Web Distributed Authoring and Versioning (WebDAV) is an extension of the Hypertext Transfer Protocol (HTTP) that allows for remote Web content authoring operations. There are various clients available to perform such operations but sometimes you need to access webdav and perform operations programmatically. We had such requirement, and we chose to use curl as our HTTP client.
For intro to curl commands on webdav, follow this link. In this post will see how a much more complex scenario where curl has to be authorised by 2 Factor authentication to do those operations.
Two Factor Authentication: Two-factor authentication (also known as 2FA or 2-Step Verification) is a pattern of authentication in which users are asked to authenticate to use a service by following two steps -- typically password and OTP ( One time login ) delivered by SMS but could also be other set of combinations.
Implementation of 2FA in webdav context typically includes authentication of client-server transactions using certificates. So, we need a brief understanding of the required certificates. For 2FA Client is provided with three things:
- crt file (Let's say cert.crt)
- key file (cert.key)
- passphrase (passphrase)
The crt and key files represent both parts of a certificate, key being the private key to the certificate and crt being the signed certificate. Assuming you have these three things, our very first step is to generate valid pem/p12 file for using it with curl command to access webdav server. A PEM file contains both certficate and private key. Depending on our server's operating system we either have to use pem or p12 file format. A p12 file is generated from pem file only.
For linux based servers, we use .pem file.
For OS X Mac based servers, we use .p12 file.
Generation of pem/p12 file:
Generation of valid pem/p12 file is a series of sequential steps and requires all the above things. Firstly put both files in a directory and in the terminal moce to that directory. Now change the permission of .key file.
chmod 600 cert.key
Now we need to enclose passphrase to key file. So following command would be used and when terminal prompts for old/new passphrase provide the passphrase you are having each time.
ssh-keygen -p -f cert.key
Now we have to generate either pem file:
cat cert.crt cert.key > cert.pem
In case our server is OS X (mac) based, we also need to generate .p12 file:
openssl pkcs12 -export -in cert.pem -inkey cert.key -out cert.p12
So now we are finally ready to use curl command for 2fa while sending requests.
Curl Command for 2FA:
For linux environment, we need both pem and crt file:
curl --cert cert.pem:'passphrase' --cacert cert.crt --user 'user:pass' -T '/path/to/file.txt' 'https://example.com/test/"
For OS X environment, we need only p12 file:
curl --cert cert.p12:'passphrase' --user 'user:pass' -T '/path/to/file.txt' 'https://example.com/test/"
In this way we can use curl commands for two factor authentication on Webdav Servers.