==", + "dependencies": { + "safe-buffer": "^5.0.1" + } + }, + "node_modules/jsonwebtoken": { + "version": "9.0.2", + "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz", + "integrity": "sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==", + "dependencies": { + "jws": "^3.2.2", + "lodash.includes": "^4.3.0", + "lodash.isboolean": "^3.0.3", + "lodash.isinteger": "^4.0.4", + "lodash.isnumber": "^3.0.3", + "lodash.isplainobject": "^4.0.6", + "lodash.isstring": "^4.0.1", + "lodash.once": "^4.0.0", + "ms": "^2.1.1", + "semver": "^7.5.4" + }, + "engines": { + "node": ">=12", + "npm": ">=6" + } + }, + "node_modules/jwa": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.1.tgz", + "integrity": "sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==", + "dependencies": { + "buffer-equal-constant-time": "1.0.1", + "ecdsa-sig-formatter": "1.0.11", + "safe-buffer": "^5.0.1" + } + }, + "node_modules/jws": { + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz", + "integrity": "sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==", + "dependencies": { + "jwa": "^1.4.1", + "safe-buffer": "^5.0.1" + } + }, + "node_modules/lodash.includes": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz", + "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==" + }, + "node_modules/lodash.isboolean": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz", + "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==" + }, + "node_modules/lodash.isinteger": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz", + "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==" + }, + "node_modules/lodash.isnumber": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz", + "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==" + }, + "node_modules/lodash.isplainobject": { + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz", + "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==" + }, + "node_modules/lodash.isstring": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz", + "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==" + }, + "node_modules/lodash.once": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", + "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==" + }, + "node_modules/lru-cache": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "dependencies": { + "yallist": "^4.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" + }, + "node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] + }, + "node_modules/semver": { + "version": "7.6.0", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.0.tgz", + "integrity": "sha512-EnwXhrlwXMk9gKu5/flx5sv/an57AkRplG3hTK68W7FRDN+k+OWBj65M7719OkA82XLBxrcX0KSHj+X5COhOVg==", + "dependencies": { + "lru-cache": "^6.0.0" + }, + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" + } + } +} diff --git a/securing_sipjs_with_ephemeral_agents/work/package.json b/securing_sipjs_with_ephemeral_agents/work/package.json new file mode 100644 index 0000000..a99dced --- /dev/null +++ b/securing_sipjs_with_ephemeral_agents/work/package.json @@ -0,0 +1,15 @@ +{ + "name": "tokens", + "version": "1.0.0", + "description": "", + "main": "create-jwt.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "keywords": [], + "author": "", + "license": "ISC", + "dependencies": { + "jsonwebtoken": "^9.0.2" + } +} diff --git a/securing_sipjs_with_ephemeral_agents/work/private.key b/securing_sipjs_with_ephemeral_agents/work/private.key new file mode 100644 index 0000000..65ff18b --- /dev/null +++ b/securing_sipjs_with_ephemeral_agents/work/private.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCzHTRq2j9vqy9q +5JlFsF258GadUL5RhL2UBev10VnCpMaYD9tEp8K+o+x8MLbDD7B82UPyxsvUS9KE +y1Kxuv7ImmAgUmBO0QdN6joLDa48O60KfoTwkN0S54WeBL5p2/2L2UfZydqUby9L +JDj39veHWfMEz8XuvgFTFj9vGjPdh7kWdKRXuK9El1VJveJqa4toMWf+plLcNXyG +IbOcYCWHzmexZb8gOLRzo2G+/DHTM14siLt4m6O5eN/HMZj8GmtkWWnwmf4eHyuD +dAxUW10HThswJ9cThXaSu1WH20I/OwthunFwx3XB2lcimAOMgE2J/TAu1z1ZRkdT +QfOjHuyoqfDp9BRZ6PtvdJL8Nc7q4DvCmjzQlJWRusNIaspj0wuq7fOv0TMezP9U +Hj1CsgGTeaUUOQDfpAeMlqqd+prgCjXi0SIwMV+0RvreBM/3YK4BNYSUpjkYA1A0 +vxKiXizbvFb8D7k6BUBVvJbM6aTfHhUoAeRS29s/yKfZ1o+mARZ3GV6sXx1cG0ya +3n3dtECxqupxSEIUu3EUUDoEqvGD6Wqc5OE/4gcHtP2AadxRMKS4GDawNWGTGbNJ +YUz51+aRNzJjWbLh+u3t7DyW4yISCLcc5l3TO9cW6AW91C4m/zcSR4+tX2IkxnBd +55j9rXnjknNKg0K7VSYyZYhBVJOIlwIDAQABAoICABoaCu35YR42XaIfryBjO71h +haquPhXmGLRuCn1XpVOCrLgzM1p1ciFTBR7yAGg7rJX9GXRTORf2drbIZIQnAoMc +UB7Vslg6COz3Ub8Tns0DS0vItTnTeowLNkMZYOBPYUsUfm6EBnj0HPm/zReBo3/T +gWE1oBwTD2Fa0CKyOFWztirKE7r+3HfL7+9fnxOwGXA1JvkKpu+VUdDAL4r9zepV +D3JgJ/KboNxrNk7dNKuZBEPMJznDwJ/COCYwmaE/fl/w0cnwvwIHu9Ebw8I1UEDE +xpyFacfb/rQSXbv/HU/WnGmBAJAVWRlHZsRRT88VUXdm8LMaxcNxROqipU0jsAwD +wFgpOy3IwGZwHp0gxzVShnHq5IGm2IYN38PmMH1CAip4MKJzRJeK4a1BIEdiLg+/ +sHnPy2I/sMvYTyY5pTQImCzOZIy8iuLheeXXIyzZu5JEC0IuIVo9hv6eaitfiStX +Y9jy742SCYxLUiXk75PAhF9oyGGCEDmSNRZtBfcWjK8xXrsnwfkOjtiQWXr+pwLZ +LELHstJppfu0OJvLYFzYHIONdIRPaAna+rA9Kvls4wNIruSvlS80QEplcJDrS0NA +Z0nl4DTLMpHL6+AxDCFPvXyWgqybbxO3A+uleylDWXszQm9qlyrfGcKa3evFyX2K +V1M5ws6l/wJSWOP/0AJtAoIBAQDgpfDM5jd9UM3G8ZtVl0waOWHmfjQpeeec8DQ2 ++MRnakPzBTckgJLC959QpetLGXaX2hMpCJegHKPDmSU2jgKztU9fVilz/c5zsoN6 +iF8vdM6x95XmBVA/jOmSDr4I/tTpPM/IKRHJmIHGp+nAR8n6JcfvLGpMXvE+0+km +WZ3iN1BOtDtxsDqzdT/sAeameOY4sJsbr2n1p9rhAlA/DCB8gtD8fH+p3IxestBP +R0N8sb7U1Z8dzGa/R4aBwDoPBLI5KYV1IwgyY+7sWOTyg6Qrf+DfAY/oAnsurNx6 +I1HsHL+jPj7cERcIfkDTbnZZ+vKRIEa9L4TwyorKTMFdmnCDAoIBAQDMHHSq++2y +flTXbmOPKeglREQDCRLi8q66zHpDYc6+l/ewsU/ye5ojplILuVfYadZCAMnBtTAC +cTAD8nUjptqVGXXSxHovmD8oAWEXzxtdSvEzYHB8o8Lc1SDd5JN71M9WQOIu6n1L +v6zo073cPynN7aKLiJp6uA0fdj17OIIYhmhQklRXIL3WjEjxRt5nNvs4kNHYoXXc +Tg9U950nvYzoGr+JxT3Gh9zrdbDDsEILDaBmV2TKfs9vkfRIKCd7rewHR/9hkE1G +Vofn3h3bwYwd7Zsoyt7EHHfbSryC1MKlXtkg/1LZgWW1WexiYc9YZORHAdWZmtj7 +d2A3JpUwUmNdAoIBAFxGzWrdBd4L2vrlM5Es3K3I9FXhcTu4P1NPt6L8/HAeTlr8 +wXHU/nPnkyFlhgkLJJOrmEM6rE2wdfRaa9bE7ocy6q+WjOCAWNVddnRWoAK2UFD6 +CjC57gSstSSxuY2oX3yO5iqp9AyDAIvBXVsGIgkGi+HKtL86II5WLWb7WMcbQXmS +vvgsE3CzsNYY0c1/y9FteckdfMDTei0C7kN3j8CVW5La8PWtClu7x6VI+Ie321NB +jGKJG4tmrfGOLEsO+sZQL+m1wiAwvGuI+EJFoKHdnVj9I0eB/WdmygnBiF0cUfuU +De4HdxaeBbLTpPnBAvJp96SuaEUgbXI7pRH15lECggEBAJWRZIzG/2+E03bqFVqb +QtnMJGp1A7n6S7/mhtFJos5XXdHEnOj7WgA1qHme35heNfs3yKCBvSSM/LpnuR7e +7d3EQmqoP0ERN3aBTDy+Lzc163nSeZtcBTb9lpADJ2/eifCSqyvl+NrBIluajc4P +Gvsj37CP8WNr63Ham0LoLaz7EQW5tMQD4hiNxAXKAL9xsrXIqX0tE8jUCrggmrC8 +XbzXnPO/7XzFokWIgHdleX/QBHH6KImaUzdWpMMbaZNf502OnL1JmNaqIfzu7sJS +GfL0YnaJ8qOSmOHA6lKUxe2Yi1N6xaNNBtLVijqtodsMU5sU5QkiR04+M+s2Aqze +MqECggEBAL9IkcZB+rG8KU0r6iiMexAVUk5RJpnfJ8Uulo4kZlsl+tOp3YDigz6+ +Fam0VeEhukI2GvGUmSaqICIVhuim2rREnbVKQt6aCKIg3D2MNMNx9tfHBiLKar4I +5bT5mbmCnTrJM4e7WQ1Q+m7rD12ysHXzJw7xwy35tvJB2oK6z/yT8kEPG7SyYjGH +eQR1bACrjMALcTX7t/+YkqP2UY1Kv//hmBgCV5P4Z3xXhN38X5Zb4u3iVVHU3ymP +FKcynzCR+I7ws5aZpLH8rE6SpwzTYL/26rkQIXPwvWvt7MvcQ5NPEVk7ZLczL3G2 +glqb37hQ6CniwbebwW5eHy5YLnYdCXs= +-----END PRIVATE KEY----- diff --git a/securing_sipjs_with_ephemeral_agents/work/public.key b/securing_sipjs_with_ephemeral_agents/work/public.key new file mode 100644 index 0000000..8112865 --- /dev/null +++ b/securing_sipjs_with_ephemeral_agents/work/public.key @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsx00ato/b6svauSZRbBd +ufBmnVC+UYS9lAXr9dFZwqTGmA/bRKfCvqPsfDC2ww+wfNlD8sbL1EvShMtSsbr+ +yJpgIFJgTtEHTeo6Cw2uPDutCn6E8JDdEueFngS+adv9i9lH2cnalG8vSyQ49/b3 +h1nzBM/F7r4BUxY/bxoz3Ye5FnSkV7ivRJdVSb3iamuLaDFn/qZS3DV8hiGznGAl +h85nsWW/IDi0c6Nhvvwx0zNeLIi7eJujuXjfxzGY/BprZFlp8Jn+Hh8rg3QMVFtd +B04bMCfXE4V2krtVh9tCPzsLYbpxcMd1wdpXIpgDjIBNif0wLtc9WUZHU0Hzox7s +qKnw6fQUWej7b3SS/DXO6uA7wpo80JSVkbrDSGrKY9MLqu3zr9EzHsz/VB49QrIB +k3mlFDkA36QHjJaqnfqa4Ao14tEiMDFftEb63gTP92CuATWElKY5GANQNL8Sol4s +27xW/A+5OgVAVbyWzOmk3x4VKAHkUtvbP8in2daPpgEWdxlerF8dXBtMmt593bRA +sarqcUhCFLtxFFA6BKrxg+lqnOThP+IHB7T9gGncUTCkuBg2sDVhkxmzSWFM+dfm +kTcyY1my4frt7ew8luMiEgi3HOZd0zvXFugFvdQuJv83EkePrV9iJMZwXeeY/a15 +45JzSoNCu1UmMmWIQVSTiJcCAwEAAQ== +-----END PUBLIC KEY-----