049 tracking thread

A place for developers to discuss development of OSA
Message
Author
User avatar
kherron
Posts: 634
Joined: Mon Dec 05, 2011 10:44 am
Location: Jacksonville, Fl.
Contact:

Re: 049 tracking thread

#121 Post by kherron » Thu Sep 27, 2018 7:10 am

Try running the GenerateApiKey method from the REST object.
You should also run the Generate SecurityKey method too.

These should have automatically ran when you started the OSAE service. I will need to check that.

These values have to be a specific byte length. I did not include defaults, as every system should generate their own values.
Otherwise, basic uses will leave the default values in place, and this becomes a security issue.

Here is an example you can try, but I suggest letting the system generate a new random key.

Rest APIKEY: KRIJqfnv18xfqcBs1cuNjzfs2RW5YWeJ (32 Characters)
System SecurityKey: oemspial9uzpgzl8 (16 Characters)

User avatar
kherron
Posts: 634
Joined: Mon Dec 05, 2011 10:44 am
Location: Jacksonville, Fl.
Contact:

Re: 049 tracking thread

#122 Post by kherron » Thu Sep 27, 2018 10:31 am

I think I found the issue why they are not populating.

These are "Required" properties so my code assumes these properties have a value in them.
I see I need to correct some code.

If you manually enter a single space bar as the property values for the APIKEY and the SecurityKey.
The GenerateApiKey and GenerateSecurityKey should perform correctly.

As far as the error on your DEV box
Vaughn wrote:
Wed Sep 26, 2018 10:07 am
The service was not started on my dev box, and I thought that might be part of it, so I enabled it and tried to start it, but then I get this error in the system logs:
The new security code should not effect the service at all, or the listener in any way. This must be caused by something else....

Vaughn
Site Admin
Posts: 1429
Joined: Thu May 13, 2010 2:17 pm

Re: 049 tracking thread

#123 Post by Vaughn » Thu Sep 27, 2018 1:07 pm

I took the required properties off and restarted Rest, nothing populated still

Then I used the two keys you posted and I get a size error running the web screen still, but a different error:

Source: System.Web
Message: Exception of type 'System.Web.HttpUnhandledException' was thrown.
Inner Exception: System.Security.Cryptography.CryptographicException: Specified key is not a valid size for this algorithm.
at System.Security.Cryptography.SymmetricAlgorithm.set_Key(Byte[] value)
at OSAE.OSAESecurity.EncryptString(String plainText)
at OSAE.OSAESecurity.generateCurrentAuthKey(String currentUser)
at screens.Page_Load(Object sender, EventArgs e) in c:\Program Files\OSA\Plugins\Web Server\wwwroot\screens.aspx.cs:line 27
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Stack Trace: at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()

User avatar
kherron
Posts: 634
Joined: Mon Dec 05, 2011 10:44 am
Location: Jacksonville, Fl.
Contact:

Re: 049 tracking thread

#124 Post by kherron » Thu Sep 27, 2018 1:21 pm

That's very strange. Those are the keys I used for testing.

Please make sure there is not a space at the beginning or at the end.
RESTAPIKEY must be exactly 32 characters long, and the SecurityKey must be exactly 16 characters long.

Is the ApiKeyTimeOut set to something like 3600? (1 Hour)

User avatar
kherron
Posts: 634
Joined: Mon Dec 05, 2011 10:44 am
Location: Jacksonville, Fl.
Contact:

Re: 049 tracking thread

#125 Post by kherron » Fri Sep 28, 2018 6:06 am

Vaughn wrote:
Thu Sep 27, 2018 1:07 pm
I took the required properties off and restarted Rest, nothing populated still
That really would not have changed anything. It will require some code changes in the Rest plugin to properly fix the automatic population.

However, we should be able to put our own values in there.
Also, if you turn "Required" back on, and then enter a single spacebar as the property value (" "), the Generate methods should work and generate a new key.
I did notice, I had to refresh the objects page after running the GenerateApiKey to see the new key in the property.

Sorry this is causing you so much trouble. I tried not to complicate things and don't have any issues on my setup.
However, I have not tried setting up from scratch in quite some time.

Vaughn
Site Admin
Posts: 1429
Joined: Thu May 13, 2010 2:17 pm

Re: 049 tracking thread

#126 Post by Vaughn » Fri Sep 28, 2018 9:03 am

I modified the logging to give me a little more info:

I am having some success, here is my logs now:

09-28 11:57:49.17 INFO Security System Security Key found: oemspial9uzpgzl8 (16 bytes)
09-28 11:57:49.16 INFO Security Checking if System Security Key exist
09-28 11:57:49.16 INFO Security REST API Key found: KRIJqfnv18xfqcBs1cuNjzfs2RW5YWeJ (32 bytes)
09-28 11:57:49.13 INFO Security Checking if REST API Key exist

and

09-28 11:58:58.49 DEBUG Rest Executing Method: Front Door.OFF..
09-28 11:58:58.47 DEBUG Rest Authentication: PASSED
09-28 11:58:58.46 DEBUG Rest Auth Date and Time: 9/28/2018 11:58:56 AM
09-28 11:58:58.45 DEBUG Rest Found User: Vaughn
09-28 11:58:58.39 INFO Rest OSAE Security is Decoding an AuthKey

Sadly the Rest command is not doing anything, but that is a separate issue.

I will go back and blank out the keys and also do some manual generation and see if it will make new keys, etc. At least it is starting to make a little sense to me and hopefully I will continue to progress on understanding it.

Vaughn
Site Admin
Posts: 1429
Joined: Thu May 13, 2010 2:17 pm

Re: 049 tracking thread

#127 Post by Vaughn » Fri Sep 28, 2018 10:23 am

This is just an FYI update, separate from the REST api stuff.

Screens allows the simulation of sensor data. In my test of Screens, I was clicking on a DS10A sensor. Sensors do not have methods, so the REST call adding a Method.Queue entry does nothing. In the main screens application, when you click on something and it has no methods, it switches to Object.State Set, the web screens does not do this check, so I will have to code that in.

I added an object (siren) which has methods and the web Screens is working with it! So good news is that REST is working with the keys you gave me to enter manually, so making some headway. =)

I got side tracked from testing the REST key stuff when I ran into this because I only have a sensor setup on the new screen.




Vaughn

User avatar
kherron
Posts: 634
Joined: Mon Dec 05, 2011 10:44 am
Location: Jacksonville, Fl.
Contact:

Re: 049 tracking thread

#128 Post by kherron » Fri Sep 28, 2018 6:03 pm

I will fix the rest plugin and commit the changes.
Then you can just update the rest plugin and you should be good.

You can just keep using those codes for now, as it really doesn't matter. No one else is running this code yet.

User avatar
kherron
Posts: 634
Joined: Mon Dec 05, 2011 10:44 am
Location: Jacksonville, Fl.
Contact:

Re: 049 tracking thread

#129 Post by kherron » Sun Oct 14, 2018 5:41 am

Patch code to Rest Plugin and OSAE.Security completed and committed.

Sorry it took me so long...

Post Reply