Client certificates in Jade http and web services

[Callum]

We are attempting to implement an interface with the Portuguese tax authority AT that uses client certificates as well as server certificates to verify the identify of the sending software. The issue is that there does not seem to be any way of specifying the client certificate in either a jade web service call or jade http call.

It looks like the underlying windows winhttp does support this and perhaps it is just a matter of knowing which headers to set in the http request, from trawling the web it looks like the .net variables are WINHTTP_OPTION_CLIENT_CERT_CONTEXT to specify the certificate in the trust store and possibly another to turn this feature on/off.

Following are links to the .net specification that also uses winhttp.
https://msdn.microsoft.com/en-us/librar ... s.85).aspx
https://msdn.microsoft.com/en-us/librar ... RT_CONTEXT
https://msdn.microsoft.com/en-us/librar ... s.85).aspx

I am getting a 12044 error that a client certificate is required
https://msdn.microsoft.com/en-us/librar ... s.85).aspx

Many hours have been spent trying to get this to work so any help would be very much appreciated..

Cheers Callum (Abel Software)

[suzuki1100]

Hi Callum,

Have done this using winhttp to connect to an external service using certs.
Called _jadeActiveXInvoke('SetClientCertificate', 1, '0.24,1.8', clientCertificate);

where clientCertificate specifies the location, certificate store, and subject of a client certificate.

https://docs.microsoft.com/en-us/window ... ertificate

[Callum]

Thanks suzuki1100! looks very promising.. we've been pulling our hair out!

Here is a Jade script we put together as a basic test. Would you be able suggest how we'd use _jadeActiveXInvoke in there?

Also I see you're in AKL, do we know each other?

testATConnection();

vars
jadehttp : JadeHTTPConnection;
soapexcp : JadeSOAPException;
xbnry : Binary;
xlocn : String;
xpath : String;
xstrg : String;
xmesg : String;
xstat : Integer;
begin
xlocn := "https://servicos.portaldasfinancas.gov. ... ws/faturas";
write "xlocn "&xlocn;
//write "inputMessage "&inputMessage;

create jadehttp transient;
jadehttp.usePresentationClient := true;
jadehttp.scheme := JadeHTTPConnection.Scheme_HTTPS;
jadehttp.connectTimeout := 20000; //timeout after 20 seconds with no connection
jadehttp.sendTimeout := 20000; //timeout after 20 seconds if not sent
jadehttp.receiveTimeout := 20000; //timeout after 20 seconds with no response
jadehttp.setReload(true);
//self.soapRequest := inputMessage;

xbnry := jadehttp.getHttpPageBinary('Post',xlocn,xpath,
xmesg,'text/xml; charset=utf-8');
if xbnry = null then xbnry := jadehttp.readBody(0); endif;

//write jadehttp.display;
//write "xbnry "&xbnry.display;

xstat := jadehttp.queryStatusCode;
if xstat = null then xstat := 503; endif;
if xbnry = null then xstat := 503; endif;

if xstat <> 200 and xbnry = null then
write "Error : "&xstat.String; return;
endif;

//xstrg := xbnry.unicodeToAnsi;
xstrg := xbnry.StringUtf8.asString(null);
write "xstrg "&xstrg;
end;

[suzuki1100]

Hi,
Yup we had a beer at the last Jade user group - well - many beers.

Detail for those new to ActiveX usage
Run 32 bit Fat client IDE, click browse External Component Libraries.
Right mouse click in ActiveX tab and select import -> Automation library
Find WinHtppRequest and import - Subclass of ActiveXAutomation will be added with available library method calls added.

Code: Select all

constants NotAsynch = false; vars winHttpRequest: WinHttpRequest; body: Binary; begin create winHttpRequest transient; winHttpRequest.open('POST', 'HTTPS://.......', NotAsynch ); winHttpRequest.setRequestHeader('Accept', "application/xml"); //Additional required headers.... winHttpRequest.setClientCertificate('LOCAL_MACHINE\MY\MyCertificateName'); winHttpRequest.send(''); // -2147012852 means certificate is missing if winHttpRequest.status <> 200 then write "SendRequsest failed"; write ' Status - ' & winHttpRequest.status.String & " - " & winHttpRequest.statusText; return; endif; body := winHttpRequest.responseBody().Binary; write "SendRequest was successful"; write ' Header = ' & winHttpRequest.getAllResponseHeaders(); write ' Body = ' & winHttpRequest.responseBody.String; write ' Binary = ' & body.String; write " SID - " & body.String; epilog delete winHttpRequest; end;

[allistar]

Awesome, thanks Troy. Ctrl-C, Ctrl-V here I come!