Page 13 of 14

Re: 049 tracking thread

Posted: Thu Sep 27, 2018 7:10 am
by kherron
Try running the GenerateApiKey method from the REST object.
You should also run the Generate SecurityKey method too.

These should have automatically ran when you started the OSAE service. I will need to check that.

These values have to be a specific byte length. I did not include defaults, as every system should generate their own values.
Otherwise, basic uses will leave the default values in place, and this becomes a security issue.

Here is an example you can try, but I suggest letting the system generate a new random key.

Rest APIKEY: KRIJqfnv18xfqcBs1cuNjzfs2RW5YWeJ (32 Characters)
System SecurityKey: oemspial9uzpgzl8 (16 Characters)

Re: 049 tracking thread

Posted: Thu Sep 27, 2018 10:31 am
by kherron
I think I found the issue why they are not populating.

These are "Required" properties so my code assumes these properties have a value in them.
I see I need to correct some code.

If you manually enter a single space bar as the property values for the APIKEY and the SecurityKey.
The GenerateApiKey and GenerateSecurityKey should perform correctly.

As far as the error on your DEV box
Vaughn wrote:
Wed Sep 26, 2018 10:07 am
The service was not started on my dev box, and I thought that might be part of it, so I enabled it and tried to start it, but then I get this error in the system logs:
The new security code should not effect the service at all, or the listener in any way. This must be caused by something else....

Re: 049 tracking thread

Posted: Thu Sep 27, 2018 1:07 pm
by Vaughn
I took the required properties off and restarted Rest, nothing populated still

Then I used the two keys you posted and I get a size error running the web screen still, but a different error:

Source: System.Web
Message: Exception of type 'System.Web.HttpUnhandledException' was thrown.
Inner Exception: System.Security.Cryptography.CryptographicException: Specified key is not a valid size for this algorithm.
at System.Security.Cryptography.SymmetricAlgorithm.set_Key(Byte[] value)
at OSAE.OSAESecurity.EncryptString(String plainText)
at OSAE.OSAESecurity.generateCurrentAuthKey(String currentUser)
at screens.Page_Load(Object sender, EventArgs e) in c:\Program Files\OSA\Plugins\Web Server\wwwroot\screens.aspx.cs:line 27
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Stack Trace: at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()

Re: 049 tracking thread

Posted: Thu Sep 27, 2018 1:21 pm
by kherron
That's very strange. Those are the keys I used for testing.

Please make sure there is not a space at the beginning or at the end.
RESTAPIKEY must be exactly 32 characters long, and the SecurityKey must be exactly 16 characters long.

Is the ApiKeyTimeOut set to something like 3600? (1 Hour)

Re: 049 tracking thread

Posted: Fri Sep 28, 2018 6:06 am
by kherron
Vaughn wrote:
Thu Sep 27, 2018 1:07 pm
I took the required properties off and restarted Rest, nothing populated still
That really would not have changed anything. It will require some code changes in the Rest plugin to properly fix the automatic population.

However, we should be able to put our own values in there.
Also, if you turn "Required" back on, and then enter a single spacebar as the property value (" "), the Generate methods should work and generate a new key.
I did notice, I had to refresh the objects page after running the GenerateApiKey to see the new key in the property.

Sorry this is causing you so much trouble. I tried not to complicate things and don't have any issues on my setup.
However, I have not tried setting up from scratch in quite some time.

Re: 049 tracking thread

Posted: Fri Sep 28, 2018 9:03 am
by Vaughn
I modified the logging to give me a little more info:

I am having some success, here is my logs now:

09-28 11:57:49.17 INFO Security System Security Key found: oemspial9uzpgzl8 (16 bytes)
09-28 11:57:49.16 INFO Security Checking if System Security Key exist
09-28 11:57:49.16 INFO Security REST API Key found: KRIJqfnv18xfqcBs1cuNjzfs2RW5YWeJ (32 bytes)
09-28 11:57:49.13 INFO Security Checking if REST API Key exist


09-28 11:58:58.49 DEBUG Rest Executing Method: Front Door.OFF..
09-28 11:58:58.47 DEBUG Rest Authentication: PASSED
09-28 11:58:58.46 DEBUG Rest Auth Date and Time: 9/28/2018 11:58:56 AM
09-28 11:58:58.45 DEBUG Rest Found User: Vaughn
09-28 11:58:58.39 INFO Rest OSAE Security is Decoding an AuthKey

Sadly the Rest command is not doing anything, but that is a separate issue.

I will go back and blank out the keys and also do some manual generation and see if it will make new keys, etc. At least it is starting to make a little sense to me and hopefully I will continue to progress on understanding it.

Re: 049 tracking thread

Posted: Fri Sep 28, 2018 10:23 am
by Vaughn
This is just an FYI update, separate from the REST api stuff.

Screens allows the simulation of sensor data. In my test of Screens, I was clicking on a DS10A sensor. Sensors do not have methods, so the REST call adding a Method.Queue entry does nothing. In the main screens application, when you click on something and it has no methods, it switches to Object.State Set, the web screens does not do this check, so I will have to code that in.

I added an object (siren) which has methods and the web Screens is working with it! So good news is that REST is working with the keys you gave me to enter manually, so making some headway. =)

I got side tracked from testing the REST key stuff when I ran into this because I only have a sensor setup on the new screen.


Re: 049 tracking thread

Posted: Fri Sep 28, 2018 6:03 pm
by kherron
I will fix the rest plugin and commit the changes.
Then you can just update the rest plugin and you should be good.

You can just keep using those codes for now, as it really doesn't matter. No one else is running this code yet.

Re: 049 tracking thread

Posted: Sun Oct 14, 2018 5:41 am
by kherron
Patch code to Rest Plugin and OSAE.Security completed and committed.

Sorry it took me so long...

Re: 049 tracking thread

Posted: Thu Jan 03, 2019 7:53 pm
by Vaughn
Last testing went well, I confirmed all the REST stuff works good on a fresh install. I was also missing the GIF dll from the installer and got it added in and confirmed the screen errors went away.

I am taking a 3-day weekend on the 9th or so and will put the update script in and publish then.