mirror of
https://github.com/coturn/coturn.git
synced 2025-10-24 20:41:03 +02:00
working on oauth
This commit is contained in:
mom040267
parent
31b25414b4
commit
ef552b16f4
6
INSTALL
6
INSTALL
@ -760,9 +760,9 @@ The oauth_key table fields meanings are:
|
||||
is 0 - unlimited lifetime.
|
||||
|
||||
as_rs_alg - oAuth token encryption algorithm; the valid values are
|
||||
"A256GCMKW", "A128GCMKW" (see
|
||||
http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-4.1).
|
||||
The default value is "A256GCMKW";
|
||||
"A256GCM", "A128GCM" (see
|
||||
http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-5.1).
|
||||
The default value is "A256GCM";
|
||||
|
||||
# Https access admin users.
|
||||
# Leave this table empty if you do not want
|
||||
|
||||
Binary file not shown.
@ -2973,23 +2973,23 @@ static void write_https_oauth_page(ioa_socket_handle s, const char* add_kid, con
|
||||
str_buffer_append(sb,"<br>Token encryption algorithm (required):<br>\r\n");
|
||||
|
||||
if(!add_tea || !add_tea[0])
|
||||
add_tea = "A256GCMKW";
|
||||
add_tea = "A256GCM";
|
||||
|
||||
str_buffer_append(sb,"<input type=\"radio\" name=\"");
|
||||
str_buffer_append(sb,HR_ADD_OAUTH_TEA);
|
||||
str_buffer_append(sb,"\" value=\"A128GCMKW\" ");
|
||||
if(!strcmp("A128GCMKW",add_tea)) {
|
||||
str_buffer_append(sb,"\" value=\"A128GCM\" ");
|
||||
if(!strcmp("A128GCM",add_tea)) {
|
||||
str_buffer_append(sb," checked ");
|
||||
}
|
||||
str_buffer_append(sb,">A128GCMKW\r\n<br>\r\n");
|
||||
str_buffer_append(sb,">A128GCM\r\n<br>\r\n");
|
||||
|
||||
str_buffer_append(sb,"<input type=\"radio\" name=\"");
|
||||
str_buffer_append(sb,HR_ADD_OAUTH_TEA);
|
||||
str_buffer_append(sb,"\" value=\"A256GCMKW\" ");
|
||||
if(!strcmp("A256GCMKW",add_tea)) {
|
||||
str_buffer_append(sb,"\" value=\"A256GCM\" ");
|
||||
if(!strcmp("A256GCM",add_tea)) {
|
||||
str_buffer_append(sb," checked ");
|
||||
}
|
||||
str_buffer_append(sb,">A256GCMKW\r\n<br>\r\n");
|
||||
str_buffer_append(sb,">A256GCM\r\n<br>\r\n");
|
||||
}
|
||||
|
||||
str_buffer_append(sb,"</td></tr>\r\n</table>\r\n");
|
||||
|
||||
@ -43,7 +43,7 @@
|
||||
|
||||
static const char* encs[]={
|
||||
#if !defined(TURN_NO_GCM)
|
||||
"A128GCMKW", "A256GCMKW",
|
||||
"A128GCM", "A256GCM",
|
||||
#endif
|
||||
NULL};
|
||||
|
||||
|
||||
@ -102,9 +102,9 @@ int oauth = 0;
|
||||
oauth_key okey_array[3];
|
||||
|
||||
static oauth_key_data_raw okdr_array[3] = {
|
||||
{"north","MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK",0,0,"A256GCMKW"},
|
||||
{"union","MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5OTkK",0,0,"A128GCMKW"},
|
||||
{"oldempire","MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK",0,0,"A256GCMKW"}
|
||||
{"north","MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK",0,0,"A256GCM"},
|
||||
{"union","MTIzNDU2Nzg5MDEyMzQ1Ngo=",0,0,"A128GCM"},
|
||||
{"oldempire","MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK",0,0,"A256GCM"}
|
||||
};
|
||||
|
||||
//////////////// local definitions /////////////////
|
||||
|
||||
@ -2002,7 +2002,7 @@ static void normalize_algorithm(char *s)
|
||||
static size_t calculate_enc_key_length(ENC_ALG a)
|
||||
{
|
||||
switch(a) {
|
||||
case A128GCMKW:
|
||||
case A128GCM:
|
||||
return 16;
|
||||
default:
|
||||
break;
|
||||
@ -2015,8 +2015,8 @@ static size_t calculate_auth_key_length(ENC_ALG a)
|
||||
{
|
||||
switch(a) {
|
||||
#if !defined(TURN_NO_GCM)
|
||||
case A256GCMKW:
|
||||
case A128GCMKW:
|
||||
case A256GCM:
|
||||
case A128GCM:
|
||||
return 0;
|
||||
#endif
|
||||
default:
|
||||
@ -2079,12 +2079,12 @@ int convert_oauth_key_data(const oauth_key_data *oakd0, oauth_key *key, char *er
|
||||
|
||||
key->as_rs_alg = ENC_ALG_DEFAULT;
|
||||
#if !defined(TURN_NO_GCM)
|
||||
if(!strcmp(oakd->as_rs_alg,"A128GCMKW")) {
|
||||
key->as_rs_alg = A128GCMKW;
|
||||
if(!strcmp(oakd->as_rs_alg,"A128GCM")) {
|
||||
key->as_rs_alg = A128GCM;
|
||||
key->auth_key_size = 0;
|
||||
key->auth_key[0] = 0;
|
||||
} else if(!strcmp(oakd->as_rs_alg,"A256GCMKW")) {
|
||||
key->as_rs_alg = A256GCMKW;
|
||||
} else if(!strcmp(oakd->as_rs_alg,"A256GCM")) {
|
||||
key->as_rs_alg = A256GCM;
|
||||
key->auth_key_size = 0;
|
||||
key->auth_key[0] = 0;
|
||||
} else if(oakd->as_rs_alg[0])
|
||||
@ -2117,9 +2117,9 @@ static const EVP_CIPHER *get_cipher_type(ENC_ALG enc_alg)
|
||||
{
|
||||
switch(enc_alg) {
|
||||
#if !defined(TURN_NO_GCM)
|
||||
case A128GCMKW:
|
||||
case A128GCM:
|
||||
return EVP_aes_128_gcm();
|
||||
case A256GCMKW:
|
||||
case A256GCM:
|
||||
return EVP_aes_256_gcm();
|
||||
#endif
|
||||
default:
|
||||
@ -2546,8 +2546,8 @@ int encode_oauth_token(const u08bits *server_name, encoded_oauth_token *etoken,
|
||||
if(server_name && etoken && key && dtoken) {
|
||||
switch(key->as_rs_alg) {
|
||||
#if !defined(TURN_NO_GCM)
|
||||
case A256GCMKW:
|
||||
case A128GCMKW:
|
||||
case A256GCM:
|
||||
case A128GCM:
|
||||
return encode_oauth_token_aead(server_name, etoken,key,dtoken,nonce);
|
||||
#endif
|
||||
default:
|
||||
@ -2563,8 +2563,8 @@ int decode_oauth_token(const u08bits *server_name, const encoded_oauth_token *et
|
||||
if(server_name && etoken && key && dtoken) {
|
||||
switch(key->as_rs_alg) {
|
||||
#if !defined(TURN_NO_GCM)
|
||||
case A256GCMKW:
|
||||
case A128GCMKW:
|
||||
case A256GCM:
|
||||
case A128GCM:
|
||||
return decode_oauth_token_aead(server_name, etoken,key,dtoken);
|
||||
#endif
|
||||
default:
|
||||
|
||||
@ -74,8 +74,8 @@ enum _ENC_ALG {
|
||||
ENC_ALG_ERROR=-1,
|
||||
ENC_ALG_DEFAULT=0,
|
||||
#if !defined(TURN_NO_GCM)
|
||||
A256GCMKW=ENC_ALG_DEFAULT,
|
||||
A128GCMKW,
|
||||
A256GCM=ENC_ALG_DEFAULT,
|
||||
A128GCM,
|
||||
#endif
|
||||
ENG_ALG_NUM
|
||||
};
|
||||
|
||||
@ -43,9 +43,9 @@ and they will be almost immediately "seen" by the turnserver process.
|
||||
is 0 - unlimited lifetime.
|
||||
|
||||
as_rs_alg - oAuth token encryption algorithm; the valid values are
|
||||
"A256GCMKW", "A128GCMKW" (see
|
||||
http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-4.1).
|
||||
The default value is "A256GCMKW".
|
||||
"A256GCM", "A128GCM" (see
|
||||
http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-5.1).
|
||||
The default value is "A256GCM".
|
||||
|
||||
5) admin users (over https interface) are maintained as keys of form:
|
||||
"turn/admin_user/<username> with hash members "password" and,
|
||||
@ -117,7 +117,7 @@ sadd turn/realm/crinna.org/allowed-peer-ip "172.17.13.202"
|
||||
sadd turn/realm/north.gov/denied-peer-ip "172.17.13.133-172.17.14.56" "172.17.17.133-172.17.19.56" "123::45"
|
||||
sadd turn/realm/crinna.org/denied-peer-ip "123::77"
|
||||
|
||||
hmset turn/oauth/kid/oldempire ikm_key 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK' as_rs_alg 'A256GCMKW'
|
||||
hmset turn/oauth/kid/oldempire ikm_key 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK' as_rs_alg 'A256GCM'
|
||||
|
||||
hmset turn/admin_user/skarling realm 'north.gov' password 'hoodless'
|
||||
hmset turn/admin_user/bayaz password 'magi'
|
||||
|
||||
@ -56,13 +56,13 @@ db.realm.insert({
|
||||
|
||||
db.oauth_key.insert({ kid: 'north',
|
||||
ikm_key: 'MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK',
|
||||
as_rs_alg: 'A256GCMKW'});
|
||||
as_rs_alg: 'A256GCM'});
|
||||
db.oauth_key.insert({ kid: 'union',
|
||||
ikm_key: 'MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5OTkK',
|
||||
as_rs_alg: 'A128GCMKW'});
|
||||
ikm_key: 'MTIzNDU2Nzg5MDEyMzQ1Ngo=',
|
||||
as_rs_alg: 'A128GCM'});
|
||||
db.oauth_key.insert({ kid: 'oldempire',
|
||||
ikm_key: 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK',
|
||||
as_rs_alg: 'A256GCMKW'});
|
||||
as_rs_alg: 'A256GCM'});
|
||||
|
||||
exit
|
||||
|
||||
|
||||
@ -38,9 +38,9 @@ sadd turn/realm/crinna.org/allowed-peer-ip "172.17.13.202"
|
||||
sadd turn/realm/north.gov/denied-peer-ip "172.17.13.133-172.17.14.56" "172.17.17.133-172.17.19.56" "123::45"
|
||||
sadd turn/realm/crinna.org/denied-peer-ip "123::77"
|
||||
|
||||
hmset turn/oauth/kid/north ikm_key 'MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK' as_rs_alg 'A256GCMKW'
|
||||
hmset turn/oauth/kid/union ikm_key 'MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5OTkK' as_rs_alg 'A128GCMKW'
|
||||
hmset turn/oauth/kid/oldempire ikm_key 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK' as_rs_alg 'A256GCMKW'
|
||||
hmset turn/oauth/kid/north ikm_key 'MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK' as_rs_alg 'A256GCM'
|
||||
hmset turn/oauth/kid/union ikm_key 'MTIzNDU2Nzg5MDEyMzQ1Ngo=' as_rs_alg 'A128GCM'
|
||||
hmset turn/oauth/kid/oldempire ikm_key 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK' as_rs_alg 'A256GCM'
|
||||
|
||||
hmset turn/admin_user/skarling realm 'north.gov' password '\$5\$6fc35c3b0c7d4633\$27fca7574f9b79d0cb93ae03e45379470cbbdfcacdd6401f97ebc620f31f54f2'
|
||||
hmset turn/admin_user/bayaz password '\$5\$e018513e9de69e73\$5cbdd2e29e04ca46aeb022268a7460d3a3468de193dcb2b95f064901769f455f'
|
||||
|
||||
@ -31,6 +31,6 @@ insert into denied_peer_ip (ip_range) values('123::45');
|
||||
insert into denied_peer_ip (realm,ip_range) values('north.gov','172.17.17.133-172.17.19.56');
|
||||
insert into denied_peer_ip (realm,ip_range) values('crinna.org','123::77');
|
||||
|
||||
insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('north','MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK',0,0,'A256GCMKW');
|
||||
insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('union','MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5OTkK',0,0,'A128GCMKW');
|
||||
insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('oldempire','MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK',0,0,'A256GCMKW');
|
||||
insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('north','MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEK',0,0,'A256GCM');
|
||||
insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('union','MTIzNDU2Nzg5MDEyMzQ1Ngo=',0,0,'A128GCM');
|
||||
insert into oauth_key (kid,ikm_key,timestamp,lifetime,as_rs_alg) values('oldempire','MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIK',0,0,'A256GCM');
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user