Problem with sips tls addresses?

[Asbjørn Grandt]

First off, I'm a little confused about some aspects of Sip Servlets.

The sip address should be sip:<address>, and still use TLS when the SipServletRequest have "TLS" set in it's transport (request.setTransport("TLS");)

It is a bit the same problem I have with "TCP" transport by the way. It seems that SipServlets completely ignores this setting made with setTransport. I've had to remove the udp Connector from server.xml simply because SipServletRequest refused to use anything else till I did, regardless of what were passed to setTransport.

The main problem is that when using the sips: protocol header, SipServlets tries to look up the SRV record for _sips._tls.<domain> on the dns, and NOT _sip._tls.<domain> as I understand it should. The _tls is after all indicating a TLS connection making _sips redundant. All configuration examples I've seen only specify _sip._tls, and not _sips...

I don't know if it is just because it never get that far, but how do I tell SipServlets to look for the sip port in the "_sipfederationtls._tcp.<domain>" SRV record, or is there a way for me to look that up manually?

At present it just assumes that port 5061 is the one to use unless I pass something else as part of the sip address, but that is not an entirely safe assumption :)

Cheers
A.Grandt.

[George Vagenas]

Hi,

Would you like to give more information about your network topology and what you are trying to do with the application. Also can you share the server log?

Thanks

George

2012/2/28 Asbjørn Grandt <asbjorn...@gmail.com>

--
George Vagenas

[Asbjørn Grandt]

There really aren't much of a server log to be shared. I get an exception because the Lync server sends a connection reset, probably because of the faulty TLS lookup I'm having trouble with.

I'm using wireshark to figure out why my test app is not making the right connections. And using the DNS filter there, I see that there are name server look ups on _sips._tcp.<domain>, _sips._tcp.<domain>.<doamin>.local, _sips._tls.<domain> etc. in that order.

The problem as I see it is that it is not supposed to look up _sips._anything, but just _sip._tls (if the transport is set to TLS) and _sip._tcp if that is the protocol, yet it asks for _sips. and even _tcp first. It is causing some trouble, as Lync is authenticating TLS on port 443 (_sip._tls.<domain>) and sip communication on the port defined in _sipfederationtls._tcp.<domain>, though I guess _sip._tcp.<domain> is as good as any, and the default port is 5061 any way. If the NS look up find a _sips._tcp.<domain> ercord, SipServlets will use that to connect to the server, even if it is TLS that is to be used, causing it to connect to the 5061 port for the tls negotiation...

This is why I were in a way asking for how to get around the trouble of having Sip Servlets ignoring the transport mode set on the request object, and later look up the SRV record for the remainder of the session, as _sipfederationtls._tcp. is Lync specific and therefore not part of the SipServlets package.

The _sips. protocol usage in the NS lookups are the one that is the trouble, no where in the documentation for sip setup around Lync have they ever used that designator, only _sip._tls, which is in fact telling the same thing, that it is the SRV record for secure connections.

Cheers
Asbjørn Grandt

[Asbjørn Grandt]

Actually, there is something on the log pertaining to this I think.

When we set up the _sips._tcp. and _sips._tls (it only fetched the _tcp record by the way) I get this. But it is not easy trying to figure out why I get this.
Unless I'm mistaken, I'm using the mss-1.7.0-SNAPSHOT-apache-tomcat-6.0.35 snapshot from 13 February 2012.


*** IllegalStateException ***
java.lang.IllegalStateException: Error sending request REGISTER sips:asb...@dantelo.net SIP/2.0
Call-ID: 487d3ebbeb71b017...@0.0.0.0
CSeq: 1 REGISTER
From: <sips:asb...@dantelo.net>;tag=81392722_1180947b_f719103a-fe94-4095-84d0-1da1fb02d561
To: <sips:asb...@dantelo.net>
Max-Forwards: 70
Content-Type: application/msrtc-category-publish+xml
Event: REGISTER
User-Agent: DTNP/0.0.0.1 Dantelo ApS - NetPresence
Via: SIP/2.0/TLS 192.168.10.31:5081;branch=z9hG4bKf719103a-fe94-4095-84d0-1da1fb02d561_1180947b_5605279653978
Content-Length: 0


    at org.mobicents.servlet.sip.message.SipServletRequestImpl.send(SipServletRequestImpl.java:1318)
    at org.mobicents.servlet.sip.message.SipServletRequestImpl.send(SipServletRequestImpl.java:995)
    at org.example.servlet.sip.MySipServlet.sendRegister1(MySipServlet.java:159)
    at org.apache.jsp.test_jsp._jspService(test_jsp.java:65)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:388)
    at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
    at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at org.mobicents.servlet.sip.startup.SipStandardContextValve.invoke(SipStandardContextValve.java:254)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
    at java.lang.Thread.run(Thread.java:722)
Caused by: java.lang.NullPointerException
    at gov.nist.javax.sip.SipProviderImpl.getNewClientTransaction(SipProviderImpl.java:412)
    at org.mobicents.servlet.sip.message.SipServletRequestImpl.send(SipServletRequestImpl.java:1159)
    ... 21 more

On Tue, Feb 28, 2012 at 4:34 PM, George Vagenas <gvag...@gmail.com> wrote:

[George Vagenas]

The sip-server.log will contain the full stack trace, so if you can share this file would be helpful.

George

--
George Vagenas

[George Vagenas]

DEBUG level in the log also would be helpful 

$TOMCAT_HOME/lib/log4j.xml:

   <category name="org.mobicents">

     <priority value="FINE" />

   </category>

   <category name="gov.nist">

     <priority value="FINE" />

   </category>

--
George Vagenas

[George Vagenas]

From what i see, when the container tries to get a new client transaction to send the request, the listeningPoint associated with the transport="TLS" is null, and that's why you have this exception. 

Try to define the REGISTER like this: 

try {

SipFactory sipFactory = (SipFactory)ce.getServletContext().getAttribute(SIP_FACTORY);

SipApplicationSession sipApplicationSession = sipFactory.createApplicationSession();

javax.servlet.sip.Address fromAddr = sipFactory.createAddress("sips:gvag...@mysipbox.net");

javax.servlet.sip.Address toAddr = sipFactory.createAddress("sips:gvag...@mysipbox.net");

SipServletRequest req = sipFactory.createRequest(sipApplicationSession, "REGISTER", fromAddr, toAddr); 

req.send();

} catch (IOException e) {

e.printStackTrace();

} catch (ServletParseException e) {

e.printStackTrace();

} 

Is there any specific reason that you are using SipServletRequestImpl?

By the way, make sure that you have setup SSL parameters correct between Mobicents and Lync, otherwise you will hit another wall related to the SSL handshake. See here if you need help for the SSL http://groups.google.com/group/mobicents-public/browse_thread/thread/53f73b68b009fcc5/21441c544befa50a?lnk=gst&q=SSL#21441c544befa50a

Regards

George

2012/2/28 Asbjørn Grandt <asbjorn...@gmail.com>

Thanks :-)

On Feb 28, 2012 9:30 PM, "George Vagenas" <gvag...@gmail.com> wrote:

Yeah, the log is fine now, i am checking it and i will let you know.

Regards

George

2012/2/28 Asbjørn Grandt <asbjorn...@gmail.com>

I hope this is better. I've also included a copy of the console from Eclipse.

Cheers
A.Grandt

On Tue, Feb 28, 2012 at 7:45 PM, George Vagenas <gvag...@gmail.com> wrote:

Seems that you stop the server just before the request is dispatched as i can see from the logs so if you can please run the example again and wait to finish. I cannot see the exception you sent before in the logs.

In the meanwhile i can see that the Lync server is resolved correct from DNS SRV lookup and the REGISTER request contains a correct ROUTE header.

2012-02-28 18:54:34,883 DEBUG [org.mobicents.ext.javax.sip.dns.DefaultDNSServerLocator] (http-8081-1) Resolving dantelo.net transport null^M

2012-02-28 18:54:34,884 DEBUG [org.mobicents.ext.javax.sip.dns.DefaultDNSServerLocator] (http-8081-1) Resolving Hops for SipURI sips:asb...@dantelo.net^M

2012-02-28 18:54:34,884 DEBUG [org.mobicents.ext.javax.sip.dns.DefaultDNSServerLocator] (http-8081-1) transport not specified, trying to resolve it for sips:asb...@dantelo.net^M

2012-02-28 18:54:34,884 DEBUG [org.mobicents.ext.javax.sip.dns.DefaultDNSLookupPerformer] (http-8081-1) doing NAPTR lookup for domain dantelo.net, isSecure true, supportedTransports [TCP, TLS]^M

2012-02-28 18:54:34,996 DEBUG [org.mobicents.ext.javax.sip.dns.DefaultDNSServerLocator] (http-8081-1) no NPATR records found, doing SRV queries for supported transports for sips:asb...@dantelo.net^M

2012-02-28 18:54:34,996 DEBUG [org.mobicents.ext.javax.sip.dns.DefaultDNSServerLocator] (http-8081-1) no NPATR records found, doing SRV query for supported transport _sips._tcp.dantelo.net for sips:asb...@dantelo.net^M

2012-02-28 18:54:34,996 DEBUG [org.mobicents.ext.javax.sip.dns.DefaultDNSLookupPerformer] (http-8081-1) doing SRV lookup for replacement _sips._tcp.dantelo.net^M

2012-02-28 18:54:35,002 DEBUG [org.mobicents.ext.javax.sip.dns.DefaultDNSServerLocator] (http-8081-1) no NPATR records found, SRV query for supported transport _sips._tcp.dantelo.net successful for sips:asb...@dantelo.net^M

2012-02-28 18:54:35,002 DEBUG [org.mobicents.ext.javax.sip.dns.DefaultDNSServerLocator] (http-8081-1) using transport tcp for sips:asb...@dantelo.net^M

2012-02-28 18:54:35,005 DEBUG [org.mobicents.ext.javax.sip.dns.DefaultDNSServerLocator] (http-8081-1) Did a successful DNS SRV lookup for host:transport dantelo.net/tcp , Host Name = lyncserver.dantelo.local. , Host IP Address = 192.168.10.61, Host Port = 5061^M

2012-02-28 18:54:35,006 DEBUG [org.mobicents.servlet.sip.message.SipServletRequestImpl] (http-8081-1) session transport is null^M

2012-02-28 18:54:35,008 DEBUG [org.mobicents.servlet.sip.message.SipServletRequestImpl] (http-8081-1) Added via HeaderVia: SIP/2.0/TLS 192.168.10.31:5081^M

^M

2012-02-28 18:54:35,008 DEBUG [org.mobicents.servlet.sip.message.SipServletRequestImpl] (http-8081-1) The found transport for sending request is 'TLS'^M

2012-02-28 18:54:35,009 DEBUG [org.mobicents.servlet.sip.core.SipApplicationDispatcherImpl] (http-8081-1) the triplet host/port/transport : 192.168.10.61/5061/tcp is external : true^M

2012-02-28 18:54:35,010 DEBUG [org.mobicents.servlet.sip.message.SipServletRequestImpl] (http-8081-1) Adding next hop found by RFC 3263 lookups as route headerRoute: <sip:192.168.10.61:5061;lr;transport=tcp;dns_route=true>^M

^M

2012-02-28 18:54:35,011 DEBUG [org.mobicents.servlet.sip.core.session.SipManagerDelegate] (http-8081-1) sip sessions present in the session manager^M

2012-02-28 18:54:35,011 DEBUG [org.mobicents.servlet.sip.core.session.SipManagerDelegate] (http-8081-1) (60760701_1180947b_86166dc6-3bed-43e0-a7ec-71dbd57b5a1b:5098cc214a308cfe...@0.0.0.0:86166dc6-3bed-43e0-a7ec-71dbd57b5a1b:MySipServlet)^M

2012-02-28 18:54:35,011 DEBUG [org.mobicents.servlet.sip.message.SipServletMessageImpl] (http-8081-1) transaction null transactionId = null transactionType false^M

2012-02-28 18:54:35,011 DEBUG [org.mobicents.servlet.sip.message.SipServletRequestImpl] (http-8081-1) Getting new Client Tx for request REGISTER sips:asb...@dantelo.net SIP/2.0^M

Call-ID: 5098cc214a308cfe...@0.0.0.0^M

CSeq: 1 REGISTER^M

From: <sips:asb...@dantelo.net>;tag=60760701_1180947b_86166dc6-3bed-43e0-a7ec-71dbd57b5a1b^M

To: <sips:asb...@dantelo.net>^M

Max-Forwards: 70^M

Content-Type: application/msrtc-category-publish+xml^M

Event: REGISTER^M

User-Agent: DTNP/0.0.0.1 Dantelo ApS - NetPresence^M

Via: SIP/2.0/TLS 192.168.10.31:5081;branch=z9hG4bK86166dc6-3bed-43e0-a7ec-71dbd57b5a1b_1180947b_15416616897329^M

Route: <sip:192.168.10.61:5061;lr;transport=tcp;dns_route=true>^M

Content-Length: 0^M

George

2012/2/28 Asbjørn Grandt <asbjorn...@gmail.com>

Here are the log(s), they do produce a frightening amount of data when in "FINE" mode :)

I logged the start of the Tomcat, the trigger of the method that does (try) the connection to the Lync server, and then the Tomcat shut down.

If it is of any use, here is the code that does the send attempt:
It is supposed to be fairly straight forward at this point. I just want to send an empty "REGISTER" in order to trigger the NTLM authenticate handshake. For that to work on a Lync server though, it has to be running in TLS.

    public static String sendRegister1() {
        MySipServlet.logger.debug("*** Sending message\r\n");

        SipApplicationSession session = MySipServlet.factory.createApplicationSession();

        MySipServlet.logger.debug("***         Factory: " + MySipServlet.factory);
        MySipServlet.logger.debug("***         Session: " + session);
        MySipServlet.logger.debug("***         Session: " + session.getClass());
        MySipServlet.logger.debug("***         Session: " + MySipServlet.factory.createAuthInfo());

        try {
            SipServletRequestImpl aRequest = (SipServletRequestImpl) MySipServlet.factory.createRequest(session, "REGISTER",
                    "sips:asb...@dantelo.net",
                    "sips:asb...@dantelo.net");
            // "sip:asb...@sip.dantelo.com:5061");
            // "sip:just...@192.168.10.34:5080");

            aRequest.setTransport("TLS");

            aRequest.setContent(message.getBytes(), "application/msrtc-category-publish+xml");

            aRequest.setHeader("Event", "REGISTER");
            aRequest.setHeader("USER-AGENT", "DTNP/0.0.0.1 Dantelo ApS - NetPresence");

            MySipServlet.logger.debug("*** Sending...");
            aRequest.send();
            MySipServlet.logger.debug("*** ...Sent");
            return "1:\nOK!";
        } catch (ServletParseException e) {
            MySipServlet.logger.debug("*** ServletParseException ***");
            MySipServlet.logger.error(e.getMessage(), e);

            return MySipServlet.generateErrorReport(e, 2);
        } catch (UnsupportedEncodingException e) {
            MySipServlet.logger.debug("*** UnsupportedEncodingException ***");
            MySipServlet.logger.error(e.getMessage(), e);

            return MySipServlet.generateErrorReport(e, 3);
        } catch (IOException e) {
            MySipServlet.logger.debug("*** IOException ***");
            MySipServlet.logger.error(e.getMessage(), e);

            return MySipServlet.generateErrorReport(e, 4);
        } catch (IllegalStateException e) {
            MySipServlet.logger.debug("*** IllegalStateException ***");
            MySipServlet.logger.error(e.getMessage(), e);

            return MySipServlet.generateErrorReport(e, 5);
        } catch (Exception e) {
            MySipServlet.logger.debug("*** Exception ***");
            MySipServlet.logger.error(e.getMessage(), e);
            return MySipServlet.generateErrorReport(e, 6);
        }
    }

    private static String generateErrorReport(Exception e, int value) {
        String rv = "Error " + value + ":\n" + e;
        Throwable t = e.getCause();
        while (t != null) {
            rv += "\nCaused by:\n" + t + "\n";
            t = t.getCause();
        }
        return rv;

-- 
George Vagenas

-- 
George Vagenas

-- 
George Vagenas

--
George Vagenas

[Asbjørn Grandt]

Where does the ce variable come from. The closest is a method called servletInitiated, part of the SipServletListener interface. However, where do I add that listener?

Apart from that, I initiate the SipFactory with :
    @Resource
    private static SipFactory            sipFactory;

I get a new error when basing my code on the previous tips.,

Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

org.apache.jasper.JasperException: java.lang.IllegalStateException: Error sending request REGISTER sips:asb...@dantelo.net SIP/2.0
Call-ID: ccba00aa8fb97508...@0.0.0.0
CSeq: 1 REGISTER
From: <sips:asb...@dantelo.net>;tag=03652006_1180947b_5dca7647-e23e-4a7a-8f5e-8793be5ce0fb
To: <sips:asb...@dantelo.net>
Max-Forwards: 70
Via: SIP/2.0/TLS 192.168.10.31:5081;branch=z9hG4bK5dca7647-e23e-4a7a-8f5e-8793be5ce0fb_1180947b_73472855549727
Content-Length: 0


	org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:502)
	org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:424)
	org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
	org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

root cause

java.lang.IllegalStateException: Error sending request REGISTER sips:asb...@dantelo.net

 SIP/2.0
Call-ID: ccba00aa8fb97508...@0.0.0.0
CSeq: 1 REGISTER
From: <sips:asb...@dantelo.net>;tag=03652006_1180947b_5dca7647-e23e-4a7a-8f5e-8793be5ce0fb
To: <sips:asb...@dantelo.net>
Max-Forwards: 70
Via: SIP/2.0/TLS 192.168.10.31:5081;branch=z9hG4bK5dca7647-e23e-4a7a-8f5e-8793be5ce0fb_1180947b_73472855549727
Content-Length: 0


	org.mobicents.servlet.sip.message.SipServletRequestImpl.send(SipServletRequestImpl.java:1318)
	org.mobicents.servlet.sip.message.SipServletRequestImpl.send(SipServletRequestImpl.java:995)
	org.example.servlet.sip.MySipServlet.sendRegister1(MySipServlet.java:134)
	org.apache.jsp.test_jsp._jspService(test_jsp.java:65)
	org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:388)
	org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
	org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

root cause

java.lang.NullPointerException
	gov.nist.javax.sip.SipProviderImpl.getNewClientTransaction(SipProviderImpl.java:412)
	org.mobicents.servlet.sip.message.SipServletRequestImpl.send(SipServletRequestImpl.java:1159)
	org.mobicents.servlet.sip.message.SipServletRequestImpl.send(SipServletRequestImpl.java:995)
	org.example.servlet.sip.MySipServlet.sendRegister1(MySipServlet.java:134)
	org.apache.jsp.test_jsp._jspService(test_jsp.java:65)
	org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:388)
	org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
	org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

[George Vagenas]

Seems that your problem is related to this issue http://code.google.com/p/mobicents/issues/detail?id=2836.

What is the version of the snapshot you are working on, cause i can't reproduce the problem with the lastest mss-1.7.0-tomcat-6 snapshot that i have (build Feb25, 2012).

Regards

George

2012/2/29 Asbjørn Grandt <asbjorn...@gmail.com>

--
George Vagenas

[Asbjørn Grandt]

I'm using the mss-1.7.0-SNAPSHOT-apache-tomcat-6.0.35 snapshot from 13 February 2012.

I'll update it.

[Asbjørn Grandt]

I updated to mss-1.7.0-SNAPSHOT-apache-tomcat-6.0.35-1202270521, and I still get the error.

Cheers
A.Grandt

[George Vagenas]

Ok, so i need to reproduce the problem, can you share the app?

2012/2/29 Asbjørn Grandt <asbjorn...@gmail.com>

--
George Vagenas

[Asbjørn Grandt]

It is actually incredibly simple one, just to see if I can get the TLS up and running.

the Sip Servlet is:
***
package org.example.servlet.sip;

import java.io.IOException;

import javax.annotation.Resource;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.sip.ServletParseException;
import javax.servlet.sip.SipApplicationSession;
import javax.servlet.sip.SipFactory;
import javax.servlet.sip.SipServlet;
import javax.servlet.sip.SipServletRequest;
import javax.servlet.sip.SipServletResponse;

import org.apache.log4j.Logger;

public class MySipServlet extends SipServlet {
    static Logger             logger           = Logger.getLogger(MySipServlet.class);

    @Resource
    private static SipFactory sipFactory;

    private static final long serialVersionUID = -3467504038316251011L;

    @Override
    public void init(ServletConfig servletConfig) throws ServletException {
        MySipServlet.logger.debug("*** The simple SIP servlet is starting up... ***");
        super.init(servletConfig);
        MySipServlet.logger.debug("*** The simple SIP servlet has been started! ***");

        MySipServlet.logger.debug("***");
    }

    @Override
    protected void doRequest(SipServletRequest req) throws ServletException, IOException {
        MySipServlet.logger.debug("*** Received Request ***");
        MySipServlet.logger.debug("***   Method: " + req.getMethod());
        MySipServlet.logger.debug("***       To: " + req.getTo());
        MySipServlet.logger.debug("***     From: " + req.getFrom());
        MySipServlet.logger.debug("***");

        super.doRequest(req);
    }

    @Override
    protected void doResponse(SipServletResponse resp) throws ServletException, IOException {
        MySipServlet.logger.debug("*** Received Response ***");
        MySipServlet.logger.debug("***   Method: " + resp.getMethod());
        MySipServlet.logger.debug("***   Status: " + resp.getStatus());
        MySipServlet.logger.debug("***   Reason: " + resp.getReasonPhrase());
        MySipServlet.logger.debug("***       To: " + resp.getTo());
        MySipServlet.logger.debug("***     From: " + resp.getFrom());
        MySipServlet.logger.debug("***");

        super.doResponse(resp);
    }

    /**
     *
     */

    public static String sendRegister1() {
        MySipServlet.logger.debug("*** Sending message:\r\n");

        SipApplicationSession session = MySipServlet.sipFactory.createApplicationSession();

        try {
            javax.servlet.sip.Address fromAddr = MySipServlet.sipFactory.createAddress("sips:asb...@dantelo.net");
            javax.servlet.sip.Address toAddr = MySipServlet.sipFactory.createAddress("sips:asb...@dantelo.net");

            SipServletRequest req = MySipServlet.sipFactory.createRequest(session, "REGISTER", fromAddr, toAddr);

            MySipServlet.logger.debug("*** Sending...");
            req.send();

            MySipServlet.logger.debug("*** ...Sent");
            return "1:\nOK!";

        } catch (IOException e) {
            MySipServlet.logger.debug("*** IOException ***");
            MySipServlet.logger.error(e.getMessage(), e);

            return MySipServlet.generateErrorReport(e, 2);

        } catch (ServletParseException e) {
            MySipServlet.logger.debug("*** ServletParseException ***");
            MySipServlet.logger.error(e.getMessage(), e);

            return MySipServlet.generateErrorReport(e, 3);
        }
    }

    /**
     * @param e
     * @param value
     * @return
     */

    private static String generateErrorReport(Exception e, int value) {
        String rv = "Error " + value + ":\n" + e;
        Throwable t = e.getCause();
        while (t != null) {
            rv += "\nCaused by:\n" + t + "\n";
            t = t.getCause();
        }
        return rv;
    }
}

***

sendRegister1 is called from a jsp page, which is only there to trigger this.
***
<%@page import="org.example.servlet.sip.MySipServlet"%>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<p>Returned:</p>
<pre><%= MySipServlet.sendRegister1() %></pre>
</body>
</html>
***

I've attached the code, and a new eclipse console log, as the one in the previous one were from a different run.

[George Vagenas]

Can I also have the DNS SRV and A Records related to SIP?

Thanks

George

2012/2/29 Asbjørn Grandt <asbjorn...@gmail.com>

It is actually incredibly simple one, just to see if I can get the TLS up and running.

--
George Vagenas

[Asbjørn Grandt]

Unfortunately it is a Windows SBS server 2008 that is handling that, but the equivalent Zone file records are:

_sipfederationtls._tcp 3600 IN SRV 1 5061 dantelo.net.

_sipinternaltls._tcp 3600 IN SRV 1 5061 dantelo.net.
_sip._tcp 3600 IN SRV 1 5061 dantelo.net.

_sips._tcp 3600 IN SRV 1 5061 dantelo.net.

_sip._tls 3600 IN SRV 1 443 dantelo.net.

_sips._tls 3600 IN SRV 1 443 dantelo.net.

The A record for dantelo.net just points to the same server as these does (IP: 192.168.10.61)

We only created the _sips._xxx one after we realized that this is the one SipServlets is looking for. It really should be looking at _sip._xxx only :)
If you look around on google, you'll find practically no mention of _sips._tls anywhere. At least not that I could find at first glance. Which does seem to suggest that there are no _sips protocol for the DNS.

Cheers
A.Grandt

[George Vagenas]

I am currently working to have a dns server to serve me with what you got and check where the problems comes from. 

In the meantime this what is happening 

1. Since the URI is secure sips define the available transports as TCP, TLS

2. Then is doing a SRV query for _sips._tcp.dantelo.net

3. Gets a success result : Did a successful DNS SRV lookup for host:transport dantelo.net/tcp , Host Name = lyncserver.dantelo.local. , Host IP Address = 192.168.10.61, Host Port = 5061

From what i see in the logs, it is not doing an SRV query for _sips._tls, but is doing _sips_tcp which is ok according to the RFC3263. _sips._tls and _sip._tls are also correct and can exist as a SRV record as far as i can see.

Actually the container picks up TCP as transport but i think it should pick TLS transport and this is what i want to check and thats why the problems.

If you could make a test and remove the _sips._tcp and add instead a _sips._tls SRV record?

Thanks George

--
George Vagenas

[Asbjørn Grandt]

I'll try this.

But regarding the _sips vs. _sip. From what I could tell from Wireshark yesterday, it never looked for _sip._tls, if it never found any of the _sips. variation, it seemed to just assume 5061 as the port after looking up the A record.

Cheers
A.Grandt

[Asbjørn Grandt]

"If you could make a test and remove the _sips._tcp and add instead a _sips._tls SRV record?"

THAT had an effect!

I'll send the logs once it's done waiting for the timers.

[George Vagenas]

Ok, cool, send me the logs. I will check why this behavior.

2012/2/29 Asbjørn Grandt <asbjorn...@gmail.com>

--
George Vagenas

[Asbjørn Grandt]

I have also attached the Wireshark trace for DNS lookups.
Let me know if you want the rest of the wireshark pcap for the test session.

There is still a few exceptions. for instance in the Eclipse log, line 2997: java.lang.NoClassDefFoundError: javax/jms/JMSException
But that is before the Servlet is even initialized.

Also a number of Bad URI exceptions, probably caused by the server response.

Cheers
A.Grandt

[George Vagenas]

Hi,

Seems that you DNS SRV record for _sips._tls points to 443 port of the Lync server which when receives the REGISTER message responses with a 

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=us-ascii

Server: Microsoft-HTTPAPI/2.0

Date: Wed, 29 Feb 2012 15:14:37 GMT

Connection: close

Content-Length: 311

And thats why you get the exception GenericURI, Bad URI format.

You should point the SRV record to Lync sips port (usually 5061).

Regarding the JMS exception, you can safely ignore it.

As far as the original issue, i am working on this and soon there will be a patch. For now you can use the workaround of using _sips._tls as DNS SRV record for SIPS requests.

Regards

--
George Vagenas

[Asbjørn Grandt]

It seems the Lync server is a bit unhappy with the sips: URI scheme :(

Other than that, it behaves far better with the _sips._tls set to 5061. The problem is that if I recall, all documentation for Lync says that _sip._tls is to be set to 443 for remote users to be able to connect to Lync.

I don't know if an override is needed so SipServlets will be able to use different ports for negotiation and traffic.
For instance a session or config option for
session.setSRVTLSLookup("_sip._tls");
session.setSRVSIPLookup("_sipfederationtls._tcp");

both defaulting to whatever they use today.
That's just a suggestion though :)

2012-03-01 11:23:45,249 DEBUG [SipApplicationSessionImpl] (http-8081-1) Before Semaphore released for sipApplicationSession=3d6aba03-c3fc-4bd5-87cf-48764d8bd8b7:MySipServlet semaphore=java.util.concurrent.Semaphore@7487ed49[Permits = 0]
2012-03-01 11:23:45,249 DEBUG [SipApplicationSessionImpl] (http-8081-1) After Semaphore released for sipApplicationSession=3d6aba03-c3fc-4bd5-87cf-48764d8bd8b7:MySipServlet semaphore=java.util.concurrent.Semaphore@7487ed49[Permits = 1]
2012-03-01 11:23:45,249 DEBUG [SipStandardContext] (http-8081-1) NOT RELEASING SipApplicationSession on exit sipApplicationSession=null sipSession=null semaphore=null
2012-03-01 11:23:45,257 DEBUG [PipelinedMsgParser] (PipelineThread-0) Starting to parse.
2012-03-01 11:23:45,261 DEBUG [PipelinedMsgParser] (PipelineThread-0) Reading Input stream.
2012-03-01 11:23:45,261 DEBUG [PipelinedMsgParser] (PipelineThread-0) About to parse : SIP/2.0 400 Malformed or unknown SIP URI scheme
From: <sips:asb...@dantelo.net>;tag=39031733_1180947b_3d6aba03-c3fc-4bd5-87cf-48764d8bd8b7
To: <sips:asb...@dantelo.net>
Call-ID: 696b1a43d5b9d284...@0.0.0.0
CSeq: 1 REGISTER
Via: SIP/2.0/TLS 192.168.10.31:5081;branch=z9hG4bK3d6aba03-c3fc-4bd5-87cf-48764d8bd8b7_1180947b_80237955125721
ms-diagnostics: 1018;reason="Parsing failure";source="LyncServer.dantelo.local"
Server: RTC/4.0
Content-Length: 0



2012-03-01 11:23:45,302 DEBUG [PipelinedMsgParser] (PipelineThread-0) Completed parsing message
2012-03-01 11:23:45,302 DEBUG [PipelinedMsgParser] (PipelineThread-0) Content length = 0
2012-03-01 11:23:45,304 DEBUG [PipelinedMsgParser] (PipelineThread-0) new CallIDOrderingStructure added for message SIP/2.0 400 Malformed or unknown SIP URI scheme
From: <sips:asb...@dantelo.net>;tag=39031733_1180947b_3d6aba03-c3fc-4bd5-87cf-48764d8bd8b7
To: <sips:asb...@dantelo.net>
Call-ID: 696b1a43d5b9d284...@0.0.0.0
CSeq: 1 REGISTER
Via: SIP/2.0/TLS 192.168.10.31:5081;branch=z9hG4bK3d6aba03-c3fc-4bd5-87cf-48764d8bd8b7_1180947b_80237955125721
ms-diagnostics: 1018;reason="Parsing failure";source="LyncServer.dantelo.local"
Server: RTC/4.0
Content-Length: 0

[George Vagenas]

For this issue you have to consult Lync documentation, seems that he is not happy with SIPS URI. 

You can specify the transport and port you wish to use, 

javax.servlet.sip.Address fromAddr = sipFactory.createAddress("sips:gvag...@gvag.net");

javax.servlet.sip.Address toAddr = sipFactory.createAddress("sips:gvag...@gvag.net");

SipURI requestURI = sipFactory.createSipURI("gvagenas", "gvag.net");

requestURI.setSecure(true);

requestURI.setPort(5061);

requestURI.setTransportParam("tls");

SipServletRequest req = sipFactory.createRequest(sipApplicationSession, "REGISTER", fromAddr, toAddr); 

req.setRequestURI(requestURI);

Regards

George

2012/3/1 Asbjørn Grandt <asbjorn...@gmail.com>

--
George Vagenas

[Asbjørn Grandt]

That doesn't really solve the problem. This request URI is still using the sips URI scheme.

Cheers
Asbjørn

[George Vagenas]

That was just an example, if Lync doesn't expect SIPS then you don't use sips in address and you don't set requestURI.setSecure(true).

But you have to check with the Lync documentation for this and check the log files from this server to see why it fails with a SIP/2.0 400 Malformed or unknown SIP URI scheme.

2012/3/1 Asbjørn Grandt <asbjorn...@gmail.com>

--
George Vagenas

[Asbjørn Grandt]

It fails because it does not recognize the sips scheme, but the connection has to be secure using tls. The problem seems to be that Sip Servlets is forcing the sips scheme whenever it is set to secure, or required it for TLS to be enabled

Please remember, Lync is a Microsoft product. They tend to make life hell for third party implementers whenever they can :(

I'll look into this with the Lync implementation.

Cheers
A.Grandt

[George Vagenas]

Well you can still use a SIP URI and send over TLS. Something like this:

javax.servlet.sip.Address fromAddr = sipFactory.createAddress("sip:gvag...@dantelo.net");

javax.servlet.sip.Address toAddr = sipFactory.createAddress("sip:gvag...@dantelo.net");

SipURI requestURI = sipFactory.createSipURI("gvagenas", "dantelo.net");

requestURI.setPort(5061);

requestURI.setTransportParam("tls");

SipServletRequest req = sipFactory.createRequest(sipApplicationSession, "REGISTER", fromAddr, toAddr); 

req.setRequestURI(requestURI);

--
George Vagenas

[Asbjørn Grandt]

Eureka! :)

I got the following back :)

2012-03-01 13:24:31,028 DEBUG [PipelinedMsgParser] (SIP-TCP-Core-PipelineThreadpool-1) releasing semaphore for message SIP/2.0 401 Unauthorized
Date: Thu, 01 Mar 2012 12:24:31 GMT
WWW-Authenticate: NTLM realm="SIP Communications Service",targetname="LyncServer.dantelo.local",version=4
WWW-Authenticate: Kerberos realm="SIP Communications Service",targetname="sip/LyncServer.dantelo.local",version=4
WWW-Authenticate: TLS-DSK realm="SIP Communications Service",targetname="LyncServer.dantelo.local",version=4,sts-uri="https://LyncServer.dantelo.local:443/CertProv/CertProvisioningService.svc"
From: <sip:asb...@dantelo.net>;tag=47568052_1180947b_48e337e7-f7bc-4b23-9f5d-ccd75772c0db
To: <sip:asb...@dantelo.net>;tag=5FA314E3391F91BEFECDDBBA76A4D745
Call-ID: 6fe2007f65eb6417...@0.0.0.0
CSeq: 1 REGISTER
Via: SIP/2.0/TLS 192.168.10.31:5081;branch=z9hG4bK48e337e7-f7bc-4b23-9f5d-ccd75772c0db_1180947b_87483849781257;received=192.168.10.31;ms-received-port=58325;ms-received-cid=46C00
Server: RTC/4.0
Content-Length: 0


I used the following code:
            javax.servlet.sip.Address fromAddr = MySipServlet.sipFactory.createAddress("sip:asb...@dantelo.net;transport=tls");
            javax.servlet.sip.Address toAddr = MySipServlet.sipFactory.createAddress("sip:asb...@dantelo.net;transport=tls");

            SipServletRequest req = MySipServlet.sipFactory.createRequest(session, "REGISTER", fromAddr, toAddr);

            SipURI requestURI = sipFactory.createSipURI("asbjorn", "dantelo.net");
            requestURI.setPort(5061);
            requestURI.setTransportParam("tls");

            req.setRequestURI(requestURI);
           
            req.send();

which is essentially identical to your suggestion. Though I left the ";transport=tls" in the sip to and from addresses, I don't think that is needed at this point though.

Cheers, and thanks for the assistance so far.
A.Grandt

[George Vagenas]

You are welcome. If you wish to monitor the original issue here is the link: http://code.google.com/p/mobicents/issues/detail?id=3140.

Regards

George

--
George Vagenas

[Asbjørn Grandt]

Adding the SipURI definitely solved the routing issue, letting me contact the tls on the server.
However it does present a new one I haven't been able to figure out yet.

The first line of the request is (with the SipURI)
REGISTER sip:asb...@dantelo.net;transport=tls SIP/2.0

But that is not supposed to contain the full address, just the domain, and from what little Lync is telling us, it looks like a problem in that header.
All I'm getting back is
ms-diagnostics: 1000;reason="Final handshake failed";HRESULT="0xC3E93ED1(SIP_E_AUTH_INVALIDHEADER)";source="LyncServer.dantelo.local"

Though this can also refer to a problem in the Authenticate header line, that has it's own error code (SIP_E_AUTH_INVALIDSIGNATURE). I'm just trying to minimize the number of potential errors :P

Is there a way to get the SIPUri to not include the name part of the URI?

Cheers
A.Grandt

[George Vagenas]

Hi,

You can use "sip:dantelo.net" as a toAddress. Like this:

 javax.servlet.sip.Address toAddr = MySipServlet.sipFactory.createAddress("sip:dantelo.net;transport=tls");

            SipServletRequest req = MySipServlet.sipFactory.createRequest(session, "REGISTER", fromAddr, toAddr);

Regards

George

2012/3/5 Asbjørn Grandt <asbjorn...@gmail.com>

--
George Vagenas

[Asbjørn Grandt]

Sadly, no. This just brings us back to where we started, that the servlet is not sent as TLS, causing a timeout. Lync don't answer non-tls requests it seems, even if SipServlets does resolve the correct IP and port number from the DNS.

The to and from addresses are ok, the problem is the "request URI". I can't create one that only contains the domain name. I guess the answer then is to extend SipURI.

Cheers
A.Grandt

[Asbjørn Grandt]

Trying to create the requestURI with
            SipURI requestURI = MySipServlet.sipFactory.createSipURI("", "dantelo.net");
            requestURI.setTransportParam("tls");
            req.setRequestURI(requestURI);

results in a request header looking like this:
REGISTER sip:nu...@dantelo.net;transport=tls SIP/2.0

The "easy" solution in my case would be that passing a null or empty string in the name field would result in just the domain. null@<anything> is not really a useful address anyway, and if that is needed, the user will probably pass "null" as the name argument anyway.

Extending the SipURI is not easy, as it is generated by the factory.

Cheers
A.Grandt

[George Vagenas]

Hi,

Try like this:

            SipURI requestURI = MySipServlet.sipFactory.createSipURI(null, "dantelo.net");
            requestURI.setTransportParam("tls");
            req.setRequestURI(requestURI);

This will create a correct RequestURI.

Regards

George

2012/3/6 Asbjørn Grandt <asbjorn...@gmail.com>

--
George Vagenas

[Asbjørn Grandt]

Hi,

Thanks, that helped.

Let me say that that is not "expected" behaviour, after an empty string tripped me by becoming null@domain...
I assumed null would do the same, and didn't try that. :)


May I suggest adding a createSipURI(String domain) method to the factory, it just have to forward the call to createSipURI(null, domain) ?

Cheers and thanks for the assist :)
A.Grandt

[George Vagenas]

No problem ;-)

2012/3/7 Asbjørn Grandt <asbjorn...@gmail.com>

--
George Vagenas

[Jean Deruelle]

The null issue is now fixed http://code.google.com/p/sipservlets/issues/detail?id=145

Jean