diff --git a/INSTALL b/INSTALL
index 46433d92..ed19d6fc 100644
--- a/INSTALL
+++ b/INSTALL
@@ -744,8 +744,6 @@ CREATE TABLE oauth_key (
timestamp bigint default 0,
lifetime integer default 0,
as_rs_alg varchar(64) default '',
- as_rs_key varchar(256) default '',
- auth_key varchar(256) default '',
primary key (kid)
);
@@ -754,8 +752,6 @@ The oauth_key table fields meanings are:
kid: the kid of the key;
ikm_key - (optional) base64-encoded key ("input keying material");
- The ikm_key is not needed if the as_rs_key and auth_key are defined
- explicitly in the database;
timestamp - (optional) the timestamp (in seconds) when the key
lifetime starts;
@@ -767,12 +763,6 @@ The oauth_key table fields meanings are:
"A256GCMKW", "A128GCMKW" (see
http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-4.1).
The default value is "A256GCMKW";
-
- as_rs_key - (optional) base64-encoded AS-RS key. If not defined, then
- calculated with ikm_key.
-
- auth_key - (optional) base64-encoded AUTH key. If not defined, then
- calculated with ikm_key. Not used for AEAD algorithms.
# Https access admin users.
# Leave this table empty if you do not want
diff --git a/examples/var/db/turndb b/examples/var/db/turndb
index 9b08dba5..2c30dc86 100644
Binary files a/examples/var/db/turndb and b/examples/var/db/turndb differ
diff --git a/src/apps/common/apputils.c b/src/apps/common/apputils.c
index eecfcbc7..9b91d891 100644
--- a/src/apps/common/apputils.c
+++ b/src/apps/common/apputils.c
@@ -1136,27 +1136,6 @@ void convert_oauth_key_data_raw(const oauth_key_data_raw *raw, oauth_key_data *o
turn_free(ikm_key,ikm_key_size);
}
}
-
- if(raw->as_rs_key[0]) {
- size_t as_rs_key_size = 0;
- char *as_rs_key = (char*)base64_decode(raw->as_rs_key,strlen(raw->as_rs_key),&as_rs_key_size);
- if(as_rs_key) {
- ns_bcopy(as_rs_key,oakd->as_rs_key,as_rs_key_size);
- oakd->as_rs_key_size = as_rs_key_size;
- turn_free(as_rs_key,as_rs_key_size);
- }
- }
-
- if(raw->auth_key[0]) {
- size_t auth_key_size = 0;
- char *auth_key = (char*)base64_decode(raw->auth_key,strlen(raw->auth_key),&auth_key_size);
- if(auth_key) {
- ns_bcopy(auth_key,oakd->auth_key,auth_key_size);
- oakd->auth_key_size = auth_key_size;
- turn_free(auth_key,auth_key_size);
- }
- }
-
}
}
diff --git a/src/apps/common/apputils.h b/src/apps/common/apputils.h
index 4b93d861..6ff61bfd 100644
--- a/src/apps/common/apputils.h
+++ b/src/apps/common/apputils.h
@@ -142,8 +142,6 @@ struct _oauth_key_data_raw {
u64bits timestamp;
u32bits lifetime;
char as_rs_alg[OAUTH_ALG_SIZE+1];
- char as_rs_key[OAUTH_KEY_SIZE+1];
- char auth_key[OAUTH_KEY_SIZE+1];
};
typedef struct _oauth_key_data_raw oauth_key_data_raw;
diff --git a/src/apps/relay/dbdrivers/dbd_mongo.c b/src/apps/relay/dbdrivers/dbd_mongo.c
index 853a5524..e06127e8 100644
--- a/src/apps/relay/dbdrivers/dbd_mongo.c
+++ b/src/apps/relay/dbdrivers/dbd_mongo.c
@@ -255,8 +255,6 @@ static int mongo_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
BSON_APPEND_INT32(&fields, "lifetime", 1);
BSON_APPEND_INT32(&fields, "timestamp", 1);
BSON_APPEND_INT32(&fields, "as_rs_alg", 1);
- BSON_APPEND_INT32(&fields, "as_rs_key", 1);
- BSON_APPEND_INT32(&fields, "auth_key", 1);
BSON_APPEND_INT32(&fields, "ikm_key", 1);
mongoc_cursor_t * cursor;
@@ -279,12 +277,6 @@ static int mongo_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "as_rs_alg") && BSON_ITER_HOLDS_UTF8(&iter)) {
STRCPY(key->as_rs_alg,bson_iter_utf8(&iter, &length));
}
- if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "as_rs_key") && BSON_ITER_HOLDS_UTF8(&iter)) {
- STRCPY(key->as_rs_key,bson_iter_utf8(&iter, &length));
- }
- if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "auth_key") && BSON_ITER_HOLDS_UTF8(&iter)) {
- STRCPY(key->auth_key,bson_iter_utf8(&iter, &length));
- }
if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "ikm_key") && BSON_ITER_HOLDS_UTF8(&iter)) {
STRCPY(key->ikm_key,bson_iter_utf8(&iter, &length));
}
@@ -349,8 +341,6 @@ static int mongo_set_oauth_key(oauth_key_data_raw *key) {
bson_init(&doc);
BSON_APPEND_UTF8(&doc, "kid", (const char *)key->kid);
BSON_APPEND_UTF8(&doc, "as_rs_alg", (const char *)key->as_rs_alg);
- BSON_APPEND_UTF8(&doc, "as_rs_key", (const char *)key->as_rs_key);
- BSON_APPEND_UTF8(&doc, "auth_key", (const char *)key->auth_key);
BSON_APPEND_UTF8(&doc, "ikm_key", (const char *)key->ikm_key);
BSON_APPEND_INT64(&doc, "timestamp", (int64_t)key->timestamp);
BSON_APPEND_INT32(&doc, "lifetime", (int32_t)key->lifetime);
@@ -511,8 +501,6 @@ static int mongo_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre
BSON_APPEND_INT32(&fields, "lifetime", 1);
BSON_APPEND_INT32(&fields, "timestamp", 1);
BSON_APPEND_INT32(&fields, "as_rs_alg", 1);
- BSON_APPEND_INT32(&fields, "as_rs_key", 1);
- BSON_APPEND_INT32(&fields, "auth_key", 1);
BSON_APPEND_INT32(&fields, "ikm_key", 1);
mongoc_cursor_t * cursor;
@@ -537,12 +525,6 @@ static int mongo_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre
if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "as_rs_alg") && BSON_ITER_HOLDS_UTF8(&iter)) {
STRCPY(key->as_rs_alg,bson_iter_utf8(&iter, &length));
}
- if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "as_rs_key") && BSON_ITER_HOLDS_UTF8(&iter)) {
- STRCPY(key->as_rs_key,bson_iter_utf8(&iter, &length));
- }
- if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "auth_key") && BSON_ITER_HOLDS_UTF8(&iter)) {
- STRCPY(key->auth_key,bson_iter_utf8(&iter, &length));
- }
if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "ikm_key") && BSON_ITER_HOLDS_UTF8(&iter)) {
STRCPY(key->ikm_key,bson_iter_utf8(&iter, &length));
}
@@ -566,9 +548,9 @@ static int mongo_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre
add_to_secrets_list(lts,lt);
}
} else {
- printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s, as_rs_key=%s, auth_key=%s\n",
+ printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n",
key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime,
- key->as_rs_alg, key->as_rs_key, key->auth_key);
+ key->as_rs_alg);
}
}
mongoc_cursor_destroy(cursor);
diff --git a/src/apps/relay/dbdrivers/dbd_mysql.c b/src/apps/relay/dbdrivers/dbd_mysql.c
index de7fda11..ca2189d7 100644
--- a/src/apps/relay/dbdrivers/dbd_mysql.c
+++ b/src/apps/relay/dbdrivers/dbd_mysql.c
@@ -343,7 +343,7 @@ static int mysql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
int ret = -1;
char statement[TURN_LONG_STRING_SIZE];
- snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key from oauth_key where kid='%s'",(const char*)kid);
+ snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg from oauth_key where kid='%s'",(const char*)kid);
MYSQL * myc = get_mydb_connection();
if(myc) {
@@ -354,7 +354,7 @@ static int mysql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
MYSQL_RES *mres = mysql_store_result(myc);
if(!mres) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving MySQL DB information: %s\n",mysql_error(myc));
- } else if(mysql_field_count(myc)!=6) {
+ } else if(mysql_field_count(myc)!=4) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Unknown error retrieving MySQL DB information: %s\n",statement);
} else {
MYSQL_ROW row = mysql_fetch_row(mres);
@@ -378,12 +378,6 @@ static int mysql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
ns_bcopy(row[3],key->as_rs_alg,lengths[3]);
key->as_rs_alg[lengths[3]]=0;
- ns_bcopy(row[4],key->as_rs_key,lengths[4]);
- key->as_rs_key[lengths[4]]=0;
-
- ns_bcopy(row[5],key->auth_key,lengths[5]);
- key->auth_key[lengths[5]]=0;
-
ret = 0;
}
}
@@ -402,7 +396,7 @@ static int mysql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre
oauth_key_data_raw *key=&key_;
int ret = -1;
char statement[TURN_LONG_STRING_SIZE];
- snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key,kid from oauth_key order by kid");
+ snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg,kid from oauth_key order by kid");
MYSQL * myc = get_mydb_connection();
if(myc) {
@@ -413,7 +407,7 @@ static int mysql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre
MYSQL_RES *mres = mysql_store_result(myc);
if(!mres) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving MySQL DB information: %s\n",mysql_error(myc));
- } else if(mysql_field_count(myc)!=7) {
+ } else if(mysql_field_count(myc)!=5) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Unknown error retrieving MySQL DB information: %s\n",statement);
} else {
MYSQL_ROW row = mysql_fetch_row(mres);
@@ -437,14 +431,8 @@ static int mysql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre
ns_bcopy(row[3],key->as_rs_alg,lengths[3]);
key->as_rs_alg[lengths[3]]=0;
- ns_bcopy(row[4],key->as_rs_key,lengths[4]);
- key->as_rs_key[lengths[4]]=0;
-
- ns_bcopy(row[5],key->auth_key,lengths[5]);
- key->auth_key[lengths[5]]=0;
-
ns_bcopy(row[6],key->kid,lengths[6]);
- key->kid[lengths[6]]=0;
+ key->kid[lengths[4]]=0;
if(kids) {
add_to_secrets_list(kids,key->kid);
@@ -460,9 +448,9 @@ static int mysql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre
add_to_secrets_list(lts,lt);
}
} else {
- printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s, as_rs_key=%s, auth_key=%s\n",
+ printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n",
key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime,
- key->as_rs_alg, key->as_rs_key, key->auth_key);
+ key->as_rs_alg);
}
}
row = mysql_fetch_row(mres);
@@ -506,13 +494,13 @@ static int mysql_set_oauth_key(oauth_key_data_raw *key)
char statement[TURN_LONG_STRING_SIZE];
MYSQL * myc = get_mydb_connection();
if(myc) {
- snprintf(statement,sizeof(statement),"insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key) values('%s','%s',%llu,%lu,'%s','%s','%s')",
+ snprintf(statement,sizeof(statement),"insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('%s','%s',%llu,%lu,'%s')",
key->kid,key->ikm_key,(unsigned long long)key->timestamp,(unsigned long)key->lifetime,
- key->as_rs_alg,key->as_rs_key,key->auth_key);
+ key->as_rs_alg);
int res = mysql_query(myc, statement);
if(res) {
- snprintf(statement,sizeof(statement),"update oauth_key set ikm_key='%s',timestamp=%lu,lifetime=%lu, as_rs_alg='%s',as_rs_key='%s',auth_key='%s' where kid='%s'",key->ikm_key,(unsigned long)key->timestamp,(unsigned long)key->lifetime,
- key->as_rs_alg,key->as_rs_key,key->auth_key,key->kid);
+ snprintf(statement,sizeof(statement),"update oauth_key set ikm_key='%s',timestamp=%lu,lifetime=%lu, as_rs_alg='%s' where kid='%s'",key->ikm_key,(unsigned long)key->timestamp,(unsigned long)key->lifetime,
+ key->as_rs_alg,key->kid);
res = mysql_query(myc, statement);
if(res) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error inserting/updating oauth key information: %s\n",mysql_error(myc));
diff --git a/src/apps/relay/dbdrivers/dbd_pgsql.c b/src/apps/relay/dbdrivers/dbd_pgsql.c
index 6716de8b..cfb0187e 100644
--- a/src/apps/relay/dbdrivers/dbd_pgsql.c
+++ b/src/apps/relay/dbdrivers/dbd_pgsql.c
@@ -158,7 +158,7 @@ static int pgsql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
int ret = -1;
char statement[TURN_LONG_STRING_SIZE];
- snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key from oauth_key where kid='%s'",(const char*)kid);
+ snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg from oauth_key where kid='%s'",(const char*)kid);
PGconn * pqc = get_pqdb_connection();
if(pqc) {
@@ -171,8 +171,6 @@ static int pgsql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
key->timestamp = (u64bits)strtoll(PQgetvalue(res,0,1),NULL,10);
key->lifetime = (u32bits)strtol(PQgetvalue(res,0,2),NULL,10);
STRCPY(key->as_rs_alg,PQgetvalue(res,0,3));
- STRCPY(key->as_rs_key,PQgetvalue(res,0,4));
- STRCPY(key->auth_key,PQgetvalue(res,0,5));
STRCPY(key->kid,kid);
ret = 0;
}
@@ -193,7 +191,7 @@ static int pgsql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre
int ret = -1;
char statement[TURN_LONG_STRING_SIZE];
- snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key,kid from oauth_key order by kid");
+ snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg,kid from oauth_key order by kid");
PGconn * pqc = get_pqdb_connection();
if(pqc) {
@@ -209,9 +207,7 @@ static int pgsql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre
key->timestamp = (u64bits)strtoll(PQgetvalue(res,i,1),NULL,10);
key->lifetime = (u32bits)strtol(PQgetvalue(res,i,2),NULL,10);
STRCPY(key->as_rs_alg,PQgetvalue(res,i,3));
- STRCPY(key->as_rs_key,PQgetvalue(res,i,4));
- STRCPY(key->auth_key,PQgetvalue(res,i,5));
- STRCPY(key->kid,PQgetvalue(res,i,6));
+ STRCPY(key->kid,PQgetvalue(res,i,4));
if(kids) {
add_to_secrets_list(kids,key->kid);
@@ -227,9 +223,9 @@ static int pgsql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre
add_to_secrets_list(lts,lt);
}
} else {
- printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s, as_rs_key=%s, auth_key=%s\n",
+ printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n",
key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime,
- key->as_rs_alg, key->as_rs_key, key->auth_key);
+ key->as_rs_alg);
}
ret = 0;
@@ -277,17 +273,17 @@ static int pgsql_set_oauth_key(oauth_key_data_raw *key) {
char statement[TURN_LONG_STRING_SIZE];
PGconn *pqc = get_pqdb_connection();
if(pqc) {
- snprintf(statement,sizeof(statement),"insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key) values('%s','%s',%llu,%lu,'%s','%s','%s')",
+ snprintf(statement,sizeof(statement),"insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('%s','%s',%llu,%lu,'%s')",
key->kid,key->ikm_key,(unsigned long long)key->timestamp,(unsigned long)key->lifetime,
- key->as_rs_alg,key->as_rs_key,key->auth_key);
+ key->as_rs_alg);
PGresult *res = PQexec(pqc, statement);
if(!res || (PQresultStatus(res) != PGRES_COMMAND_OK)) {
if(res) {
PQclear(res);
}
- snprintf(statement,sizeof(statement),"update oauth_key set ikm_key='%s',timestamp=%lu,lifetime=%lu, as_rs_alg='%s',as_rs_key='%s',auth_key='%s' where kid='%s'",key->ikm_key,(unsigned long)key->timestamp,(unsigned long)key->lifetime,
- key->as_rs_alg,key->as_rs_key,key->auth_key,key->kid);
+ snprintf(statement,sizeof(statement),"update oauth_key set ikm_key='%s',timestamp=%lu,lifetime=%lu, as_rs_alg='%s' where kid='%s'",key->ikm_key,(unsigned long)key->timestamp,(unsigned long)key->lifetime,
+ key->as_rs_alg,key->kid);
res = PQexec(pqc, statement);
if(!res || (PQresultStatus(res) != PGRES_COMMAND_OK)) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error inserting/updating oauth_key information: %s\n",PQerrorMessage(pqc));
diff --git a/src/apps/relay/dbdrivers/dbd_redis.c b/src/apps/relay/dbdrivers/dbd_redis.c
index c315522a..3619f816 100644
--- a/src/apps/relay/dbdrivers/dbd_redis.c
+++ b/src/apps/relay/dbdrivers/dbd_redis.c
@@ -477,10 +477,6 @@ static int redis_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
if(kw) {
if(!strcmp(kw,"as_rs_alg")) {
STRCPY(key->as_rs_alg,val);
- } else if(!strcmp(kw,"as_rs_key")) {
- STRCPY(key->as_rs_key,val);
- } else if(!strcmp(kw,"auth_key")) {
- STRCPY(key->auth_key,val);
} else if(!strcmp(kw,"ikm_key")) {
STRCPY(key->ikm_key,val);
} else if(!strcmp(kw,"timestamp")) {
@@ -516,8 +512,8 @@ static int redis_set_oauth_key(oauth_key_data_raw *key) {
redisContext *rc = get_redis_connection();
if(rc) {
char statement[TURN_LONG_STRING_SIZE];
- snprintf(statement,sizeof(statement),"hmset turn/oauth/kid/%s ikm_key %s as_rs_alg %s as_rs_key %s auth_key %s timestamp %llu lifetime %lu",
- key->kid,key->ikm_key,key->as_rs_alg,key->as_rs_key,key->auth_key,(unsigned long long)key->timestamp,(unsigned long)key->lifetime);
+ snprintf(statement,sizeof(statement),"hmset turn/oauth/kid/%s ikm_key %s as_rs_alg %s timestamp %llu lifetime %lu",
+ key->kid,key->ikm_key,key->as_rs_alg,(unsigned long long)key->timestamp,(unsigned long)key->lifetime);
turnFreeRedisReply(redisCommand(rc, statement));
turnFreeRedisReply(redisCommand(rc, "save"));
ret = 0;
@@ -683,9 +679,9 @@ static int redis_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secre
add_to_secrets_list(lts,lt);
}
} else {
- printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s, as_rs_key=%s, auth_key=%s\n",
+ printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n",
key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime,
- key->as_rs_alg, key->as_rs_key, key->auth_key);
+ key->as_rs_alg);
}
}
}
diff --git a/src/apps/relay/dbdrivers/dbd_sqlite.c b/src/apps/relay/dbdrivers/dbd_sqlite.c
index 5a9dac15..6d216a5f 100644
--- a/src/apps/relay/dbdrivers/dbd_sqlite.c
+++ b/src/apps/relay/dbdrivers/dbd_sqlite.c
@@ -154,7 +154,7 @@ static void init_sqlite_database(sqlite3 *sqliteconnection) {
"CREATE TABLE denied_peer_ip (realm varchar(127) default '', ip_range varchar(256), primary key (realm,ip_range))",
"CREATE TABLE turn_origin_to_realm (origin varchar(127),realm varchar(127),primary key (origin))",
"CREATE TABLE turn_realm_option (realm varchar(127) default '', opt varchar(32), value varchar(128), primary key (realm,opt))",
- "CREATE TABLE oauth_key (kid varchar(128),ikm_key varchar(256) default '',timestamp bigint default 0,lifetime integer default 0,as_rs_alg varchar(64) default '',as_rs_key varchar(256) default '',auth_key varchar(256) default '',primary key (kid))",
+ "CREATE TABLE oauth_key (kid varchar(128),ikm_key varchar(256) default '',timestamp bigint default 0,lifetime integer default 0,as_rs_alg varchar(64) default '',primary key (kid))",
"CREATE TABLE admin_user (name varchar(32), realm varchar(127), password varchar(127), primary key (name))",
NULL
};
@@ -293,7 +293,7 @@ static int sqlite_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
char statement[TURN_LONG_STRING_SIZE];
sqlite3_stmt *st = NULL;
int rc = 0;
- snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key from oauth_key where kid='%s'",(const char*)kid);
+ snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg from oauth_key where kid='%s'",(const char*)kid);
sqlite3 *sqliteconnection = get_sqlite_connection();
if(sqliteconnection) {
@@ -309,8 +309,6 @@ static int sqlite_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
key->timestamp = (u64bits)strtoll((const char*)sqlite3_column_text(st, 1),NULL,10);
key->lifetime = (u32bits)strtol((const char*)sqlite3_column_text(st, 2),NULL,10);
STRCPY(key->as_rs_alg,sqlite3_column_text(st, 3));
- STRCPY(key->as_rs_key,sqlite3_column_text(st, 4));
- STRCPY(key->auth_key,sqlite3_column_text(st, 5));
STRCPY(key->kid,kid);
ret = 0;
}
@@ -339,7 +337,7 @@ static int sqlite_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secr
char statement[TURN_LONG_STRING_SIZE];
sqlite3_stmt *st = NULL;
int rc = 0;
- snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key,kid from oauth_key order by kid");
+ snprintf(statement,sizeof(statement),"select ikm_key,timestamp,lifetime,as_rs_alg,kid from oauth_key order by kid");
sqlite3 *sqliteconnection = get_sqlite_connection();
if(sqliteconnection) {
@@ -357,9 +355,7 @@ static int sqlite_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secr
key->timestamp = (u64bits)strtoll((const char*)sqlite3_column_text(st, 1),NULL,10);
key->lifetime = (u32bits)strtol((const char*)sqlite3_column_text(st, 2),NULL,10);
STRCPY(key->as_rs_alg,sqlite3_column_text(st, 3));
- STRCPY(key->as_rs_key,sqlite3_column_text(st, 4));
- STRCPY(key->auth_key,sqlite3_column_text(st, 5));
- STRCPY(key->kid,sqlite3_column_text(st, 6));
+ STRCPY(key->kid,sqlite3_column_text(st, 4));
if(kids) {
add_to_secrets_list(kids,key->kid);
@@ -375,9 +371,9 @@ static int sqlite_list_oauth_keys(secrets_list_t *kids,secrets_list_t *teas,secr
add_to_secrets_list(lts,lt);
}
} else {
- printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s, as_rs_key=%s, auth_key=%s\n",
+ printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n",
key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime,
- key->as_rs_alg, key->as_rs_key, key->auth_key);
+ key->as_rs_alg);
}
} else if (res == SQLITE_DONE) {
@@ -447,9 +443,8 @@ static int sqlite_set_oauth_key(oauth_key_data_raw *key)
snprintf(
statement,
sizeof(statement),
- "insert or replace into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key) values('%s','%s',%llu,%lu,'%s','%s','%s')",
- key->kid, key->ikm_key, (unsigned long long) key->timestamp, (unsigned long) key->lifetime, key->as_rs_alg, key->as_rs_key,
- key->auth_key);
+ "insert or replace into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('%s','%s',%llu,%lu,'%s')",
+ key->kid, key->ikm_key, (unsigned long long) key->timestamp, (unsigned long) key->lifetime, key->as_rs_alg);
sqlite_lock(1);
diff --git a/src/apps/relay/turn_admin_server.c b/src/apps/relay/turn_admin_server.c
index 699876cc..dfdb8d2e 100644
--- a/src/apps/relay/turn_admin_server.c
+++ b/src/apps/relay/turn_admin_server.c
@@ -1372,8 +1372,6 @@ typedef enum _AS_FORM AS_FORM;
#define HR_ADD_OAUTH_TS "oauth_ts"
#define HR_ADD_OAUTH_LT "oauth_lt"
#define HR_ADD_OAUTH_IKM "oauth_ikm"
-#define HR_ADD_OAUTH_RS_KEY "oauth_rs_key"
-#define HR_ADD_OAUTH_AUTH_KEY "oauth_auth_key"
#define HR_ADD_OAUTH_TEA "oauth_tea"
#define HR_DELETE_OAUTH_KID "oauth_kid_del"
#define HR_OAUTH_KID "kid"
@@ -2878,28 +2876,6 @@ static void write_https_oauth_show_keys(ioa_socket_handle s, const char* kid)
str_buffer_append(sb,"\r\n");
}
- if(okey.as_rs_key_size) {
- size_t as_rs_key_size = 0;
- char *as_rs_key = (char*)base64_encode((unsigned char*)okey.as_rs_key,okey.as_rs_key_size,&as_rs_key_size);
- if(as_rs_key) {
- str_buffer_append(sb,"| AS-RS key: | ");
- str_buffer_append(sb,as_rs_key);
- str_buffer_append(sb," |
\r\n");
- turn_free(as_rs_key,as_rs_key_size);
- }
- }
-
- if(okey.auth_key_size) {
- size_t auth_key_size = 0;
- char *auth_key = (char*)base64_encode((unsigned char*)okey.auth_key,okey.auth_key_size,&auth_key_size);
- if(auth_key) {
- str_buffer_append(sb,"| AUTH key: | ");
- str_buffer_append(sb,auth_key);
- str_buffer_append(sb," |
\r\n");
- turn_free(auth_key,auth_key_size);
- }
- }
-
str_buffer_append(sb,"\r\n");
}
}
@@ -2914,7 +2890,6 @@ static void write_https_oauth_show_keys(ioa_socket_handle s, const char* kid)
static void write_https_oauth_page(ioa_socket_handle s, const char* add_kid, const char* add_ikm,
const char* add_tea,
const char *add_ts, const char* add_lt,
- const char *add_rs_key, const char *add_auth_key,
const char* msg)
{
if(s && !ioa_socket_tobeclosed(s)) {
@@ -3017,35 +2992,7 @@ static void write_https_oauth_page(ioa_socket_handle s, const char* add_kid, con
str_buffer_append(sb,">A256GCMKW\r\n
\r\n");
}
- str_buffer_append(sb,"");
-
- {
- if(!add_rs_key) add_rs_key = "";
-
- str_buffer_append(sb,"
Base64-encoded AS-RS key (optional):
");
- str_buffer_append(sb,"
\r\n");
- }
-
- str_buffer_append(sb," | \r\n");
-
- str_buffer_append(sb,"");
-
- {
- if(!add_auth_key) add_auth_key = "";
-
- str_buffer_append(sb,"
Base64-encoded AUTH key (optional):
");
- str_buffer_append(sb,"
\r\n");
- }
-
- str_buffer_append(sb," |
\r\n");
+ str_buffer_append(sb,"\r\n\r\n");
str_buffer_append(sb,"
");
@@ -3545,28 +3492,19 @@ static void handle_https(ioa_socket_handle s, ioa_network_buffer_handle nbh)
const char* add_ts = "0";
const char* add_lt = "0";
const char* add_ikm = "";
- const char *add_rs_key = "";
- const char *add_auth_key = "";
const char* add_tea = "";
const char* msg = "";
add_kid = get_http_header_value(hr,HR_ADD_OAUTH_KID,"");
if(add_kid[0]) {
add_ikm = get_http_header_value(hr,HR_ADD_OAUTH_IKM,"");
- add_rs_key = get_http_header_value(hr,HR_ADD_OAUTH_RS_KEY,"");
- add_auth_key = get_http_header_value(hr,HR_ADD_OAUTH_AUTH_KEY,"");
add_ts = get_http_header_value(hr,HR_ADD_OAUTH_TS,"");
add_lt = get_http_header_value(hr,HR_ADD_OAUTH_LT,"");
add_tea = get_http_header_value(hr,HR_ADD_OAUTH_TEA,"");
- int keys_ok = 0;
- if(add_rs_key[0] && add_auth_key[0]) {
- keys_ok = 1;
- } else if(strstr(add_tea,"GCM") && add_rs_key[0]) {
- keys_ok = 1;
- }
+ int keys_ok = (add_ikm[0] != 0);
if(!keys_ok) {
- msg = "Provided information is insufficient for the oAuth key generation.";
+ msg = "You must enter the key value.";
} else {
oauth_key_data_raw key;
ns_bzero(&key,sizeof(key));
@@ -3588,8 +3526,6 @@ static void handle_https(ioa_socket_handle s, ioa_network_buffer_handle nbh)
STRCPY(key.ikm_key,add_ikm);
STRCPY(key.as_rs_alg,add_tea);
- STRCPY(key.as_rs_key,add_rs_key);
- STRCPY(key.auth_key,add_auth_key);
const turn_dbdriver_t * dbd = get_dbdriver();
if (dbd && dbd->set_oauth_key) {
@@ -3601,14 +3537,12 @@ static void handle_https(ioa_socket_handle s, ioa_network_buffer_handle nbh)
add_lt = "0";
add_ikm = "";
add_tea = "";
- add_rs_key = "";
- add_auth_key = "";
}
}
}
}
- write_https_oauth_page(s,add_kid,add_ikm,add_tea,add_ts,add_lt,add_rs_key,add_auth_key,msg);
+ write_https_oauth_page(s,add_kid,add_ikm,add_tea,add_ts,add_lt,msg);
}
break;
}
diff --git a/src/apps/relay/userdb.c b/src/apps/relay/userdb.c
index 8e5acf76..26f6cde2 100644
--- a/src/apps/relay/userdb.c
+++ b/src/apps/relay/userdb.c
@@ -1018,15 +1018,12 @@ void run_db_test(void)
oauth_key_data_raw key_;
oauth_key_data_raw *key=&key_;
dbd->get_oauth_key((const u08bits*)"north",key);
- printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s, as_rs_key=%s, auth_key=%s\n",
- key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime,
- key->as_rs_alg, key->as_rs_key, key->auth_key);
+ printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n",
+ key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->as_rs_alg);
printf("DB TEST 3:\n");
STRCPY(key->as_rs_alg,"as_rs_alg");
- STRCPY(key->as_rs_key,"as_rs_key");
- STRCPY(key->auth_key,"auth_key");
STRCPY(key->ikm_key,"ikm_key");
STRCPY(key->kid,"kid");
key->timestamp = 123;
@@ -1037,9 +1034,8 @@ void run_db_test(void)
printf("DB TEST 4:\n");
dbd->get_oauth_key((const u08bits*)"kid",key);
- printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s, as_rs_key=%s, auth_key=%s\n",
- key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime,
- key->as_rs_alg, key->as_rs_key, key->auth_key);
+ printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n",
+ key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->as_rs_alg);
printf("DB TEST 5:\n");
dbd->del_oauth_key((const u08bits*)"kid");
@@ -1051,9 +1047,8 @@ void run_db_test(void)
oauth_key_data oakd;
convert_oauth_key_data_raw(key, &oakd);
- printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s, as_rs_key_size=%d, auth_key_size=%d\n",
- oakd.kid, oakd.ikm_key, (unsigned long long)oakd.timestamp, (unsigned long)oakd.lifetime,
- oakd.as_rs_alg, (int)oakd.as_rs_key_size, (int)oakd.auth_key_size);
+ printf(" kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, as_rs_alg=%s\n",
+ oakd.kid, oakd.ikm_key, (unsigned long long)oakd.timestamp, (unsigned long)oakd.lifetime, oakd.as_rs_alg);
oauth_key oak;
char err_msg[1025];
diff --git a/src/apps/uclient/mainuclient.c b/src/apps/uclient/mainuclient.c
index c172ee31..264d2422 100644
--- a/src/apps/uclient/mainuclient.c
+++ b/src/apps/uclient/mainuclient.c
@@ -102,9 +102,9 @@ int oauth = 0;
oauth_key okey_array[3];
static oauth_key_data_raw okdr_array[3] = {
- {"north","Y2FybGVvbg==",0,0,"A256GCMKW","",""},
- {"union","aGVyb2Q=",0,0,"A128GCMKW","",""},
- {"oldempire","YXVsY3Vz",0,0,"A256GCMKW","",""}
+ {"north","Y2FybGVvbg==",0,0,"A256GCMKW"},
+ {"union","aGVyb2Q=",0,0,"A128GCMKW"},
+ {"oldempire","YXVsY3Vz",0,0,"A256GCMKW"}
};
//////////////// local definitions /////////////////
diff --git a/src/client/ns_turn_msg.c b/src/client/ns_turn_msg.c
index 51454c6e..f8f2ddb7 100644
--- a/src/client/ns_turn_msg.c
+++ b/src/client/ns_turn_msg.c
@@ -2045,15 +2045,8 @@ int convert_oauth_key_data(const oauth_key_data *oakd0, oauth_key *key, char *er
oauth_key_data *oakd = &oakd_obj;
if(!(oakd->ikm_key_size)) {
- if(!(oakd->as_rs_key_size)) {
- if(err_msg) {
- snprintf(err_msg,err_msg_size,"AS-RS key is not defined");
- }
- OAUTH_ERROR("AS-RS key is not defined\n");
- return -1;
- }
- if(!(oakd->auth_key_size)) {
- //AEAD ?
+ if(err_msg) {
+ snprintf(err_msg,err_msg_size,"key is not defined");
}
}
@@ -2075,10 +2068,6 @@ int convert_oauth_key_data(const oauth_key_data *oakd0, oauth_key *key, char *er
STRCPY(key->kid,oakd->kid);
- ns_bcopy(oakd->as_rs_key,key->as_rs_key,sizeof(key->as_rs_key));
- key->as_rs_key_size = oakd->as_rs_key_size;
- ns_bcopy(oakd->auth_key,key->auth_key,sizeof(key->auth_key));
- key->auth_key_size = oakd->auth_key_size;
ns_bcopy(oakd->ikm_key,key->ikm_key,sizeof(key->ikm_key));
key->ikm_key_size = oakd->ikm_key_size;
@@ -2108,20 +2097,16 @@ int convert_oauth_key_data(const oauth_key_data *oakd0, oauth_key *key, char *er
return -1;
}
- if(!(key->auth_key_size)) {
- key->auth_key_size = calculate_auth_key_length(key->as_rs_alg);
- if(key->auth_key_size) {
- if(calculate_key(key->ikm_key,key->ikm_key_size,key->auth_key,key->auth_key_size)<0) {
- return -1;
- }
+ key->auth_key_size = calculate_auth_key_length(key->as_rs_alg);
+ if(key->auth_key_size) {
+ if(calculate_key(key->ikm_key,key->ikm_key_size,key->auth_key,key->auth_key_size)<0) {
+ return -1;
}
}
- if(!(key->as_rs_key_size)) {
- key->as_rs_key_size = calculate_enc_key_length(key->as_rs_alg);
- if(calculate_key(key->ikm_key,key->ikm_key_size,key->as_rs_key,key->as_rs_key_size)<0) {
- return -1;
- }
+ key->as_rs_key_size = calculate_enc_key_length(key->as_rs_alg);
+ if(calculate_key(key->ikm_key,key->ikm_key_size,key->as_rs_key,key->as_rs_key_size)<0) {
+ return -1;
}
}
diff --git a/src/client/ns_turn_msg_defs_new.h b/src/client/ns_turn_msg_defs_new.h
index f23493de..9a0d3732 100644
--- a/src/client/ns_turn_msg_defs_new.h
+++ b/src/client/ns_turn_msg_defs_new.h
@@ -112,10 +112,6 @@ struct _oauth_key_data {
turn_time_t timestamp;
turn_time_t lifetime;
char as_rs_alg[OAUTH_ALG_SIZE+1];
- char as_rs_key[OAUTH_KEY_SIZE+1];
- size_t as_rs_key_size;
- char auth_key[OAUTH_KEY_SIZE+1];
- size_t auth_key_size;
};
typedef struct _oauth_key_data oauth_key_data;
diff --git a/turndb/schema.sql b/turndb/schema.sql
index 25ee800f..b35463a2 100644
--- a/turndb/schema.sql
+++ b/turndb/schema.sql
@@ -43,8 +43,6 @@ CREATE TABLE oauth_key (
timestamp bigint default 0,
lifetime integer default 0,
as_rs_alg varchar(64) default '',
- as_rs_key varchar(256) default '',
- auth_key varchar(256) default '',
primary key (kid)
);
diff --git a/turndb/schema.userdb.redis b/turndb/schema.userdb.redis
index 00810404..d79ccf6e 100644
--- a/turndb/schema.userdb.redis
+++ b/turndb/schema.userdb.redis
@@ -34,12 +34,10 @@ and they will be almost immediately "seen" by the turnserver process.
4) For the oAuth authentication, there is a hash structure with the key
"turn/oauth/kid/". The kid structure fields are:
- ikm_key - (optional) base64-encoded key ("input keying material");
- The ikm_key is not needed if the as_rs_key and auth_key are defined
- explicitly in the database;
+ ikm_key - (optional) base64-encoded key ("input keying material").
timestamp - (optional) the timestamp (in seconds) when the key
- lifetime started;
+ lifetime started.
lifetime - (optional) the key lifetime in seconds; the default value
is 0 - unlimited lifetime.
@@ -47,14 +45,7 @@ and they will be almost immediately "seen" by the turnserver process.
as_rs_alg - oAuth token encryption algorithm; the valid values are
"A256GCMKW", "A128GCMKW" (see
http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-4.1).
- The default value is "A256GCMKW";
-
- as_rs_key - (optional) base64-encoded AS-RS key. If not defined, then
- calculated with ikm_key. The as_rs_key length
- is defined by as_rs_alg.
-
- auth_key - (optional) base64-encoded AUTH key. If not defined, then
- calculated with ikm_key. Not used with AEAD algorithms.
+ The default value is "A256GCMKW".
5) admin users (over https interface) are maintained as keys of form:
"turn/admin_user/ with hash members "password" and,
diff --git a/turndb/testsqldbsetup.sql b/turndb/testsqldbsetup.sql
index a7e77ccf..ce7d7d57 100644
--- a/turndb/testsqldbsetup.sql
+++ b/turndb/testsqldbsetup.sql
@@ -31,6 +31,6 @@ insert into denied_peer_ip (ip_range) values('123::45');
insert into denied_peer_ip (realm,ip_range) values('north.gov','172.17.17.133-172.17.19.56');
insert into denied_peer_ip (realm,ip_range) values('crinna.org','123::77');
-insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key) values('north','Y2FybGVvbg==',0,0,'A256GCMKW','','');
-insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key) values('union','aGVyb2Q=',0,0,'A128GCMKW','','');
-insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg,as_rs_key,auth_key) values('oldempire','YXVsY3Vz',0,0,'A256GCMKW','','');
+insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('north','Y2FybGVvbg==',0,0,'A256GCMKW');
+insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('union','aGVyb2Q=',0,0,'A128GCMKW');
+insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('oldempire','YXVsY3Vz',0,0,'A256GCMKW');