[Reviewer: Ellie] Multiple domain support

sprout/icscfproxy.cpp

@@ -167,7 +167,8 @@ pj_status_t ICSCFProxy::UASTsx::init(pjsip_rx_data* rdata,
       _impi = _impu.substr(4);
     }
 
-    // Get the visted network identification if present.
+    // Get the visted network identification if present.  If not, homestead will
+    // default it.
     pjsip_generic_string_hdr* vn_hdr =
          (pjsip_generic_string_hdr*)pjsip_msg_find_hdr_by_name(msg,
                                                                &STR_P_V_N_I,

sprout/main.cpp

@@ -435,7 +435,7 @@ static pj_status_t init_options(int argc, char *argv[], struct options *options)
 
     case OPT_ADDITIONAL_HOME_DOMAINS:
       options->additional_home_domains = std::string(pj_optarg);
-      fprintf(stdout, "Additonal home domains set to %s\n", pj_optarg);
+      fprintf(stdout, "Additional home domains set to %s\n", pj_optarg);
       break;
 
     case 'c':

sprout/pjutils.cpp

@@ -317,8 +317,8 @@ std::string PJUtils::default_private_id_from_uri(const pjsip_uri* uri)
   return id;
 }
 
-/// Extract the domain from a SIP URI.  If none is present, return the default
-/// home domain.
+/// Extract the domain from a SIP URI, or if its another type of URI, return
+/// the default home domain.
 pj_str_t PJUtils::domain_from_uri(const std::string& uri_str, pj_pool_t* pool)
 {
   pjsip_uri* uri = PJUtils::uri_from_string(uri_str, pool);

sprout/ut/authentication_test.cpp

@@ -585,6 +585,58 @@ TEST_F(AuthenticationTest, DigestAuthFailStale)
 }
 
 
+TEST_F(AuthenticationTest, DigestAuthFailWrongRealm)
+{
+  // Test a failed SIP Digest authentication flow where the response contains the wrong realm.
+  pjsip_tx_data* tdata;
+
+  // Set up the HSS response for the AV query using a default private user identity.
+  _hss_connection->set_result("/impi/6505550001%40homedomain/av?impu=sip%3A6505550001%40homedomain",
+                              "{\"digest\":{\"realm\":\"homedomain\",\"qop\":\"auth\",\"ha1\":\"12345678123456781234567812345678\"}}");
+
+  // Send in a REGISTER request with no authentication header.  This triggers
+  // Digest authentication.
+  AuthenticationMessage msg1("REGISTER");
+  msg1._auth_hdr = false;
+  inject_msg(msg1.get());
+
+  // Expect a 401 Not Authorized response.
+  ASSERT_EQ(1, txdata_count());
+  tdata = current_txdata();
+  RespMatcher(401).matches(tdata->msg);
+
+  // Extract the nonce, nc, cnonce and qop fields from the WWW-Authenticate header.
+  std::string auth = get_headers(tdata->msg, "WWW-Authenticate");
+  std::map<std::string, std::string> auth_params;
+  parse_www_authenticate(auth, auth_params);
+  EXPECT_NE("", auth_params["nonce"]);
+  EXPECT_EQ("auth", auth_params["qop"]);
+  EXPECT_EQ("MD5", auth_params["algorithm"]);
+  free_txdata();
+
+  // Send a new REGISTER request with an authentication header including the
+  // response but the wrong realm.
+  AuthenticationMessage msg2("REGISTER");
+  msg2._algorithm = "MD5";
+  msg2._key = "12345678123456781234567812345678";
+  msg2._nonce = auth_params["nonce"];
+  msg2._opaque = auth_params["opaque"];
+  msg2._nc = "00000001";
+  msg2._cnonce = "8765432187654321";
+  msg2._qop = "auth";
+  msg2._auth_realm = "otherdomain";
+  inject_msg(msg2.get());
+
+  // Check 401 Unauthorized response.
+  ASSERT_EQ(1, txdata_count());
+  tdata = current_txdata();
+  RespMatcher(401).matches(tdata->msg);
+  free_txdata();
+
+  _hss_connection->delete_result("/impi/6505550001%40homedomain/av?impu=sip%3A6505550001%40homedomain");
+}
+
+
 TEST_F(AuthenticationTest, AKAAuthSuccess)
 {
   // Test a successful AKA authentication flow.