search

BoschSmartHome / bosch-shc-api-docs

Bosch Smart Home Controller Local REST API
Other
208 stars 44 forks source link

Registering client via curl returns 401 #60

Closed arnecls closed 2 years ago

arnecls commented 2 years ago

I'm trying to use curl to register a client to the controller. I've converted everything from the postman doc to the command, but it keeps returning a 401. Any hint on what could be missing here?

Contents of the request.json

{
  "@type": "client",
  "id": "oss_homebridge_plugin",
  "name": "OSS Homebridge plugin",
  "primaryRole": "ROLE_RESTRICTED_CLIENT",
  "certificate": "-----BEGIN CERTIFICATE-----\rxxxxx\r-----END CERTIFICATE-----"
}
openssl req -x509 -nodes -days 9999 -newkey rsa:2048 -keyout client-key.pem -out client-cert.pem

CONTROLLER_IP=192.168.0.6
PASSWORD=xxxxxxxxx

# Press the pairing button

curl -sk -X POST\
  -H "Content-Type: application/json"\
  -H 'Expect:'\
  -H "Systempassword: $(echo "${PASSWORD}" | base64)"\
  --key client-key.pem --cert client-cert.pem\
  --data-binary @request.json\
  "https://${CONTROLLER_IP}:8443/smarthome/clients" -vvv

I also tried omitting --key and --cert, but no matter what I do it always yields into:

*   Trying 192.168.0.6...
* TCP_NODELAY set
* Connected to 192.168.0.6 (192.168.0.6) port 8443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=DE; O=Bosch Thermotechnik GmbH; CN=64-da-a0-10-ae-8c
*  start date: Mar 21 15:10:27 2021 GMT
*  expire date: Mar 22 15:10:27 2023 GMT
*  issuer: C=DE; O=Bosch Thermotechnik GmbH; CN=Smart Home Controller Issuing CA
*  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> POST /smarthome/clients HTTP/1.1
> Host: 192.168.0.6:8443
> User-Agent: curl/7.64.1
> Accept: */*
> Content-Type: application/json
> Systempassword: xxxxxxxxxxxxxxxx
> Content-Length: 1347
>
* upload completely sent off: 1347 out of 1347 bytes
< HTTP/1.1 401 Unauthorized
< Strict-Transport-Security: Max-Age=31536000; includeSubDomains
< x-mbs-platform-state: 100
< X-XSS-Protection: 1; mode=block
< Content-Security-Policy: Default-Src 'none'; Frame-Ancestors 'none'
< date: Tue, 21 Dec 2021 10:06:44 GMT
< X-Content-Type-Options: nosniff
< content-length: 0
< Referrer-Policy: strict-origin-when-cross-origin
< Cache-Control: no-cache, no-store, must-revalidate
< X-Frame-Options: sameorigin
< connection: close
<
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, close notify (256):
arnecls commented 2 years ago

According to this old issue here https://github.com/BoschSmartHome/bosch-shc-api-docs/issues/24#issuecomment-597302694, it might be due to MacOS X's base64 command. Checking.

arnecls commented 2 years ago

Actually it was the echo, which adds a \n to the password. Using echo -n fixes the issue.