I need to know the RSA key format to be sent to Qualys for updating an authentication record via Qualys API.
Below technique gives me "parameter rsa_private_key has invalid value" error:
$ test2="$(<~/.ssh/id_rsa)"
$ curl -H "X-Requested-With: Curl" -u "cenga_vg:ZZZZ" -X "POST" -d "action=update&ids=YYYY&rsa_private_key=$test2" "https://qualysapi.qualys.com/api/2.0/fo/auth/unix/" -D headers
Error:
parameter rsa_private_key has invalid value: improper RSA private key format
========================================
curl -H "X-Requested-With: Curl" -u "cenga_vg:ZZZZ" -X "POST" --data-urlencode "action=update&ids=YYYY&rsa_private_key=$test2" "https://qualysapi.qualys.com/api/2.0/fo/auth/unix/" -D headers
Related
I have been hitting a curl command with queryparametr in the request and passing a json format in the query parameter , but I am getting error like (" some well formatted json in parameter query.unexpected character encountered parsing error while parsing value .
curl -g --request GET -H "Content-Type:application/json" -H "apitoken:abcd" "https://odat.abc.com/api/data?query=$(echo '$jsonInput')"
jsonInput is the json format file we are passing here.
See https://stackoverflow.com/a/32980082/1395722
curl -G --request GET -H "Content-Type:application/json" -H "apitoken:abcd" "https://odat.abc.com/api/data" --data-urlencode "query=$(echo $jsonInput)"
I am currently working on some code to interact with images on the Google Container Registry. I have working code both using plain curl and also httpx. I am trying to build a package without 3rd party dependencies. My curiosity is around a particular endpoint from which I get a successful response in curl and httpx but a 401 Unauthorized using urllib.request.
The bash script that demonstrates what I'm trying to achieve is the following. It retrieves an access token from the registry API, then uses that token to verify that the API indeed runs version 2 and tries to access a particular Docker image configuration. I'm afraid that in order to test this, you will need access to a private GCR image and a digest for one of the tags.
#!/usr/bin/env bash
set -eu
token=$(gcloud auth print-access-token)
image=...
digest=sha256:...
get_token() {
curl -sSL \
-G \
--http1.1 \
-H "Authorization: Bearer ${token}" \
-H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--data-urlencode "scope=repository:$1:pull" \
--data-urlencode "service=gcr.io" \
"https://gcr.io/v2/token" | jq -r '.token'
}
echo "---"
echo "Retrieving access token."
access_token=$(get_token ${image})
echo
echo "---"
echo "Testing version 2 capability with access token."
curl -sSL \
--http1.1 \
-o /dev/null \
-w "%{http_code}" \
-H "Authorization: Bearer ${access_token}" \
-H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
https://gcr.io/v2/
echo
echo "---"
echo "Retrieving image configuration with access token."
curl -vL \
--http1.1 \
-o /dev/null \
-w "%{http_code}" \
-H "Authorization: Bearer ${access_token}" \
-H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
"https://gcr.io/v2/${image}/blobs/${digest}"
I additionally created two Jupyter notebooks demonstrating my solutions in httpx and bare urllib.request. The httpx one works perfectly while somehow urllib fails on the image configuration request. I'm running out of ideas trying to spot the difference. If you run the notebook yourself, you will see that the called URL contains a token as a query parameter (is this a security issue?). When I open that link I can actually successfully download the data myself. Maybe urllib still passes along the Authorization header with the Bearer token making that last call fail with 401 Unauthorized?
Any insights are greatly appreciated.
I did some investigation and I believe the difference is that the last call to "https://gcr.io/v2/${image}/blobs/${digest}" actually contains a redirect. Inspecting the curl and httpx calls showed me that both do not include the Authorization header in the second, redirected request, whereas in the way that I set up the urllib.request in the notebook, this header is always included. It's a bit odd that this leads to a 401 but now I know how to address it.
Edit: I can now confirm that by building a urllib.request.Request instance and unlike in the linked notebook, add the authorization header with the request's add_unredirected_header method, everything works as expected.
I am using the following commands to create a tenant in Eclipse Hono
$ curl -X POST -i -H 'Content-Type: application/json' -d '{"tenant-id": "testenant1"}'
http://localhost:28080/tenant
HTTP/1.1 201 Created
location: /tenant/testenant1
content-length: 0
Registering a device in the tenant using the below command
curl -X POST -i -H 'Content-Type: application/json' -d '{"device-id": "1"}'
http://localhost:28080/registration/testenant1
HTTP/1.1 201 Created
location: /registration/testenant1/1
content-length: 0
Authenticating the registered device using the below command
$ curl -i -X POST -H 'Content-Type: application/json' --data-binary '{
"device-id": "1",
"type": "hashed-password",
"auth-id": "newAuth1",
"secrets": [{
"pwd-plain": "mylittle"
}]
}' http://localhost:28080/credentials/testenant1
HTTP/1.1 201 Created
location: /credentials/testenant1/newAuth1/hashed-password
content-length: 0
When I try to send data to this registered and Authenticated device using the below command.
curl -X POST -i -u newAuth1#testenant1:mylittle -H 'Content-Type: application/json' -d '{"temp": 23.07, "hum": 45.85}' http://localhost:8080/telemetry
HTTP/1.1 401 Unauthorized
content-length: 0
I will be getting 401 Unauthorized error (I am expecting 503 - Service Unavailable error).
Note: I was using the similar approach before and it was working perfectly fine. I am not sure if I am missing something.
You are using wrong credentials when POSTing the data. The username always consists of the auth-id and the tenant-id separated by #.
You need to use:
curl -X POST -i -u newAuth1#testenant1:mylittle -H 'Content-Type: application/json' -d '{"temp": 23.07, "hum": 45.85}' http://localhost:8080/telemetry
That said, based on the URIs you are using for registering the tenant and device, you seem to be using quite an old version of Hono. Please consider upgrading to the latest version (1.1.1) in order to take advantage of recent development/bug fixing ...
When adding a connection using the Twitter connector offered by the Unification Engine, what are the parameters that need to be used and how are they to be passed in the URI?
To send tweet use
curl -XPOST https://apiv2.unificationengine.com/v2/message/send \
--data "{ \"message\": { \"receivers\": [{\"name\": \"name\", \"address\": \"TWITTER_HANDLE\" , \"Connector\": \"UNIQUE_CONNECTION_IDENTIFIER\"}],\"parts\": [{\"id\": \"1\",\"contentType\": \"text/plain\", \"data\":\"MESSAGE_CONTENT\" ,\"size\": MESSAGE_CONTENT_SIZE,\"type\": \"body\",\"sort\":0}]}}" \
-u USER_ACCESSKEY:USER_ACCESSSECRET -k
Where USER_ACCESSKEY:USER_ACCESSSECRET is got when you add the user using UE_APPKEY:UE_APPSECRET
curl -XPOST https://apiv2.unificationengine.com/v2/user/create -u UE_APPKEY:UE_APPSECRET \
--data '{}' -k
Response data:
{"status":200,"info":"200 OK","uri":"user://USER_ACCESSKEY:USER_ACCESSSECRET"}
Let me explain the commands used to add a twitter connection in #UnificationEngine
To add twitter connection in #UnificationEngine use
curl -XPOST https://apiv2.unificationengine.com/v2/connection/add \
-u USER_ACCESSKEY:USER_ACCESSSECRET \
--data '{"uri":"twitter://ACCESS_TOKEN:SECRET#twitter.com","name":"UNIQUE_CONNECTION_IDENTIFIER"}' \
-k
ACCESS_TOKEN:SECRET - is the one got by authentication the twitter connection in the user application.
UNIQUE_CONNECTION_IDENTIFIER - specified here will be further used to address this connection in UE.
f.e to send a tweet the user will have to use the variable specified under UNIQUE_CONNECTION_IDENTIFIER
I'm following the couchdb security documentation (http://docs.couchdb.org/en/1.6.1/intro/security.html) to try to create a server-admin using cURL: curl -X PUT $HOST/_config/admins/anna -d '"secret"'
When I do this, I get an error:
{"error":"not_found","reason":"Database does not exist."}
I'm on v2.0 so I don't known if something has changed since the 1.6 version of the documentation. I can create server-admins just fine using fauxton. Any ideas?
To anybody else running into this issue, it's an easy answer: in couchdb 2.0 some of the APIs moved to using port 5986 ... I had been using port 5984 (which is still used a lot in v2.0, but apparently not for the _config endpoint).
The following works:
curl -X PUT http://localhost:5986/_config/admins/admin1 -d '"password"'
The Couchdb2 way of adding a user is
curl -X PUT http://localhost:5984/_node/nodename/_config/admins/admin1 -d '"password"'
In the GUI, you can find out that you need to set up a single node cluster, and when you do that you specify the admin username and password.
And you can do the same thing using an API endpoint that you can POST to:
http://docs.couchdb.org/en/2.1.0/api/server/common.html#post--_cluster_setup
With 2.0 using enable_single_node returned {"error":"bad_request","reason":"Invalid Action'"} so I reverted to doing:
j=$(cat <<EOF
{
"action": "enable_cluster",
"bind_address": "0.0.0.0",
"username": "admin",
"password": "$PASS",
"port": "5984",
"node_count":"1"
}
EOF
)
curl -s -X POST -H "Content-Type: application/json" http://$IP/_cluster_setup -d "$j"
curl -s -X POST -H "Content-Type: application/json" $URI/_cluster_setup -d '{"action": "finish_cluster"}'