I am trying to implement PKI authentication to an Asterisk system, using PJSIP over TLS.
Scenario:
Every phone/device in my system has a certificate signed by my CA.
Extensions are assigned according to info inside this certificate.
Registration should only be accepted for valid clients.
Questions:
When establishing a TLS session, can I extract information from the client certificate in the dialplan?
… how about an AGI script?
Is there a way to intercept registration events?
Does this verification agains a CA happen in Asterisk code? (Transport code?)
I guess that using a proxy that updates data in the realtime database is probably easier, but if this can be done using a custom transport code or an addon then it would be better for my case.