-
Bug
-
Resolution: Done
-
Medium
-
Dublin Release
-
None
-
DCAE R4 Sprint 8 (RC0), DCAE R4 Sprint 9 (RC1)
Corner case issue.
When authMethod = certBasicAuth - following is expected
4.1 client with cert, known identity and without/wrong basic auth -> pass
4.2 client with cert, unknown identity and without/wrong basic auth -> fail
5.1 client with cert, known identity and correct basic auth -> pass
5.2 client with cert, unknown identity and correct basic auth -> pass
5.2 fails when the entry in certSubjectMatcher.properties is removed (default - .*) - the request includes both certificate and BasicAuth credentials
vagrant@ncomp-dev:~$ curl -i -u sample1:sample1 -X POST -d @ves.txt --header "Content-Type: application/json" https://127.0.0.1:32770/eventListener/v5 --cert ~/gerrit/dcae-utils/g2/ves-tls/certs/rootCA.crt:collector --key ~/gerrit/dcae-utils/g2/ves-tls/certs/rootCA.key -k -v
- Hostname was NOT found in DNS cache
- Trying 127.0.0.1...
- Connected to 127.0.0.1 (127.0.0.1) port 32770 (#0)
- successfully set certificate verify locations:
- CAfile: none
CApath: /etc/ssl/certs
- SSLv3, TLS handshake, Client hello (1):
- SSLv3, TLS handshake, Server hello (2):
- SSLv3, TLS handshake, CERT (11):
- SSLv3, TLS handshake, Server key exchange (12):
- SSLv3, TLS handshake, Request CERT (13):
- SSLv3, TLS handshake, Server finished (14):
- SSLv3, TLS handshake, CERT (11):
- SSLv3, TLS handshake, Client key exchange (16):
- SSLv3, TLS handshake, CERT verify (15):
- SSLv3, TLS change cipher, Client hello (1):
- SSLv3, TLS handshake, Finished (20):
- SSLv3, TLS change cipher, Client hello (1):
- SSLv3, TLS handshake, Finished (20):
- SSL connection using ECDHE-RSA-AES256-GCM-SHA384
- Server certificate:
- subject: C=US; ST=NJ; L=Middletown; O=DCAE; OU=OPEN-DCAE; CN=DCAELOCAL
- start date: 2016-10-20 19:24:22 GMT
- expire date: 2017-01-18 19:24:22 GMT
- issuer: C=US; ST=NJ; L=Middletown; O=DCAE; OU=OPEN-DCAE; CN=DCAELOCAL
- SSL certificate verify result: self signed certificate (18), continuing anyway.
- Server auth using Basic with user 'sample1'
> POST /eventListener/v5 HTTP/1.1
> Authorization: Basic c2FtcGxlMTpzYW1wbGUx
> User-Agent: curl/7.35.0
> Host: 127.0.0.1:32770
> Accept: /
> Content-Type: application/json
> Content-Length: 483
>
- upload completely sent off: 483 out of 483 bytes
< HTTP/1.1 403
HTTP/1.1 403
< Content-Type: application/json;charset=UTF-8
Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
Transfer-Encoding: chunked
< Date: Mon, 15 Apr 2019 16:55:40 GMT
Date: Mon, 15 Apr 2019 16:55:40 GMT
<
- Connection #0 to host 127.0.0.1 left intact
Unknown macro: {"timestamp"}
The validation against basic-auth credentials works when certificates are removed on the request (curl -i -u sample1:sample1 -X POST -d @ves.txt --header "Content-Type: application/json" https://127.0.0.1:32770/eventListener/v5 -k -v)
- relates to
-
DCAEGEN2-1101 Collector authentication enhancement
- Closed
- mentioned in
-
Page Loading...