Adding subjectAltName to csr using phpseclib - phpseclib

I am using phpseclib to generate private key, public key and CSR and i just want to be able to include subjectAltName to the Public key and CSR in the process but the documentation is no good. I tried using setDomain but all that does is overides the primary commonName value..
I found this from another post but it doesn't seem to have any effect:
$x509->setExtension('id-ce-subjectAltName', array('san1.domain.com', 'san2.domain.com'));
-- UPDATE --
I am step closer, I see the extension for subjectAltName in my certificate but its blank field
Any help will be appreciated!
thanks
Here is some php code..
$altnames = array (
"san1.domain.com",
"san2.domain.com"
);
$x509 = new File_X509();
$x509->loadX509($x509->saveX509($x509->sign($issuer, $subject)));
$x509->setExtension('id-ce-keyUsage', array('digitalSignature', 'keyEncipherment'));
$x509->setExtension('id-ce-extKeyUsage', array('id-kp-serverAuth', 'id-kp-clientAuth'));
$x509->setExtension("id-ce-subjectAltName", $altnames);

phpseclib doesn't currently support subjAltDomain's for CSR's very well. More info:
https://stackoverflow.com/a/28610388/569976

Related

problem to configure public key on google audit email api

I need a help! I'm trying to use the google auditing API (https://developers.google.com/admin-sdk/email-audit)
Im getting a problem to configure the public key on API (https://developers.google.com/admin-sdk/email-audit/auth#example), receiving the following error:
The value of attribute "value" associated with an element type "apps:property" must not contain the
'<' character.
Im following the documentation payload:
<atom:entry xmlns:atom='http://www.w3.org/2005/Atom' xmlns:apps='http://schemas.google.com/apps/2006'>
<apps:property name="publicKey" value="<em>my public key in base64 here</em>"/>
</atom:entry>
One example of public key that i generated and encoded on base64:
LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUlOQkdJOW96c0JFQUNkTWlUajY2UUNJeTlOSjNzQzFGS1dlaFZDaTRKaGRtZDVhemtnMlh5WlM5RXNGT2hDCkJ6elVlT2lyRnRaKzR2c3pQZUdNT3A5eXlKS0dCcnk3ZUVWV0JzZTE0aHFzSjJiY1NRSEFOMnpVdDl6WlZNbzkKS3lBdGZxNytxTGRhNjhMbUpmM1drT1RxVFVCWnZ5OTQvYnhCMmR2UkR0ZWtCRFo2TlZIMVpObFJLOXY3Si90cgpNYmFvRnhiSmF4RlA4ZkZrVGxhcS9aY2ZCRmcxOWV0YkpHWUdTSU9yRlZ5MXVyQmlUOGx2TFhEbi81a2JNc0o1Cms3am5sUUNqcDcrN0RLSXVlSXBISGZBY2xNaitreEl4WmdlZElVbzJ0RTV3UVVIYmNmSU96a010UEFFWENUTUgKZW9GR2drTVBaaHB1NlhhbFY0RnlHZzdPMEtLWGcweHFtdjI3UDd1a0VlaFRkbzVLZitzZW5YZzVEbVpLQm9mRwoyejlzQUg1MXplWXZkVHhDSkdtdUprdWJPMEcvTFhxOHlGRW5oZEkyZjNkazQwNUZ4UlJna1BGU2tOYjFVS21mCklCSU1uM0VDVG1qK1JOWE9aS0Rqd2hmdHpkRS9KVGpueU1JVUFWR0VEWGtGdEVXTVRpSmIrVURZQi9odm9QS2sKdUNXNUNDNWtuOG14Z2x4eWxIaUVhQWJ6dTQ3MFBaaW9NTWo5VHk2VGZOVXZDOXJsRGszSEsreUpIaWJqWmxOagoxREdaN01yZWs4STV0ZVlVcmtZYVNDNUt4SVhSRjZwaEIyZUdUdzh5SEp3UUd3RURPL1E1QmJ3Q2dqREN4VS9ICkUyTFF4MURZeFU1Q1l4U1dIR0xzcVkrQUxKNGlsSXdNWEZERFZOdzRFVTl0Yis3cWdTajhXR2FRM1FBUkFRQUIKdEE1S2I4T2pieUJrWlNCQmMzTnBjNGtDVkFRVEFRZ0FQaFloQkJnbEtEbGhsVHFpUStRVUd2WFc5blJHV05JbQpCUUppUGFNN0Foc0RCUWtIaGg5eUJRc0pDQWNDQmhVS0NRZ0xBZ1FXQWdNQkFoNEJBaGVBQUFvSkVQWFc5blJHCldOSW1CbDRQL1JUeDlkbW1oMitXUE9jRUpGMXcvVkZqRFBMbkFWV3VSQnRKYmd2SVlETVdBUHpaTC9OYlRCL0wKUE1BYVdqdFlsRUZrZkpJMGxjdnU0L2F0R0JydDBIeGZFMW5FRjkzME5HcGNSaU80blcyd1hZSUhmaHg2ZnRlZwo3a283TDVPN21jMDgwWnpQRXQrSjEzZTZnSVdwbWExSXh3djRFRTVCb1NoQnpTOVlOWjNVQUJPLyszTnhCZHF2CloybldCcVR0cXpWb2Z4SGJPejBLRGJLclNLaUNmZy9EWmxzYVBES2FLMURQOU8xU3pJcURJWGQ0Q25RSWw2WUEKQjJPV0cvTE05OWV5Y2pxQitVTWw3ZzR4c1hBRGV1SG12SzVUSDUwRzgvRGpsSmZtWllkdUZiSm5hZGlHUnZWbApzOVpFNnZDRzl2ajNxQUFFVDhIcHNJUldTaWNGZHczVzFYV1RDdE1pYWE1M3ZidkhVaWw5QnI5VWxWMjJLbThkCmdLM3VsZXVCMmg4WnRXeEVIbE9kVXBDQ3RsNVp3RVBMeTNTSWIrL3lnQWV5cTAxanFOY0VlZmg1emk0VXNIZmQKdXZDVDZ0T0E2bmwyTVZuSDhzWTRHUlcrM0xqZjNJSVlRNzQ3QXQ3bGRVTDJCdTUrQng1bUlEV0QzZ0kvWnJ4LwpFQVU2QWx4eTI0YWJQcG90VlBYQW1BKzMzVDZsR2dWeXUwV2U3Vm14RkxucENmby8xQXlROUNWOVhIb1NhdjhmCkRJYXNtc203VnNaYXd1VTRoVi9DV2FPcXQ4WlUzRndyRDI0NElIR2c2L1RQZU1DWlRrMVhVdEVKdW9PcUpyb04KdDVXay8vZTI2VDh2akFWQWhHOWFzNE5HQnRLbUlDdlJpUkdEalEwQ1A2WEMzOVFEeEF3VnVRSU5CR0k5b3pzQgpFQURRNGl2bTQ2YTAzTXJZcUZjay90VWYxZTdCcTNtOVdVbkVOTEdtQ1RGdG1TTVJlQm5DZEx0bTV3K3piS1hLCmZMYzdrUTFNcHJMbTJVMk1zdk9XeGVjNk91eWxXeCtxOXB5UlR1NU5VR0txN1ZPUVZRYW9TNCs5VHpTQTBETmUKcUxjbWhIakhvSVNJZWVEZXRIWEZ1ZklNcHMvVUxCSndWUzZKYzdOaUhNNmp6TVMxS1hkVzJlbEFOdDdYNXBTYwpsLy9wL1VYTWxkSmZqZHMxWmljWFlkZWtGeTVyR3pHT2s4ZEhmMDRTS0Vsa1d0Ry9xZnZqb1FoVFRuOHZFTFZXCmpxUjlwS08yVDhDNXB1VFFwQld1Z0lGMFVaalAvcWVZL0xDMmVOcHNqczZ1SjllbU5GRXZ6YkJlSjlQOWhLUzQKdHUvZWxtSWFqczBPdFpycWMrTWNSQmFvcVVWQ1BETkFabVRWTnkyQ3l1MTFkQUJIRVozQWZBTE1qNXB4TmJiQgpHTWkxblByY3lqdzFOd05CV3VKTDdaQlZ6d2J3bjVQcHNlWVB5Vi93TWszd3RWNi9XVW9vdTYxbDI3RDdnY1lKCmlyYXN4R0pmSWR5WkNVSEFmNHNIN3MxM1VRb2puVHdodGlBWFpIaWlSTlBDVWF2VXFuSDVlZ3UrOElhKzZnTDkKeGE0cUI5a1lqc1cyem1LbTY4QkpLWGJKb1ZleGdOaVVnajYxZkphOC85UTJyQ2V5Y1VpdXRDbzFsUDFVQzhYMQplekNBNi8vL0hxQUxoU2ZuQ0hONHZRMzUvdlNGaHo3LzREbTBzSjI3Qk5leG0vQ1JFYXNBdVVYVWJFdXF4Q2VVCkZCMHVDTlo4cXkxT2FpWnl0cDFCaDBjYjlQWDdaSE9QQmpMeWpGaEZCak16RlFBUkFRQUJpUUk4QkJnQkNBQW0KRmlFRUdDVW9PV0dWT3FKRDVCUWE5ZGIyZEVaWTBpWUZBbUk5b3pzQ0d3d0ZDUWVHSDNJQUNna1E5ZGIyZEVaWQowaVpNT2cvK0kzejdnOElCWE81SThaNmY4cjhVcVpRNjE0dlkyUGtUSk1kK1c5SnZyTmFBWDJOdXBxMFk1ZjlLCkFiSTVCcjBaOFp1MjQ2NjVZZFQyUkNOS3VDa0dmZUc3WWlvTnhDREc2dys2c1o3SWtWQjBhcDJwYk8wb1ZBcFgKYzlWc3RzY2p2dkJheC91djgrZElGUmpKUithb21KRzFURVpVcWNvMEJVcHRXRUs3azN5SXAyUlBDVW5oeEcySQpZbUUwMmEwNkljdE9oeUtBUW9FM2ZRQmdLUGN6Z0tnbWNCdjhreDU4Qld1UEkyZk9MMjhQSm1jSzg5ZWpFdEwxCnRoNHh2dE9ibXl6SkFZTUduMHYyenpvV0NJUENGL2FIaVhpOEFvSEJRRExpeVpnejRla2Q0Q3B3TEtJUmJxYzQKZkkzOEgzQlQvQmxML3Bic0RHeXUvc2NVbUVsc3MrbnhrOWhkZVdwdCt2TTFGc2duN1RCY0FUb21zaVBVSG1obQpBUCsvdFRMVnNBb3FnMHpoanBaNVhBS28yUHVGZk42M2EvMGwxOXR2SmxGa09ZT0JEYVZKOWoxZmhuclBaSnJmCjJwODNLM1lhZ3hIWEQvNUFhVGNoM0Z5V2Nja3RmVDkyME5LY3AzUHNtZnN2bU5HdUYrRnlmYVpCQXh4MmtkWmgKTG13MEx6NVE3ME8wd1J4NnJZNmN0bHRvdnVlY29IS1VTWWdPamFsNzc3cG5tODRYb2FkdXdUdDVnUXlrdmlScwpiVHhZMytaWWM4eFJ1QjJYaTVkZGFUWkw2bEJoclpDMHdDWnI2L2hPYTVhUFdVVStGeFdtZkpsZ3A0Z1VkeVIwCldkK1FOMXNMZmt0b2Y5amJXeFRwNjd5SUpBMDV6c2VpdUp4OEszTmxDWk80YTN1T2xuUT0KPWZmZWsKLS0tLS1FTkQgUEdQIFBVQkxJQyBLRVkgQkxPQ0stLS0tLQ==
If you check on base64 decode for example, you can see that its a complete public key...
Any idea?
Thank you!
The error message points that there is a non valid character being passed on the "value" attribute, in this case the <> characters are non valid within the value field, checking your example you are adding it like this:
<apps:property name="publicKey" value="<em>my public key in base64 here</em>"/>
Where the "value=<em>my public key in base64 here</em>" is being passed with the "<>" characters, even though the documentation states that "<em>" and "</em>" is passed you can still just remove the tags and add the public key without them like this:
<apps:property name="publicKey" value="my public key in base64 here"/>

Drupal 8 Rest API

My Custom API's are working fine, I've deployed code on staging Server but I'am getting below error.
Drupal\Component\Plugin\Exception\PluginNotFoundException: The "" plugin does not exist. Valid plugin IDs for Drupal\rest\Plugin\Type\ResourcePluginManager are: dblog, file:upload, entity:block, entity:block_content_type, entity:block_content, entity:comment, entity:comment_type, entity:config_pages_type, entity:config_pages, entity:contact_form, entity:contact_message, entity:editor, entity:field_config, entity:field_storage_config, entity:file, entity:filter_format, entity:flagging, entity:flag, entity:google_api_service_client, entity:google_api_client, entity:image_style, entity:menu_link_content, entity:node, entity:node_type, entity:page_variant, entity:page, entity:path_alias, entity:rdf_mapping, entity:rest_resource_config, entity:search_api_task, entity:search_api_server, entity:search_api_index, entity:search_api_autocomplete_search, entity:shortcut_set, entity:shortcut, entity:social_auth, entity:menu, entity:action, entity:taxonomy_term, entity:taxonomy_vocabulary, entity:tour, entity:ultimate_cron_job, entity:user, entity:user_role, entity:webform_options, entity:webform, entity:webform_submission, entity:webform_access_group, entity:webform_access_type, entity:webform_image_select_images, entity:webform_options_custom, entity:view, entity:paragraph, entity:paragraphs_type, entity:base_field_override, entity:entity_view_display, entity:entity_view_mode, entity:entity_form_mode, entity:entity_form_display, entity:date_format, user_registration in Drupal\Core\Plugin\DefaultPluginManager->doGetDefinition() (line 53 of /home1/tourcode/public_html/''/web/core/lib/Drupal/Component/Plugin/Discovery/DiscoveryTrait.php)
Thanks in Advance.
Drupal is looking for a plugin with empty string as a name.
I also noticed have some kind of an empty string in your path. (between public_html and web)
/home1/tourcode/public_html/''/web/core/lib/Drupal/Component/Plugin/Discovery/DiscoveryTrait.php
It looks like the configuration of your server has a problem.

Extra string & pipe character in Laravel Cookies

In a Laravel 6x project I'm working on I'm setting a cookie with:
Cookie::queue('remember_me', json_encode(['uid' => $user->id, 'token' => $token]),2628000);
I'm reading the cookie and decrypting it with:
$cookies = Crypt::decrypt(Cookie::get('remember_me'),false);
This works well, except that the value of $cookies has an extra pre-pended string and a | delimiter in it:
e80cd502fec2a621b624ead8eb1cc91a2e94846b|{"uid":872,"token":"l1214065120208k"}
I can work with that obviously to get what I need but I have been unable to find anything on why that string and | are being prepended to the cookie. Any explanation or documentation link?
I did find another thread here with a similar question but no answer:
How to decrypt cookies in Laravel 8
I also found a thread suggesting that Laravel 8 adds the session_id to the cookie string. Is that what I'm seeing here?
Thanks,
Michael
This value looks to be an HMAC-SHA1 of the cookie name with v2 appended to the end.
This logic is implemented in the CookieValuePrefix class in Laravel and the code looks like so:
public static function create($cookieName, $key)
{
return hash_hmac('sha1', $cookieName.'v2', $key).'|';
}
This is used in the EncryptCookies middleware when encrypting and decrypting accordingly. The relevant source code is:
// in decrypt() function
$hasValidPrefix = strpos($value, CookieValuePrefix::create($key, $this->encrypter->getKey())) === 0;
$request->cookies->set(
$key, $hasValidPrefix ? CookieValuePrefix::remove($value) : null
);
// in encrypt() function
$this->encrypter->encrypt(
CookieValuePrefix::create($cookie->getName(), $this->encrypter->getKey()).$cookie->getValue(),
static::serialized($cookie->getName())
)
I put this logic into a CyberChef page here to test it out with some local cookies I had and verify the output matches and it did. If you go there and plug in your app key (preferable a disposable one) you should see it output the hash value you have in your question.

Trying to use ColdFusion to create HMAC-SHA1 hash for API authentication

I am at my wit's end on this one, I just can't find the right combination of code to make this work. I'm trying to create an authentication digest for an API query. I've tried many CFML functions (for example: Coldfusion HMAC-SHA1 encryption and HMAC SHA1 ColdFusion), but I'm not coming up with the same results that are cited in the API documentation. Here's that example (basically elements of the request header with line breaks as delimiters.):
application/xml\nTue, 30 Jun 2009 12:10:24 GMT\napi.summon.serialssolutions.com\n/2.0.0/search\ns.ff=ContentType,or,1,15&s.q=forest\n
and here's the key:
ed2ee2e0-65c1-11de-8a39-0800200c9a66
which according to the documentation should result in:
3a4+j0Wrrx6LF8X4iwOLDetVOu4=
when the HMAC hash is converted to Base64. Any ideas would be most appreciated!
The problem is your input string, not the functions. The first one works fine. Though I would change the charset to UTF-8, or make it an argument. Otherwise, the results are dependent on the jvm default, which may not always be correct, and can change which would break the code.
Verify you are constructing the sample string correctly. Are you using chr(10) for new lines? Note: It must also end with a new line.
Code:
<cfscript>
headers = [ "application/xml"
, "Tue, 30 Jun 2009 12:10:24 GMT"
, "api.summon.serialssolutions.com"
, "/2.0.0/search"
, "s.ff=ContentType,or,1,15&s.q=forest"
];
theText = arrayToList(headers, chr(10)) & chr(10);
theKey = "ed2ee2e0-65c1-11de-8a39-0800200c9a66";
theHash = binaryEncode( hmacEncrypt(theKey, theText), "base64");
writeDump(theHash);
</cfscript>
Result:
3a4+j0Wrrx6LF8X4iwOLDetVOu4=

SBL-ODU-01007 The HTTP request did not contain a valid SOAPAction header

I am hoping someone can help get me in the right direction...
I am using Powerbuilder 12 Classic and trying to consume a Oracle CRM OnDemand web service.
Using Msxml2.XMLHTTP.4.0 commands, I have been able to connect using https and retrieve the session id, which I need to send back when I invoke the method.
When I run the code below, I get the SBL-ODU-01007 The HTTP request did not contain a valid SOAPAction header error message. I am not sure what I am missing??
OleObject loo_xmlhttp
ls_get_url = "https://secure-ausomxxxx.crmondemand.com/Services/Integration?command=login"
try
loo_xmlhttp = CREATE oleobject
loo_xmlhttp.ConnectToNewObject("Msxml2.XMLHTTP.4.0")
loo_xmlhttp.open ("GET",ls_get_url, false)
loo_xmlhttp.setRequestHeader("UserName", "xxxxxxx")
loo_xmlhttp.setRequestHeader("Password", "xxxxxxx")
loo_xmlhttp.send()
cookie = loo_xmlhttp.getResponseHeader("Set-Cookie")
sesId = mid(cookie, pos(cookie,"=", 1)+1, pos(cookie,";", 1)-(pos(cookie,"=", 1)+1))
ls_post_url = "https://secure-ausomxxxx.crmondemand.com/Services/Integration/Activity;"
ls_response_text = "jsessionid=" + sesId + ";"
ls_post_url = ls_post_url + ls_response_text
loo_xmlhttp.open ("POST",ls_post_url, false)
loo_xmlhttp.setRequestHeader("COOKIE", left(cookie,pos(cookie,";",1)-1) )
loo_xmlhttp.setRequestHeader("COOKIE", left(cookie,pos(cookie,";",1)-1) )
ls_post_url2 = "document/urn:crmondemand/ws/activity/10/2004:Activity_QueryPage"
loo_xmlhttp.setRequestHeader("SOAPAction", ls_post_url2)
loo_xmlhttp.send()
ls_get_url = "https://secure-ausomxxxx.crmondemand.com/Services/Integration?command=logoff"
loo_xmlhttp.open ("POST",ls_get_url, false)
loo_xmlhttp.send()
catch (RuntimeError rte)
MessageBox("Error", "RuntimeError - " + rte.getMessage())
end try
I believe you are using incorrect URL for Login and Logoff;
Here is the sample:
https://secure-ausomxxxx.crmondemand.com/Services/Integration?command=login
https://secure-ausomxxxx.crmondemand.com/Services/Integration?command=logoff
Rest of the code looks OK to me.
I have run into similar issues in PB with msxml through ole. Adding this may help:
loo_xmlhttp.setRequestHeader("Content-Type", "text/xml")
you need to make sure that the your value for ls_post_url2 is one of the values that is found in the wsdl file. Just search for "soap:operation soapAction" in the wsdl file to see the valid values for SOAPAction.