I'm trying to get some information into the REFERRED-BY header on a Lync call from a UCMA application to get impersonation to work through a mediation server. Unfortunately, just putting the URI isn't enough, since Lync ignores it unless it's signed. The trace shows this for something generated by Lync:
REFERRED-BY: <sip:cb@rnddev.computer-talk.com>;ms-identity="MIIBxQYJKoZIhvcNAQcCoIIBtjCCAbICAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGCAZEwggGNAgEBMGowXDETMBEGCgmSJomT8ixkARkWA2NvbTEdMBsGCgmSJomT8ixkARkWDWNvbXB1dGVyLXRhbGsxFjAUBgoJkiaJk/IsZAEZFgZybmRkZXYxDjAMBgNVBAMTBXJuZENBAgodMhniAAAAAAC0MAkGBSsOAwIaBQAwDQYJKoZIhvcNAQEBBQAEggEAic/N/Xt+Reir5O9wl2y2b8HflgMbzFRTqamnpMjpPb14yHwv7gvBUe4xOAF/int/MGEYHQvB48dZPCpMxuvKbTJqpfGGyUuz9dm4ghU2AmZ6fUjTwYXFgtfNFwjg3bq2oIl9IPbRaM8cNH3ThmwP3boKD35WVCslBg2b+fK61Ge4TmsO1JYCV+hvMyYAT//sdMWY0N9NbVccYhz8q7rNqdRvNmTFWKKKc66jRlxoXHfU57cZxYh/CKToAaFIxegMAPrUKHu5tiIBpypzuUO0NP9TLL3GipKjz/myttOl09srN9K0rmPyhChvmo7sV4izXphT7V6GlF8M3vo47CJCyQ==:Wed, 27 Jun 2012 17:08:48 GMT";ms-identity-info="sip:LYNC2010.rnddev.computer-talk.com:5063;transport=Tls";ms-identity-alg=rsa-sha1
There doesn't appear to be any documentation on how the ms-identity hash is generated, and the only thing I can infer there is that it's sha1. Ideally, there'd be a way to pull this straight from my UCMA code using a property of the platform or endpoint, but so far, I haven't found it. If that's not possible, then at least knowing how the hash is calculated would let me brute force it and come up with a valid signature myself. Again, I haven't found this in the docs yet-the protocol docs reference it, but don't actually say how it's calculated.
Any ideas?