stir-shaken: Add extra test for "future Date hf"

PS: in order to keep the tests tidy without renaming all of them, I
just broke down "08" into: "08.A" (past Date) and "08.B" (future Date).

stir-shaken/08.B.verify-error-403-wrong-date-future/README.md

@@ -0,0 +1,12 @@
+# Diagram
+```mermaid
+sequenceDiagram
+    uac-sipp-stir-shaken->>+opensips: With identity header
+    opensips-->>-uac-sipp-stir-shaken: 403 Stale Date
+```
+
+# Explanations:
+We forced future Date header in UAC
+```php
+Date: Tue, 22 Sep 2150 23:29:00 GMT
+```

stir-shaken/08.B.verify-error-403-wrong-date-future/opensips.cfg

@@ -0,0 +1,159 @@
+#
+# OpenSIPS residential configuration script
+#     by OpenSIPS Solutions <[email protected]>
+#
+# This script was generated via "make menuconfig", from
+#   the "Residential" scenario.
+# You can enable / disable more features / functionalities by
+#   re-generating the scenario with different options.#
+#
+# Please refer to the Core CookBook at:
+#      https://opensips.org/Resources/DocsCookbooks
+# for a explanation of possible statements, functions and parameters.
+#
+
+
+####### Global Parameters #########
+######################################################################
+/* uncomment the following lines to enable debugging */
+#debug_mode=yes
+
+log_level=4
+xlog_level=4
+log_stderror=yes
+
+udp_workers=4
+
+####### Modules Section ########
+
+#set module path
+mpath="/usr/lib/x86_64-linux-gnu/opensips/modules/"
+
+#### SIGNALING module
+loadmodule "signaling.so"
+
+#### StateLess module
+loadmodule "sl.so"
+
+#### Transaction Module
+loadmodule "tm.so"
+modparam("tm", "fr_timeout", 5)
+modparam("tm", "fr_inv_timeout", 30)
+modparam("tm", "restart_fr_on_each_reply", 0)
+modparam("tm", "onreply_avp_mode", 1)
+
+#### SIP MSG OPerationS module
+loadmodule "sipmsgops.so"
+
+#### MySQL module
+#loadmodule "db_mysql.so"
+
+#### Dialog module
+loadmodule "dialog.so"
+#modparam("dialog", "db_mode", 2)
+#modparam("dialog", "db_update_period", 2)
+#modparam("dialog", "db_url", "mysql://[email protected]/opensips")
+
+#### MAX ForWarD module
+loadmodule "maxfwd.so"
+
+#### Record Route Module
+loadmodule "rr.so"
+/* do not append from tag to the RR (no need for this script) */
+modparam("rr", "append_fromtag", 0)
+
+loadmodule "proto_udp.so"
+
+loadmodule "httpd.so"
+loadmodule "mi_http.so"
+
+#### Stir and Shaken
+loadmodule "stir_shaken.so"
+modparam("stir_shaken", "ca_list", "/etc/opensips/stir-shaken-ca/ca-cert.pem")
+modparam("stir_shaken", "require_date_hdr", 0)
+modparam("stir_shaken", "verify_date_freshness", 300) # => please change to 60 for French reglementation
+
+
+include_file "stir_shaken_verify.cfg"
+
+
+####### Routing Logic ########
+
+# main request routing logic
+
+route {
+
+	$var(cert) = "-----BEGIN CERTIFICATE-----
+MIIByzCCAXGgAwIBAgIUWfW2wiP6QMbm7OlahCyplooFTl0wCgYIKoZIzj0EAwIw
+RTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMzA1MDkwOTE2NThaFw0yNTA4MTEw
+OTE2NThaMGoxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJWQTESMBAGA1UEBwwJU29t
+ZXdoZXJlMRowGAYDVQQKDBFBY21lVGVsZWNvbSwgSW5jLjENMAsGA1UECwwEVk9J
+UDEPMA0GA1UEAwwGU0hBS0VOMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuyQP
+0hteN1oKDUxo/2zvTp+0ppJ2IntNSdu36QFsUPDsCWlr4iTUMsjPtD+XQ58xQEf6
+n/zTE9cwZhs46NJWdKMaMBgwFgYIKwYBBQUHARoECjAIoAYWBDEwMDEwCgYIKoZI
+zj0EAwIDSAAwRQIga2buNdRtI/56SZ0pBOUd21UxVNacFelmTpnda145zYICIQDz
+yWoJxs18OGdJL0sfcw2JKiWQ9i6AKQAgGh31oKxXHg==
+-----END CERTIFICATE-----";
+
+	if (!mf_process_maxfwd_header(10)) {
+		send_reply(483,"Too Many Hops");
+		exit;
+	}
+
+	if (has_totag()) {
+
+		# handle hop-by-hop ACK (no routing required)
+		if (is_method("ACK") && t_check_trans()) {
+			t_relay();
+			exit;
+		}
+
+		# sequential request within a dialog should
+		# take the path determined by record-routing
+		if (!loose_route() && !match_dialog()) {
+			# we do record-routing for all our traffic, so we should not
+			# receive any sequential requests without Route hdr.
+			send_reply(404,"Not here");
+			exit;
+		}
+
+		# route it out to whatever destination was set by loose_route()
+		# in $du (destination URI).
+
+		t_relay();
+		exit;
+	}
+
+	# CANCEL processing
+	if (is_method("CANCEL")) {
+		if (t_check_trans())
+			t_relay();
+		exit;
+	}
+
+	# accept just INVITE requests
+	if (!is_method("INVITE")) {
+		send_reply(503, "Service Unavailable");
+		exit;
+	}
+	else
+	{
+		$var(kill_calls) = true;
+		route(stir_shaken_verify);
+	}
+
+	if (!create_dialog()) {
+		send_reply(500, "Internal Server Error");
+		exit;
+	}
+	record_route();
+
+	if (!t_relay())
+		send_reply(500, "Internal Error");
+	exit;
+
+
+
+
+}

stir-shaken/08.B.verify-error-403-wrong-date-future/scenario.yml

@@ -0,0 +1,23 @@
+---
+# generate CA: https://blog.opensips.org/2022/10/31/how-to-generate-self-signed-stir-shaken-certificates/
+
+timeout: 30
+
+tasks:
+  - name: OpenSIPS
+    type: opensips
+
+  - name: SIPP UAC
+    type: uac-sipp-stir-shaken
+    service: "+33987654321"
+    config_file: scripts/uac.xml
+    remote: {{ uas_ip }}:{{ uas_port }}
+    caller: "+33612345678"
+    duration: 10000
+    stir_shaken_origid: "toto"
+    stir_shaken_private_key: |
+      -----BEGIN EC PRIVATE KEY-----
+      MHcCAQEEIIOvgr23lbJ5rIOhiF+LR/VU4piEc1EYLT1CF5SN5HtZoAoGCCqGSM49
+      AwEHoUQDQgAEuyQP0hteN1oKDUxo/2zvTp+0ppJ2IntNSdu36QFsUPDsCWlr4iTU
+      MsjPtD+XQ58xQEf6n/zTE9cwZhs46NJWdA==
+      -----END EC PRIVATE KEY-----

stir-shaken/08.B.verify-error-403-wrong-date-future/scripts/uac.xml

@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<!DOCTYPE scenario SYSTEM "sipp.dtd">
+
+<scenario name="Basic Sipstone UAC">
+  <Global variables="caller,stir_and_shaken_jwt,stir_and_shaken_info,stir_shaken_alg,stir_shaken_ppt" />
+  <Reference variables="caller,stir_and_shaken_jwt,stir_and_shaken_info,stir_shaken_alg,stir_shaken_ppt" />
+  <!-- In client mode (sipp placing calls), the Call-ID MUST be         -->
+  <!-- generated by sipp. To do so, use [call_id] keyword.                -->
+  <send retrans="500" id="1">
+    <![CDATA[
+
+      INVITE sip:[service]@[remote_ip]:[remote_port];user=phone SIP/2.0
+      Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
+      Max-Forwards: 70
+      From: <sip:[caller]@[local_ip]:[local_port];user=phone>;tag=[call_number]
+      To: <sip:[service]@[remote_ip]:[remote_port];user=phone>
+      Call-ID: [call_id]
+      CSeq: 1 INVITE
+      Contact: <sip:[local_ip]:[local_port]>
+      P-Asserted-Identity: <sip:[caller]@records.allo-media.tech>
+      Date: Tue, 22 Sep 2150 23:29:00 GMT
+      Identity: [stir_and_shaken_jwt];info=<[stir_and_shaken_info]>;alg=[stir_shaken_alg];ppt=[stir_shaken_ppt]
+      Content-Type: application/sdp
+      Content-Length: [len]
+
+      v=0
+      o=user1 53655765 2353687637 IN IP[local_ip_type] [local_ip]
+      s=-
+      c=IN IP[media_ip_type] [media_ip]
+      t=0 0
+      m=audio [media_port] RTP/AVP 0
+      a=rtpmap:0 PCMU/8000
+
+    ]]>
+  </send>
+
+  <!-- Check if receive 403 Stale Date  -->
+  <recv response="403">
+  </recv>
+
+  <send>
+    <![CDATA[
+
+      ACK [next_url] SIP/2.0
+      Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
+      From: <sip:[caller]@[local_ip]:[local_port]>;tag=[call_number]
+      To: <sip:[service]@[remote_ip]:[remote_port]>[peer_tag_param]
+      [routes]
+      CSeq: 1 ACK
+      Contact: <sip:[local_ip]:[local_port]>
+      Call-ID: [call_id]
+      Max-Forwards: 70
+      Subject: Performance Test
+      User-Agent: sipp
+      Content-Length: 0
+
+    ]]>
+  </send>
+
+  <pause milliseconds="2000"/>
+
+  <!-- definition of the response time repartition table (unit is ms)   -->
+  <ResponseTimeRepartition value="500, 1000, 1500, 2000"/>
+
+  <!-- definition of the call length repartition table (unit is ms)     -->
+  <CallLengthRepartition value="500"/>
+
+</scenario>

stir-shaken/08.B.verify-error-403-wrong-date-future/stir-shaken-ca/ca-cert.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB4DCCAYWgAwIBAgIUXwIAhKkOWfmttuAk6B+Tg/cgBoowCgYIKoZIzj0EAwIw
+RTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMzA1MDkwOTE0MzRaFw0yODA1MDcw
+OTE0MzRaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYD
+VQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjO
+PQMBBwNCAARcBrtyH0D+amkf6dPsRmfWXEYWG2ISHdnemjvc+U1+vN7sxtN5Z++v
+BIU+1IYOnoRmbq0s4WAdYO+KkqF/0PH8o1MwUTAdBgNVHQ4EFgQUzji/c4nCqtOS
+vhnfZ1AMxQj0qccwHwYDVR0jBBgwFoAUzji/c4nCqtOSvhnfZ1AMxQj0qccwDwYD
+VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNJADBGAiEA6ec6TnJcajbc7iGyDqCn
+n0/b4w9Wxqf5NYFiehkDSgQCIQCPp4lKBWp3dTqxhxccFwgC1yth5Tb705YlRY9/
+5HwgKA==
+-----END CERTIFICATE-----