Progress 4gl 安全套接字认证
Progress 4gl Secure Socket Authentication
当前正在尝试与具有使用 username:password@domain 语法的身份验证设置的主机执行套接字连接。当通过命令行 运行 时,以下 curl 请求工作正常:
/opt/pware/bin/curl -s -v -S -k -X POST -d @/test/worldpay.xml https://username:password@secure-test.worldpay.com/jsp/merchant/xml/paymentService.jsp
问题出在尝试使用进度安全套接字 post 相同的 worldpay.xml 负载文件时。我的套接字使用以下方式连接:
DEFINE VARIABLE vhSocket AS HANDLE NO-UNDO.
CREATE SOCKET vhSocket.
vhSocket:CONNECT('-H test.worldpay.com -S 443 -ssl -nohostverify') NO-ERROR.
IF vhSocket:CONNECTED() EQ FALSE THEN
DO:
Message "COULD NOT CONNECT".
vhSocket:DISCONNECT().
DELETE OBJECT vhSocket NO-ERROR.
RETURN.
END.
ELSE
Message "CONNECTED!".
打开套接字连接后,我将按如下方式设置 header:
ASSIGN
vRequest = 'POST ' +
username + ":" + password + "@" + "/jsp/merchant/xml/paymentService.jsp" +
' HTTPS/1.1' + chr(13) + chr(10) +
'Connect: close' + chr(13) + chr(10) +
'Host: ' + "secure-test.worldpay.com" + chr(13) + chr(10) +
'Content-Length: ' + string(LENGTH(postdata,"raw")) + chr(13) + chr(10) +
'Content-Type: text/xml' + chr(13) + chr(10) +
chr(13) + chr(10) +
postData +
chr(13) + chr(10).
set-byte-order(vData) = BIG-ENDIAN.
set-size(vData) = LENGTH(vRequest,"raw").
put-string(vData,1,LENGTH(vRequest,"raw")) = vRequest.
vReturnCode = vhSocket:WRITE(vData, 1, LENGTH(vRequest,"raw")).
任何有关弄清楚 header 应该如何构建或如何通过进行中的安全套接字执行基本身份验证的帮助将不胜感激。谢谢大家!
对于 http(s) 基本身份验证,您不会 POST 将用户名作为 URL 的一部分。
见https://en.wikipedia.org/wiki/Basic_access_authentication#Client_side
这是我们在 http 客户端中使用的内容,您必须将对 AddHttpHeader 的调用更改为将 header 行发送到服务器套接字的代码。
/*------------------------------------------------------------------------------
Purpose: Adds a basic authorization header to the request
Notes:
@param pcUserName The UserName to use for basic authorization
@param pcPassword The password to use for basic authorization
------------------------------------------------------------------------------*/
METHOD PUBLIC VOID SetBasicAuthorization (pcUserName AS CHARACTER,
pcPassword AS CHARACTER):
DEFINE VARIABLE cBase64 AS LONGCHAR NO-UNDO.
DEFINE VARIABLE mAuthorization AS MEMPTR NO-UNDO .
ASSIGN cBase64 = SUBSTITUTE ("&1:&2":U, pcUserName, pcPassword) .
SET-SIZE (mAuthorization) = LENGTH (cBase64) .
PUT-STRING (mAuthorization, 1, LENGTH (cBase64)) = cBase64 .
ASSIGN cBase64 = BASE64-ENCODE (mAuthorization) .
AddHttpHeader (SUBSTITUTE ("Authorization Basic &1":U, cBase64)) .
FINALLY:
SET-SIZE (mAuthorization) = 0 .
END FINALLY.
END METHOD .
所以在你的情况下,试试这个:
ASSIGN
vRequest = 'POST ' + "/jsp/merchant/xml/paymentService.jsp" +
' HTTPS/1.1' + chr(13) + chr(10) +
'Connect: close' + chr(13) + chr(10) +
'Host: ' + "secure-test.worldpay.com" + chr(13) + chr(10) +
'Content-Length: ' + string(LENGTH(postdata,"raw")) + chr(13) + chr(10) +
'Content-Type: text/xml' + chr(13) + chr(10) +
'Authorization: Basic ' + cBase64 + chr(13) + chr(10) +
chr(13) + chr(10) +
postData +
chr(13) + chr(10).
当前正在尝试与具有使用 username:password@domain 语法的身份验证设置的主机执行套接字连接。当通过命令行 运行 时,以下 curl 请求工作正常:
/opt/pware/bin/curl -s -v -S -k -X POST -d @/test/worldpay.xml https://username:password@secure-test.worldpay.com/jsp/merchant/xml/paymentService.jsp
问题出在尝试使用进度安全套接字 post 相同的 worldpay.xml 负载文件时。我的套接字使用以下方式连接:
DEFINE VARIABLE vhSocket AS HANDLE NO-UNDO.
CREATE SOCKET vhSocket.
vhSocket:CONNECT('-H test.worldpay.com -S 443 -ssl -nohostverify') NO-ERROR.
IF vhSocket:CONNECTED() EQ FALSE THEN
DO:
Message "COULD NOT CONNECT".
vhSocket:DISCONNECT().
DELETE OBJECT vhSocket NO-ERROR.
RETURN.
END.
ELSE
Message "CONNECTED!".
打开套接字连接后,我将按如下方式设置 header:
ASSIGN
vRequest = 'POST ' +
username + ":" + password + "@" + "/jsp/merchant/xml/paymentService.jsp" +
' HTTPS/1.1' + chr(13) + chr(10) +
'Connect: close' + chr(13) + chr(10) +
'Host: ' + "secure-test.worldpay.com" + chr(13) + chr(10) +
'Content-Length: ' + string(LENGTH(postdata,"raw")) + chr(13) + chr(10) +
'Content-Type: text/xml' + chr(13) + chr(10) +
chr(13) + chr(10) +
postData +
chr(13) + chr(10).
set-byte-order(vData) = BIG-ENDIAN.
set-size(vData) = LENGTH(vRequest,"raw").
put-string(vData,1,LENGTH(vRequest,"raw")) = vRequest.
vReturnCode = vhSocket:WRITE(vData, 1, LENGTH(vRequest,"raw")).
任何有关弄清楚 header 应该如何构建或如何通过进行中的安全套接字执行基本身份验证的帮助将不胜感激。谢谢大家!
对于 http(s) 基本身份验证,您不会 POST 将用户名作为 URL 的一部分。
见https://en.wikipedia.org/wiki/Basic_access_authentication#Client_side
这是我们在 http 客户端中使用的内容,您必须将对 AddHttpHeader 的调用更改为将 header 行发送到服务器套接字的代码。
/*------------------------------------------------------------------------------
Purpose: Adds a basic authorization header to the request
Notes:
@param pcUserName The UserName to use for basic authorization
@param pcPassword The password to use for basic authorization
------------------------------------------------------------------------------*/
METHOD PUBLIC VOID SetBasicAuthorization (pcUserName AS CHARACTER,
pcPassword AS CHARACTER):
DEFINE VARIABLE cBase64 AS LONGCHAR NO-UNDO.
DEFINE VARIABLE mAuthorization AS MEMPTR NO-UNDO .
ASSIGN cBase64 = SUBSTITUTE ("&1:&2":U, pcUserName, pcPassword) .
SET-SIZE (mAuthorization) = LENGTH (cBase64) .
PUT-STRING (mAuthorization, 1, LENGTH (cBase64)) = cBase64 .
ASSIGN cBase64 = BASE64-ENCODE (mAuthorization) .
AddHttpHeader (SUBSTITUTE ("Authorization Basic &1":U, cBase64)) .
FINALLY:
SET-SIZE (mAuthorization) = 0 .
END FINALLY.
END METHOD .
所以在你的情况下,试试这个:
ASSIGN
vRequest = 'POST ' + "/jsp/merchant/xml/paymentService.jsp" +
' HTTPS/1.1' + chr(13) + chr(10) +
'Connect: close' + chr(13) + chr(10) +
'Host: ' + "secure-test.worldpay.com" + chr(13) + chr(10) +
'Content-Length: ' + string(LENGTH(postdata,"raw")) + chr(13) + chr(10) +
'Content-Type: text/xml' + chr(13) + chr(10) +
'Authorization: Basic ' + cBase64 + chr(13) + chr(10) +
chr(13) + chr(10) +
postData +
chr(13) + chr(10).