Jigasi and Asterisk?

Followed the install guide for Jigasi — but it doesn’t work?

On dialin, a variable is added:

exten => 4932111,1,Macro(handle-callerid,${EXTEN})
same  => n(enterpin),Playback(conf-getconfno)
same  => n,BackGround(beep)
same  => n,Read(confno,,6,s)
same  => n,Gotoif($[ "${LEN(${confno})}" < "1"]?fail)
 same  => n,Goto(joinmeeting)
same  => n(fail),Playback(conf-invalid)
same  => n,Goto(enterpin)
same  => n(joinmeeting),SIPAddHeader(Jitsi-Conference-Room: ${confno})
same  => n,Playback(auth-thankyou)
same  => n,playback(conf-placeintoconf)
same  => n,Dial(SIP/tojitsi,15,tr)
same  => n,Hangup

But Jigasi isn’t answering the call (after the suggested »apt-get -y install jigasi«):

2020-03-31 03:57:44.147 INFO: [138] org.jitsi.jigasi.SipGateway.incomingCallReceived().188 Incoming call received...
2020-03-31 03:57:45.154 INFO: [139] org.jitsi.jigasi.SipGatewaySession.run().1281 [ctx=1585619864152264161969] Wait thread cancelled
2020-03-31 03:57:45.160 INFO: [138] org.jitsi.jigasi.JvbConference.setXmppProvider().539 [ctx=1585619864152264161969] Using ProtocolProviderServiceJabberImpl(Jabber:62074ff5@meet.4830.org/62074ff5)
2020-03-31 03:57:45.211 SEVERE: [144] impl.certificate.CertificateServiceImpl.verify().1064 Missing CertificateDialogService by default will not trust!
2020-03-31 03:57:45.211 INFO: [144] impl.certificate.CertificateServiceImpl.checkCertTrusted().832 Untrusted certificate
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
	at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
	at java.base/sun.security.validator.Validator.validate(Validator.java:264)
	at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:233)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:110)
	at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkCertTrusted(CertificateServiceImpl.java:733)
	at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkServerTrusted(CertificateServiceImpl.java:670)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl$HostTrustManager.checkServerTrusted(ProtocolProviderServiceJabberImpl.java:2731)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl$HostTrustManager.checkServerTrusted(ProtocolProviderServiceJabberImpl.java:2701)
	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:629)
	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:464)
	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360)
	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:177)
	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1151)
	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1062)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:810)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1071)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
	at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
	at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
	at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
	... 26 more
2020-03-31 03:57:45.214 SEVERE: [141] impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin().1003 Failed to connect to XMPP service
org.jivesoftware.smack.SmackException: javax.net.ssl.SSLHandshakeException: The peer provided certificate with Subject  is not trusted
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1076)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
	at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.net.ssl.SSLHandshakeException: The peer provided certificate with Subject  is not trusted
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:320)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:263)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:258)
	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:645)
	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:464)
	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360)
	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:177)
	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1151)
	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1062)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:810)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1071)
	... 3 more
Caused by: java.security.cert.CertificateException: The peer provided certificate with Subject  is not trusted
	at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkCertTrusted(CertificateServiceImpl.java:835)
	at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkServerTrusted(CertificateServiceImpl.java:670)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl$HostTrustManager.checkServerTrusted(ProtocolProviderServiceJabberImpl.java:2731)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl$HostTrustManager.checkServerTrusted(ProtocolProviderServiceJabberImpl.java:2701)
	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:629)
	... 16 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
	at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
	at java.base/sun.security.validator.Validator.validate(Validator.java:264)
	at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:233)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:110)
	at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkCertTrusted(CertificateServiceImpl.java:733)
	... 20 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
	at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
	at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
	... 26 more
2020-03-31 03:57:45.215 WARNING: [144] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener() Connection XMPPTCPConnection[not-authenticated] (2) closed with error
javax.net.ssl.SSLHandshakeException: The peer provided certificate with Subject  is not trusted
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:320)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:263)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:258)
	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:645)
	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:464)
	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360)
	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:177)
	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1151)
	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1062)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:810)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1071)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
	at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.security.cert.CertificateException: The peer provided certificate with Subject  is not trusted
	at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkCertTrusted(CertificateServiceImpl.java:835)
	at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkServerTrusted(CertificateServiceImpl.java:670)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl$HostTrustManager.checkServerTrusted(ProtocolProviderServiceJabberImpl.java:2731)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl$HostTrustManager.checkServerTrusted(ProtocolProviderServiceJabberImpl.java:2701)
	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:629)
	... 16 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
	at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
	at java.base/sun.security.validator.Validator.validate(Validator.java:264)
	at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:233)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:110)
	at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkCertTrusted(CertificateServiceImpl.java:733)
	... 20 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
	at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
	at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
	... 26 more
2020-03-31 03:57:45.220 SEVERE: [141] org.jitsi.jigasi.JvbConference.registrationStateChanged().581 [ctx=1585619864152264161969] XMPP Connection failed.
2020-03-31 03:57:45.220 WARNING: [141] org.jitsi.jigasi.JvbConference.leaveConferenceRoom().823 [ctx=1585619864152264161969] MUC room is null
2020-03-31 03:57:45.235 INFO: [145] impl.protocol.jabber.OperationSetBasicTelephonyJabberImpl.registrationStateChanged().132 Jingle : OFF 
2020-03-31 03:57:45.235 SEVERE: [145] org.jitsi.jigasi.JvbConference.registrationStateChanged().573 [ctx=1585619864152264161969] Unregistered XMPP.
2020-03-31 03:57:53.959 INFO: [148] org.jitsi.jigasi.SipGatewaySession.handleCallState().1138 [ctx=1585619864152264161969] SIP call ended: CallPeerChangeEvent: type=CallPeerStatusChange oldV=net.java.sip.communicator.service.protocol.CallPeerState:Incoming Call newV=net.java.sip.communicator.service.protocol.CallPeerState:Disconnected for peer=032xxxx72 <032xxxx72@333.222.111.226>;status=Disconnected
2020-03-31 03:57:53.960 INFO: [148] org.jitsi.jigasi.SipGatewaySession.sipCallEnded().629 [ctx=1585619864152264161969] Sip call ended: Call: id=158561986414488515009 peers=0
2020-03-31 03:57:53.960 INFO: [148] org.jitsi.jigasi.JvbConference.stop().500 [ctx=1585619864152264161969] Removing account Jabber:62074ff5@meet.4830.org/62074ff5
2020-03-31 03:57:53.961 INFO: [148] impl.protocol.jabber.OperationSetBasicTelephonyJabberImpl.registrationStateChanged().132 Jingle : OFF 
2020-03-31 03:57:53.961 SEVERE: [148] org.jitsi.jigasi.AbstractGateway.notifyCallEnded().120 [ctx=1585619864152264161969] Call resource not exists for session.
2020-03-31 03:57:53.962 INFO: [148] org.jitsi.jigasi.SipGatewaySession.peerStateChanged().1204 null SIP peer state: Disconnected

How to solve the TLS-Issue?

Update: The big G linked to the answer:

net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true needs to be set in /etc/jitsi/jigasi/sip-communicator.properties. This solves the TLS issue.

Another issue exists with Jigasi >1.0 when being dialed from Asterisk:

Using Wireshark I discovered a weird Re-INVITE that Jigasi sends before it even ACKs the initial INVITE sent by Asterisk. A Re-INVITE shouldn’t be sent prior to session establishment so I think this is a bug in Jigasi, but maybe I’m wrong here.

The solution is to set net.java.sip.communi­ca­tor.impl.pro­to­col.sip.SKIP_RE­IN­VI­TE_ON_FOCUS_CHAN­GE_PROP=true, again in /etc/jitsi/jigasi/sip-commu­ni­cator.pro­per­ties.