Forums

[bonndias]

We have to call an extern WebService using HTTPS. The URL providing WSDL is a HTTPS-URL and the service endpoint too. I got a CRT file and a P12 file. I know how to invoke a HTTP-WebService but what to do with these files and how to tell Smalltalk to use these for connecting the HTTPS-URL?

Best regards

Joa

[tc]

Certificates can definitely be used at the sockets level in ST, but I am not sure we support WSDL over HTTPS. Part of the reason is it seems there is not an agreed upon standard. The following is from the book 'Web Services Essentials':

Fortunately, both XML-RPC and SOAP run primarily on top of HTTP, and XML communications can therefore be encrypted via the Secure Sockets Layer (SSL). SSL is a proven technology, is widely deployed, and is therefore a very viable option for encrypting messages.

However, a key element of web services is that a single web service may consist of a chain of applications. For example, one large service might tie together the services of three other applications. In this case, SSL is not adequate; the messages need to be encrypted at each node along the service path, and each node represents a potential weak link in the chain. Currently, there is no agreed-upon solution to this issue, but one promising solution is the W3C XML Encryption Standard. This standard provides a framework for encrypting and decrypting entire XML documents or just portions of an XML document, and it is likely to receive widespread industry support. Information on the XML Encryption Standard is available at http://www.w3.org/Encryption/.

--tc

[bonndias]

Certificates can definitely be used at the sockets level in ST, but I am not sure we support WSDL over HTTPS. Part of the reason is it seems there is not an agreed upon standard. The following is from the book 'Web Services Essentials':

That's no good news... Can you provide information on how to tell a ST socket to use a Certificate and a P12 file? Perhaps that could help me to find a clou from the ST code to do the rest.


Joa

[Diane Engles]

Hi,

I'm going to quote from a couple of posts by Bryan Hogan, who worked on Web Services when the product was in-house at IBM. You can still find these posts on an old Yahoo newsgroup, but you may have to sign up to view them: http://groups.yahoo.com/group/vastws/message/326.

"Below is information/instructions that describe how to use HTTPS (SSL) to
secure the VAST Insurance example.

1) Modify the implementation WSDL to specify an https URL as the service
endpoint. ie) <soap:address location=
"https://vasthost:63003/SstWSServlet"/>

When the service is deployed, the endpoint will automatically be created as
'https' listener. It may be necessary for you to customize the transport
configuration for the 'https' transport prior to deploying the service.
See the method SstHttpsCommunications>>#serverTransportConfiguration for
the default configuration. You will see that an SSL "security
configuration" is created, and the default configuration specifies a
certificate file name of 'cert.pem' and a key file name of 'key.pem'.
When clients try to connect to the 'https' endpoint, SSL will attempt to
authenticate using the specified certificate file. SSL errors will occur
if the certificate is not found. So, you can either create and register a
custom transport configuration, or copy your certificate file to the name
'cert.pem' in your image directory.

See the method SstHttpsCommunications>>#registerPluginConfigurations to see
how transport configurations can be registered.

That should be all there is to it. Now, you can deploy your hosted service
and clients can invoke the service over secure connections."


Another post by Bryan from the same thread:

"Use the #serverTransportConfiguration method strictly as a model for
constructing a custom transport configuration. The method gets invoked at
application load time to initialize a registry of transport
configurations. Therefore, the #serverTransportConfiguration will not be invoked during
normal web service message processing. Step through the code below to
see how configurations are registered.

SstHttpsCommunications halt registerPluginConfigurations

You can replace the 'https' and 'httpsl' transport configurations with
customized versions if desired. If you replace the transport
configurations, be sure that equivalent code is executed in a runtime
image to properly initialize the transport registry.

When building your reduced runtime image, be sure to include the
application SstWebServicesHttpsSupport."

I have successfully modified the Insurance Example and created an ssl socket using these instructions; however they do not specifically cover deploying only the client wsdl and connecting with a remote server via https. Perhaps the example will give you a starting point.

Diane

[tc]

That's no good news... Can you provide information on how to tell a ST socket to use a Certificate and a P12 file? Perhaps that could help me to find a clou from the ST code to do the rest.

Here are the links to the manual for the server and client workspace that use SSL, but it is at the socket level only:
http://www2.instantiations.com/VAST/Docs/pr/stpr02.htm#ToC_750

. . . click on server and client workspace for the code. This plus what Diane posted may help you piece together what you need.

--tc

[benvandijk]

Certificates can definitely be used at the sockets level in ST, but I am not sure we support WSDL over HTTPS. Part of the reason is it seems there is not an agreed upon standard. The following is from the book 'Web Services Essentials':

That's no good news... Can you provide information on how to tell a ST socket to use a Certificate and a P12 file? Perhaps that could help me to find a clou from the ST code to do the rest.


Joa

Joa,

I assume the certificate and p12 file are encrypted, in which case you will have to extract the certificates from the files.
You can do this with the openssl command openssl pkcs12 -in C:\...\xxxx.p12 -out c:\....\xxxxx.pem –nodes
see also http://www.openssl.org. You need to copy the block of lines starting with the line begin rsa private key
and ending withe the line end rsa key to a seperate key.pem file. You need to copy the block of lines starting with the line begin certificate
and ending withe the line end certificate to a seperate cert.pem file. If there are more blocks, you should copy every block but leave a blank line between the blocks in the new cert.pem file.

You can connect the .pem files to the webservice using the next two smalltalk statements

Code: Select all

(SstTransport configurationRegistry at: 'httpsl') securityConfiguration certificateFilename: 'c:\....\cert.pem'.
(SstTransport configurationRegistry at: 'httpsl') securityConfiguration privateKeyFilename: 'c:\.....\key.pem'.

Now you should be able to call the https webservice like you call a httpp webservice.

Greetings, Ben.

[bonndias]

Sorry for replying that late, I couldn't try it earlier.
But now I can tell you that it works exactly as Ben suggested!!! You're great and thanks a lot.

Here are the details.
I extracted the certificate and private key using openssl. Adding them to the SstTransport configurationRegistry was the necessary step before invoking the webService via HTTP. All in all less than 10 lines for the first test!Smalltalk at it's best.

Joa

[frennyscott]

I know I am digging the old thread but I was finding the solution for the same problem since some time. And I am happy that finally I got the solution. Thanks guys.

[kevin85]

finally i found the solution after 4hours of searching. thanks for this very informative thread!
_____________________________
search engine optimization | -kevin chipper- | -85-