[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Handle-info] hsj 8 challenge response "Authentication via Authorization: Handle" via HS_PUBKEY python example.

To: Alan Smith <Alan.Smith@ribaenterprises.com>
Subject: Re: [Handle-info] hsj 8 challenge response "Authentication via Authorization: Handle" via HS_PUBKEY python example.
From: Robert R Tupelo-Schneck <schneck@cnri.reston.va.us>
Date: Wed, 2 Mar 2016 11:17:12 -0500
Cc: "handle-info@cnri.reston.va.us" <handle-info@cnri.reston.va.us>
Delivered-to: handle-info-archive@cnriweb-cogent.cnri.reston.va.us
Delivered-to: handle-info@cnriweb.cnri.reston.va.us
In-reply-to: <4152A1C79FC1B749B4E2AF592C7CD54A035A28CE@ncl-s-mail03.ribac.net>
List-archive: <http://www.handle.net/mailman/private/handle-info/>
List-help: <mailto:handle-info-request@cnri.reston.va.us?subject=help>
List-id: "Handle.Net Mailing List" <handle-info.cnri.reston.va.us>
List-post: <mailto:handle-info@cnri.reston.va.us>
List-subscribe: <http://www.handle.net/mailman/listinfo/handle-info>, <mailto:handle-info-request@cnri.reston.va.us?subject=subscribe>
List-unsubscribe: <http://www.handle.net/mailman/options/handle-info>, <mailto:handle-info-request@cnri.reston.va.us?subject=unsubscribe>
References: <546038BE-82A8-48C2-8788-07A811781FDD@surfsara.nl> <CB11CB58-FE3E-4C1F-A9FB-36EBA80692F2@cnri.reston.va.us> <C72D5E73-7E50-4448-9397-5EF125DB87D4@surfsara.nl> <4152A1C79FC1B749B4E2AF592C7CD54A035A24A2@ncl-s-mail03.ribac.net> <CB4380F5-AD01-4DE3-B526-2A4885418436@cnri.reston.va.us> <4152A1C79FC1B749B4E2AF592C7CD54A035A2648@ncl-s-mail03.ribac.net> <9CAF2B46-1DB3-4861-9784-35BD194926B0@cnri.reston.va.us> <4152A1C79FC1B749B4E2AF592C7CD54A035A28CE@ncl-s-mail03.ribac.net>
Sender: handle-info-bounces@cnri.reston.va.us

Okay.  We definitely recommend using public/private key authentication whenever possible.  

The secret key Basic auth should have worked too... let me know if you ever have a reason to pursue that again.

Robert

> On Mar 2, 2016, at 9:17 AM, Alan Smith <Alan.Smith@ribaenterprises.com> wrote:
> 
> Robert,
> 
> Thanks for all your pointers - I ditched what I was doing in favour of looking at public/private key authentication. After a bit of a headache with updating the original sample Python code to use my DSA pem key instead of an RSA one, I was able to authenticate and programmatically add and update handles via the API.
> The new web admin tool was also great for uncovering where I was going wrong.
> 
> I was going to tidy up my Python code a bit and post it to github just in case anyone fines it useful. I'll post the link on this forum too.
> 
> Thanks again for all your help - can't tell you how happy I was to see that little "200 OK" message from the server :-)
> 
> Alan
> 
> -----Original Message-----
> From: Robert R Tupelo-Schneck [mailto:schneck@cnri.reston.va.us] 
> Sent: 02 March 2016 4:17 AM
> To: Alan Smith
> Cc: handle-info@cnri.reston.va.us
> Subject: Re: [Handle-info] hsj 8 challenge response "Authentication via Authorization: Handle" via HS_PUBKEY python example.
> 
> It looks like you are authenticating as 300:10.admin/riba using the hdl-admintool, and 10.admin/riba with no index using the HTTP API. Only 300:10.admin/riba is authorized.
> 
> You could arrange for 10.admin/riba with no index to be authorized by adding 10.admin/riba index 0 to the list of authorized admins. 
> 
> Or, you can authenticate as 300:10.admin/riba to the HTTP API. Since colon is significant in HTTP Basic Auth authentication, your "username" for HTTP Basic Auth should be 300%3A10.admin/riba with the colon percent-encoded. Everything else should be the same.
> 
> Best,
> Robert
> 
> > On Mar 1, 2016, at 4:33 PM, Alan Smith <Alan.Smith@ribaenterprises.com> wrote:
> > 
> > Hi Robert,
> > 
> > I was given an admin handle '10.admin/riba' to use for secret key authentication.
> > When I use this with the hdl-admintool, I'm able to create and update handles under my 10.18557 prefix.
> > 
> > I'm assuming I'm not doing something quite right :-)
> > 
> > Thanks,
> > 
> > Alan
> > 
> > -----Original Message-----
> > From: Robert Tupelo-Schneck [mailto:schneck@cnri.reston.va.us] 
> > Sent: 01 March 2016 7:47 PM
> > To: Alan Smith
> > Cc: Robert Verkerk; handle-info@cnri.reston.va.us
> > Subject: Re: [Handle-info] hsj 8 challenge response "Authentication via Authorization: Handle" via HS_PUBKEY python example.
> > 
> > Indeed, you are authenticating correctly, but the server is rejecting your identity as not permitted. What "username" are you using?
> > 
> > Robert
> > 
> > > On 2016-03-01, at 11:30, Alan Smith <Alan.Smith@ribaenterprises.com> wrote:
> > > 
> > > Hi Robert,
> > > 
> > > Sorry for jumping in on this thread - but I have a couple of questions that are related. Firstly, thanks Robert for the Python example - it's help my understanding of the handle server REST API.
> > > 
> > > I have been trying to adapt the sample to use basic authentication and believe I am sending the correct authentication header. But, when I do a PUT request to update a value of a handle I get a:
> > > 
> > > 403 Forbidden {"responseCode":400,"handle":"10.18557/1"}
> > > 
> > > Again, I think I've got the authentication information correct, because if I change the username or password used in the header I get a:
> > > 
> > > 401 Unauthorized
> > > 
> > > The login credentials work via the hdl-admintool tool.
> > > 
> > > The URL I'm sending requests to is: 'https://38.100.138.133:8000/api/handles/10.18557/1'
> > > 
> > > My headers are: {'Content-Type': 'application/json', 'Authorization': 'Basic <username:password escaped and encoded as per tech manual>'}
> > > 
> > > And the payload I'm sending: {"values": [{"index": 1, "ttl": 86400, "type": "URL", "timestamp": "2016-02-22T11:52:30Z", "data": {"value": "http://www.theNBS.com";, "format": "string"}}, {"index": 100, "ttl": 86400, "type": "HS_ADMIN", "timestamp": "2016-03-01T08:43:48Z", "data": {"value": {"index": 200, "handle": "0.NA/10.18557", "permissions": "011111110011"}, "format": "admin"}}], "handle": "10.18557/1", "responseCode": 1}
> > > 
> > > Any ideas what I'm doing wrong?
> > > 
> > > Thanks,
> > > 
> > > Alan
> > > 
> > > -----Original Message-----
> > > From: handle-info-bounces@cnri.reston.va.us [mailto:handle-info-bounces@cnri.reston.va.us] On Behalf Of Robert Verkerk
> > > Sent: 04 February 2016 9:07 AM
> > > To: Robert R Tupelo-Schneck
> > > Cc: handle-info@cnri.reston.va.us
> > > Subject: Re: [Handle-info] hsj 8 challenge response "Authentication via Authorization: Handle" via HS_PUBKEY python example.
> > > 
> > > Hi Robert,
> > > 
> > > Thanks very much for the example.
> > > 
> > > Greetings,
> > > 
> > > Robert Verkerk
> > > > On 03 Feb 2016, at 21:46, Robert R Tupelo-Schneck <schneck@cnri.reston.va.us> wrote:
> > > > 
> > > > First of all, use the hdl-convert-key utility to produce a standard PEM file for the handle private key file. (That way you can take advantage of key-decoding functionality from a standard library.)
> > > > 
> > > > I've attached a Python example written by my colleague Ben Hadden. It uses "requests" and "PyCrypto". It resolves a handle record, changes the data in the handle value at index 1, and updates the handle record. Change the values in the main() function at the top to reflect your actual situation.
> > > > 
> > > > The updateHandleRecord() function does the work. It sends an unauthenticated PUT request, parses the WWW-Authenticate: header from the response to that, constructs an Authorization: header, and sends the request again authenticated.
> > > > 
> > > > Let us know if you have any questions!
> > > > 
> > > > Robert
> > > > 
> > > > <example.py>
> > > > 
> > > >> On Feb 2, 2016, at 9:30 AM, Robert Verkerk <robert.verkerk@surfsara.nl> wrote:
> > > >> 
> > > >> Hi,
> > > >> 
> > > >> We want to use the handle rest-full api. But don’t want to use the basic authentication with HS_SECKEY.
> > > >> 
> > > >> Does anybody have an python example of challenge response "Authentication via Authorization: Handle" using HS_PUBKEY?
> > > >> We would like to generate a private/public keypair with hdl-keygen. The public key is stored in the handle database. The private key is known on the client.
> > > >> 
> > > >> We saw the handle technical manual chapter 14.6.4 and further. This shows the basics. But it is not enough to create a working piece of python code. 
> > > >> 
> > > >> -- 
> > > >> Greetings,
> > > >> 
> > > >> Robert Verkerk
> > > >> 
> > > >> 
> > > >> 
> > > >> 
> > > >> 
> > > >> 
> > > >> _______________________________________________
> > > >> Handle-Info mailing list
> > > >> Handle-Info@cnri.reston.va.us
> > > >> http://www.handle.net/mailman/listinfo/handle-info
> > > > 
> > > 
> > > <116030116304001069.gif>
> > > 
> > > This email may contain certain privileged or confidential information.
> > > If you are not the intended recipient of any part of this email, please telephone the sender immediately on +44 (0)191 244 5500 and delete this message from your system.
> > > RIBA Enterprises scan all emails and attachments for viruses. However, you should carry out your own virus checks before opening email or any attachments.
> > > RIBA Enterprises does not accept liability for any such matters or their consequences. 
> > > Please do not disclose the content of this email or forward to any other person.
> > > Any views expressed or implied in this message are those of the individual sender except where specifically stated to be the views of RIBA Enterprises Ltd.
> > > All emails are monitored; those that contravene the Company's policies may be subject to interception, delay or deletion.
> > > This email has been scanned for email related threats and delivered safely by Mimecast.
> > > For more information please visit http://www.mimecast.com
> > 
> > <116030121335901249.gif>
> > 
> > This email may contain certain privileged or confidential information.
> > If you are not the intended recipient of any part of this email, please telephone the sender immediately on +44 (0)191 244 5500 and delete this message from your system.
> > RIBA Enterprises scan all emails and attachments for viruses. However, you should carry out your own virus checks before opening email or any attachments.
> > RIBA Enterprises does not accept liability for any such matters or their consequences. 
> > Please do not disclose the content of this email or forward to any other person.
> > Any views expressed or implied in this message are those of the individual sender except where specifically stated to be the views of RIBA Enterprises Ltd.
> > All emails are monitored; those that contravene the Company's policies may be subject to interception, delay or deletion.
> > This email has been scanned for email related threats and delivered safely by Mimecast.
> > For more information please visit http://www.mimecast.com
> 
> <116030214172900569.gif>
> 
> This email may contain certain privileged or confidential information.
> If you are not the intended recipient of any part of this email, please telephone the sender immediately on +44 (0)191 244 5500 and delete this message from your system.
> RIBA Enterprises scan all emails and attachments for viruses. However, you should carry out your own virus checks before opening email or any attachments.
> RIBA Enterprises does not accept liability for any such matters or their consequences. 
> Please do not disclose the content of this email or forward to any other person.
> Any views expressed or implied in this message are those of the individual sender except where specifically stated to be the views of RIBA Enterprises Ltd.
> All emails are monitored; those that contravene the Company's policies may be subject to interception, delay or deletion.
> This email has been scanned for email related threats and delivered safely by Mimecast.
> For more information please visit http://www.mimecast.com

_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info

References:
- [Handle-info] hsj 8 challenge response "Authentication via Authorization: Handle" via HS_PUBKEY python example.
  - From: Robert Verkerk <robert.verkerk@surfsara.nl>
- Re: [Handle-info] hsj 8 challenge response "Authentication via Authorization: Handle" via HS_PUBKEY python example.
  - From: Robert R Tupelo-Schneck <schneck@cnri.reston.va.us>
- Re: [Handle-info] hsj 8 challenge response "Authentication via Authorization: Handle" via HS_PUBKEY python example.
  - From: Robert Verkerk <robert.verkerk@surfsara.nl>
- Re: [Handle-info] hsj 8 challenge response "Authentication via Authorization: Handle" via HS_PUBKEY python example.
  - From: Alan Smith <Alan.Smith@ribaenterprises.com>
- Re: [Handle-info] hsj 8 challenge response "Authentication via Authorization: Handle" via HS_PUBKEY python example.
  - From: Robert Tupelo-Schneck <schneck@cnri.reston.va.us>
- Re: [Handle-info] hsj 8 challenge response "Authentication via Authorization: Handle" via HS_PUBKEY python example.
  - From: Alan Smith <Alan.Smith@ribaenterprises.com>
- Re: [Handle-info] hsj 8 challenge response "Authentication via Authorization: Handle" via HS_PUBKEY python example.
  - From: Robert R Tupelo-Schneck <schneck@cnri.reston.va.us>
- Re: [Handle-info] hsj 8 challenge response "Authentication via Authorization: Handle" via HS_PUBKEY python example.
  - From: Alan Smith <Alan.Smith@ribaenterprises.com>

Prev by Date: Re: [Handle-info] hsj 8 challenge response "Authentication via Authorization: Handle" via HS_PUBKEY python example.
Next by Date: [Handle-info] Overriding HandleStorage
Previous by thread: Re: [Handle-info] hsj 8 challenge response "Authentication via Authorization: Handle" via HS_PUBKEY python example.
Next by thread: [Handle-info] Modify handle value via API
Index(es):
- Date
- Thread