Can't authenticate properly with Chef API - scala

I have been attempting to put together a Scala library for making calls to Chef APIs but I keep getting this problem with authenticating the API calls.
I have triple checked and the private key is correct and all other headers. The code I am using is here:
https://github.com/LiamHaworth/shef/blob/master/src/main/scala/au/id/haworth/shef/ChefUtils.scala
and I am calling it like so
import au.id.haworth.shef.{RequestMethod, ChefUtils}
import au.id.haworth.shef.ChefServer
val key = io.Source.fromFile("user.pem").getLines.mkString("\n")
val chefServer = ChefServer("chef.example.com", 443, "https", "myorg", "myuser", key)
ChefUtils.sendRequestToServer(chefServer, RequestMethod.GET, "", "")
But I keep on getting this response from the server
"{"error":["Invalid signature for user or client 'myuser'"]}"
I am sure that the problem is simple and is staring me in the face but I can't see it so any help will be greatly appreciated

I have successfully got the API to authenticate. After using knife in debug mode to check what headers it was producing and adding a extra line into my mixlib to print the canonical headers I got it working.
With the canonical headers printed by mixlib I ran them through my signing code and found that I wasn't getting the same result with the signature so I dug a bit deeper to find I was signing my headers in the terribly wrong way.
I was digesting them not signing them! After swapping out RSADigestSigner for Signature in my code and changing the algorithm (SHA1withRSA to RSA) I finally got the headers to be signed the same as the mixlib ones!.
TL;DR I derped and used the wrong classes to do what I wanted to do. The changes I made can be seen in this commit:
https://github.com/LiamHaworth/shef/commit/2db2aa5b89cae272eecd0901be91533b61d2a6c3

Related

JWE nimbus-JOSE authenticity and JavaScript counterpart

I have chanced upon this wonderful library for java nimbus-JOSE for the use of JSON Web Encryption. This library is simple and requires few lines for JWE encryption and decryption like below shows JWE Encryption.
EncryptedJWT jwt = new EncryptedJWT(header, builder.build());
RSAEncrypter encrypter = new RSAEncrypter((RSAPublicKey) keyProvider.getDefaultPublicKey());
try {
jwt.encrypt(encrypter);
} catch (JOSEException e) {
throw new RuntimeException("Failed to generate encrypted token", e);
return jwt.serialize();
However, I had some questions regarding this library even after reading its javadocs and documentation. With respect to JWE and this library specifically,
After decrypting the JWE, how does one validate the authenticity of the JWE? There are no "signatures" in a JWE, so how does the 5 parts of the JWE help to check for validity? Is there any support for this in the library?
Other than the header and the claims, are the other fields in the JWT randomly generated by the library? (I was not able to find clear evidence of this.)
If I use alg: "RSA-OAEP", enc: "A128GCM", I should be getting a different JWE everytime i encrypt, however, I have been getting the same JWE. Shouldn't RSA-OEAP-256 prevent this from happening? What is the detailed sequence of encryption and decryption flow?
I have been trying to find a similar library in Javascript but was unable to find one like nimbus-jose which was for java. If anyone has a recommendation please do help below!
I would like to thank anyone who can help with my queries. All inputs are welcomed. :)

BigCommerce API Update Order with PUT

I need to update an order which is done via PUT method passing the order id as part of the https url string and a single parameter, the status_id.
https://mystore.mybigcommerce.com/orders/12345.json
I have tried several methods to pass the status_id value but no matter what I try "status_id=12" or formatted as JSON "{"status_id": 12,}" I always get the same response:
[{"status":415,"message":"The specified input content type is not valid."}]
I have also tried as a POST request passing the JSON or XML code as raw data but that method is not supported.
How am I supposed to pass that field=value pair? can I embed it in the url string?
I also tried it but it wouldn't work for me.
Any ideas?
In case you are wondering I am doing it within FileMaker with TROIUrl plugIn, not a very popular technology, but the GET method retrieving orders works like a charm
TURL_Put( ""; $url ;"status_id=12") (I have also tried other FM plugIns to no avail)
Don't get too caught up in the Filemaker part, I don't expect many people out there to be familiar with BigCommerce and Filemaker. I just need a generic answer.
Thanks
Commandline tool curl is worth a try. It supports put and https.
Mac OS X: curl already installed, call from FileMaker via AppleScript do shell script.
Windows: must be installed, call via Powershell.
It works for me using { "status_id": "3" } which means you probably need to put quotes around the actual number.
Also, it is a PUT operation and application/json which is part of the request content.
The error message received by the OP:
[{"status":415,"message":"The specified input content type is not valid."}]
Is saying that he did not supply the 'Content-Type' header in his request or that the header supplied is for a content type that is not allowed. For the OP's case using JSON he would need to include the header:
Content-Type: application/json
in his HTTPS request. This description can be found along with those of the other status codes you may see here:
https://developer.bigcommerce.com/api/status-codes

WSDL Cannot find dispatch method for

For a web service call using a WSDL, I'm getting the error Cannot find dispatch method for {http://ws.somecompany.com/services}ValidateUser, what does that mean exactly? Does it mean that it cannot find ValidateUser?
This typically means that the SOAP framework could not find the operation that should be invoked via this request. A SOAP framework typically inspects the message to find pointers about how to route the message to the operation. Reasons for this error are mostly configuration issues (different namespaces, different encodings (RPC vs. doc/lit), usage of WS-Addressing vs. plain SOAP etc.)
I had a similar problem and struggling, googling for 1 day. But it was a simple mistake that instead of:
{http://ws.somecompany.com/services}ValidateUser
It should be
{http://ws.somecompany.com/services/}ValidateUser
I had not checked my WSDL clearly.
In my case I solved by making sure that my config file either app.config or web.config depending on your client has correct endpoint. I had wrong address in my endpoint. I changed it and it worked fine.
I also lost a day to this issue, albeit with a different root cause.
In our case, two similar endpoint urls had got mixed up in the properties file. Both services were present and running, but the WSDLs didn't match up, so instead of a ConnectionException, we were getting this SOAPFaultException: "Cannot find dispatch method".
My fifty cent, I got same error message but my case was yet different from all above, so hopefuly it might help someone.
I had .wsdl file, which got outdated without my knowledge when colleagues on the other side of ws renamed some element. Unfortunately, change was not visible when I compared .wsdl with theirs because .wsdl file had .xsd import which actually contained renamed element. After I found change, I updated my .xsd file and tada! error is gone and it worked.
In my case, the following exception was throwing even I've supplied all the parameters
SoapFault exception: [S:Client] Cannot find dispatch method for {}parameters in
After banging my head few hours, just adding a \ while initializing SoapClient solved the problem.
From:
$client = new SoapClient($soapURL);
To:
$client = new \SoapClient($soapURL);
I had the same issue in my .NET Application, In my case setting url same as "http://x-xxx-xx-xx-01:8080//TestProject/testproject?wsdl" (dummy url) solved the problem in the below code.
Vb.Net
Dim rptGen as WSTestProject.testproject = Nothing
rptGen = New WSTestProject.testproject With {
.Url = "http://x-xxx-xx-xx-01:8080//TestProject/testproject?wsdl",
.Timeout = 1200000
}
Here, WSTestProject is the WebService NameSpace and testproject is the web method.
I am using a feign client for soap and I had the similar issue,Adding the correct namespace to the JAXB request and response object resolve the issue.
The issue was in my environment was the wsdl cache in php. The updated wsdl was not picked by the client and it was referring to the old wsdl.
You can do either one of the following options when you do the development of the web service and test, as the wsdl change during the update/implementation of the web service
Add WSDL_CACHE_NONE to soap client creation
$myServices_client = new SoapClient($myServices_wsdl_URL, array('cache_wsdl' => WSDL_CACHE_NONE) );
Set initialization parameter
ini_set("soap.wsdl_cache_enabled", 0);
Adding '/' will work for you.
Error: Cannot find dispatch method for {http://zzz.com}servicename
Not Working Request: xmlns:ser='http://zzz.com'>
Working Request: xmlns:ser='http://zzz.com/'>
I picked up an old Java project. I am not sure how it worked before, but I saw similar error and the reason was in wrong SOAP HTTP endpoint binding at server side.
Doesn't work:
Endpoint.create(HTTPBinding.HTTP_BINDING, servicePortType);
Works:
Endpoint.create(SOAPBinding.SOAP11HTTP_BINDING, servicePortType);

Problems with Zend_Service_Amazon_Simpledb and specialchars

I want to copy some data from MySQL to SimpleDB with the Zend Framework. It works fine so far, but if any attribute contains special chars like "äöüß" the server refused my request with "The request signature we calculated does not match the signature you provided.".
SimpleDB accept the request, if all specialchars are encoded in some way, but I want it like it is. What can I do to solve that? I tried to find informatione in google, but I found no solution.
I found a solution for that problem, but I had to change some code in Zend_Service_Amazon_SimpleDb. There was a missing http-header in the request. Just add
$request->setHeaders('Content-Type', 'application/x-www-form-urlencoded; charset=utf-8');
in _sendRequest().

Problem with OAuth, POST with parameters

I'm using Jon Crosby's open source Objective-C OAuth library http://code.google.com/p/oauthconsumer/ for some basic http authentication that does not deal with tokens, only consumer key and consumer secret. My code works great for GET, GET with parameters in the URL, and POST. When I issue a POST request that has parameters in the URL, though, the request fails authorization. I'm trying to figure out why.
The server is using Apache Commons OAuth, so I'd like to compare my base string with that library. Here's a contrived example and the base string and signature produced by my library. Can anyone see what the problem is?
consumer key: abcdef
consumer secret: ghijkl
POST request: http://emptyrandomhost.com/a/uriwith/params?interesting=foo&prolific=bar
my base string: POST&http%3A%2F%2Femptyrandomhost.com%2Fa%2Furiwith%2Fparams&interesting%3Dfoo%26oauth_consumer_key%3Dabcdef%26oauth_nonce%3D1%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D2%26oauth_version%3D1.0%26prolific%3Dbar
This data produces the following OAuth header authorization:
Authorization: OAuth oauth_consumer_key="abcdef",
oauth_version="1.0",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="2",
oauth_nonce="1",
oauth_signature="Z0PVIz5Lo4eB7aZFT8FE3%2FFlbz0%3D"
And apparently my signature is wrong. The problem has to either be in the construction of the base string, in the way that the HMAC-SHA1 function is implemented (using Apple's CCHmac from CommonHMAC.h, so hopefully this isn't it), or with my Base64Transcoder, which is open source c. 2003 by Jonathan Wight/Toxic Software. I primarily suspect the base string, since the requests work for GET and POST and only fail with POST with URL parameters as above.
Can someone with lots of OAuth experience spot the problem above? Something else that would be very useful is the base string that is produced by Apache Commons OAuth in their authentication. Thanks.
As per RFC 5849 section 3.4.1.2, the OAuth base string URI does not include the query string or fragment. If either the client or the server does not remove the query parameters from the base string URI and add them to the normalized OAuth parameter list, the signatures won't match. Unfortunately, it's hard to tell which side is making this mistake. But it's easy to determine this is the problem: If it always works without query parameters but always fails with query parameters, you can be pretty sure that one side or the other is generating the wrong base string. (Be sure that it always happens though... intermittent errors would be something else. Similarly, if it never works with or without a query string, that would also be something else.) The other possibility is that normalization was done incorrectly — the parameter list must be sorted and percent encoded sequences must be upper-cased. If it's not normalized correctly on both sides, that will also cause a base string mismatch, and thus a signature mismatch.
you can build and check visually your request at this URL:
http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/
Open the boxes denoted by [+] signs and fill in your values, that way you may be able to see if the problem is at your code, or at the provider side.