Comments (2)
davidjwbbc
commented on September 14, 2024
1
Certificates (for the purposes here a certificate includes the public certificate, private key and any intermediate CA certificates) would normally be pushed from the AF to the AS via the M3 interface. At present we don't have an M3 interface, so until we do I propose that the the certificates are configured using a JSON configuration file which is a simple mapping of certificate Ids to PEM files on the local system. Later on this mapping will be derived from certificates registered with the AS via M3 and will require the AS to store the certificates locally and maintain this mapping.
Example certificates.json:
{
"cert1": "/var/lib/5gms/as/certificates/cert1.pem"
}
This will then allow the ContentHostingConfiguration to reference the certificate to provide an https distribution point:
{
"name": "Big Buck Bunny",
"ingestConfiguration": {
"pull": true,
"protocol": "urn:3gpp:5gms:content-protocol:http-pull-ingest",
"entryPoint": "https://ftp.itec.aau.at/"
},
"distributionConfigurations": [
{
"canonicalDomainName": "localhost",
"domainNameAlias": "",
"certificateId": "cert1",
"pathRewriteRules": [
{
"requestPattern": "^/m4d/provisioning-session-[^/]*/",
"mappedPath": "/datasets/DASHDataset2014/BigBuckBunny/4sec/"
}
]
}
]
}
...or for both HTTP and HTTPS:
{
"name": "Big Buck Bunny",
"ingestConfiguration": {
"pull": true,
"protocol": "urn:3gpp:5gms:content-protocol:http-pull-ingest",
"entryPoint": "https://ftp.itec.aau.at/"
},
"distributionConfigurations": [
{
"canonicalDomainName": "localhost",
"domainNameAlias": "",
"pathRewriteRules": [
{
"requestPattern": "^/m4d/provisioning-session-[^/]*/",
"mappedPath": "/datasets/DASHDataset2014/BigBuckBunny/4sec/"
}
]
},
{
"canonicalDomainName": "localhost",
"domainNameAlias": "",
"certificateId": "cert1",
"pathRewriteRules": [
{
"requestPattern": "^/m4d/provisioning-session-[^/]*/",
"mappedPath": "/datasets/DASHDataset2014/BigBuckBunny/4sec/"
}
]
}
]
}
The certificates JSON file can be provided as an optional second command line option to the application server process:
Syntax: 5gms-application-server [-h] [-c <config>] <ContentHostingConfiguration-JSON-file> [<certificates-JSON-file>]
This maintains compatibility with MVP#1.
If a "certificateId" property is present in the ContentHostingConfiguration that does not match an Id from the certificates file (or if the certificates filename is not given) then the program will abort with a configuration error.
from rt-5gms-application-server.
rjb1000
commented on September 14, 2024
@davidjwbbc: To emphasise that certificateId is alphanumeric, I suggest we change the name to something like cert1 in this initial implementation.
(In the longer term, it would be nice for our implementation of the M1 Server Certificates Provisioning API to extract the certificate serial number from the X.509 PEM bundle and use the ASCII hex representation of that, padded out to 40 nybbles, as the value of certificateId.)
from rt-5gms-application-server.
Related Issues (20)
- Use OpenAPI to bindings script from 5G-MAG/rt-common-shared repository. HOT 3
- MVP#1 Application Server installation issues/observations HOT 21
- asyncio.create_task(..., name=...) doesn't work with Python 3.7 HOT 1
- Error, following the build instructions HOT 5
- Application Server crash on certificate upload HOT 3
- Content Hosting Configuration handling uplift in 5GMSd AS HOT 5
- Incorrect error response status code for M1_ContentHostingProvisioning_purgeContentHostingCache operation HOT 3
- Documentation updates after review on 23 Jan 2023 HOT 5
- Enhancement: Return number of cache entries purged in M3 response
- MVP#2 Application Server installation/running issues/observations HOT 11
- CI/CD - Automated deployment of 5GMS AS to Linode instance HOT 1
- Implement Server Health Check endpoint
- Uplift to TS 26.512 v17.4.0: Update M3 interface with new ContentHostingConfiguration structure HOT 1
- Feature: Media Streaming Data Reporting at reference point R4 HOT 1
- 5gms-application-server reports `Path parameters cannot have a default value` HOT 3
- Upstream redirects are passed to client HOT 9
- Redirection fails with recent OpenResty version HOT 1
- change in pydantic v2 HOT 3
- Development branch: Missing Nginx mime.types after clean installation HOT 2
- Updating PATH for launching Openresty HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rt-5gms-application-server.