digest - Failure of SIP Proxy Authentication -

i'm developing sip user agent application connects asterisk server , tries outgoing call. i'm using nist implementation of jain sip api.

when application registers itself, 401 (unauthorized) response challenges www-authenticate header. application inserts authorization header next register request. time asterisk returns 200 (ok) response - registration successful.

when application transmits invite request, asterisk responds 407 (proxy authentication required) response. time response contains proxy-authenticate header. application sends invite again, time authorization header, upon asterisk responds same 407 (proxy authentication required) response.

here sip messages transmitted ('>>' indicates outgoing messages; '<<' indicates incoming messages):

>>

register sip:10.0.84.30:5060 sip/2.0 call-id: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3 cseq: 1 register from: <sip:301@asterisk>;tag=2b3n8g to: <sip:301@asterisk> via: sip/2.0/udp 10.0.85.3:5060;branch=z9hg4bkc7dd178d3d444ccc059a191e700fc8b73230 max-forwards: 70 contact: <sip:10.0.85.3:5060> expires: 300 content-length: 0 

<<

sip/2.0 100 trying via: sip/2.0/udp 10.0.85.3:5060;branch=z9hg4bkc7dd178d3d444ccc059a191e700fc8b73230;received=10.0.85.3 from: <sip:301@asterisk>;tag=2b3n8g to: <sip:301@asterisk> call-id: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3 cseq: 1 register user-agent: asterisk pbx (switchvox) allow: invite,ack,cancel,options,bye,refer,subscribe,notify contact: <sip:301@10.0.84.30> content-length: 0 

<<

sip/2.0 401 unauthorized via: sip/2.0/udp 10.0.85.3:5060;branch=z9hg4bkc7dd178d3d444ccc059a191e700fc8b73230;received=10.0.85.3 from: <sip:301@asterisk>;tag=2b3n8g to: <sip:301@asterisk>;tag=as3c458716 call-id: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3 cseq: 1 register user-agent: asterisk pbx (switchvox) allow: invite,ack,cancel,options,bye,refer,subscribe,notify contact: <sip:301@10.0.84.30> www-authenticate: digest realm="asterisk",nonce="6fbe5a68" content-length: 0 

>>

register sip:10.0.84.30:5060 sip/2.0 cseq: 2 register from: <sip:301@asterisk>;tag=2b3n8g to: <sip:301@asterisk> via: sip/2.0/udp 10.0.85.3:5060;branch=z9hg4bkffb0be254f93f61fa0dc7ac32b9078a43230 max-forwards: 70 contact: <sip:10.0.85.3:5060> expires: 300 authorization: digest username="301",realm="asterisk",nonce="6fbe5a68",response="bc7075e8e241a4109dfa24d6ae95e78c",algorithm=md5,uri="sip:10.0.84.30:5060",nc=00000001 call-id: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3 content-length: 0 

<<

sip/2.0 100 trying via: sip/2.0/udp 10.0.85.3:5060;branch=z9hg4bkffb0be254f93f61fa0dc7ac32b9078a43230;received=10.0.85.3 from: <sip:301@asterisk>;tag=2b3n8g to: <sip:301@asterisk> call-id: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3 cseq: 2 register user-agent: asterisk pbx (switchvox) allow: invite,ack,cancel,options,bye,refer,subscribe,notify contact: <sip:301@10.0.84.30> content-length: 0 

<<

sip/2.0 200 ok via: sip/2.0/udp 10.0.85.3:5060;branch=z9hg4bkffb0be254f93f61fa0dc7ac32b9078a43230;received=10.0.85.3 from: <sip:301@asterisk>;tag=2b3n8g to: <sip:301@asterisk>;tag=as3c458716 call-id: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3 cseq: 2 register user-agent: asterisk pbx (switchvox) allow: invite,ack,cancel,options,bye,refer,subscribe,notify expires: 300 contact: <sip:10.0.85.3:5060>;expires=300 date: tue, 03 may 2011 06:42:33 gmt content-length: 0 

>>

invite sip:302@asterisk sip/2.0 call-id: c20df277bb6f9fb69d83000e5255eb86@10.0.85.3   cseq: 3 invite from: <sip:301@asterisk>;tag=kozwxg to: <sip:302@asterisk> via: sip/2.0/udp 10.0.85.3:5060;branch=z9hg4bkaa0520efde83907b71d1f76315188c413230 max-forwards: 70 contact: <sip:10.0.85.3:5060> route: <sip:10.0.84.30:5060;lr> content-type: application/sdp content-length: 106 

>>

v=0 o=- 3513393083 3513393083 in ip4 10.0.85.3 s=- c=in ip4 10.0.85.3 t=0 0 m=audio 40000 rtp/avp 3 

<<

sip/2.0 407 proxy authentication required via: sip/2.0/udp 10.0.85.3:5060;branch=z9hg4bkaa0520efde83907b71d1f76315188c413230;received=10.0.85.3 from: <sip:301@asterisk>;tag=kozwxg to: <sip:302@asterisk>;tag=as5de9ed83 call-id: c20df277bb6f9fb69d83000e5255eb86@10.0.85.3 cseq: 3 invite user-agent: asterisk pbx (switchvox) allow: invite,ack,cancel,options,bye,refer,subscribe,notify contact: <sip:302@10.0.84.30> proxy-authenticate: digest realm="asterisk",nonce="74986b64" content-length: 0 

>>

invite sip:302@asterisk sip/2.0 cseq: 4 invite from: <sip:301@asterisk>;tag=2b3n8g to: <sip:302@asterisk> via: sip/2.0/udp 10.0.85.3:5060;branch=z9hg4bk86f9dbdff9eeca422fbb67321dd45f7a3230 max-forwards: 70 contact: <sip:10.0.85.3:5060> route: <sip:10.0.84.30:5060;lr> content-type: application/sdp authorization: digest   username="301",realm="asterisk",nonce="74986b64",response="a08b8d7ce96cae00e7d334e132bf7358",algorithm=md5,uri="sip:302@asterisk",nc=00000001 call-id: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3 content-length: 106 

>>

v=0 o=- 3513393083 3513393083 in ip4 10.0.85.3 s=- c=in ip4 10.0.85.3 t=0 0 m=audio 40000 rtp/avp 3 

<<

sip/2.0 407 proxy authentication required via: sip/2.0/udp 10.0.85.3:5060;branch=z9hg4bk86f9dbdff9eeca422fbb67321dd45f7a3230;received=10.0.85.3 from: <sip:301@asterisk>;tag=2b3n8g to: <sip:302@asterisk>;tag=as3c458716 call-id: acf3c0e9c1338d2c28d9c534ae86cbd8@10.0.85.3 cseq: 4 invite user-agent: asterisk pbx (switchvox) allow: invite,ack,cancel,options,bye,refer,subscribe,notify contact: <sip:10.0.85.3:5060> proxy-authenticate: digest realm="asterisk",nonce="1bd30f50" content-length: 0 

the authorization header constructed in same way in both cases (same code executed). i'm using request's request-uri "digesturi". i've tried using proxy-authorization header instead of authorization header, result same.

can see i'm doing wrong? in advance.

for authenticating proxy (in other words got 407 proxy authentication required need proxy-authorization header.

as rfc 2617 says, construct in same way authorization header.

you mention using uri in question. rfc 2617 section 3.2.2 says use request-uri (sip:302@asterisk). watch out sip-specific changes in rfc 3261 section 22.4.