Java scribe does not generate signature on Tomcat - scribe

I am using scribe 1.3.0 for OATH authentication. This is on Tomcat 7 under Ubuntu.
I am pretty sure this is some sort of a pilot error but cannot figure out what is wrong exactly...
I create the service and token in the constructor of my client class:
public Client()
{
m_service = new ServiceBuilder()
.provider(Api.class)
.apiKey(CONSUMER_KEY)
.apiSecret(CONSUMER_SECRET)
.debug()
.build();
m_accessToken = new Token(OAUTH_TOKEN, OAUTH_TOKEN_SECRET);
}
Later on when time comes to make a request I use the service in a function:
OAuthRequest request = new OAuthRequest(Verb.GET,
url);
m_service.signRequest(m_accessToken, request);
Since I added the debug() tag to the ServiceBuilder I get the following output:
signing request: URL
setting token to: Token[xxxx , xxxxx]
generating signature...
thats it.. nothing else happens, the code just seems to die there.
I tried to catch Exception from the m_service call but it does not throw exception.
I had tried this code before on a different Windows machine with Jetty and it worked but I dont have access to that machine or OS anymore..
What could I be doing wrong? Is there anything else I can do to get more debug output?
-Wish

Turns out that I needed to include the apache codec jar files in Tomcat.
I did go back to try my app on Jetty again under Windows, that worked without the codec. I am not entirely sure why linux+Tomcat needs apache codec while Jetty+Windows7 does not..
If I had Maven would not have this issue..

Related

How are people authenticated in their ASP.NET Core Web APIs on Ubuntu/Docker given the bug described below?

I have come across what I think is a bug preventing me from loading an X509Certificate2 on Ubuntu or the Debian-based docker image provided by Microsoft. This means that I can't initialise JwtAuthentication in my web API on these platforms, and I'm looking for help:
Are you successfully using JwtAuthentication on Linux?
If so, how are you initialising an X509Certificate for the JwtBearerOptions?
Can you see a problem with what I'm doing, or suggest a work-around or solution?
I have logged the issue with the corefx team and you can see the full discussion here, but below is the main description of the problem:
I have a Web API running in a docker container. The container is built from the provided 1.1.0 package:
FROM microsoft/aspnetcore:1.1.0
and the Web API binaries are copied in. The API runs fine and returns data as expected until I turn on authentication, at which point it needs an X509SecurityKey to set the TokenValidationParameters.IssuerSigningKey value. It throws an exception when it attempts to initialise an X509Certificate2 from a string value:
string certValue = certificate.Value;
byte[] byteCert = Encoding.ASCII.GetBytes(certValue);
return new X509Certificate2(byteCert);
throws an OpenSslCryptographicException:
Unhandled Exception: System.Exception: Failed to extract the Token Signing certificate from the Federation metadata. --->
Interop+Crypto+OpenSslCryptographicException: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
at Internal.Cryptography.Pal.CertificatePal.FromBlob(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] data)
at Mercury.Shared.Rest.Authentication.AdfsFederationMetadata.GetSigningCertificate()
The string value from which the X509Certificate2 is being initialised is:
MIIC4jCCAcqgAwIBAgIQHWt3kGySgJxPtsalC0EoKzANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJBREZTIFNpZ25pbmcgLSBzdHMuYWxsYW5ncmF5LmNvLnphMB4XDTE2MDkwNzA5MDQyM1oXDTE3MDkwNzA5MDQyM1owLTErMCkGA1UEAxMiQURGUyBTaWduaW5nIC0gc3RzLmFsbGFuZ3JheS5jby56YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANdq9BEuBRPsTdpngeFyXbfH5lBg5WyENQW0qz2FtDw3AvZhiPdFyvTPZIeZDc4vhg+gPuG8pCxhFa6hPqNIwnLSVuyhUi4/CtZrLghF2wVVcyriijvirzdVp2m56nO31NB5HXbSerTmey1gJsgumr+MiaM2CEI9z5ctwAp66jqM9jVv7kzqIwB33irSck+X97jUa9XVa0/0QPBdrSVUR0i4rmfZ9orRdTKC3IA13bD9duk2Kc9V7t8t/woo80Kbbb3ZseYk5N8AI+7RRw9+oSAm8zZQzBYkNkAMeI1mto1faXsm9Aea4HXbyCbvVOx/JGj5Ki7YK/BtzWAyCgRu0TkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAd9rdJ1V9te8njMHiEuvr1DLVUBt2YdpZ8qGFC2rWDKeEW8iARrMfbtrlQovvE1radxoZ2gWR1AaaoEqzmLvF9fEAZ7xjR2P2UlT+ZgntfMn/c+3j7gWnfGNHIjosaYiyF72q4k6bgOx1TV8X08kD2AMBH27utXeeUQTZTd0bUWaWpr76NrDB95k4P6d0t5bkYsguiQjV+2t5/dSvrbTPVbXQmWGyC53IS2OI37AI2bIaeCCDkRHDoxu+L/DtgH8N60k2CLfa+pf0/cxQCR39p4Z+tquVKfYgJIsdZLD6bbrqK9VdpSR2vyUcDLMTGnO0tuDuzBd/xdhJ0GKbnBv3+g==
The same code runs with no problem on Windows, building a certificate from the same string.
Edit: Note that while I initially encountered this problem running a docker image, subsequent testing has shown that it also occurs using Ubuntu 14.04 + .NET Core 1.1
The problem here is that what is being passed to the constructor are the bytes of the base64 representation of the key, and not the bytes of the key itself.
If this code works on Windows then maybe it's a good idea to create an issue in the .net core github referencing this problem.
Thanks for the answer. For those who would like to copy and paste:
var certificateWithoutHeaderAndFooter = certificateString
.Replace("\\n","")
.Replace("-----BEGIN CERTIFICATE-----", "")
.Replace("-----END CERTIFICATE-----", "");
var certificateBytes = Convert.FromBase64String(certificateWithoutHeaderAndFooter);
var certificate = new X509Certificate2(certificateBase64Bytes);

handshake_failure trying to access file on same server

My code is trying to access a template file on the same server as the application.
It all worked fine until we switched on SSL.
Now when connecting to the file I get a SSLHandshakeException: handshake_failure with not much information on the actual cause of the issue.
If I try to access the file through the browser I get a warning page asking if I want to proceed at my own risk.
Is it a problem with the certificate? Can I bypass it?
Edit: The server is JBoss EAP 6.1 with Java 1.7. It's configured to use TLS1.2.
The bit retrieving the template is:
URL url;
URLConnection urlConnection;
try {
url = new URL(templateUrl);
urlConnection = url.openConnection();
urlConnection.setConnectTimeout(connectionTimeout);
urlConnection.setReadTimeout(connectionTimeout);
BufferedReader breader = new BufferedReader(new InputStreamReader(urlConnection.getInputStream()));
String line;
while ((line = breader.readLine()) != null) {
strHtmlContent.append(line);
}
}
Handshake error is usually not a problem with the certificate, at least not with the validation of the certificate. It can have several other reasons, typically wrong protocol version, no cipher overlap, missing use of SNI... .
Unfortunately it is impossible to say what the problem is in your specific case but you might narrow it down by trying to access the site with different clients (i.e. browser, curl, ...). If not even a browser can access the site it is probably a misconfiguration of the server.

Spring boot 1.3.1 with Tyrus websocket causes Authentication Exception

We recently migrated to Spring boot 1.3.1 from the traditional spring project.
Our existing clients use Tyrus 1.12 as a websocket client.
After the upgrade, we found that the clients no longer connect and throws AuthenticationException. Strangely, they are able to connect for the first time since server restart and soon after throws AuthenticationException.
Digging a bit more, I found that Tyrus receives a 401 initially and passes on credentials subsequently. The server logs indicate the same behaviour, by first assigning ROLE_ANONYMOUS and then the correct role, ROLE_GUEST there after.
It seems like after the negotiation, the server closes connection and disconnects.
I observed the same behaviour when using spring stomp websocket client with Tyrus.
ClientManager container = ClientManager.createClient();
container.getProperties().put("org.glassfish.tyrus.client.sharedContainer", true);
container.getProperties().put(ClientProperties.CREDENTIALS, new Credentials("guest", "guest"));
StandardWebSocketClient webSocketClient = new StandardWebSocketClient(container);
final CountDownLatch messageLatch = new CountDownLatch(10);
WebSocketStompClient stompClient = new WebSocketStompClient(webSocketClient);
This same server setup works fine when the credentials are sent in the header.
stompClient.connect(url, getHandshakeHeaders("guest", "guest"), handler);
And this will NOT work since the credentials are not in the header
ListenableFuture<StompSession>session = stompClient.connect(url, handler, "localhost", "8080");
I am not understanding why it is working one way and not the other.
After upgrading to spring-boot, our software is no longer backwards compatible and will have to ask all our external clients to inject the authorization in the header before receiving a 401.
Can someone please help?
My earlier post with stacktrace

PayPal works fine on localhost, but fails while works on aws server

I have integrated paypal to my MVC4 application. PayPal dll version 1.5.0.0, NewtonJson dll version 6.0.0.0
At first i got exception at localhost while getting access token
Dictionary<string, string> sdkConfig = new Dictionary<string, string>();
sdkConfig.Add("mode", "sandbox");
string accessToken = new PayPal.Api.OAuthTokenCredential("MyClientId", "MySecretId", sdkConfig).GetAccessToken();
Exception was
Invalid HTTP response: The request was aborted: Could not create SSL/TLS secure channel.
From stackoverflow I got a fix
System.Net.ServicePointManager.Expect100Continue = true;
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
System.Net.ServicePointManager.DefaultConnectionLimit = 9999;
Its currently working fine on my localhost, but getting exception when uploaded and run on AWS windows instance.
Retried 3 times.... Exception in PayPal.HttpConnection.Execute(). Check log for more details.
Can somebody help me on this ?
UPDATE
I have checked with uploading the same code in mochahost server. Its working perfectly there too
My EC2 instance is Windows Server 2008 DataCenter, 32 bit with IIS7
Make sure TCP443 is open on any elastic load balancer (ELB) you are using and in the security group assigned to the EC2 instance. In the OS make sure TCP443 is allowed with Windows Advanced Firewall.

invalid stream header: 47455420 - Java Input Stream

Hello World!
Currently I'm writing a simple Client/Server application which uses sockets to do the communitcation. My Client and my Server application are working fine with each other but if I try to query my Server application with a real web-browser (like Mozilla Firefox), then it comes to an exception.
I think that my streams are not compatible with Mozilla Firefox. This little code line always leads to an IOException with the error message "invalid stream header: 47455420".
From Firefox I try to connect via: http://localhost:7777/some-webpage.html
This is my code:
server = new ServerSocket(7777);
Socket socket = server.accept();
try
{
ObjectInputStream inputStream = new ObjectInputStream(new BufferedInputStream(socket.getInputStream()));
}
catch (IOException ex)
{
System.out.println("This exception happens :-(");
System.out.println(ex.getLocalizedMessage());
}
Does anybody know why this happens?
Help is seen with pleasure.
Greetings
Benny
The ObjectInputStream expects a binary format. You can't use a web browser to produce the binary format that it reads. The web browser will talk HTTP protocol, and your server is not expecting that at all.
You probably need to learn about web services. You might find the JAX-RS support in CXF convenient for what you seem to want to do.
To just drop in to HTTP, the minimal thing to do is implement a servlet: google would be your friend in learning about them.