About DRM flow, how to pass message to provisioning server? - cobalt

In starboard DRM API (src/starboard/drm.h), there seems no flow to handle Widevine device certificate request with provisioning server?
In my starboard DRM module, should I perform "HTTP POST" directly to provisioning server?
Thanks for your reply

Starboard DRM is intended to implement the Encrypted Media Extensions (EME). With EME, the web application requests a license from the Content Decryption Module (CDM) and sends it to the server. It then passes the response back down into the CDM. In this case, the SbDrm implementation represents the CDM.
So, the SbDrm implementation should not make any network requests to the license server. The web app should make those requests on behalf of the CDM.

Related

Building an electron app to route all network traffic through a proxy

I am currently building a project to build an electron app that intercepts all network traffic and proxies it through another server. The problem is, I can't find any resources to achieve this.
**I don't want to just route electron app traffic through a proxy. I want the app to make changes to add a proxy setting in the underlying OS. **
I tried to use the protocol.interceptHttpProtocol
protocol.interceptHttpProtocol(scheme, handler)
scheme string
handler Function
request ProtocolRequest
callback Function
response ProtocolResponse
Returns boolean - Whether the protocol was successfully intercepted
Intercepts scheme protocol and uses handler as the protocol's new handler which sends a new HTTP request as a response.
but this just does the interception for just the electron app and doesn't intercept all network traffic going through the system.
Is it possible to intercept all network traffic going through the system ?

Sonos client certificate

I have a question concerning Sonos' client certificate. I didn't find any mention of it in the official documentation pages.
Do the speakers automatically send the client certificate on getMediaUri requests or does the server need to require it in the SSL negociation?
It would be neat if the speakers sent the client certificate all the time, because if the server needs to explicitly require the client certificate on the secure endpoint it means other APIs are impacted (createItem for example) whereas the only thing that really needs to be secured is the streaming url.
The server does not need to require sending the cert on each request, but if you DO require it, it is something that can be sent each time.

Is it possible for a server to see whether a HTTPS connection is monitored by Fiddler?

I'd like to know if it's possible for web services to detect HTTPS connections with "faked" root certificates created by Fiddler4 (Web debugging proxy) to prevent reverse engineering.
Is there any method to check whether the encryption is done with the original certificate or with one made by Fiddler?
A server has no way to know what certificate the client received unless the client sends the server that information.
From client JavaScript, you cannot detect such interception today; JavaScript does not expose the capabilities to introspect the certificate. It is possible to use Java or Flash inside a webpage to inspect the certificate received upon connecting to a server, but a sufficiently devious interceptor could just avoid MITM'ing the Java/Flash connection.
In contrast, a native code client application can detect what certificate was presented by the server and reject any certificate that doesn't match the expected certificate; this is called certificate pinning and it's a technique used by some applications. Note that this will block more than Fiddler; it'll also block connections through corporate inspection proxies (e.g. BlueCoat, ISA TMG, etc) and through some popular consumer antivirus programs' proxies (e.g. BitDefender). More importantly, users can circumvent your certificate pinning checks if they like; your code is running on their device, and they have the ability to modify your code in memory to strip out your certificate pinning checks. On some mobile devices, this code modification requires "jail-breaking" the device, but this isn't an insurmountable barrier.

SIP over websockets to true SIP

I'm trying to implement a sip server for connecting to from an HTML sip client(made using sipml5). During my research into doing this I've come across sip over web-sockets which might be useful to me, however, I am unsure if a user agent connecting through sip over web-sockets to a compatible server would then be able to successfully make a call to some one using an incompatible server(i.e. calling from SIP over web-sockets to true SIP).
I know webrtc2sip can be used for connecting to legacy networks but I would rather avoid using another proxy if at all possible. So, is it possible to connect to a compatible SIP server using SIP over web-sockets then make a call from this user agent to another that does not support SIP over web-sockets without using a gateway?
You are right, SIP over Websockets is a draft, not specification. And I do not know many SIP vendors who support this draft.
Possible solution is truly websocket-SIP gateway. For example Flashphoner Web Call Server is implemented as a gateway which works through websockets with browser and works via SIP(TCP and UDP) with SIP servers. Therefore it is compatible with any server that supports RFC3261 - standard SIP specification.
Brief signaling scheme is:
Browser - [Websockets] - Web Call Server - [SIP TCP, UDP] - any SIP Server
Brief streaming scheme:
Browser - [WebRTC = SRTP, DTLS, ICE, STUN ] - Web Call Server - [RTP UDP] - any SIP/RTP Server
An alternate way is to use kamailio as it understands both sip and ws sip .
when you say "implementing a sip server " is it a simple registrar or proxy server or you want cal control logic / presence other features ?
In all cases kamailio fulfills all requirements , plus it is opensource .
Mobicents SIP Servlets Example already provides a B2BUA Application taking care of that for you. The Media is peer to peer (or through a TURN Relay Server) but if you need to bridge to a Media Server, you can indeed patch the SDP Body to make the media of each party go through the Media Server (pending it supports Media related codecs from WebRTC, DTLS-SRTP etc) to add conferencing, recording type of capabilities.

APNS spoof/fake

I want to have a standalone network (no internet access) for testing. Is there any way to spoof the APNS servers to test notifications and MDM. Is there a way to create your own APNS server.
Sure. The APNS protocol is defined in Apple's documentation here: The Binary Interface and Notification Formats. Basically, it's just an SSL server that speaks a simple binary protocol. We have implemented a mock push server and feedback server for our internal testing.

Resources