CVP REST Client
Useful Sites
Parsing XML using SET Value Element
Set the first variable “myLocalVar1” to below (the other variables - do not require the first two lines) This variable is then available as “LocalVar.myLocalVar1”
importPackage(com.audium.server.cvpUtil); var xml= {Data.Element.restClient.response_body} var path= "/SamplePath/status" XpathUtil.eval(xml,path);
Reference: https://xmltoolbox.appspot.com/xpath_generator.html
Reference: https://www.w3schools.com/xml/dom_nodes_get.asp
Parsing JSON using SET Value Element
Set the first variable “myLocalVar1” to below (the other variables - do not require the first two lines) This variable is then available as “LocalVar.myLocalVar1”
importPackage(com.audium.server.cvpUtil); var val= {Data.Element.restClient.response_body} var path= "JSONVariable1" JSONPathUtil.eval(val,path);
CVP Call Studio JSON Example
Parsing JSON whoes variable value is an Array
Example REST Request and Response
XML REST Request
https://maps.googleapis.com/maps/api/geocode/xml?components=country:US|postal_code:91406&key=<your google API Key>
XML Response
<?xml version="1.0" encoding="UTF-8"?> <GeocodeResponse> <status>OK</status> <result> <type>postal_code</type> <formatted_address>Van Nuys, CA 91406, USA</formatted_address> <address_component> <long_name>91406</long_name> <short_name>91406</short_name> <type>postal_code</type> </address_component> <address_component> <long_name>Van Nuys</long_name> <short_name>Van Nuys</short_name> <type>neighborhood</type> <type>political</type> </address_component> <address_component> <long_name>Los Angeles</long_name> <short_name>Los Angeles</short_name> <type>locality</type> <type>political</type> </address_component> <address_component> <long_name>Los Angeles County</long_name> <short_name>Los Angeles County</short_name> <type>administrative_area_level_2</type> <type>political</type> </address_component> <address_component> <long_name>California</long_name> <short_name>CA</short_name> <type>administrative_area_level_1</type> <type>political</type> </address_component> <address_component> <long_name>United States</long_name> <short_name>US</short_name> <type>country</type> <type>political</type> </address_component> <geometry> <location> <lat>34.1985119</lat> <lng>-118.4980744</lng> </location> <location_type>APPROXIMATE</location_type> <viewport> <southwest> <lat>34.1717329</lat> <lng>-118.5185960</lng> </southwest> <northeast> <lat>34.2214109</lat> <lng>-118.4661849</lng> </northeast> </viewport> <bounds> <southwest> <lat>34.1717329</lat> <lng>-118.5185960</lng> </southwest> <northeast> <lat>34.2214109</lat> <lng>-118.4661849</lng> </northeast> </bounds> </geometry> <place_id>ChIJvfiuqOOZwoARBLALvtBppoA</place_id> </result> </GeocodeResponse>
REST API - Parameters
GET ?timestamp=myunixtimestamp&callingpartynumber=5551234&transfernumber=6661002&callid=D03104B0390E11E9AA32D1E6EA5DB755&reason=start&description=Callback+Required&icmdialednumber=12125551001 HTTP/1.1 Cache-Control: no-cache Pragma: no-cache User-Agent: Java/1.7.0_67 Host: myHostName Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive
Mutual Authentication
Note: When using Mutual Authentication on a Windows Client Machine - you must have a client cert in the users (not machine) personal certificate location - otherwise the browser will return with no cert and you will fail auth. If you do have a cert in the correct store - you should get a prompt to select it. This might be useful for troubleshooting etc. Note - this is not relevant / needed for Mutual Auth on CVP VXML Servers - but useful for testing against the Server etc.
Client Certificate
You can use the existing Self Signed CVP Certificates for Mutual Auth. However it is more likely you will want the client cert signed by the customers CA. And it is likely that the Server you are connecting to also has a cert signed by the same by the customer's CA (maybe by a different Intermediate cert - hence install them all!). If this is the case - make sure to install the Root and all of the Intermediate Certs into the cacerts file - folder location below
C:\Cisco\CVP\jre\lib\security\
The Certificate Extensions Key Usage should have
- Digital Signature
- Key Encipherment
The Certificate Extensions Extended Key Usage should have
- Server Authentication
- Client Authentication
How to check the Certificate for above?
- openssl x509 -in <certificate to check> -purpose -noout -text
- https://docs.microsoft.com/en-us/previous-versions/msp-n-p/ff650751(v=pandp.10)?redirectedfrom=MSDN
Troubleshooting
CVP REST - Mutual Auth Setup and Testing
SSL debugging on CVP VXML Servers
Enable Standard output and standard Error for the VXML Tomcat is not already done
Run the following below command on the VXML Server bin folder and set the log value to “auto” as per the below screen shot.
tomcat9w //ES//VXMLServer
The standard output and standard error files will not appear in the C:\Cisco\CVP\VXMLServer\Tomcat\logs folder in the following format
- vxmlserver-stdout.<date>.log
- vxmlserver-stderr.<date>.log
Enable SSL debugging on the VXML Server
Registry Location:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun2.0 \VXMLServer\Parameters\Java\Options
You can set the the following option (to the existing options list) - only set one of below :
-Djavax.net.debug=ssl:handshake
-Djavax.net.debug=ssl
-Djavax.net.debug=all
Note - you need to restart the VXML Server Service after making the above change for it to be activated.
Since reading the standard output file can be difficult (no timestamps) use powershell (as per below) to tail the file
get-content .\vxmlserver-stdout.2021-11-12.log -tail 5 -wait
Then make a test call and reproduce the issue - so you just get the relevant logs.
Search for ***** CertificateRequest** - example below. Note - in this instance because the Cert linked to VXML Server was NOT Signed by this CA - no response was sent. This was because the VXML Server seems to bind the client cert it uses to the FIRST cert loaded in it java config. And this happens to be the orm cert when on UCCE (with CVP Ops server) and teh CallServer (when on PCCE - no CVP Ops server and no .ormkeystore)
*** CertificateRequest Cert Types: ECDSA, RSA, DSS Supported Signature Algorithms: SHA256withECDSA, SHA384withECDSA, SHA512withECDSA, Unknown (hash:0x8, signature:0x4), Unknown (hash:0x8, si gnature:0x5), Unknown (hash:0x8, signature:0x6), Unknown (hash:0x8, signature:0x9), Unknown (hash:0x8, signature:0xa), Unknown (hash:0x8, s ignature:0xb), SHA256withRSA, SHA384withRSA, SHA512withRSA, Unknown (hash:0x4, signature:0x2), SHA224withECDSA, SHA224withRSA, Unknown (has h:0x3, signature:0x2), SHA1withECDSA, SHA1withRSA, SHA1withDSA Cert Authorities: <CN=PurplePi Root CA, O=Purplepi, C=IE> <CN=LAB2-ROOT-CA, O=Purplepi, OU=LAB2> *** ServerHelloDone *** Certificate chain ***
Mutual Auth troubleshooting
- openssl s_client -connect yourip:443 -prexit
- Need to test below?
TLS Handshake overview
Standard TLS
<sequencediagram>
Client ->Server : SYN Server ->Client : SYN ACK Client ->Server : ACK Client ->Server : TLS - Client Hello Server ->Client : TLS - Server Hello, Certificate, Server Hello Done Client ->Server : Client Key Exchange Client ->Server : Change Cipher Spec Server ->Client : ACK Client ->Server : Finished Server ->Client : Change Cipher Spec, Finished
</sequencediagram>
Mutual TLS
<sequencediagram>
Client ->Server : SYN Server ->Client : SYN ACK Client ->Server : ACK Client ->Server : TLS - Client Hello Server ->Client : TLS - Server Hello, Certificate, Certificate Request, Server Hello Done Client ->Server : Certificate, Client Key Exchange Client ->Server : Certificate Verify Client ->Server : Change Cipher Spec Server ->Client : ACK Client ->Server : Encrypted Handshake Message Server ->Client : ACK Server ->Client : Change Cipher Spec, Encrypted Handshake Message
</sequencediagram>