oauth db tests

src/apps/relay/dbdrivers/dbd_mongo.c

@@ -566,11 +566,15 @@ static int mongo_list_oauth_keys(void) {
   if(!collection)
     return -1;
 
-  bson_t query, child;
+  bson_t query;
   bson_init(&query);
+
+  bson_t child;
   bson_append_document_begin(&query, "$orderby", -1, &child);
   bson_append_int32(&child, "kid", -1, 1);
   bson_append_document_end(&query, &child);
+  bson_append_document_begin(&query, "$query", -1, &child);
+  bson_append_document_end(&query, &child);
 
   bson_t fields;
   bson_init(&fields);
@@ -598,6 +602,8 @@ static int mongo_list_oauth_keys(void) {
     uint32_t length;
     bson_iter_t iter;
     while (mongoc_cursor_next(cursor, &item)) {
+
+    	ns_bzero(key,sizeof(oauth_key_data_raw));
     	if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "kid") && BSON_ITER_HOLDS_UTF8(&iter)) {
     		STRCPY(key->kid,bson_iter_utf8(&iter, &length));
     	}

src/apps/relay/dbdrivers/dbd_redis.c

@@ -511,24 +511,25 @@ static int redis_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
 		} else {
 			size_t i;
 			for (i = 0; i < (reply->elements)/2; ++i) {
-				char *kw = reply->element[i]->str;
+				char *kw = reply->element[2*i]->str;
+				char *val = reply->element[2*i+1]->str;
 				if(kw) {
 					if(!strcmp(kw,"as_rs_alg")) {
-						STRCPY(key->as_rs_alg,reply->element[i+1]->str);
+						STRCPY(key->as_rs_alg,val);
 					} else if(!strcmp(kw,"as_rs_key")) {
-						STRCPY(key->as_rs_key,reply->element[i+1]->str);
+						STRCPY(key->as_rs_key,val);
 					} else if(!strcmp(kw,"auth_key")) {
-						STRCPY(key->auth_key,reply->element[i+1]->str);
+						STRCPY(key->auth_key,val);
 					} else if(!strcmp(kw,"auth_alg")) {
-						STRCPY(key->auth_alg,reply->element[i+1]->str);
+						STRCPY(key->auth_alg,val);
 					} else if(!strcmp(kw,"ikm_key")) {
-						STRCPY(key->ikm_key,reply->element[i+1]->str);
+						STRCPY(key->ikm_key,val);
 					} else if(!strcmp(kw,"hkdf_hash_func")) {
-						STRCPY(key->hkdf_hash_func,reply->element[i+1]->str);
+						STRCPY(key->hkdf_hash_func,val);
 					} else if(!strcmp(kw,"timestamp")) {
-						key->timestamp = (u64bits)strtoull(reply->element[i+1]->str,NULL,10);
+						key->timestamp = (u64bits)strtoull(val,NULL,10);
 					} else if(!strcmp(kw,"lifetime")) {
-						key->lifetime = (u32bits)strtoul(reply->element[i+1]->str,NULL,10);
+						key->lifetime = (u32bits)strtoul(val,NULL,10);
 					}
 				}
 			}
@@ -739,16 +740,18 @@ static int redis_list_oauth_keys(void) {
   init_secrets_list(&keys);
 
   if(rc) {
+
 	  redisReply *reply = NULL;
 
 	  reply = (redisReply*)redisCommand(rc, "keys turn/oauth/kid/*");
 	  if(reply) {
 
-		if (reply->type == REDIS_REPLY_ERROR)
+		if (reply->type == REDIS_REPLY_ERROR) {
 			TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error: %s\n", reply->str);
-		else if (reply->type != REDIS_REPLY_ARRAY) {
-			if (reply->type != REDIS_REPLY_NIL)
+		} else if (reply->type != REDIS_REPLY_ARRAY) {
+			if (reply->type != REDIS_REPLY_NIL) {
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Unexpected type: %d\n", reply->type);
+			}
 		} else {
 			size_t i;
 			for (i = 0; i < reply->elements; ++i) {
@@ -761,6 +764,7 @@ static int redis_list_oauth_keys(void) {
 
   for(isz=0;isz<keys.sz;++isz) {
 	char *s = keys.secrets[isz];
+	s += strlen("turn/oauth/kid/");
 	oauth_key_data_raw key_;
 	oauth_key_data_raw *key=&key_;
 	if(redis_get_oauth_key((const u08bits*)s,key) == 0) {

src/apps/relay/netengine.c

@@ -1686,6 +1686,9 @@ static void* run_auth_server_thread(void *arg)
 		read_userdb_file(0);
 		update_white_and_black_lists();
 		auth_ping(authserver->rch);
+#if defined(DB_TEST)
+		run_db_test();
+#endif
 	}
 
 	return arg;

src/apps/relay/userdb.c

@@ -1101,6 +1101,20 @@ void auth_ping(redis_context_handle rch)
 	}
 }
 
+///////////////// TEST /////////////////
+
+#if defined(DB_TEST)
+
+void run_db_test(void)
+{
+	turn_dbdriver_t * dbd = get_dbdriver();
+	if (dbd) {
+		dbd->list_oauth_keys();
+	}
+}
+
+#endif
+
 ///////////////// WHITE/BLACK IP LISTS ///////////////////
 
 #if !defined(TURN_NO_RWLOCK)

src/apps/relay/userdb.h

@@ -195,6 +195,10 @@ void release_allocation_quota(u08bits *username, u08bits *realm);
 
 /////////// Handle user DB /////////////////
 
+#if defined(DB_TEST)
+	void run_db_test(void);
+#endif
+
 void read_userdb_file(int to_print);
 void auth_ping(redis_context_handle rch);
 void reread_realms(void);

turndb/testmongosetup.sh

@@ -41,7 +41,7 @@ db.allowed_peer_ip.insert({ ip_range: '172.17.13.200' });
 db.denied_peer_ip.insert({ ip_range: '172.17.13.133-172.17.14.56' });
 db.denied_peer_ip.insert({ ip_range: '123::45' });
 
-db.oauth_key.insert({ kid: 'north', ikm_key: 'Y2FybGVvbg==', hkdf_hash_func: 'SHA-256', as_rs_alg: 'AES-128-CBC', auth_alg: 'HMAC-SHA-256-128' });
+db.oauth_key.insert({ kid: 'north', ikm_key: 'Y2FybGVvbg==', hkdf_hash_func: 'SHA-256', as_rs_alg: 'AES-256-CBC', auth_alg: 'HMAC-SHA-256-128' });
 
 exit
 

turndb/testredisdbsetup.sh

@@ -38,7 +38,7 @@ set turn/denied-peer-ip/234567 "123::45"
 
 set turn/allowed-peer-ip/345678 "172.17.13.200"
 
-hmset turn/oauth/kid/north ikm_key Y2FybGVvbg== hkdf_hash_func 'SHA-256' as_rs_alg 'AES-128-CBC' auth_alg 'HMAC-SHA-256-128'
+hmset turn/oauth/kid/north ikm_key Y2FybGVvbg== hkdf_hash_func 'SHA-256' as_rs_alg 'AES-256-CBC' auth_alg 'HMAC-SHA-256-128'
 
 save