Not able to configure wss (secure connection)
537 views
Skip to first unread message
sheesh...@gmail.com
Aug 22, 2015, 11:33:59 AM8/22/15
to kurento
Hey,
I am trying to connect using wss ( secure connection ) . I have a .pem file which is in use by domain.com and i am using the same .pem file for kurento secure connection ( wss://domain.com:8433/kurento ). Is this correct approach ? If its wrong then please guide me the correct way. and please give a short example of configuring wss. I am not able to find any example for wss. Thanks in advance for your answer.
Ivan Gracia
Aug 24, 2015, 9:24:22 AM8/24/15
to Kurento Public
On Sat, Aug 22, 2015 at 5:33 PM, <sheesh...@gmail.com> wrote:
Hey,I am trying to connect using wss ( secure connection ) . I have a .pem file which is in use by domain.com and i am using the same .pem file for kurento secure connection ( wss://domain.com:8433/kurento ). Is this correct approach ? If its wrong then please guide me the correct way. and please give a short example of configuring wss. I am not able to find any example for wss. Thanks in advance for your answer.
--
You received this message because you are subscribed to the Google Groups "kurento" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kurento+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
abder
Oct 13, 2015, 7:21:36 PM10/13/15
to kurento
Hello,
I modified and updated media server to run wss, (the server is correctly running FYI)
I have this exception
Caused by: org.kurento.commons.exception.KurentoException: [KurentoClient] Exception connecting to WebSocket server wss://localhost:8443/kurento
at org.kurento.jsonrpc.client.JsonRpcClientWebSocket.connectIfNecessary(JsonRpcClientWebSocket.java:264)
at org.kurento.jsonrpc.client.JsonRpcClientWebSocket.connect(JsonRpcClientWebSocket.java:208)
at org.kurento.client.KurentoClient.<init>(KurentoClient.java:68)
at org.kurento.client.KurentoClient.create(KurentoClient.java:51)
at org.kurento.tutorial.one2onecalladv.One2OneCallAdvApp.kurentoClient(One2OneCallAdvApp.java:53)
at org.kurento.tutorial.one2onecalladv.One2OneCallAdvApp$$EnhancerBySpringCGLIB$$5080212e.CGLIB$kurentoClient$1(<generated>)
at org.kurento.tutorial.one2onecalladv.One2OneCallAdvApp$$EnhancerBySpringCGLIB$$5080212e$$FastClassBySpringCGLIB$$ba3ed2a7.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:309)
at org.kurento.tutorial.one2onecalladv.One2OneCallAdvApp$$EnhancerBySpringCGLIB$$5080212e.kurentoClient(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162)
... 59 more
Caused by: java.util.concurrent.ExecutionException: java.io.IOException: Cannot init SSL
at org.eclipse.jetty.util.FuturePromise.get(FuturePromise.java:138)
at org.kurento.jsonrpc.client.JsonRpcClientWebSocket.connectIfNecessary(JsonRpcClientWebSocket.java:244)
... 73 more
Caused by: java.io.IOException: Cannot init SSL
at org.eclipse.jetty.websocket.client.io.WebSocketClientSelectorManager.newConnection(WebSocketClientSelectorManager.java:96)
at org.eclipse.jetty.io.SelectorManager$ManagedSelector.createEndPoint(SelectorManager.java:783)
at org.eclipse.jetty.io.SelectorManager$ManagedSelector.processConnect(SelectorManager.java:729)
at org.eclipse.jetty.io.SelectorManager$ManagedSelector.processKey(SelectorManager.java:686)
at org.eclipse.jetty.io.SelectorManager$ManagedSelector.select(SelectorManager.java:640)
at org.eclipse.jetty.io.SelectorManager$ManagedSelector.run(SelectorManager.java:528)
at org.eclipse.jetty.util.thread.NonBlockingThread.run(NonBlockingThread.java:52)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:620)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:540)
... 1 more
the faq said :
Java: Changing this line in HelloWorldApp.java:
final static String DEFAULT_KMS_WS_URI = "wss://localhost:8433/kurento";
the example I'm trying to run is : https://github.com/Kurento/kurento-tutorial-java/tree/master/kurento-one2one-call-advanced
It seems that I need to setup the SslContextFactory and pass it, but I can't figure out where.
Any help is really appreciated
abder
Oct 13, 2015, 7:44:52 PM10/13/15
to kurento, difall...@gmail.com
I just checked with
the helloworld tutorial : http://www.kurento.org/docs/current/tutorials/java/tutorial-1-helloworld.html
and it's the same.
Caused by: java.io.IOException: Cannot init SSL
at org.eclipse.jetty.websocket.client.io.WebSocketClientSelectorManager.newConnection(WebSocketClientSelectorManager.java:96)
at org.eclipse.jetty.io.SelectorManager$ManagedSelector.createEndPoint(SelectorManager.java:783)
at org.eclipse.jetty.io.SelectorManager$ManagedSelector.processConnect(SelectorManager.java:729)
at org.eclipse.jetty.io.SelectorManager$ManagedSelector.processKey(SelectorManager.java:686)
at org.eclipse.jetty.io.SelectorManager$ManagedSelector.select(SelectorManager.java:640)
at org.eclipse.jetty.io.SelectorManager$ManagedSelector.run(SelectorManager.java:528)
at org.eclipse.jetty.util.thread.NonBlockingThread.run(NonBlockingThread.java:52)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:620)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:540)
... 1 more
is KurentoClient.java wss capable ?
Ivan Gracia
Oct 14, 2015, 4:10:57 AM10/14/15
to Kurento Public, difall...@gmail.com
Yes it is. What's your KMS configuration?
Ivan Gracia
abder
Oct 14, 2015, 7:02:20 AM10/14/15
to kurento, difall...@gmail.com
OnetoOneadvCallApp.java we have :
public KurentoClient kurentoClient() {
return KurentoClient.create(System.getProperty("kms.ws.uri",
DEFAULT_KMS_WS_URI));
}
there's no SslContectFactory passed.
In KurentoClient.java has no " import org.eclipse.jetty.util.ssl.SslContextFactory;"
Notice that we passed a unique parameter to KurentoClient.create above.Having : public static KurentoClient create(String websocketUrl,
KurentoConnectionListener listener, Properties properties) {
log.info("Connecting to KMS in {}", websocketUrl);
JsonRpcClientWebSocket client = new JsonRpcClientWebSocket(websocketUrl,
JsonRpcConnectionListenerKurento.create(listener));
client.setConcurrentServerRequest(true);
client.setLabel("KurentoClient");
return new KurentoClient(client);
}here JsonRpcClientWebSocket is invoqued with two params : websocketUrl and a listener, according JsonRpcClientWebSocket.java, with two paramas we will be using :public JsonRpcClientWebSocket(String url, JsonRpcWSConnectionListener connectionListener) {
this(url, connectionListener, null);
}so sslContextFactory will be null, and will result on Caused by: java.io.IOException: Cannot init SSLwhat do you think ?How to make it work with wss with minimal change ?FYI : this is KMS conf (it works like a charm and no error in the log)..."websocket": {"port": 8888,"secure": {"port": 8443,"certificate": "path/to/cert.pem","password": ""},//"registrar": {// "address": "ws://localhost:9090",// "localAddress": "localhost"//},"path": "kurento","threads": 10}
Best regards
Ivan Gracia
Oct 14, 2015, 7:08:56 AM10/14/15
to Kurento Public, difall...@gmail.com
Did you install the certificate in your JVM? You only need SslContextFactory if you want to server your app through HTTPS/WSS
Ivan Gracia
difall...@gmail.com
Oct 14, 2015, 7:13:38 AM10/14/15
to kurento, difall...@gmail.com
Yes , I imported the certificate in my cacert of the JRE, besides, it's delivered by a trusted CA.
Any clue will be helpful
abder
Oct 14, 2015, 7:23:04 AM10/14/15
to kurento, difall...@gmail.com
according http://amilamanoj.blogspot.com/2013/06/secure-websockets-with-jetty.html websocket secure example :
"And finally the client code. WebSocket is included as an inner class. Pass a SslContextFactory when creating the client and sure "wss" as the protocol prefix of the URL."
so it seems like SslContextFactory is needed even in the client .
WDYT ?
Regards
abder
Oct 14, 2015, 7:27:39 AM10/14/15
to kurento, difall...@gmail.com
You have this example too :
https://stackoverflow.com/questions/29758176/jetty-websocketclientselectormanager-connection-failed-java-io-ioexception-ca
and the client worked only after adding SslContextFactory
and the client worked only after adding SslContextFactory
Ivan Gracia
Oct 14, 2015, 8:02:30 AM10/14/15
to Kurento Public, difall...@gmail.com
If you are using a self-signed certificate, you should do something like this
SslContextFactory sec = new SslContextFactory(true);
sec.setValidateCerts(false);
JsonRpcClientWebSocket client = new JsonRpcClientWebSocket(uri, sec);
Sorry, we should add that to the documentation, you are right. Thanks for spotting that!
Cheers,
Ivan Gracia
--
abder
Oct 14, 2015, 8:32:05 AM10/14/15
to kurento, difall...@gmail.com
Thanks Ivan for the answer,
Actually my cert is "Verified by: Go Daddy Secure Certificate Authority - G2", so this is not my case I believe.
Maybe I need to import the CA into my truststore, I'll test and get back to you,
Best regards.
abder
Oct 14, 2015, 8:49:50 AM10/14/15
to kurento, difall...@gmail.com
I just tested after importing the CA into my trust store and it's exactly the same.
SslContextFactory sec = new SslContextFactory(true); sec.setValidateCerts(false); JsonRpcClientWebSocket client = new JsonRpcClientWebSocket(uri, sec);
Can I use this code in One2oneCallAdvApp.java ? or do I need to patch kurentoClient.java or JsonRpcClientWebSocket.java ?Regards
Ivan Gracia
Oct 14, 2015, 9:23:27 AM10/14/15
to Kurento Public, difall...@gmail.com
That’s to be used when you instantiate the KurentoClient.
SslContextFactory sec = new SslContextFactory(true);
sec.setValidateCerts(false);
JsonRpcClientWebSocket rpcClient = new JsonRpcClientWebSocket(uri, sec);
KurentoClient kuretoClient = KurentoClient.createFromJsonRpcClient(rpcClient);
Kurento client uses internally a JSON-RPC protocol. The JsonRpcClient is used to send the requests to KMS (or another JSON RPC server), and this can be done through different transports. WS is just one of them, and if it is required to use secure connections, it is needed to create the client outside of the KurentoClient.
I’ll add this to the docs.
Ivan Gracia
--
abder
Oct 14, 2015, 10:33:01 AM10/14/15
to kurento, difall...@gmail.com
Hello,
I'm not a proficient developer, I'm mainly a sysadmin,
this is how I fixd the issue :
I patched KurentoClient.java
: 48 public static KurentoClient create(String websocketUrl) {
log.info("Connecting to kms in {}", websocketUrl);
++ SslContextFactory sec = new SslContextFactory(true);
++ sec.setValidateCerts(false);
JsonRpcClientWebSocket client = new JsonRpcClientWebSocket(websocketUrl,sec);
client.setLabel("KurentoClient");
return new KurentoClient(client);
}
it works !
Thanks for the help !
Ivan Gracia
Oct 14, 2015, 11:01:55 AM10/14/15
to Kurento Public, difall...@gmail.com
I wouldn't modify the base library. Instead, add the lines I posted to the tutorials you need to get WSS access. For instances, this is what the One2OneCallAdvApp.java would look like
@Bean
public KurentoClient kurentoClient() {
SslContextFactory sec = new SslContextFactory(true);
sec.setValidateCerts(false);
String uri = System.getProperty("kms.ws.uri", DEFAULT_KMS_WS_URI);
JsonRpcClientWebSocket client = new JsonRpcClientWebSocket(uri, sec);
return KurentoClient.createFromJsonRpcClient(rpcClient);
}
Cheers,
Ivan Gracia
Dali Dhifallah
Oct 14, 2015, 12:18:21 PM10/14/15
to Ivan Gracia, Kurento Public
Thanks Ivan !
Mohamed Ali Dhifallah
Ivan Gracia
Oct 14, 2015, 4:46:06 PM10/14/15
to Dali Dhifallah, Ivan Gracia, Kurento Public
Anytime ;-)
Sahil (Digivive)
Jul 2, 2019, 5:55:20 AM7/2/19
to kurento
Have you got any solution for the same ? I am working on node js server for that
Reply all
Reply to author
Forward
0 new messages