HP SDN VAN Controller - V2.0.0.4253 - Token Generation using LIB CURL

Hello kaarthik,

Please modify below line

curl_easy_setopt(curl, CURLOPT_POSTFIELDS, "user=sdn&password=skyline&domain=sdn"); 

 as

 curl_easy_setopt(curl, CURLOPT_POSTFIELDS, "{ \"login\": { \"user\": \"sdn\", \"password\": \"skyline\",\"domain\":\"sdn\" }}");

and try again.

Please let us know if this helps.

Thanks,

HP SDN Team

Hi SDN Team,

I am not able to get the token, as i am getting the ssl error.

Below is the error I am getting.

* Hostname was NOT found in DNS cache
* Trying 128.88.150.151...
* Connected to 128.88.150.151 (128.88.150.151) port 8443 (#0)
* unable to use client certificate (no key found or wrong pass phrase?)
* Closing connection 0
curl_easy_perform() failed: Problem with the local SSL certificate

Process returned 0 (0x0) execution time : 2.234 s

OR

some time ceft error, and some time ssl connection error.

Below is the code  I am using, in a c lang, 

curl_easy_setopt(curl, CURLOPT_PROXY, "");
curl_easy_setopt(curl, CURLOPT_SSLKEY, "cacert.pem");
curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE, "PEM");
curl_easy_setopt(curl, CURLOPT_CAINFO, "cacert.pem");
curl_easy_setopt(curl, CURLOPT_SSLCERT, "cacert.pem");

/* -X POST */
curl_easy_setopt(curl, CURLOPT_POST, 1L);
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, "{\"login\":{\"user\": \"sdn\", \"password\":\"skyline\" ,\"domain\":\"sdn\"}}");//"{ \"login\": { \"user\": \"sdn\", \"password\": \"skyline\",\"domain\":\"sdn\" }}");

I also tried with ca-bundle.cert in place of pem.

I am using or writing an application in windows using curl and C.

Request you to please advice me. 

Regards,

Satish K

Hi Satish,

I'm not an expert on Curl, but do you set an URL with CURLOPT_URL somewhere and what is the value? I think that one is mandatory (see the example at the top of the thread).

Best Regards,

Wouter

SDN Team

Yes,, I set the OPT_URL.

Also I have created the ceft in my controller and using the same ceft. Even the pass phrase and SSLKEY I am using same.

Not sure where it is getting the problem with ceft

* Hostname was NOT found in DNS cache
* Trying 128.88.150.151...
* Connected to 128.88.150.151 (128.88.150.151) port 8443 (#0)
* unable to set private key file: 'sdnserver.pem' type PEM
* Closing connection 0
curl_easy_perform() failed: Problem with the local SSL certificate

Process returned 0 (0x0) execution time : 0.312 s
Press any key to continue.

Regards,

Satish K

Hi Satish,

Could you maybe post a snipped of all the SETOPT's that are done? Also maybe doing a run with CURLOPT_VERBOSE and CURLOPT_CERTINFO set might give some more detailed information?

Best regards,

Wouter

SDN Team

Hi,

Here is my complete code,

int main(void)
{
CURL *curl;
CURLcode res;

curl_global_init(CURL_GLOBAL_DEFAULT);

curl = curl_easy_init();
if(curl) {

struct curl_slist *slist = NULL;
/* -H Header */
slist = curl_slist_append(slist, "Content-type: application/json");
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, slist);

/* URL */
curl_easy_setopt(curl, CURLOPT_URL, "https://128.88.150.151:8443/sdn/v2.0/auth");

/* -k option */
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1);
/* Proxy settings */
//curl_easy_setopt(curl, CURLOPT_PROXY, "http://172.16.150.32:8080/");
curl_easy_setopt(curl, CURLOPT_PROXY, "");
curl_easy_setopt(curl, CURLOPT_SSLKEY, "sdnserver"); // also tried with cakey, cacert
curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE, "PEM");
curl_easy_setopt(curl, CURLOPT_CAINFO, "sdnserver.pem"); //also tried with cacert.crt
curl_easy_setopt(curl, CURLOPT_SSLCERT, "sdnserver.pem");
curl_easy_setopt(curl, CURLOPT_CERTINFO, 1L);
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);

/* -X POST */
curl_easy_setopt(curl, CURLOPT_POST, 1L);
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, "{\"login\":{\"user\": \"sdn\", \"password\":\"skyline\" ,\"domain\":\"sdn\"}}");

/* -v option */
curl_easy_setopt(curl,CURLOPT_VERBOSE,1L);

/* Perform the request, res will get the return code */
res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));

/* always cleanup */
curl_slist_free_all(slist);
curl_easy_cleanup(curl);
}

curl_global_cleanup();

return 0;
}

Even I have created a self sigend ceft in my controller and same im using in client application. 

code as below,

curl_easy_setopt(curl, CURLOPT_PROXY, "");
curl_easy_setopt(curl, CURLOPT_SSLKEY, "server.key");
//curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE, "PEM");
curl_easy_setopt(curl, CURLOPT_CAINFO, "server.crt");
//curl_easy_setopt(curl, CURLOPT_SSLCERT, "server.crt");
curl_easy_setopt(curl, CURLOPT_CAPATH, "server");
curl_easy_setopt(curl, CURLOPT_CERTINFO, 1L);
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);

Getting the error as below,

* Hostname was NOT found in DNS cache
* Trying 128.88.150.151...
* Connected to 128.88.150.151 (128.88.150.151) port 8443 (#0)
* successfully set certificate verify locations:
* CAfile: server.crt
CApath: server
* SSL certificate problem: self signed certificate
* Closing connection 0
curl_easy_perform() failed: Peer certificate cannot be authenticated with given
CA certificates

Process returned 0 (0x0) execution time : 0.329 s
Press any key to continue.

PLease advice me,

Regards,

Satish K

Hi Satish,

Could you elaborate a bit on what your goal is? Are you trying to establish SSL communication with two way, one way, or no authentication? Thanks.

Wouter

SDN Team

Hi,

I want to establish a two way communication,

To communicate or access any API of controller, I need token which I can use in further request to communicate.

So this is what I am trying to access using the OpenSSL and Curl to get a token which can be used furhter.

I have written the Curl code in windows mc.

Regards,

Satish K

Hi,

Same is working using Cygwin,

Not sure what is the issue with windows, 

Regards,

Satish K

Hi Satish,

We have been in contact via PMs and you have things going now, but for the record and maybe for the benefit of anybody else reading this thread, I wanted to post a working example with a generic (non Cygwin) implementation of libcurl:

// GetTokenWithLibcurl.cpp : main project file. V1.0
//
// Program retrieves a token from the HP VAN SDN Controller (version 2.4.5.0614) REST API using libcurl
//
// Win 8.1 64 bit, VS2013 Update 4, libcurl 7.39.0-win64 (http://www.confusedbycode.com/curl/)
// WJA20141209

#include "stdafx.h"
#include "curl/curl.h"

int main(void)
{
        
        CURL *curl;
        CURLcode res;

        curl_global_init(CURL_GLOBAL_DEFAULT);

        curl = curl_easy_init();
        if (curl) {

                /* -H Header */
                struct curl_slist *slist = NULL;
                slist = curl_slist_append(slist, "Content-type: application/json");
                curl_easy_setopt(curl, CURLOPT_HTTPHEADER, slist);

                /* URL */
                curl_easy_setopt(curl, CURLOPT_URL, "https://192.168.1.19:8443/sdn/v2.0/auth");

                /*  Do not check servers certificate against bundle - it is self-signed in my case */
                curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);

                /* Also do not check whether the hostname in the certificate matches the servers hostname */
                curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);

                /* Proxy settings - No proxy needed in my case*/
                //curl_easy_setopt(curl, CURLOPT_PROXY, "http://X.X.X.X:8080/");

                /* Wordy settings for libcurl, 0L to turn off */
                curl_easy_setopt(curl, CURLOPT_CERTINFO, 1L);
                curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);

                /* Action POST */
                curl_easy_setopt(curl, CURLOPT_POST, 1L);
                curl_easy_setopt(curl, CURLOPT_POSTFIELDS, "{\"login\":{\"user\": \"sdn\", \"password\":\"skyline\" ,\"domain\":\"sdn\"}}");

                /* Perform the request */
                res = curl_easy_perform(curl);

                /* Check for errors */
                if (res != CURLE_OK)
                        fprintf(stderr, "curl_easy_perform() failed: %s\n",
                        curl_easy_strerror(res));

                /* cleanup */
                curl_slist_free_all(slist);
                curl_easy_cleanup(curl);
        }

        curl_global_cleanup();

        return 0;
}

 The resulting output is as follows:

* Hostname was NOT found in DNS cache
*   Trying 192.168.1.19...
* Connected to 192.168.1.19 (192.168.1.19) port 8443 (#0)
* SSL connection using TLSv1.0 / EDH-DSS-DES-CBC3-SHA
* --- Certificate chain
*  0 Subject: C=CA; ST=CA; L=Palo Alto; O=HP; OU=HP SDN Controller; CN=127.0.1.1

*    Issuer: C=CA; ST=CA; L=Palo Alto; O=HP; OU=HP SDN Controller; CN=127.0.1.1
*    Version: 3 (0x2)
*    Serial Number: 482821021 (0x1cc7439d)
*    Signature Algorithm: dsaWithSHA1
*    Start date: 2014-12-05 11:45:12 GMT
*    Expire date: 2015-03-05 11:45:12 GMT
*    Public Key Algorithm: dsaEncryption
*    dsa(p): fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec:e4:e7:f6:11:b7:52:3c:ef:4
4:00:c3:1e:3f:80:b6:51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf:c5:f5:ba:30:f6:
cb:9b:55:6c:d7:81:3b:80:1d:34:6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b:10:22
:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7:c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:0
2:35:54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef:f2:22:03:19:9d:d1:48:01:c7:
*    dsa(q): 97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb:84:0b:f0:58:1c:f5:
*    dsa(g): f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8:57:b9:79:94:af:bb:fa:3a:e
a:82:f9:57:4c:0b:3d:07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10:81:80:b4:49:16:
71:23:e8:4c:28:16:13:b7:cf:09:32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3:ae:1e
:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62:f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:9
0:89:a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55:25:64:01:4c:3b:fe:cf:49:2a:
*    dsa(pub_key): 2e:27:9e:8b:6b:63:86:48:5c:0c:7e:98:53:76:eb:d5:b2:17:e2:e8:0
0:ff:ff:02:50:2d:d7:62:a0:4c:76:9d:23:8a:81:93:71:44:44:ce:69:d1:d7:cb:10:52:c2:
4a:e4:cd:c0:ff:75:b1:87:03:31:db:a2:19:69:94:42:ee:82:c3:5f:30:f5:c5:a8:4d:0c:ff
:2a:a8:1f:2d:e1:71:45:24:ee:3b:5f:71:2d:21:cf:25:98:d1:a1:b8:7b:71:0d:00:bb:8c:8
4:3a:b3:48:d8:1c:c7:26:e1:2f:f5:16:5d:55:5b:4a:3a:da:e2:8a:fb:5a:26:11:8b:c8:a6:
55:
* X509v3 Subject Alternative Name:
*   IPAddress:127.0.1.1,IPAddress:127.0.0.1
* X509v3 Subject Key Identifier:
*   28:40:C7:69:25:18:62:C8:B5:B7:4F:08:67:8F:10:DF:31:36:9A:08
*  Signature: 30:2c:02:14:45:dc:fb:27:cb:5e:04:d9:46:7a:a6:30:69:66:52:84:28:a3:
d9:57:02:14:4e:e8:41:c7:e1:45:c0:97:c5:d1:f0:8d:e6:79:ce:df:a8:c6:66:d0:
* Server certificate:
*        subject: C=CA; ST=CA; L=Palo Alto; O=HP; OU=HP SDN Controller; CN=127.0
.1.1
*        start date: 2014-12-05 11:45:12 GMT
*        expire date: 2015-03-05 11:45:12 GMT
*        issuer: C=CA; ST=CA; L=Palo Alto; O=HP; OU=HP SDN Controller; CN=127.0.
1.1
*        SSL certificate verify result: self signed certificate (18), continuing
 anyway.
> POST /sdn/v2.0/auth HTTP/1.1
Host: 192.168.1.19:8443
Accept: */*
Content-type: application/json
Content-Length: 63

* upload completely sent off: 63 out of 63 bytes
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< X-FRAME-OPTIONS: deny
< Cache-Control: no-cache, no-store, no-transform, must-revalidate
< Expires: Tue, 09 Dec 2014 09:18:00 GMT
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, POST, PUT, HEAD, PATCH
< Access-Control-Allow-Headers: Content-Type, Accept, X-Auth-Token
< Content-Type: application/json
< Transfer-Encoding: chunked
< Date: Tue, 09 Dec 2014 09:18:00 GMT
<
{"record":{"token":"0ade4491543c4ac990685bf666360f62","expiration":1418120279000
,"expirationDate":"2014-12-09 02-17-59 -0800","userId":"0a4cafa0813b4b57a4f2991e
349fb382","userName":"sdn","domainId":"bcf9169f1f144f0ca160f527df47da9f","domain
Name":"sdn"}}* Connection #0 to host 192.168.1.19 left intact
Press any key to continue . . .

 Best regards,

Wouter

HP SDN CoE Team