oauth keys page

INSTALL

@@ -757,7 +757,7 @@ The oauth_key table fields meanings are:
 		explicitly in the database;
 		
 	timestamp - (optional) the timestamp (in seconds) when the key 
-		lifetime started;
+		lifetime starts;
 	
 	lifetime - (optional) the key lifetime in seconds; the default value 
 		is 0 - unlimited lifetime.

src/apps/relay/dbdrivers/dbd_mongo.c

@@ -497,7 +497,7 @@ static int mongo_list_users(u08bits *realm, secrets_list_t *users, secrets_list_
   return ret;
 }
 
-static int mongo_list_oauth_keys(void) {
+static int mongo_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secrets_list_t *teas,secrets_list_t *aas) {
 
   const char * collection_name = "oauth_key";
   mongoc_collection_t * collection = mongo_get_collection(collection_name);
@@ -570,9 +570,16 @@ static int mongo_list_oauth_keys(void) {
     	if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "lifetime") && BSON_ITER_HOLDS_INT32(&iter)) {
     		key->lifetime = (u32bits)bson_iter_int32(&iter);
     	}
-    	printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n",
-    		key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->hkdf_hash_func,
-    		key->as_rs_alg, key->as_rs_key, key->auth_alg, key->auth_key);
+    	if(kids) {
+    		add_to_secrets_list(kids,key->kid);
+    		add_to_secrets_list(hkdfs,key->hkdf_hash_func);
+    		add_to_secrets_list(teas,key->as_rs_alg);
+    		add_to_secrets_list(aas,key->auth_alg);
+    	} else {
+    		printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n",
+    						key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->hkdf_hash_func,
+    						key->as_rs_alg, key->as_rs_key, key->auth_alg, key->auth_key);
+    	}
     }
     mongoc_cursor_destroy(cursor);
     ret = 0;

src/apps/relay/dbdrivers/dbd_mysql.c

@@ -402,7 +402,7 @@ static int mysql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
 	return ret;
 }
 
-static int mysql_list_oauth_keys(void) {
+static int mysql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secrets_list_t *teas,secrets_list_t *aas) {
 
 	oauth_key_data_raw key_;
 	oauth_key_data_raw *key=&key_;
@@ -457,9 +457,16 @@ static int mysql_list_oauth_keys(void) {
 						ns_bcopy(row[8],key->kid,lengths[8]);
 						key->kid[lengths[8]]=0;
 
-						printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n",
+						if(kids) {
+							add_to_secrets_list(kids,key->kid);
+							add_to_secrets_list(hkdfs,key->hkdf_hash_func);
+							add_to_secrets_list(teas,key->as_rs_alg);
+							add_to_secrets_list(aas,key->auth_alg);
+						} else {
+							printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n",
 								key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->hkdf_hash_func,
 								key->as_rs_alg, key->as_rs_key, key->auth_alg, key->auth_key);
+						}
 					}
 					row = mysql_fetch_row(mres);
 				}
@@ -496,8 +503,9 @@ static int mysql_set_user_key(u08bits *usname, u08bits *realm, const char *key)
   return ret;
 }
 
-static int mysql_set_oauth_key(oauth_key_data_raw *key) {
-  int ret = -1;
+static int mysql_set_oauth_key(oauth_key_data_raw *key)
+{
+	int ret = -1;
 	char statement[TURN_LONG_STRING_SIZE];
 	MYSQL * myc = get_mydb_connection();
 	if(myc) {
@@ -511,10 +519,14 @@ static int mysql_set_oauth_key(oauth_key_data_raw *key) {
 			res = mysql_query(myc, statement);
 			if(res) {
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error inserting/updating oauth key information: %s\n",mysql_error(myc));
+			} else {
+				ret = 0;
 			}
+		} else {
+			ret = 0;
 		}
 	}
-  return ret;
+	return ret;
 }
   
 static int mysql_del_user(u08bits *usname, u08bits *realm) {

src/apps/relay/dbdrivers/dbd_pgsql.c

@@ -187,7 +187,7 @@ static int pgsql_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
 	return ret;
 }
 
-static int pgsql_list_oauth_keys(void) {
+static int pgsql_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secrets_list_t *teas,secrets_list_t *aas) {
 
 	oauth_key_data_raw key_;
 	oauth_key_data_raw *key=&key_;
@@ -217,9 +217,16 @@ static int pgsql_list_oauth_keys(void) {
 				STRCPY((char*)key->auth_key,PQgetvalue(res,i,7));
 				STRCPY((char*)key->kid,PQgetvalue(res,i,8));
 
-				printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n",
+				if(kids) {
+					add_to_secrets_list(kids,key->kid);
+					add_to_secrets_list(hkdfs,key->hkdf_hash_func);
+					add_to_secrets_list(teas,key->as_rs_alg);
+					add_to_secrets_list(aas,key->auth_alg);
+				} else {
+					printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n",
 						key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->hkdf_hash_func,
 						key->as_rs_alg, key->as_rs_key, key->auth_alg, key->auth_key);
+				}
 
 				ret = 0;
 			}
@@ -283,7 +290,10 @@ static int pgsql_set_oauth_key(oauth_key_data_raw *key) {
 		  } else {
 			  ret = 0;
 		  }
+	  } else {
+		  ret = 0;
 	  }
+
 	  if(res) {
 		  PQclear(res);
 	  }

src/apps/relay/dbdrivers/dbd_redis.c

@@ -637,7 +637,7 @@ static int redis_list_users(u08bits *realm, secrets_list_t *users, secrets_list_
 	return ret;
 }
 
-static int redis_list_oauth_keys(void) {
+static int redis_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secrets_list_t *teas,secrets_list_t *aas) {
   int ret = -1;
   redisContext *rc = get_redis_connection();
   secrets_list_t keys;
@@ -673,9 +673,16 @@ static int redis_list_oauth_keys(void) {
 	oauth_key_data_raw key_;
 	oauth_key_data_raw *key=&key_;
 	if(redis_get_oauth_key((const u08bits*)s,key) == 0) {
-		printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n",
-		    key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->hkdf_hash_func,
-		    key->as_rs_alg, key->as_rs_key, key->auth_alg, key->auth_key);
+		if(kids) {
+			add_to_secrets_list(kids,key->kid);
+			add_to_secrets_list(hkdfs,key->hkdf_hash_func);
+			add_to_secrets_list(teas,key->as_rs_alg);
+			add_to_secrets_list(aas,key->auth_alg);
+		} else {
+			printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n",
+							key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->hkdf_hash_func,
+							key->as_rs_alg, key->as_rs_key, key->auth_alg, key->auth_key);
+		}
 	}
   }
 

src/apps/relay/dbdrivers/dbd_sqlite.c

@@ -329,7 +329,7 @@ static int sqlite_get_oauth_key(const u08bits *kid, oauth_key_data_raw *key) {
 	return ret;
 }
 
-static int sqlite_list_oauth_keys(void) {
+static int sqlite_list_oauth_keys(secrets_list_t *kids,secrets_list_t *hkdfs,secrets_list_t *teas,secrets_list_t *aas) {
 
 	oauth_key_data_raw key_;
 	oauth_key_data_raw *key=&key_;
@@ -363,11 +363,18 @@ static int sqlite_list_oauth_keys(void) {
 					STRCPY((char*)key->as_rs_key,sqlite3_column_text(st, 5));
 					STRCPY((char*)key->auth_alg,sqlite3_column_text(st, 6));
 					STRCPY((char*)key->auth_key,sqlite3_column_text(st, 7));
-					STRCPY((char*)key->kid,sqlite3_column_text(st, 7));
+					STRCPY((char*)key->kid,sqlite3_column_text(st, 8));
 
-					printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n",
-						key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->hkdf_hash_func,
-						key->as_rs_alg, key->as_rs_key, key->auth_alg, key->auth_key);
+					if(kids) {
+						add_to_secrets_list(kids,key->kid);
+						add_to_secrets_list(hkdfs,key->hkdf_hash_func);
+						add_to_secrets_list(teas,key->as_rs_alg);
+						add_to_secrets_list(aas,key->auth_alg);
+					} else {
+						printf("  kid=%s, ikm_key=%s, timestamp=%llu, lifetime=%lu, hkdf_hash_func=%s, as_rs_alg=%s, as_rs_key=%s, auth_alg=%s, auth_key=%s\n",
+										key->kid, key->ikm_key, (unsigned long long)key->timestamp, (unsigned long)key->lifetime, key->hkdf_hash_func,
+										key->as_rs_alg, key->as_rs_key, key->auth_alg, key->auth_key);
+					}
 
 				} else if (res == SQLITE_DONE) {
 					break;

src/apps/relay/dbdrivers/dbdriver.h

@@ -68,7 +68,7 @@ typedef struct _turn_dbdriver_t {
   int (*set_oauth_key)(oauth_key_data_raw *key);
   int (*get_oauth_key)(const u08bits *kid, oauth_key_data_raw *key);
   int (*del_oauth_key)(const u08bits *kid);
-  int (*list_oauth_keys)(void);
+  int (*list_oauth_keys)(secrets_list_t *kids,secrets_list_t *hkdfs,secrets_list_t *teas,secrets_list_t *aas);
   int (*get_admin_user)(const u08bits *usname, u08bits *realm, password_t pwd);
   int (*set_admin_user)(const u08bits *usname, const u08bits *realm, const password_t pwd);
   int (*del_admin_user)(const u08bits *usname);

src/apps/relay/http_server.c

@@ -117,7 +117,7 @@ static struct headers_list * post_parse(char *data, size_t data_len)
 		value = value ? value : "";
 		value = evhttp_decode_uri(value);
 		char *p = value;
-		while (*p != '\0') {
+		while (*p) {
 			if (*p == '+')
 				*p = ' ';
 			p++;
@@ -135,6 +135,7 @@ static struct headers_list * post_parse(char *data, size_t data_len)
 
 static struct http_request* parse_http_request_1(struct http_request* ret, char* request, int parse_post)
 {
+
 	if(ret && request) {
 
 		char* s = strstr(request," HTTP/");
@@ -266,7 +267,7 @@ static void free_headers_list(struct headers_list *h) {
 }
 
 const char *get_http_header_value(const struct http_request *request, const char* key, const char* default_value) {
-	const char *ret = default_value;
+	const char *ret = NULL;
 	if(key && key[0] && request && request->headers) {
 		if(request->headers->uri_headers) {
 			ret = evhttp_find_header(request->headers->uri_headers,key);
@@ -274,7 +275,9 @@ const char *get_http_header_value(const struct http_request *request, const char
 		if(!ret && request->headers->post_headers) {
 			ret = get_headers_list_value(request->headers->post_headers,key);
 		}
-		if(!ret) ret = default_value;
+	}
+	if(!ret) {
+		ret = default_value;
 	}
 	return ret;
 }

src/apps/relay/turn_admin_server.c

@@ -1392,6 +1392,12 @@ typedef enum _AS_FORM AS_FORM;
 #define HR_ADD_IP_REALM "aipr"
 #define HR_ADD_IP_KIND "aipk"
 #define HR_UPDATE_PARAMETER "togglepar"
+#define HR_ADD_OAUTH_KID "oauth_kid"
+#define HR_ADD_OAUTH_IKM "oauth_ikm"
+#define HR_ADD_OAUTH_HKDF "oauth_hkdf"
+#define HR_ADD_OAUTH_TEA "oauth_tea"
+#define HR_ADD_OAUTH_AA "oauth_aa"
+#define HR_DELETE_OAUTH_KID "oauth_kid_del"
 
 struct form_name {
 	AS_FORM form;
@@ -1558,9 +1564,11 @@ static void write_https_home_page(ioa_socket_handle s)
 			str_buffer_append(sb,form_names[AS_FORM_OS].name);
 			str_buffer_append(sb,"\">");
 
-			str_buffer_append(sb,"<br><input type=\"submit\" value=\"oAuth keys\" formaction=\"");
-			str_buffer_append(sb,form_names[AS_FORM_OAUTH].name);
-			str_buffer_append(sb,"\">");
+			if(is_superuser()) {
+				str_buffer_append(sb,"<br><input type=\"submit\" value=\"oAuth keys\" formaction=\"");
+				str_buffer_append(sb,form_names[AS_FORM_OAUTH].name);
+				str_buffer_append(sb,"\">");
+			}
 
 			str_buffer_append(sb,"</fieldset>\r\n");
 			str_buffer_append(sb,"</form>\r\n");
@@ -2778,6 +2786,246 @@ static void write_origins_page(ioa_socket_handle s, const char* add_origin, cons
 	}
 }
 
+static size_t https_print_oauth_keys(struct str_buffer* sb)
+{
+	size_t ret = 0;
+	const turn_dbdriver_t * dbd = get_dbdriver();
+	if (dbd && dbd->list_oauth_keys) {
+		secrets_list_t kids,hkdfs,teas,aas;
+		init_secrets_list(&kids);
+		init_secrets_list(&hkdfs);
+		init_secrets_list(&teas);
+		init_secrets_list(&aas);
+		dbd->list_oauth_keys(&kids,&hkdfs,&teas,&aas);
+
+		size_t sz = get_secrets_list_size(&kids);
+		size_t i;
+		for(i=0;i<sz;++i) {
+			str_buffer_append(sb,"<tr><td>");
+			str_buffer_append_sz(sb,i+1);
+			str_buffer_append(sb,"</td>");
+			str_buffer_append(sb,"<td>");
+			str_buffer_append(sb,get_secrets_list_elem(&kids,i));
+			str_buffer_append(sb,"</td>");
+			str_buffer_append(sb,"<td>");
+			str_buffer_append(sb,get_secrets_list_elem(&hkdfs,i));
+			str_buffer_append(sb,"</td>");
+			str_buffer_append(sb,"<td>");
+			str_buffer_append(sb,get_secrets_list_elem(&teas,i));
+			str_buffer_append(sb,"</td>");
+			str_buffer_append(sb,"<td>");
+			str_buffer_append(sb,get_secrets_list_elem(&aas,i));
+			str_buffer_append(sb,"</td>");
+
+			{
+				str_buffer_append(sb,"<td> <a href=\"");
+				str_buffer_append(sb,form_names[AS_FORM_OAUTH].name);
+				str_buffer_append(sb,"?");
+				str_buffer_append(sb,HR_DELETE_OAUTH_KID);
+				str_buffer_append(sb,"=");
+				str_buffer_append(sb,get_secrets_list_elem(&kids,i));
+				str_buffer_append(sb,"\">delete</a>");
+				str_buffer_append(sb,"</td>");
+			}
+			str_buffer_append(sb,"</tr>");
+			++ret;
+		}
+
+		clean_secrets_list(&kids);
+		clean_secrets_list(&hkdfs);
+		clean_secrets_list(&teas);
+		clean_secrets_list(&aas);
+	}
+
+	return ret;
+}
+
+static void write_https_oauth_page(ioa_socket_handle s, const char* add_kid, const char* add_ikm,
+				const char* add_hkdf_hash_func, const char* add_tea, const char* add_aa,
+				const char* msg)
+{
+	if(s && !ioa_socket_tobeclosed(s)) {
+
+		if(!(s->as_ok)) {
+			write_https_logon_page(s);
+		} else if(!is_superuser()) {
+			write_https_home_page(s);
+		} else {
+
+			struct str_buffer* sb = str_buffer_new();
+
+			str_buffer_append(sb,"<!DOCTYPE html>\r\n<html>\r\n  <head>\r\n    <title>");
+			str_buffer_append(sb,admin_title);
+			str_buffer_append(sb,"</title>\r\n <style> table, th, td { border: 1px solid black; } table#msg th { color: red; background-color: white; } </style> </head>\r\n  <body>\r\n    ");
+			str_buffer_append(sb,bold_admin_title);
+			str_buffer_append(sb,"<br>\r\n");
+			str_buffer_append(sb,home_link);
+			str_buffer_append(sb,"<br>\r\n");
+
+			{
+				str_buffer_append(sb,"<form action=\"");
+				str_buffer_append(sb,form_names[AS_FORM_OAUTH].name);
+				str_buffer_append(sb,"\" method=\"POST\">\r\n");
+				str_buffer_append(sb,"  <fieldset><legend>oAuth key:</legend>\r\n");
+
+				if(msg && msg[0]) {
+					str_buffer_append(sb,"<br><table id=\"msg\"><th>");
+					str_buffer_append(sb,msg);
+					str_buffer_append(sb,"</th></table><br>");
+				}
+
+				{
+					if(!add_kid) add_kid="";
+
+					str_buffer_append(sb,"  <br>KID: <input type=\"text\" name=\"");
+					str_buffer_append(sb,HR_ADD_OAUTH_KID);
+					str_buffer_append(sb,"\" value=\"");
+					str_buffer_append(sb,(const char*)add_kid);
+					str_buffer_append(sb,"\"");
+					str_buffer_append(sb,"><br>\r\n");
+				}
+				{
+					if(!add_ikm) add_ikm = "";
+
+					str_buffer_append(sb,"  <br>Base64-encoded input keying material: <input type=\"text\" name=\"");
+					str_buffer_append(sb,HR_ADD_OAUTH_IKM);
+					str_buffer_append(sb,"\" value=\"");
+					str_buffer_append(sb,(const char*)add_ikm);
+					str_buffer_append(sb,"\"");
+					str_buffer_append(sb,"><br>\r\n");
+				}
+				{
+					str_buffer_append(sb,"><br>Hash key derivation function:<br>\r\n");
+
+					if(!add_hkdf_hash_func || !add_hkdf_hash_func[0])
+						add_hkdf_hash_func = "SHA-256";
+
+					str_buffer_append(sb,"<input type=\"radio\" name=\"");
+					str_buffer_append(sb,HR_ADD_OAUTH_HKDF);
+					str_buffer_append(sb,"\" value=\"SHA-1\" ");
+					if(!strcmp("SHA-1",add_hkdf_hash_func)) {
+						str_buffer_append(sb," checked ");
+					}
+					str_buffer_append(sb,">SHA-1\r\n<br>\r\n");
+
+					str_buffer_append(sb,"<input type=\"radio\" name=\"");
+					str_buffer_append(sb,HR_ADD_OAUTH_HKDF);
+					str_buffer_append(sb,"\" value=\"SHA-256\" ");
+					if(strcmp("SHA-1",add_hkdf_hash_func)) {
+						str_buffer_append(sb," checked ");
+					}
+					str_buffer_append(sb,">SHA-256\r\n<br>\r\n");
+				}
+				{
+					str_buffer_append(sb,"><br>Token encryption algorithm:<br>\r\n");
+
+					if(!add_tea || !add_tea[0])
+						add_tea = "AES-256-CBC";
+
+					str_buffer_append(sb,"<input type=\"radio\" name=\"");
+					str_buffer_append(sb,HR_ADD_OAUTH_TEA);
+					str_buffer_append(sb,"\" value=\"AES-128-CBC\" ");
+					if(!strcmp("AES-128-CBC",add_tea)) {
+						str_buffer_append(sb," checked ");
+					}
+					str_buffer_append(sb,">AES-128-CBC\r\n<br>\r\n");
+
+					str_buffer_append(sb,"<input type=\"radio\" name=\"");
+					str_buffer_append(sb,HR_ADD_OAUTH_TEA);
+					str_buffer_append(sb,"\" value=\"AES-256-CBC\" ");
+					if(!strcmp("AES-256-CBC",add_tea)) {
+						str_buffer_append(sb," checked ");
+					}
+					str_buffer_append(sb,">AES-256-CBC\r\n<br>\r\n");
+
+					str_buffer_append(sb,"<input type=\"radio\" name=\"");
+					str_buffer_append(sb,HR_ADD_OAUTH_TEA);
+					str_buffer_append(sb,"\" value=\"AEAD-AES-128-GCM\" ");
+					if(!strcmp("AEAD-AES-128-GCM",add_tea)) {
+						str_buffer_append(sb," checked ");
+					}
+					str_buffer_append(sb,">AEAD-AES-128-GCM\r\n<br>\r\n");
+
+					str_buffer_append(sb,"<input type=\"radio\" name=\"");
+					str_buffer_append(sb,HR_ADD_OAUTH_TEA);
+					str_buffer_append(sb,"\" value=\"AEAD-AES-256-GCM\" ");
+					if(!strcmp("AEAD-AES-256-GCM",add_tea)) {
+						str_buffer_append(sb," checked ");
+					}
+					str_buffer_append(sb,">AEAD-AES-256-GCM\r\n<br>\r\n");
+				}
+				{
+					str_buffer_append(sb,"><br>Token authentication algorithm:<br>\r\n");
+
+					if(!add_aa || !add_aa[0])
+						add_aa = "HMAC-SHA-256-128";
+
+					str_buffer_append(sb,"<input type=\"radio\" name=\"");
+					str_buffer_append(sb,HR_ADD_OAUTH_AA);
+					str_buffer_append(sb,"\" value=\"HMAC-SHA-256-128\" ");
+					if(!strcmp("HMAC-SHA-256-128",add_aa)) {
+						str_buffer_append(sb," checked ");
+					}
+					str_buffer_append(sb,">HMAC-SHA-256-128\r\n<br>\r\n");
+
+					str_buffer_append(sb,"<input type=\"radio\" name=\"");
+					str_buffer_append(sb,HR_ADD_OAUTH_AA);
+					str_buffer_append(sb,"\" value=\"HMAC-SHA-256\" ");
+					if(!strcmp("HMAC-SHA-256",add_aa)) {
+						str_buffer_append(sb," checked ");
+					}
+					str_buffer_append(sb,">HMAC-SHA-256\r\n<br>\r\n");
+
+					str_buffer_append(sb,"<input type=\"radio\" name=\"");
+					str_buffer_append(sb,HR_ADD_OAUTH_AA);
+					str_buffer_append(sb,"\" value=\"HMAC-SHA-1\" ");
+					if(!strcmp("HMAC-SHA-1",add_aa)) {
+						str_buffer_append(sb," checked ");
+					}
+					str_buffer_append(sb,">HMAC-SHA-1\r\n<br>\r\n");
+				}
+
+				str_buffer_append(sb,"<br><input type=\"submit\" value=\"Add key\">");
+
+				str_buffer_append(sb,"</fieldset>\r\n");
+				str_buffer_append(sb,"</form>\r\n");
+			}
+
+			str_buffer_append(sb,"<br><b>OAuth keys:</b><br><br>\r\n");
+			str_buffer_append(sb,"<table>\r\n");
+			str_buffer_append(sb,"<tr><th>N</th><th>KID</th>");
+			str_buffer_append(sb,"<th>Hash key derivation function</th>");
+			str_buffer_append(sb,"<th>Token encryption algorithm</th>");
+			str_buffer_append(sb,"<th>Token authentication algorithm</th>");
+			str_buffer_append(sb,"<th> </th>");
+			str_buffer_append(sb,"</tr>\r\n");
+
+			size_t total_sz = https_print_oauth_keys(sb);
+
+			str_buffer_append(sb,"\r\n</table>\r\n");
+
+			str_buffer_append(sb,"<br>Total oAuth keys = ");
+			str_buffer_append_sz(sb,total_sz);
+			str_buffer_append(sb,"<br>\r\n");
+
+			str_buffer_append(sb,"</body>\r\n</html>\r\n");
+
+			send_str_from_ioa_socket_tcp(s,"HTTP/1.1 200 OK\r\nServer: ");
+			send_str_from_ioa_socket_tcp(s,TURN_SOFTWARE);
+			send_str_from_ioa_socket_tcp(s,"\r\n");
+			send_str_from_ioa_socket_tcp(s,get_http_date_header());
+			send_str_from_ioa_socket_tcp(s,"Content-Type: text/html; charset=UTF-8\r\nContent-Length: ");
+
+			send_ulong_from_ioa_socket_tcp(s,str_buffer_get_str_len(sb));
+
+			send_str_from_ioa_socket_tcp(s,"\r\n\r\n");
+			send_str_from_ioa_socket_tcp(s,str_buffer_get_str(sb));
+
+			str_buffer_free(sb);
+		}
+	}
+}
+
 static void handle_toggle_request(ioa_socket_handle s, struct http_request* hr)
 {
 	if(s && hr) {
@@ -3197,11 +3445,63 @@ static void handle_https(ioa_socket_handle s, ioa_network_buffer_handle nbh)
 				break;
 			}
 			case AS_FORM_OAUTH: {
-				if(s->as_ok) {
-					//TODO
+				if(!s->as_ok) {
+					write_https_logon_page(s);
+				} else if(!is_superuser()) {
 					write_https_home_page(s);
 				} else {
-					write_https_logon_page(s);
+
+					{
+						const char* del_kid = get_http_header_value(hr,HR_DELETE_OAUTH_KID,"");
+						if(del_kid[0]) {
+							const turn_dbdriver_t * dbd = get_dbdriver();
+							if (dbd && dbd->del_oauth_key) {
+								(*dbd->del_oauth_key)((const u08bits*)del_kid);
+							}
+						}
+					}
+
+					const char* add_kid = "";
+					const char* add_ikm = "";
+					const char* add_hkdf_hash_func = "";
+					const char* add_tea = "";
+					const char* add_aa = "";
+					const char* msg = "";
+
+					add_kid = get_http_header_value(hr,HR_ADD_OAUTH_KID,"");
+					if(add_kid[0]) {
+						add_ikm = get_http_header_value(hr,HR_ADD_OAUTH_IKM,"");
+						if(add_ikm[0]) {
+							add_hkdf_hash_func = get_http_header_value(hr,HR_ADD_OAUTH_HKDF,"");
+							add_tea = get_http_header_value(hr,HR_ADD_OAUTH_TEA,"");
+							add_aa = get_http_header_value(hr,HR_ADD_OAUTH_AA,"");
+
+							oauth_key_data_raw key;
+							ns_bzero(&key,sizeof(key));
+							STRCPY(key.kid,add_kid);
+							STRCPY(key.ikm_key,add_ikm);
+							STRCPY(key.hkdf_hash_func,add_hkdf_hash_func);
+							STRCPY(key.as_rs_alg,add_tea);
+							STRCPY(key.auth_alg,add_aa);
+
+							if(strstr(key.as_rs_alg,"AEAD")) key.auth_alg[0]=0;
+
+							const turn_dbdriver_t * dbd = get_dbdriver();
+							if (dbd && dbd->set_oauth_key) {
+								if((*dbd->set_oauth_key)(&key)<0) {
+									msg = "Cannot insert oAuth key into the database";
+								} else {
+									add_kid = "";
+									add_ikm = "";
+									add_hkdf_hash_func = "";
+									add_tea = "";
+									add_aa = "";
+								}
+							}
+						}
+					}
+
+					write_https_oauth_page(s,add_kid,add_ikm,add_hkdf_hash_func,add_tea,add_aa,msg);
 				}
 				break;
 			}

src/apps/relay/userdb.c

@@ -405,7 +405,7 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u
 	if(max_session_time)
 		*max_session_time = 0;
 
-	if(in_oauth && out_oauth && usname && usname[0] && realm && realm[0]) {
+	if(in_oauth && out_oauth && usname && usname[0]) {
 
 		stun_attr_ref sar = stun_attr_get_first_by_type_str(ioa_network_buffer_data(nbh),
 								ioa_network_buffer_get_size(nbh),
@@ -471,6 +471,10 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u
 					const char* server_name = (char*)turn_params.oauth_server_name;
 					if(!(server_name && server_name[0])) {
 						server_name = (char*)realm;
+						if(!(server_name && server_name[0])) {
+							TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot determine oAuth server name");
+							return -1;
+						}
 					}
 
 					if (decode_oauth_token((const u08bits *) server_name, &etoken,&okey, &dot) < 0) {