I'm trying to write a simple one-liner that will take a .crt and pass it to the CRT checker as SSLShopper.com. I can POST the data, but all I get back is headers and the HTTP response. The form on their site seems simple enough, just an AJAX call that returns the result. This is what I have so far:
curl -L -i -X POST -k "https://www.sslshopper.com/assets/snippets/sslshopper/ajax/ajax_decode.php" --data-binary #test.crt
Is there any way to POST and GET at the same time?
It seems you need to send the data in form-url-encoded format with following parameters :
cert_text={CERT_CONTENT}
decode_type=certificate
You need also X-Requested-With: XMLHttpRequest & Connection: keep-alive headers :
cert_content=$(cat test.crt)
curl 'https://www.sslshopper.com/assets/snippets/sslshopper/ajax/ajax_decode.php' \
-H 'X-Requested-With: XMLHttpRequest' \
-H 'Connection: keep-alive' \
--data-urlencode "cert_text=$cert_content" \
--data-urlencode "decode_type=certificate"
But for this task, you don't need to call some endpoint to check a certificate, as it's specified in https://www.sslshopper.com/certificate-decoder.html, you can use openssl directly :
openssl x509 -in test.crt -noout -subject -enddate -startdate -issuer -serial
Related
I try to comunicate with a webservice that need a smartcard autenthication.It works is some cases, fails in others, depending on the smartcard.
With smartcard with IDEMIA chip the simple script
ENDPOINT=https://xxxxxxxxxxxxxxxxxxxxxxxxx.it/xxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx
ls -la > test
curl -s -k --trace-ascii xxx.trace \
--cert "pkcs11\:object=$CERT_CARD_NOW}:${PIN_CARD_NOW}" --key "pkcs11:object=${PRIV_CARD_NOW}" \
-H 'Accept-Encoding: gzip,deflate' \
-H "Content-Type: multipart/related; type=\"application/xop+xml\"; start=\"<rootpart#soapui.org>\"; start-info=\"text/xml\"; \
-H 'SOAPAction: "http://============================================="' \
-H 'MIME-Version: 1.0' \
-H 'Host: --------------------------------' \
-H 'Connection: Keep-Alive' \
-H 'User-Agent: Apache-HttpClient/4.5.5 (Java/16.0.1)' \
--data-binary #test $ENDPOINT*
Works,
but with several other smartcards the trace is this (error 58)
(chip NXP STM)
== Info: Trying -----------------...
== Info: Connected to ---------------------------- (-------------)
port 443 (#0)
== Info: ALPN: offers h2
== Info: ALPN: offers http/1.1
== Info: unable to set client certificate
== Info: Closing connection 0
With all the cards this simple script works
echo -n "File to sign:"
read file
openssl dgst -sha256 -engine pkcs11 -keyform engine \
-sign "pkcs11:${PRIV_CARD_NOW};pin-value=${PIN_CARD_NOW}" $file >
$file.signed
With all the cards the certificate extraction with p11tool --export-stapled "pkcs11:<<Cert_uri>> works and all the pcks11-tool p11tool work as expected. Someone can tell me if is a curl problem or an openssl problem and how to solve ?
The version indication that curl -V shows 7.83.1 OpenSSl/1.1.1q-fips (etc.).
as my question mention it, how do i need to change this statement to send an image in base64 to Azure?
curl -H "Ocp-Apim-Subscription-Key: ***hidden***" "https://***hidden***.cognitiveservices.azure.com/face/v1.0/detect?detectionModel=detection_03&returnFaceId=true&returnFaceLandmarks=false"
-H "Content-Type: application/json" --data-ascii "{\"url\":\"https://upload.wikimedia.org/wikipedia/commons/c/c3/RH_Louise_Lillian_Gish.jpg\"}"
Thank you!
how do i need to change this statement to send an image in base64 to Azure?
As per this documentation, your curl command seems fine.
Alternatively, you can try as suggested by muru:
'{"image" : "'"$( base64 ~/Pictures/1.jpg)"'"}
Updated answer:
As per Use the Face client library:
curl -v -X POST "https://westus.api.cognitive.microsoft.com/face/v1.0/detect?returnFaceId=true&returnFaceLandmarks=false&returnFaceAttributes={string}&recognitionModel=recognition_04&returnRecognitionModel=false&detectionModel=detection_03&faceIdTimeToLive=86400" -H "Content-Type: application/json" -H "Ocp-Apim-Subscription-Key: {subscription key}" --data-ascii "{\"url\":\"https://csdx.blob.core.windows.net/resources/Face/Images/identification1.jpg\"}"
You can refer to similar issues: can't send/request base64 to azure face api with python and Face API need support for base64 string or Local File URL or Native File URL instead of Image URL
curl -X POST "https://.cognitiveservices.azure.com/face/v1.0/detect" -H "Content-Type: application/octet-stream" -H "Ocp-Apim-Subscription-Key: 27e993*********6aaa2464" --data-binary #'/home/rafael/Downloads/person.jpg'
is the solution that works. As far as I can tell, the documentation seems outdated.
I'm trying to send an "on" signal to a wemo smart plug. I want to send the signal from the linux command line. I know that the request is supposed to look like what I've included below, but I'm not sure what syntax to use. I tried using cURL, but couldn't quite seem to figure it out. Any help would be super appreciated!
POST /upnp/control/basicevent1
SOAPACTION: "urn:Belkin:service:basicevent:1#SetBinaryState"
Content-Type: text/xml; charset="utf-8"
Accept: */*
User-Agent: PostmanRuntime/7.15.2
Cache-Control: no-cache
Host: 192.168.1.116:49153
Accept-Encoding: gzip, deflate
Content-Length: 306
Connection: keep-alive
<?xml version="1.0" encoding="utf-8"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<s:Body>
<u:SetBinaryState xmlns:u="urn:Belkin:service:basicevent:1">
<BinaryState>0</BinaryState>
</u:SetBinaryState>
</s:Body>
</s:Envelope>
I tried putting each of the headers in quotes after a "-H" but then I wasn't sure what to do with the headers that are already quoted. Also, it appeared to be still sending to port 80 even though I included the host header with a different port?
As far as I know, the plug has an IP address but no web address.
Post method have two part (header & body).
You should run cURL command like that:
Send Header:
curl -X POST -H 'SOAPACTION: "urn:Belkin:service:basicevent:1#SetBinaryState"' -H 'Content-Type: text/xml; charset="utf-8"' http://192.168.1.116:49153/upnp/control/basicevent1
With this method, you can head multi header POST.
Send body POST:
And also with that command you can send POST body:
curl -X POST -F '<?xml version="1.0" encoding="utf-8"?>...' http://192.168.1.116:49153/upnp/control/basicevent1
Also, they're available at the following links:
How to send body POST ,
How to send header POST
Command you want at single line:
curl -X POST -H 'SOAPACTION: "urn:Belkin:service:basicevent:1#SetBinaryState"' -H 'Content-Type: text/xml; charset="utf-8"' -H 'Accept: */*' -H 'User-Agent: PostmanRuntime/7.15.2' -H 'Cache-Control: no-cache' -H 'Host: 192.168.1.116:49153' -H 'Accept-Encoding: gzip, deflate' -H 'Content-Length: 306' -H 'Connection: keep-alive' -F '<?xml version="1.0" encoding="utf-8"?>\n<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">\n <s:Body>\n <u:SetBinaryState xmlns:u="urn:Belkin:service:basicevent:1">\n <BinaryState>0</BinaryState>\n </u:SetBinaryState>\n </s:Body>\n</s:Envelope>' http://192.168.1.116:49153/upnp/control/basicevent1
alias
If you think this is a long command, you can set as alias.
For e.g:
alias myPersonalCommandLS='ls -lthra1d'
I am using the following commands to create a tenant in Eclipse Hono
$ curl -X POST -i -H 'Content-Type: application/json' -d '{"tenant-id": "testenant1"}'
http://localhost:28080/tenant
HTTP/1.1 201 Created
location: /tenant/testenant1
content-length: 0
Registering a device in the tenant using the below command
curl -X POST -i -H 'Content-Type: application/json' -d '{"device-id": "1"}'
http://localhost:28080/registration/testenant1
HTTP/1.1 201 Created
location: /registration/testenant1/1
content-length: 0
Authenticating the registered device using the below command
$ curl -i -X POST -H 'Content-Type: application/json' --data-binary '{
"device-id": "1",
"type": "hashed-password",
"auth-id": "newAuth1",
"secrets": [{
"pwd-plain": "mylittle"
}]
}' http://localhost:28080/credentials/testenant1
HTTP/1.1 201 Created
location: /credentials/testenant1/newAuth1/hashed-password
content-length: 0
When I try to send data to this registered and Authenticated device using the below command.
curl -X POST -i -u newAuth1#testenant1:mylittle -H 'Content-Type: application/json' -d '{"temp": 23.07, "hum": 45.85}' http://localhost:8080/telemetry
HTTP/1.1 401 Unauthorized
content-length: 0
I will be getting 401 Unauthorized error (I am expecting 503 - Service Unavailable error).
Note: I was using the similar approach before and it was working perfectly fine. I am not sure if I am missing something.
You are using wrong credentials when POSTing the data. The username always consists of the auth-id and the tenant-id separated by #.
You need to use:
curl -X POST -i -u newAuth1#testenant1:mylittle -H 'Content-Type: application/json' -d '{"temp": 23.07, "hum": 45.85}' http://localhost:8080/telemetry
That said, based on the URIs you are using for registering the tenant and device, you seem to be using quite an old version of Hono. Please consider upgrading to the latest version (1.1.1) in order to take advantage of recent development/bug fixing ...
I do have a simple AWS API Gateway implementation protected by an AWS_IAM Authorization.
I just want to test from command line via cURL :
curl --location --request GET 'https://<API_ID>.execute-api.eu-west-1.amazonaws.com/stage?type=type&category=category&lc=lc&passprhase=passprhase&product=product'
--header 'Authorization: AWS4-HMAC-SHA256 Credential=<AWS_ACCESS_KEY>/20200127/eu-west-1/execute-api/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=<AWS_SECRET_ACCESS_KEY>' --header 'Content-Type: application/json' \
--data-raw '{"query":"","variables":{}}'
but keep getting the follow error :
Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header.
Can someone advice what am I doing wrong ?
AWS V4 signature authentication is supported in curl starting from version 7.75, so you should be able to call your AWS resource this way:
curl --location --request GET 'https://$API-ID.execute-api.eu-west-1.amazonaws.com/stage?type=type&category=category&lc=lc&passprhase=passprhase&product=product' \
--header 'Content-Type: application/json' \
--user $ACCESS_KEY:$SECRET_KEY \
--aws-sigv4 "aws:amz" \
--data-raw '{"query":"","variables":{}}'
Note that you may need to add in the --aws-sigv4 value your region and service.
For example: --aws-sigv4 "aws:amz:eu-west-2:execute-api"
You can find more documentation here: https://curl.se/libcurl/c/CURLOPT_AWS_SIGV4.html
And the documentation for the CLI option here: https://curl.se/docs/manpage.html#--aws-sigv4
AWS_IAM authorization uses Sigv4 and its calculation process requires values certain headers - Date being one of them. You are passing x-amz-date as a part of the "SignedHeaders" field, but not actually passing it with the other headers.
One way to create the right curl command to invoke an API with AWS_IAM would be to use Postman application. Add in the API URL and select "AWS Signature" under Authorization tab. You can then select the "Code" option and get the full curl command which would look something like this -
curl -X POST \
https://$API-ID.execute-api.$AWS_REGION.amazonaws.com/$STAGE/$RESOURCE \
-H 'authorization: AWS4-HMAC-SHA256 Credential=$ACCESS_KEY/20200128/$AWS_REGION/execute-api/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=$SIGNATURE_VALUE' \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \
-H 'host: API-ID.execute-api.$AWS_REGION.amazonaws.com' \
-H 'postman-token: 15f9498e-95b7-f22b-eed9-016cdea07424' \
-H 'x-amz-date: $DATE_STAMP'
Create a Canonical Request for Signature Version 4
I could suggest to use awscurl which is much easier.
To install awscurl click here. For documentation you can refer here.
Example to call apigateway to call lambda for POST query is below.
awscurl --service execute-api -X POST -d '{ "alias" : "xyx", "type" : "LDAP" }' https://.execute-api.us-west-2.amazonaws.com/Prod/user/groups/get --region us-west-2 --access_key ACCESS_KEY --secret_key mfBl0YJRsXDue4C5F5B6rz1eUpQpA8uC24RtSnsg --security_token SECURITY_TOKEN