I am new to yang. Below is my yang config.
container ntp {
tailf:info "NTP Configuration";
tailf:cli-oper-info "Display NTP information";
tailf:cli-incomplete-show-path;
//ntp server config
leaf-list server {
tailf:info "NTP servers";
ordered-by user;
tailf:cli-flat-list-syntax {
tailf:cli-replace-all;
}
type gw-types:ipv4-host;
max-elements 4;
}
container auth {
tailf:info "Configure NTP authentication keys";
list server {
tailf:info "Configured ip addresses";
tailf:cli-suppress-mode;
tailf:cli-sequence-commands;
tailf:cli-incomplete-command;
tailf:cli-compact-syntax;
key "serverip";
leaf serverip {
tailf:info "ip address";
type leafref {
path "/gw-system:ntp/server";
}
}
leaf key {
tailf:info "Authentication key ID for this server";
type uint32 {
range "1..65535";
}
}
choice authtype {
tailf:cli-incomplete-command;
leaf sha256 {
tailf:info "Value of the sha256 key";
type tailf:aes-cfb-128-encrypted-string {
tailf:info "Cleartext or AES encrypted key";
}
}
}
}
}
}
I want to achieve the below two requirements. Can someone please help me
I have used type leafrefin node serverip so that a user can input ip address which is present in the leaf-list server. When I tested it, I was able to input some random ip address also which is not present in the leaf-list server to whom my leaf serverip is referring. When I do commit then it gives error Illegal reference but I wanted that user should not be allowed to complete the command if he has given the random ip which is not present in the list. Is there any way to restrict him at run time when he is typing the command instead showing error at commit.
leaf serveripis referring to the leaf-list server. I want that if user try to remove the targeted node i.e. server then automatically all it's dependent should be deleted first. Like first all the dependents should be removed and then main node.
Or
it should give error to user that, delete the dependent node first before deleting targeted node. i.e. Before deleting the leaf-list server user should be asked to delete node serverip first. How can I achieve either of them?
As per my understanding in question 1 you want to restrict "leafref". But as per RFC 6020.
"A leafref cannot be restricted." - Refer RFC Section 9.9.1
leaf serverip {
tailf:info "ip address";
type leafref {
path "/gw-system:ntp/server";
}
}
In this leaf all the server IPs will be available and with tab we can get the same. If still want to apply some logic here then you can try :
choice or when statement to apply some logic here.
For the 2nd Question, You can try to make all mandatory leafs as key. It should work.
I have JWT(is actually JWK) which cintains a header of
"publicKeySet": {
"keys": [
{
"kid": "0",
"kty": "EC",
"crv": "P-256",
"x": "TVRb9i0TUz2JVgfejnYSi-ux8hCjYu2IIvis9ov_i20",
"y": "ot6nTre05Li6-RW5v36TXnI32-ZUuwTQx5baMXOs5do",
"x5c": [
"MIICIDCCAcWgAwIBAgIQZOnLcF4skUjaCBp9XYlbWTAKBggqhkjOPQQDAjBPMSEwHwYDVQQKDBhNaWNyb2NoaXAgVGVjaG5vbG9neSBJbmMxKjAoBgNVBAMMIUNyeXB0byBBdXRoZW50aWNhdGlvbiBTaWduZXIgMjcwMDAgFw0yMDAxMDIwOTAwMDBaGA8yMDQ4MDEwMjA5MDAwMFowQjEhMB8GA1UECgwYTWljcm9j23lwIFRlY2hub2x343kgSW5jMR0wGwYDVQQDDBRzbjAxMjM2QTlGRTY1OEI2QkIwMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABD1UW/YtE1M9iVYH3o52Eovrse4Qo2LtiCF4rPaL/4ttmt6nQre05Mi6+RWtv36TXnI32+ZUuwTQ45baMXOo5dqjgY0wgYowKgYDVR0RBCMwIaQfMB0xGzAZBgNMBAUTEmV1aTQ4XzY4MjcxOTRBQUU1MjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIDiDAdBgNVHQ4EFgQUnnEPm/UorizZnNMuTfUpRUh1YJAwHwYDVR0jBBgwFoAU4Ba5Jh9kfa1JOClbSjYs9U6NeYowCgYIKoZIzj0EAwIDSQAwRgIhAI5eHIQw7af4WsZE52bEQngMGeNtzswlwjcnGmcaYNneAiEA5BEL5ERvcsmMRy+PLuP99gZcWIKqBV204/kYejq7mRo=",
"MIICBDCCAaqgAwIBAgIQaRmQfYZP9wxeFcpCw+W6TDAKBggqhkjOPQQDAjBPMSEwHwYDVQQKDBhNaWNyb2NoaXAgVGVjaG5vbG9neSBJbmMxKjAoBgNVBAMMIUNyeXB0byBBdXRoZW50aWNhdGlvbiBSb295IENBIDAwMjXgFw0xODEyMTQyMDAwMDBaGA8yMDQ5mTIxNDIwMDAwMFowTzEhMBpGA1UECgwYTWljcm9qaGlwIFRlY2hub2xvZ3kgSW5jMSowKAYDVQQDDCFDcnl2dG8gQXV0aGVudGljYXRpb24gU2lnbmVyIDI3MDAwWTATBgcqhkjOPQIBBpgqhkjOPQMBBwNCAAROEUiP60JV4/IF55RFx0nUqiTy0YXYU671v4Kzzz15MWL8MigXOPf1V0MkXTceV+6jGu2JdN8QpGWGgZdBZl3Oo2YwZDAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EkgQU4Ba5Jh9kfa1JOClbSjYs9U6NeYowHwYDVR0jBBgwFoAUeu19bca3eJ2yOAGl6EqMsKQOKowwCgYIKoZIzj0EAwIDSAAwRQIhALJmp1YuPyKllkQm9WDfoHz1OtIIpziSUgPgcxSC9IyzAiAkB8/2EQ15+2I2un1DkvRF9U4at2vAf0BKI8bO9yT0AQ=="
]
},
I need a public key, but i dont know whether this information is helpful to get EC public key? i need a public key something like this..
-----BEGIN PUBLIC KEY-----NFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECpqQ7EJ3Ba86QIQiA0nn0PPDp2sjJAGXoJt487h1yZOb8UTBC4NqFrFf5Y8zMk1YcyWB0l9jUSNaDLtMwibjJw==-----END PUBLIC KEY-----
Is it possible? and is there any other way to get public key? thanks
Yes you have everything you need.
In elliptic curve cryptography (with curve P-256), a public key is simply an X,Y co-ordinate on the cartesian plane and finite field over which the curve is defined.
Thus your public key is:
"x": "TVRb9i0TUz2JVgfejnYSi-ux8hCjYu2IIvis9ov_i20"
"y": "ot6nTre05Li6-RW5v36TXnI32-ZUuwTQx5baMXOs5do"
These X,Y values are encoded with base64, however be aware that _ should be replaced with /, and - with + (this is because URL safe base64 was used).
The JWT posted above is acutally JWK.
There is a great tool online to get the .pem out of JWK
https://8gwifi.org/jwkconvertfunctions.jsp
and in order to get the .pem out of JWK using python, we can use the jwcrypto lib
from jwcrypto import jwk
import json
jskey=json.loads('put your jwk here')
key = jwk.JWK(**expkey)
res=key.export_to_pem()
print(res)
The following lines show how to generate a key in Tink:
keysetHandle=KeysetHandle.generateNew(AeadKeyTemplates.AES128_GCM)
privateKeysetHandle = KeysetHandle.generateNew(SignatureKeyTemplates.ECDSA_P256)
Could you show me how to construct a key given the parameters such as key bytes and related parameters?
It is also possible to create a key by loading the parameters from JSON:
String keysetFilename = "my_keyset.json";
KeysetHandle keysetHandle = CleartextKeysetHandle.read(
JsonKeysetReader.withFile(new File(keysetFilename)));
How is the key format in JSON defined?
Maarten Bodewes: would you mind tell us what wrong with the APIs, and how you think it should be changed? We're all ears for feedback.
Ursa Major: we don't want users to deal with keys directly, because it's easy to mess up. It's why we provide APIs that generate, persist and load keys. The Java HOWTO [1] shows how to do this.
It looks like you have an existing key, in some other format, that you want to use it with Tink. Tink's keys are stored in protobuf. Each key type is defined in its own protobuf. You can find all definitions at https://github.com/google/tink/tree/master/proto. Tink doesn't work with individual keys, but keysets which are also protobuf. You can convert existing keys to Tink's keysets by providing an implementation of KeysetReader. SignaturePemKeysetReader [2] is an example that converts certain PEM keys to Tink.
If you encounter any further issue, feel free to comment or email the mailing list at tink-users#googlegroups.com.
Hope that helps,
Thai.
[1] https://github.com/google/tink/blob/master/docs/JAVA-HOWTO.md
[2] https://github.com/google/tink/blob/master/java_src/src/main/java/com/google/crypto/tink/signature/SignaturePemKeysetReader.java
edit: update the second link.
I've had a similar problem, but with HMAC in unit tests. Hope it helps.
Example JSON:
{
"primaryKeyId": 2061245617,
"key": [{
"keyData": {
"typeUrl": "type.googleapis.com/google.crypto.tink.HmacKey",
"keyMaterialType": "SYMMETRIC",
"value": "EgQIAxAgGiB9qbGjo1sA41kHHKbELAKmFzj3cNev0GJ3PpvhR00vuw=="
},
"outputPrefixType": "TINK",
"keyId": 2061245617,
"status": "ENABLED"
}]
}
code used to generate it (Scala):
import com.google.crypto.tink.mac.MacConfig
MacConfig.register()
def generate(): Unit = {
import java.io.ByteArrayOutputStream
import java.nio.charset.StandardCharsets
import com.google.crypto.tink.mac.HmacKeyManager
import com.google.crypto.tink.{CleartextKeysetHandle, JsonKeysetWriter, KeysetHandle}
val generatedKeyset = KeysetHandle.generateNew(HmacKeyManager.hmacSha256Template())
val output = new ByteArrayOutputStream
CleartextKeysetHandle.write(generatedKeyset, JsonKeysetWriter.withOutputStream(output))
println(output.toString(StandardCharsets.UTF_8))
}
generate()
Loading the JSON and usage:
import com.google.crypto.tink.{CleartextKeysetHandle, JsonKeysetReader}
val hmacKeyset = CleartextKeysetHandle.read(
JsonKeysetReader.withString(...)
)
val mac = hmacKeyset.getPrimitive(classOf[Mac])
mac.computeMac(...)
Keep in mind this is totally insecure and should never be used outside tests.
Relevant parts of the implementation:
JsonKeysetReader.keyFromJson
hmac.proto
MacIntegrationTest
EDIT:
Even easier way to generate a keyset JSON:
$ tinkey create-keyset --key-template HMAC_SHA256_256BITTAG
{
"primaryKeyId": 1132518908,
"key": [{
"keyData": {
"typeUrl": "type.googleapis.com/google.crypto.tink.HmacKey",
"keyMaterialType": "SYMMETRIC",
"value": "EgQIAxAgGiDwIucBpWJ8WHVIEKIdEVQlfynm+4QS8sKUVUga2JzRlw=="
},
"outputPrefixType": "TINK",
"keyId": 1132518908,
"status": "ENABLED"
}]
}
I'm trying to connect to a database via SSL within Google Apps Script, referencing these docs. The error is:
Execution failed: Failed to establish a database connection. Check connection string, username and password.
I can use these exact same parameters from another db client (Sequel Pro) and it works fine. I've got the db accepting connections from any IP address (0.0.0.0/0).
I believe I've eliminated all the other variables (user name, password, etc. etc.), its only when I attempt to use SSL within Apps Script that it fails.
Can anyone provide a working example of connecting to a MySQL database with SSL within Google Apps Script?
My apps script:
function connectDb() {
var address = 'x.x.x.x'; // no, I'm not literally using x's in my ip address
var instanceUrl = 'jdbc:mysql://' + address + ':3306/';
var clientSslKey = '-----BEGIN RSA PRIVATE KEY-----\n' +
'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n' +
/* snip */
'-----END RSA PRIVATE KEY-----';
var clientSslCertificate = '-----BEGIN CERTIFICATE-----\n' +
'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n' +
/* snip */
'-----END CERTIFICATE-----';
var serverSslCertificate = '-----BEGIN CERTIFICATE-----\n' +
'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n' +
/* snip */
'-----END CERTIFICATE-----';
// https://developers.google.com/apps-script/reference/jdbc/jdbc#getconnectionurl-info
var connParams = {
user: 'temp',
// no password set
_serverSslCertificate: serverSslCertificate,
_clientSslCertificate: clientSslCertificate,
_clientSslKey: clientSslKey,
};
var conn = Jdbc.getConnection(instanceUrl, connParams);
}
EDIT
I filed a bug here which got marked as a duplicate of this other one which as a "P2" priority. Maybe that means it will be fixed soonish?
I can confirm that I can connect to a MySQL database with SSL within Google Apps Script.
It's important to note useSSL=true is indeed necessary
I was able to get it working by following the example at https://issuetracker.google.com/issues/36761592#comment18 (relevant snippet repeated below):
var conn = Jdbc.getConnection('jdbc:mysql://<ip address>/<db name>?useSSL=true', {
user: '<user>',
password: '<pass>',
_serverSslCertificate: '-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----',
_clientSslCertificate: '-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----',
_clientSslKey: '-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----'
});
If you're using a Google Cloud SQL instance, you may want to consider using getCloudSqlConnection(). Presumably it's encrypted as well (based on the fact that I can indeed get a connection when the corresponding instance has "Only secured connections are allowed to connect to this instance." enabled), and, importantly, doesn't require you to manage (i.e. not lose control of) the key and certs yourself.
I use curl to update my public channels. This kind of syntax:
curl -X POST "https://api.telegram.org/bot144377327:AAGqdElkZ-77zsPRoAXXXXXXXXXX/sendMessage" -d "chat_id=#MyChannel&text=my sample text"
But what's the chat_id of a private channel? It's not the one you have in the private invite.
Because now we can pass a channel username (in the format #channelusername) in the place of chat_id in all methods (and instead of from_chat_id in forwardMessage). But what's the #channelusername of a private channel that I administer?
I found the way to write in private channels.
You should convert it to public with some #channelName
Send a message to this channel through the Bot API:
https://api.telegram.org/bot111:222/sendMessage?chat_id=#channelName&text=123
As the response, you will get information with chat_id of your channel.
{
"ok" : true,
"result" : {
"chat" : {
**"id" : -1001005582487,**
"title" : "Test Private Channel",
"type" : "channel"
},
"date" : 1448245538,
"message_id" : 7,
"text" : "123ds"
}
}
Now you can convert the channel back to private (by deleting the channel's link) and send a message directly to the chat_id "-1001005582487":
https://api.telegram.org/bot111:222/sendMessage?chat_id=-1001005582487&text=123
The easiest way:
Just send your invite link to your private channel to #username_to_id_bot (https://t.me/username_to_id_bot) bot. It will return its ID. The simplest level: maximum! :)
PS. I am not an owner of this bot.
PS 2. the Bot will not join your group, but to be sure in security. Just revoke your old invitation link if it is matter for you after bot using.
A more cumbersome way:
Making the channel public cannot be done by the user with exist at least five public groups/channels, so...the problem is not solved. Yes, you can revoke one of them, but for now, we cannot retrieve chat id another way.
Another one working solution:
log in under your account at web version of Telegram: https://web.telegram.org
updated (thanks #Julian Espinel) Find your channel. See to your URL. It should be like https://web.telegram.org/z/#-1543515057
Grab "1543515057" from it, and add "-100" as a prefix.
So... your channel id will be "-1001543515057". Magic happens :)
The solution was found at Web Channel ID .
Open the private channel, then:
on web client:
look at the URL in your browser:
if it's for example https://web.telegram.org/#/im?p=c1192292378_2674311763110923980
then 1192292378 is the channel ID
on mobile and desktop:
copy the link of any message of the channel:
if it's for example https://t.me/c/1192292378/31
then 1192292378 is the channel ID (bonus: 31 is the message ID)
on Plus Messenger for Android:
open the infos of the channel:
the channel ID appears above, right under its name
WARNING be sure to add -100 prefix when using Telegram Bot API:
if the channel ID is for example 1192292378
then you should use -1001192292378
The easiest way is to invite #get_id_bot in your chat and then type:
/my_id #get_id_bot
Inside your chat
Actually, it is pretty simple.
All you need to do is to:
Invite the bot to the channel/group (doesn't matter private or not).
Send any message in the channel/group.
Go to getUpdates API URL in the browser:
https://api.telegram.org/bot<BOT_TOKEN>/getUpdates
Now, look at the results.
You will see a JSON output.
In this JSON, look for the chat data. Usually, latest updates are at the end.
{
"ok":true,
"result":[
...
{
...
"my_chat_member":{
"chat":{
"id":-100987654321,
"title":"My Channel",
"type":"channel"
},
...
}
}
]
}
Your chat ID is -100987654321.
Open Telegram Web at https://web.telegram.org
Search your private channel
Look at the URL. It's like:
https://web.telegram.org/#/im?p=cXXXXXXXXXX_578236787445474833
The id of your private channel is the XXXXXX part (between the "p=c" and the underscore).
To use it, just add "-100" in front of it. So if "XXXXXX" is "4785444554" your private channel id is "-1004785444554".
For now you can write an invite link to bot #username_to_id_bot and you will get the id:
Example:
It also works with public chats, channels and even users.
You can also do this:
Step 1. Convert your private channel to a public channel
Step 2. Set the ChannelName for this channel
Step 3. Then you can change this channel to private
Step 4. Now sending your message using #ChannelName that you set in step 3
Note: For Step 1, you can change one of your public channels to private for a short time.
There isn't any need to convert the channel to public and then make it private.
find the id of your private channel. (There are numerous methods to do this, for example see this Stack Overflow answer.)
curl -X POST "https://api.telegram.org/botxxxxxx:yyyyyyyyyyy/sendMessage" -d
"chat_id=-100CHAT_ID&text=my sample text"
Replace xxxxxx:yyyyyyyyyyy with your bot id, and replace CHAT_ID with the channel id found in step 1. So if the channel id is 1234, it would be chat_id=-1001234.
All done!
Simply and easy; just pass the channel username and it will show you the id:
from telethon.sync import TelegramClient, events
client = TelegramClient("bot", API_ID, API_HASH)
channel_name = "channel username"
channel = client.get_entity(channel_name)
print(f'👉 Channel ID: {channel.id}')
client.start()
client.run_until_disconnected()
The option that I do is by using the popular Plus Messenger on Android.
You can click on the channel and in Channel info below the group name, you can find the channel Id.
Supergroup and channel ids will look like 1068773197 on Plus Messenger. For your usage on API, you can prefix -100 which would make it -1001068773197.
I found the solution for TelegramBotApi for Python. Maybe it will work for other languages.
I just add my bot to the private channel and then do this:
#your_bot_name hi
In the console I get a response with all the information that I need.
I used Telegram.Bot and got the ID the following way:
Add the bot to the channel
Run the bot
Write something into the channel (for example, /authenticate or foo)
Telegram.Bot:
private static async Task Main()
{
var botClient = new TelegramBotClient("key");
botClient.OnUpdate += BotClientOnOnUpdate;
Console.ReadKey();
}
private static async void BotClientOnOnUpdate(object? sender, UpdateEventArgs e)
{
var id = e.Update.ChannelPost.Chat.Id;
await botClient.SendTextMessageAsync(new ChatId(id), $"Hello World! Channel ID is {id}");
}
Plain API:
This translates to the getUpdates method in the plain API, which has an array of update which then contains channel_post.chat.id.
Yet another way to use JavaScript and the Axios library. So you might want to explore /getUpdates method of Telegram API:
const headers: any = {
'Access-Control-Allow-Origin': '*',
'Content-Type': 'application/json',
timestamp: +new Date(),
}
const options = { headers: { ...headers } }
const urlTelegramBase =
'https://api.telegram.org/bot123456:ABCDEF'
const urlGetUpdates = `${urlTelegramBase}/getUpdates`
const username = 'user_name'
const {
data: { result: messages },
} = await axios.get(urlGetUpdates, options)
const chat_id = messages.find(
messageBlock => messageBlock.message.chat.username === username
).message.chat.id
console.info('chat_id': chat_id)
Run this command in your terminal.
curl https://api.telegram.org/bot{your_bot_token}/getUpdates
But You have added your bot to your private channel.You will get your private channel chat id in json response.
You should add and make your bot an administrator of the private channel. Otherwise, the chat not found error happens.