search

1derrick / gsa-admin-toolkit

Automatically exported from code.google.com/p/gsa-admin-toolkit
Other
0 stars 0 forks source link

gsa_admin.py - generated signature is no longer valid. #18

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 

What steps will reproduce the problem?
1. Use the gsa_admin.py to download the configuration.
    gsa_admin.py -n gsa -p 8000 -u admin -p admin  -e --sign-password 12345678 -f backup.xml -v -o backup.xml

2. Use the gsa_admin.py to generate a new configuration based on the one just 
downloaded.
    gsa_admin.py -n gsa -p 8000 -u admin -p admin  -s --sign-password 12345678 -f backup.xml -v -o backupSigned.xml

3. Use the gsa_admin.py to upload the configuration.
    gsa_admin.py -n gsa -p 8000 -u admin -p admin  -i --sign-password 12345678 -f backupSigned.xml -v

What is the expected output? What do you see instead?
Expected to get a success message.

Actually got

2013-02-16 21:44:00,598  INFO __main__ 921: Importing backupSigned.xml to 
localhost
2013-02-16 21:44:00,660 DEBUG __main__ 189: Signature matches
2013-02-16 21:44:00,665 DEBUG __main__ 248: Fetching initial page for new cookie
2013-02-16 21:44:00,730 DEBUG __main__ 256: Logging in as admin...
2013-02-16 21:44:01,864 DEBUG __main__ 264: Successfully logged in
2013-02-16 21:44:01,868 DEBUG __main__ 346: Fetching url: 
http://gsa:8000/EnterpriseController?actionType=cache
2013-02-16 21:44:02,200 DEBUG __main__ 353: Security token is: 
JKR0NLgeK2a0TMXIDwSpUxMIgXU:1361072694270
2013-02-16 21:44:02,207  INFO __main__ 291: Sending XML...
2013-02-16 21:44:05,989 ERROR __main__ 298: Wrong passphrase or the file is 
corrupt. Try

What version of the product are you using? On what operating system?
System Version: 7.0.14.G.84  Connecting from Windows 7.

Please provide any additional information below.
backup.xml is an unmodified configuration backup.  Running the sign command on 
this file to product backupSigned.xml should have identical signatures, but 
they don't, which means that the GSA is signing the content differently:

Original issue reported on code.google.com by bobbobbo...@outlook.com on 17 Feb 2013 at 3:03

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
I'm experiencing this exact same issue.  I'll play around with the signing code 
to see if I can figure out what the new set of data is.

The only difference is I have a slightly more updated GSA:

System Version: 7.0.14.G.114 
Build ID: 10000329.1.4

And I'm connecting from Linux.

Original comment by m...@clayto.com on 7 May 2013 at 9:42

GoogleCodeExporter commented 9 years ago 
You need to remove the uar_data and the uam_dir elements (and the whitespace 
before each tag), then sign.

Original comment by bobbobbo...@outlook.com on 8 May 2013 at 2:47

GoogleCodeExporter commented 9 years ago 
Thanks so much for the help.  How did you find out that those elements must be 
removed?  If there is a DTD or other resource out there for these config files, 
I'd be happy to have it.

It looks like the gsa_admin.py I have is already doing these steps during 
sign():

  1. remove whitespace before <uam_dir>
  2. remove uam_dir element from the dom (it's using minidom)
  3. sign and insert the signature
  4. add <uamdir> back into the dom

I copied the code to do the same for the uar_data element.  It's working, based 
on the output, but the GSA is still rejecting it with the same error.

Original comment by m...@clayto.com on 8 May 2013 at 6:56