Page 1 of 1

Client certificates in Jade http and web services

Posted: Thu Jun 28, 2018 11:58 am
by Callum
We are attempting to implement an interface with the Portuguese tax authority AT that uses client certificates as well as server certificates to verify the identify of the sending software. The issue is that there does not seem to be any way of specifying the client certificate in either a jade web service call or jade http call.

It looks like the underlying windows winhttp does support this and perhaps it is just a matter of knowing which headers to set in the http request, from trawling the web it looks like the .net variables are WINHTTP_OPTION_CLIENT_CERT_CONTEXT to specify the certificate in the trust store and possibly another to turn this feature on/off.

Following are links to the .net specification that also uses winhttp.
https://msdn.microsoft.com/en-us/librar ... s.85).aspx
https://msdn.microsoft.com/en-us/librar ... RT_CONTEXT
https://msdn.microsoft.com/en-us/librar ... s.85).aspx

I am getting a 12044 error that a client certificate is required
https://msdn.microsoft.com/en-us/librar ... s.85).aspx

Many hours have been spent trying to get this to work so any help would be very much appreciated..

Cheers Callum (Abel Software)

Re: Client certificates in Jade http and web services

Posted: Thu Jun 28, 2018 1:57 pm
by suzuki1100
Hi Callum,

Have done this using winhttp to connect to an external service using certs.
Called _jadeActiveXInvoke('SetClientCertificate', 1, '0.24,1.8', clientCertificate);

where clientCertificate specifies the location, certificate store, and subject of a client certificate.

https://docs.microsoft.com/en-us/window ... ertificate

Re: Client certificates in Jade http and web services

Posted: Fri Jun 29, 2018 4:32 pm
by Callum
Thanks suzuki1100! looks very promising.. we've been pulling our hair out!

Here is a Jade script we put together as a basic test. Would you be able suggest how we'd use _jadeActiveXInvoke in there?

Also I see you're in AKL, do we know each other?

testATConnection();

vars
jadehttp : JadeHTTPConnection;
soapexcp : JadeSOAPException;
xbnry : Binary;
xlocn : String;
xpath : String;
xstrg : String;
xmesg : String;
xstat : Integer;
begin
xlocn := "https://servicos.portaldasfinancas.gov. ... ws/faturas";
write "xlocn "&xlocn;
//write "inputMessage "&inputMessage;

create jadehttp transient;
jadehttp.usePresentationClient := true;
jadehttp.scheme := JadeHTTPConnection.Scheme_HTTPS;
jadehttp.connectTimeout := 20000; //timeout after 20 seconds with no connection
jadehttp.sendTimeout := 20000; //timeout after 20 seconds if not sent
jadehttp.receiveTimeout := 20000; //timeout after 20 seconds with no response
jadehttp.setReload(true);
//self.soapRequest := inputMessage;

xbnry := jadehttp.getHttpPageBinary('Post',xlocn,xpath,
xmesg,'text/xml; charset=utf-8');
if xbnry = null then xbnry := jadehttp.readBody(0); endif;

//write jadehttp.display;
//write "xbnry "&xbnry.display;

xstat := jadehttp.queryStatusCode;
if xstat = null then xstat := 503; endif;
if xbnry = null then xstat := 503; endif;

if xstat <> 200 and xbnry = null then
write "Error : "&xstat.String; return;
endif;

//xstrg := xbnry.unicodeToAnsi;
xstrg := xbnry.StringUtf8.asString(null);
write "xstrg "&xstrg;
end;

Re: Client certificates in Jade http and web services

Posted: Fri Jun 29, 2018 5:07 pm
by suzuki1100
Hi,
Yup we had a beer at the last Jade user group - well - many beers.

Detail for those new to ActiveX usage

Run 32 bit Fat client IDE, click browse External Component Libraries.
Right mouse click in ActiveX tab and select import -> Automation library
Find WinHtppRequest and import - Subclass of ActiveXAutomation will be added with available library method calls added.

Code: Select all

constants NotAsynch = false; vars winHttpRequest: WinHttpRequest; body: Binary; begin create winHttpRequest transient; winHttpRequest.open('POST', 'HTTPS://.......', NotAsynch ); winHttpRequest.setRequestHeader('Accept', "application/xml"); //Additional required headers.... winHttpRequest.setClientCertificate('LOCAL_MACHINE\MY\MyCertificateName'); winHttpRequest.send(''); // -2147012852 means certificate is missing if winHttpRequest.status <> 200 then write "SendRequsest failed"; write ' Status - ' & winHttpRequest.status.String & " - " & winHttpRequest.statusText; return; endif; body := winHttpRequest.responseBody().Binary; write "SendRequest was successful"; write ' Header = ' & winHttpRequest.getAllResponseHeaders(); write ' Body = ' & winHttpRequest.responseBody.String; write ' Binary = ' & body.String; write " SID - " & body.String; epilog delete winHttpRequest; end;

Re: Client certificates in Jade http and web services

Posted: Mon Jul 02, 2018 10:54 am
by allistar
Awesome, thanks Troy. Ctrl-C, Ctrl-V here I come!