* OpenBmc Redfish support etag property error
@ 2021-08-31 8:09 Zhang, ShuoX
2021-08-31 17:17 ` Ed Tanous
0 siblings, 1 reply; 3+ messages in thread
From: Zhang, ShuoX @ 2021-08-31 8:09 UTC (permalink / raw)
To: openbmc
[-- Attachment #1: Type: text/plain, Size: 4221 bytes --]
hi,
Etag is to check whether the json string returned by the server has changed , I plan to use MD5 encryption to generate etag , can't find etag in http request header.
Here are the steps I tested:
1, I used postman to send the first request to a URL, and added the etag property to the header of the response use hard code , then http connection function async_write respond header buffer
2, Request the same url, read the header of the request, no etag can be found.
Here are some logs:
Respond:
Jan 11 23:45:25 intel-obmc bmcweb[361]: (2021-01-11 23:45:25) [DEBUG "http_connection.hpp":683] 0x1a3e4c8 doWrite
Jan 11 23:45:25 intel-obmc bmcweb[361]: zs_debug res result : 200
Jan 11 23:45:25 intel-obmc bmcweb[361]: field : Strict-Transport-Security , /text: Strict-Transport-Security ,Value: max-age=315
36000; includeSubdomains; preload
Jan 11 23:45:25 intel-obmc bmcweb[361]: field : X-Frame-Options , /text: X-Frame-Options ,Value: DENY
Jan 11 23:45:25 intel-obmc bmcweb[361]: field : Pragma , /text: Pragma ,Value: no-cache
Jan 11 23:45:25 intel-obmc bmcweb[361]: field : Cache-Control , /text: Cache-Control ,Value: no-Store,no-Cache
Jan 11 23:45:25 intel-obmc bmcweb[361]: field : <unknown-field> , /text: X-XSS-Protection ,Value: 1; mode=block
Jan 11 23:45:25 intel-obmc bmcweb[361]: field : <unknown-field> , /text: X-Content-Type-Options ,Value: nosniff
Jan 11 23:45:25 intel-obmc bmcweb[361]: field : <unknown-field> , /text: Content-Security-Policy ,Value: default-src 'none'; img
-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:
Jan 11 23:45:25 intel-obmc bmcweb[361]: field : Content-Type , /text: Content-Type ,Value: application/json
Jan 11 23:45:25 intel-obmc bmcweb[361]: field : ETag , /text: ETag ,Value: ba2e34ec8c7d9168cc2bf880a1674ae4
Jan 11 23:45:25 intel-obmc bmcweb[361]: field : Content-Length , /text: Content-Length ,Value: 525
Jan 11 23:45:25 intel-obmc bmcweb[361]: zs_debug response: {
Jan 11 23:45:25 intel-obmc bmcweb[361]: "@odata.id": "/redfish/v1/CertificateService/CertificateLocations",
Jan 11 23:45:25 intel-obmc bmcweb[361]: "@odata.type": "#CertificateLocations.v1_0_0.CertificateLocations",
Jan 11 23:45:25 intel-obmc bmcweb[361]: "Description": "Defines a resource that an administrator can use in order to locate all
certificates installed on a given service",
Jan 11 23:45:25 intel-obmc bmcweb[361]: "Id": "CertificateLocations",
Jan 11 23:45:25 intel-obmc bmcweb[361]: "Links": {
Jan 11 23:45:25 intel-obmc bmcweb[361]: "Certificates": [
Jan 11 23:45:25 intel-obmc bmcweb[361]: {
Jan 11 23:45:25 intel-obmc bmcweb[361]: "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1"
Jan 11 23:45:25 intel-obmc bmcweb[361]: }
Jan 11 23:45:25 intel-obmc bmcweb[361]: ],
Jan 11 23:45:25 intel-obmc bmcweb[361]: Certificates@odata.count<mailto:Certificates@odata.count>: 1
Jan 11 23:45:25 intel-obmc bmcweb[361]: },
Jan 11 23:45:25 intel-obmc bmcweb[361]: "Name": "Certificate Locations"
Jan 11 23:45:25 intel-obmc bmcweb[361]: }
Jan 11 23:45:25 intel-obmc bmcweb[361]: (2021-01-11 23:45:25) [DEBUG "http_connection.hpp":698] 0x1a3e4c8 async_write 997 bytes
Second Request:
Jan 11 23:45:25 intel-obmc bmcweb[361]: (2021-01-11 23:45:25) [DEBUG "http_connection.hpp":511] 0x1a3e4c8 doReadHeaders
Jan 11 23:45:25 intel-obmc bmcweb[361]: zs_debug read http_head :GET /redfish/v1/CertificateService/CertificateLocations HTTP/1.1
Jan 11 23:45:25 intel-obmc bmcweb[361]: Authorization: Basic cm9vdDowcGVuQm1j
Jan 11 23:45:25 intel-obmc bmcweb[361]: User-Agent: PostmanRuntime/7.28.4
Jan 11 23:45:25 intel-obmc bmcweb[361]: Accept: */*
Jan 11 23:45:25 intel-obmc bmcweb[361]: Cache-Control: no-cache
Jan 11 23:45:25 intel-obmc bmcweb[361]: Postman-Token: 1981d43c-7067-4959-a853-dd7f93bb04fa
Jan 11 23:45:25 intel-obmc bmcweb[361]: Host: 10.239.138.19
Jan 11 23:45:25 intel-obmc bmcweb[361]: Accept-Encoding: gzip, deflate, br
Jan 11 23:45:25 intel-obmc bmcweb[361]: Connection: keep-alive
Jan 11 23:45:25 intel-obmc bmcweb[361]:
[-- Attachment #2: Type: text/html, Size: 10837 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: OpenBmc Redfish support etag property error
2021-08-31 8:09 OpenBmc Redfish support etag property error Zhang, ShuoX
@ 2021-08-31 17:17 ` Ed Tanous
2021-08-31 23:14 ` OpenBmc Redfish support etag property error - sha512 Joseph Reynolds
0 siblings, 1 reply; 3+ messages in thread
From: Ed Tanous @ 2021-08-31 17:17 UTC (permalink / raw)
To: Zhang, ShuoX; +Cc: openbmc
On Tue, Aug 31, 2021 at 1:11 AM Zhang, ShuoX <shuox.zhang@intel.com> wrote:
>
> hi,
>
> Etag is to check whether the json string returned by the server has changed , I plan to use MD5 encryption to generate etag , can’t find etag in http request header.
That's because we don't currently implement etag. If you're looking
at adding it, keep in mind, implementation of etag is more than simply
including the header, and likely has some changes that would need to
be made to the internals of the system.
PS, MD5 hasn't really been acceptable for hashing algorithms for a
while now. Please research what the current guidance is on what hash
to use for this; I suspect the guidance is still sha256.
>
>
>
> Here are the steps I tested:
>
> 1, I used postman to send the first request to a URL, and added the etag property to the header of the response use hard code , then http connection function async_write respond header buffer
>
> 2, Request the same url, read the header of the request, no etag can be found.
>
>
>
> Here are some logs:
>
>
>
> Respond:
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: (2021-01-11 23:45:25) [DEBUG "http_connection.hpp":683] 0x1a3e4c8 doWrite
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: zs_debug res result : 200
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: field : Strict-Transport-Security , /text: Strict-Transport-Security ,Value: max-age=315
>
> 36000; includeSubdomains; preload
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: field : X-Frame-Options , /text: X-Frame-Options ,Value: DENY
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: field : Pragma , /text: Pragma ,Value: no-cache
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: field : Cache-Control , /text: Cache-Control ,Value: no-Store,no-Cache
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: field : <unknown-field> , /text: X-XSS-Protection ,Value: 1; mode=block
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: field : <unknown-field> , /text: X-Content-Type-Options ,Value: nosniff
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: field : <unknown-field> , /text: Content-Security-Policy ,Value: default-src 'none'; img
>
> -src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: field : Content-Type , /text: Content-Type ,Value: application/json
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: field : ETag , /text: ETag ,Value: ba2e34ec8c7d9168cc2bf880a1674ae4
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: field : Content-Length , /text: Content-Length ,Value: 525
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: zs_debug response: {
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: "@odata.id": "/redfish/v1/CertificateService/CertificateLocations",
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: "@odata.type": "#CertificateLocations.v1_0_0.CertificateLocations",
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: "Description": "Defines a resource that an administrator can use in order to locate all
>
> certificates installed on a given service",
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: "Id": "CertificateLocations",
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: "Links": {
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: "Certificates": [
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: {
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1"
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: }
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: ],
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: Certificates@odata.count: 1
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: },
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: "Name": "Certificate Locations"
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: }
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: (2021-01-11 23:45:25) [DEBUG "http_connection.hpp":698] 0x1a3e4c8 async_write 997 bytes
>
>
>
> Second Request:
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: (2021-01-11 23:45:25) [DEBUG "http_connection.hpp":511] 0x1a3e4c8 doReadHeaders
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: zs_debug read http_head :GET /redfish/v1/CertificateService/CertificateLocations HTTP/1.1
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: Authorization: Basic cm9vdDowcGVuQm1j
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: User-Agent: PostmanRuntime/7.28.4
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: Accept: */*
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: Cache-Control: no-cache
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: Postman-Token: 1981d43c-7067-4959-a853-dd7f93bb04fa
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: Host: 10.239.138.19
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: Accept-Encoding: gzip, deflate, br
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]: Connection: keep-alive
>
> Jan 11 23:45:25 intel-obmc bmcweb[361]:
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: OpenBmc Redfish support etag property error - sha512
2021-08-31 17:17 ` Ed Tanous
@ 2021-08-31 23:14 ` Joseph Reynolds
0 siblings, 0 replies; 3+ messages in thread
From: Joseph Reynolds @ 2021-08-31 23:14 UTC (permalink / raw)
To: Ed Tanous, Zhang, ShuoX; +Cc: openbmc
On 8/31/21 12:17 PM, Ed Tanous wrote:
> On Tue, Aug 31, 2021 at 1:11 AM Zhang, ShuoX <shuox.zhang@intel.com> wrote:
>> hi,
>>
>> Etag is to check whether the json string returned by the server has changed , I plan to use MD5 encryption to generate etag , can’t find etag in http request header.
> That's because we don't currently implement etag. If you're looking
> at adding it, keep in mind, implementation of etag is more than simply
> including the header, and likely has some changes that would need to
> be made to the internals of the system.
>
> PS, MD5 hasn't really been acceptable for hashing algorithms for a
> while now. Please research what the current guidance is on what hash
> to use for this; I suspect the guidance is still sha256.
>
>
...snip...
FWIW, OpenBMC Linux-PAM modules (pam_unix.so) use the SHA-512 secure
hash algorithm. OpenBMC gets this setting by default from
Yocto/OpenEmbedded configuration.
For background reading, see
https://en.wikipedia.org/wiki/Secure_Hash_Algorithms
- Joseph
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-08-31 23:14 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-31 8:09 OpenBmc Redfish support etag property error Zhang, ShuoX
2021-08-31 17:17 ` Ed Tanous
2021-08-31 23:14 ` OpenBmc Redfish support etag property error - sha512 Joseph Reynolds
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).