From 6eb6551e73f136ad8266f5904f695a6f77381f67 Mon Sep 17 00:00:00 2001 From: Ulf Wiger Date: Sun, 26 Jul 2015 20:30:26 +0200 Subject: minor fixes + added debug --- components/authorize/author | Bin 399690 -> 399988 bytes components/authorize/src/author.erl | 91 +++++++++++++++++++++++----- components/authorize/src/authorize_keys.erl | 12 ++-- components/authorize/src/authorize_rpc.erl | 1 + components/authorize/src/authorize_sig.erl | 10 +-- components/dlink_tcp/src/dlink_tcp_rpc.erl | 4 +- 6 files changed, 90 insertions(+), 28 deletions(-) (limited to 'components') diff --git a/components/authorize/author b/components/authorize/author index 0580abb..c120b15 100755 Binary files a/components/authorize/author and b/components/authorize/author differ diff --git a/components/authorize/src/author.erl b/components/authorize/src/author.erl index 9b869b1..311e8b0 100644 --- a/components/authorize/src/author.erl +++ b/components/authorize/src/author.erl @@ -26,16 +26,19 @@ main(Args) -> fail("No command given~n", []) end. -opts(["-v" , "true" |T]) -> [{v, true}|opts(T)]; -opts(["-v" , "false" |T]) -> [{v, false}|opts(T)]; -opts(["-v" |T]) -> [{v, true}|opts(T)]; -opts(["-pub" , PubKey |T]) -> [{pub, PubKey}|opts(T)]; -opts(["-root", RootKey |T]) -> [{root, RootKey}|opts(T)]; -opts(["-sig", SigFile |T]) -> [{sig, SigFile}|opts(T)]; -opts(["-o" , OutF |T]) -> [{out, OutF}|opts(T)]; -opts(["-c" , Cert |T]) -> [{cert, Cert}|opts(T)]; -opts(["-b" , Bits |T]) -> [{b, l2i(Bits)}|opts(T)]; -opts(["-fmt" , Fmt |T]) -> [{fmt, Fmt}|opts(T)]; +opts(["-v" , "true" |T]) -> [{v, true}|opts(T)]; +opts(["-v" , "false" |T]) -> [{v, false}|opts(T)]; +opts(["-v" |T]) -> [{v, true}|opts(T)]; +opts(["-pub" , PubKey |T]) -> [{pub, PubKey}|opts(T)]; +opts(["-priv", PrivKey |T]) -> [{priv, PrivKey}|opts(T)]; +opts(["-root", RootKey |T]) -> [{root, RootKey}|opts(T)]; +opts(["-sig", SigFile |T]) -> [{sig, SigFile}|opts(T)]; +opts(["-o" , OutF |T]) -> [{o, OutF}|opts(T)]; +opts(["-c" , Cert |T]) -> [{cert, Cert}|opts(T)]; +opts(["-b" , Bits |T]) -> [{b, l2i(Bits)}|opts(T)]; +opts(["-fmt" , Fmt |T]) -> [{fmt, Fmt}|opts(T)]; +opts(["-decode", "true" |T]) -> [{decode,true}|opts(T)]; +opts(["-decode", "false"|T]) -> [{decode,false}|opts(T)]; opts([Cmd]) -> [{command, Cmd}]; opts([]) -> @@ -50,7 +53,7 @@ verbose() -> get({?MODULE, verbose}). cmd("make_auth", Opts) -> - case {get_value(root, Opts), get_value(pub, Opts), get_value(fmt, Opts)} of + case {get_value(root, Opts), get_value(pub, Opts), jwt_fmt(Opts)} of {undefined, _, "jwt"} -> fail("Cannot create JWT without root key~n", []); {_Root, undefined, "jwt"} -> @@ -61,11 +64,11 @@ cmd("make_auth", Opts) -> make_auth(RPriv, PubKey, Fmt, Opts) end; cmd("make_root", Opts) -> - [Out] = mandatory([out], Opts), + [Out] = mandatory([o], Opts), Bits = bits(Opts), make_root(Out, Bits, Opts); cmd("make_dev", Opts) -> - [Root, Out] = mandatory([root, out], Opts), + [Root, Out] = mandatory([root, o], Opts), Bits = bits(Opts), make_dev(Root, Out, Bits, Opts); cmd("read_sig", Opts) -> @@ -80,12 +83,41 @@ cmd("read_sig", Opts) -> io:fwrite("Header: ~s~n" "Payload: ~s~n", [exo_json:encode(Header), - exo_json:encode(Payload)]) + exo_json:encode(Payload)]), + case proplists:get_value(decode, Opts, false) of + true -> + decode_keys(Payload); + false -> + ok + end end; {error, E} -> fail("Cannot read ~s (~w)~n", [Sig, E]) + end; +cmd("read_key", Opts) -> + case [{K, get_value(K, Opts)} || K <- [root, pub, priv]] of + [] -> + fail("No key given~n", []); + Keys -> + lists:foreach( + fun({K, F}) -> + case authorize_keys:get_key_pair_from_pem( + openssl, F) of + {undefined, undefined} -> + case authorize_keys:get_pub_key(F) of + undefined -> + io:fwrite("~p: Cannot read~n", [K]); + PubKey -> + io:fwrite("~p: ~p~n", [K, PubKey]) + end; + {Priv, Pub} -> + io:fwrite("~p priv: ~p~n" + " pub: ~p~n", [K, Priv, Pub]) + end + end, [{K,F} || {K,F} <- Keys, F =/= undefined]) end. + make_root_msg(X) -> {"~s_priv.pem - private root key~n" "~s_pub.pem - public root key~n" @@ -114,6 +146,18 @@ get_pub_key(Pub) -> PubKey end. +decode_keys({struct, Elems}) -> + case lists:keyfind("keys", 1, Elems) of + {_, {array, Keys}} -> + lists:foreach( + fun(K) -> + io:fwrite( + "~p~n", [authorize_keys:json_to_public_key(K)]) + end, Keys); + _ -> + ok + end. + mandatory(Keys, Opts) -> lists:map( fun(K) -> @@ -159,7 +203,7 @@ make_dev(Root, Out, Bits, Opts) -> make_key_pair(Out, Bits), {RPriv, _} = get_key_pair(Root), Pub = get_pub_key(pub_f(Out)), - make_auth(RPriv, Pub, "jwt", [{out, Out ++ "_pub_sign.jwt"}|Opts]). + make_auth(RPriv, Pub, "jwt", [{o, Out ++ "_pub_sign.jwt"}|Opts]). make_key_pair(Out, Bits) -> os:cmd(["openssl genrsa -out ", priv_f(Out), " ", i2l(Bits)]), @@ -169,7 +213,7 @@ priv_f(Out) -> Out ++ "_priv.pem". pub_f (Out) -> Out ++ "_pub.pem". out(Str, Opts) -> - case get_value(out, Opts, tty) of + case get_value(o, Opts, tty) of tty -> io:fwrite("~s", [Str]); OutF when is_list(OutF) -> @@ -184,6 +228,21 @@ out(Str, Opts) -> end end. +jwt_fmt(Opts) -> + case get_value(fmt, Opts) of + undefined -> + case get_value(o, Opts) of + tty -> + "json"; + [_|_] -> + "jwt" + end; + Fmt when Fmt=="json"; Fmt=="jwt" -> + Fmt; + Other -> + fail("Unknown format: ~s~n", [Other]) + end. + help() -> io:fwrite( "Usage: " ++ escript:script_name() ++ "[Options] Cmd~n" diff --git a/components/authorize/src/authorize_keys.erl b/components/authorize/src/authorize_keys.erl index f4592db..755ff64 100644 --- a/components/authorize/src/authorize_keys.erl +++ b/components/authorize/src/authorize_keys.erl @@ -460,13 +460,13 @@ save_key(K, Conn) -> ?warning("Unknown key type: ~p~n", [K]), skip; #'RSAPublicKey'{} = PubKey -> + KeyID = case rvi_common:get_json_element(["kid"], K) of - {ok, ID} -> - ets:insert(?KEYS, #key{id = {Conn,ID}, key = PubKey}); - _ -> - ets:insert(?KEYS, #key{id = {Conn,make_ref()}, - key = PubKey}) - end + {ok, ID} -> {Conn, ID}; + _ -> {Conn, make_ref()} + end, + ?debug("Saving key ~p, PubKey = ~p~n", [KeyID, PubKey]), + ets:insert(?KEYS, #key{id = KeyID, key = PubKey}) end. keys_by_conn(Conn) -> diff --git a/components/authorize/src/authorize_rpc.erl b/components/authorize/src/authorize_rpc.erl index 89ed911..46a180f 100644 --- a/components/authorize/src/authorize_rpc.erl +++ b/components/authorize/src/authorize_rpc.erl @@ -195,6 +195,7 @@ handle_rpc("sign_message", Args) -> {ok, Message} = rvi_common:get_json_element(["message"], Args), [ Status, JWT ] = gen_server:call(?SERVER, { rvi, sign_message, [Message] }), + ?debug("Message signature = ~p~n", [JWT]), {ok, [ {status, rvi_common:json_rpc_status(Status)}, {jwt, JWT} ]}; handle_rpc("validate_message", Args) -> diff --git a/components/authorize/src/authorize_sig.erl b/components/authorize/src/authorize_sig.erl index 395814c..faf6d4f 100644 --- a/components/authorize/src/authorize_sig.erl +++ b/components/authorize/src/authorize_sig.erl @@ -16,14 +16,16 @@ decode_jwt(JWT, PubKey) when is_binary(JWT)-> [H, P, S] = binary:split(JWT, <<".">>, [global]), Header = decode_json(base64url:decode(H)), Payload = decode_json(base64url:decode(P)), + ?debug("JWT Header = ~p~nPayload: ~p~n", [Header, Payload]), Signature = base64url:decode(S), SigningInput = <>, Res = case public_key:verify( SigningInput, ?DIGEST_TYPE, Signature, PubKey) of - false -> - invalid; - true -> - {Header, Payload} + false -> + ?debug("public_key:verify() -> false~n", []), + invalid; + true -> + {Header, Payload} end, ?debug("decoded JWT = ~p~n", [Res]), Res. diff --git a/components/dlink_tcp/src/dlink_tcp_rpc.erl b/components/dlink_tcp/src/dlink_tcp_rpc.erl index 741b549..a498cbb 100644 --- a/components/dlink_tcp/src/dlink_tcp_rpc.erl +++ b/components/dlink_tcp/src/dlink_tcp_rpc.erl @@ -735,10 +735,10 @@ process_data(_FromPid, RemoteIP, RemotePort, ProtocolMod, Data, CompSpec) -> Proto:receive_message(CompSpec, {RemoteIP, RemotePort}, base64:decode_to_string(Data)). -process_announce(Msg, FromPid, IP, Port, TID, _Vsn, CompSpec) -> +process_announce({struct, Elems}, FromPid, IP, Port, TID, _Vsn, CompSpec) -> [ Avail, {array, Svcs} ] = - opts([ ?DLINK_ARG_STATUS, ?DLINK_ARG_SERVICES ], Msg, undefined), + opts([ ?DLINK_ARG_STATUS, ?DLINK_ARG_SERVICES ], Elems, undefined), ?debug("dlink_tcp:service_announce(~p): Address: ~p:~p", [Avail,IP,Port]), ?debug("dlink_tcp:service_announce(~p): TransactionID: ~p", [Avail,TID]), ?debug("dlink_tcp:service_announce(~p): Services: ~p", [Avail,Svcs]), -- cgit v1.2.1