AS400 RPGLE unable to consume REST API with SSL - rest

I have successfully used IBM AxiscTransport API in AS400 (i 7.2) to consume REST API with HTTP. However, when there is SSL, my program fails with the following error.
TransportFlush() call failed: 55:AxisTransportException: Cannot open a channel
to the remote end. Failed to open connection to server, the operation gsk_secure_soc_init() failed. GSKit Error is 410 - Peer not recognized or badly formatted message received.
My sample source code:
uri = 'https://jsonplaceholder.typicode.com/posts/1';
propBuf = 'GET' + X'00';
axiscTransportSetProperty(tHandle: AXISC_PROPERTY_HTTP_METHOD: %addr(propBuf));
propBuf = 'xx.xx.xx.xx' + X'00';
propInt = 80;
rc = axiscTransportSetProperty(tHandle:AXISC_PROPERTY_HTTP_PROXY:
%addr(propBuf):
%addr(propInt));
propBuf3 = 'true' + X'00';
rc = axiscTransportSetProperty(tHandle: AXISC_PROPERTY_HTTP_PROXYSSL:
%addr(propBuf3));
NONE = 'NONE' + X'00';
propBuf = '/QIBM/USERDATA/ICSS/CERT/SERVER/DEFAULT.KDB' + X'00';
propBuf3 = 'true' + X'00';
rc = axiscTransportSetProperty(tHandle: AXISC_PROPERTY_HTTP_SSL:
%addr(propBuf):
%addr(NULLSTR):%addr(NULLSTR):
%addr(NONE):%addr(NONE):
%addr(NONE):%addr(NONE):
%addr(ENABLED):%addr(propBuf3):*NULL);
propBuf3 = 'true' + X'00';
axiscTransportSetProperty(tHandle: AXISC_PROPERTY_CONVERT_PAYLOAD:
%addr(propBuf3));
I am stuck at this for months, and still unable to resolve it. Any help will be appreciated. Thanks.

I got this working by doing this
pTolerate = 'true' + X'00';
pAppID = 'API_MAN' + X'00';
axiscTransportSetProperty(t
Handle
:AXISC_PROPERTY_HTTP_SSL
:%addr(pKeyRingFile )
:%addr(pKeyRingSorP )
:%addr(pKeyRingLabel)
:%addr(pV2Cipher )
:%addr(pV3Cipher )
:%addr(pTLSCipher )
:%addr(pTLSv11Cipher)
:%addr(pTLSv12Cipher)
:%addr(pTolerate )
:%addr(pAppID ));
The pAppID needs to be setup on the ISeries and the SSL certificate in the store linked to the Application ID.
All other parameters were blanks.

Related

Flink SQL Client connect to secured kafka cluster

I want to execute a query on Flink SQL Table backed by kafka topic of secured kafka cluster. I'm able to execute the query programmatically but unable to do the same through Flink SQL client. I'm not sure on how to pass JAAS config (java.security.auth.login.config) and other system properties through Flink SQL client.
Flink SQL query programmatically
private static void simpleExec_auth() {
// Create the execution environment.
final EnvironmentSettings settings = EnvironmentSettings.newInstance()
.inStreamingMode()
.withBuiltInCatalogName(
"default_catalog")
.withBuiltInDatabaseName(
"default_database")
.build();
System.setProperty("java.security.auth.login.config","client_jaas.conf");
System.setProperty("sun.security.jgss.native", "true");
System.setProperty("sun.security.jgss.lib", "/usr/libexec/libgsswrap.so");
System.setProperty("javax.security.auth.useSubjectCredsOnly","false");
TableEnvironment tableEnvironment = TableEnvironment.create(settings);
String createQuery = "CREATE TABLE test_flink11 ( " + "`keyid` STRING, " + "`id` STRING, "
+ "`name` STRING, " + "`age` INT, " + "`color` STRING, " + "`rowtime` TIMESTAMP(3) METADATA FROM 'timestamp', " + "`proctime` AS PROCTIME(), " + "`address` STRING) " + "WITH ( "
+ "'connector' = 'kafka', "
+ "'topic' = 'test_flink10', "
+ "'scan.startup.mode' = 'latest-offset', "
+ "'properties.bootstrap.servers' = 'kafka01.nyc.com:9092', "
+ "'value.format' = 'avro-confluent', "
+ "'key.format' = 'avro-confluent', "
+ "'key.fields' = 'keyid', "
+ "'value.fields-include' = 'EXCEPT_KEY', "
+ "'properties.security.protocol' = 'SASL_PLAINTEXT', 'properties.sasl.kerberos.service.name' = 'kafka', 'properties.sasl.kerberos.kinit.cmd' = '/usr/local/bin/skinit --quiet', 'properties.sasl.mechanism' = 'GSSAPI', "
+ "'key.avro-confluent.schema-registry.url' = 'http://kafka-schema-registry:5037', "
+ "'key.avro-confluent.schema-registry.subject' = 'test_flink6', "
+ "'value.avro-confluent.schema-registry.url' = 'http://kafka-schema-registry:5037', "
+ "'value.avro-confluent.schema-registry.subject' = 'test_flink4')";
System.out.println(createQuery);
tableEnvironment.executeSql(createQuery);
TableResult result = tableEnvironment
.executeSql("SELECT name,rowtime FROM test_flink11");
result.print();
}
This is working fine.
Flink SQL query through SQL client
Running this giving the following error.
Flink SQL> CREATE TABLE test_flink11 (`keyid` STRING,`id` STRING,`name` STRING,`address` STRING,`age` INT,`color` STRING) WITH('connector' = 'kafka', 'topic' = 'test_flink10','scan.startup.mode' = 'earliest-offset','properties.bootstrap.servers' = 'kafka01.nyc.com:9092','value.format' = 'avro-confluent','key.format' = 'avro-confluent','key.fields' = 'keyid', 'value.avro-confluent.schema-registry.url' = 'http://kafka-schema-registry:5037', 'value.avro-confluent.schema-registry.subject' = 'test_flink4', 'value.fields-include' = 'EXCEPT_KEY', 'key.avro-confluent.schema-registry.url' = 'http://kafka-schema-registry:5037', 'key.avro-confluent.schema-registry.subject' = 'test_flink6', 'properties.security.protocol' = 'SASL_PLAINTEXT', 'properties.sasl.kerberos.service.name' = 'kafka', 'properties.sasl.kerberos.kinit.cmd' = '/usr/local/bin/skinit --quiet', 'properties.sasl.mechanism' = 'GSSAPI');
Flink SQL> select * from test_flink11;
[ERROR] Could not execute SQL statement. Reason:
java.lang.IllegalArgumentException: Could not find a 'KafkaClient' entry in the JAAS configuration. System property 'java.security.auth.login.config' is /tmp/jaas-6309821891889949793.conf
There is nothing in /tmp/jaas-6309821891889949793.conf except the following comment
# We are using this file as an workaround for the Kafka and ZK SASL implementation
# since they explicitly look for java.security.auth.login.config property
# Please do not edit/delete this file - See FLINK-3929
SQL client run command
bin/sql-client.sh embedded --jar flink-sql-connector-kafka_2.11-1.12.0.jar --jar flink-sql-avro-confluent-registry-1.12.0.jar
Flink cluster command
bin/start-cluster.sh
How to pass this java.security.auth.login.config and other system properties (that I'm setting in the above java code snippet), for SQL client?
flink-conf.yaml
security.kerberos.login.use-ticket-cache: true
security.kerberos.login.principal: XXXXX#HADOOP.COM
security.kerberos.login.use-ticket-cache: false
security.kerberos.login.keytab: /path/to/kafka.keytab
security.kerberos.login.principal: XXXX#HADOOP.COM
security.kerberos.login.contexts: Client,KafkaClient
I haven't really tested whether this solution is feasible, you can try it out, hope it will help you.

Matlab urlread2 - HTTP response code: 415 for URL

I am attempting to access the betfair API using Matlab and the urlread2 function available here.
EDIT: I have posted this problem on Freelancer if anyone can help with it: tinyurl.../pa7sblb
The documentation for the betfair API I am following is this getting started guide. I have successfully logged in and kept the session open using these codes: (I am getting a success response)
%% Login and get Token
url = 'https://identitysso.betfair.com/api/login';
params = {'username' '******' 'password' '******'};
header1 = http_createHeader('X-Application','*****');
header2 = http_createHeader('Accept','application/json');
header = [header1, header2];
[paramString] = http_paramsToString(params)
[login,extras] = urlread2(url,'POST',paramString,header)
login = loadjson(login)
token = login.token
%% Keep Alive
disp('Keep Session Alive')
url_alive = 'https://identitysso.betfair.com/api/keepAlive';
header1 = http_createHeader('X-Application','******');
header2 = http_createHeader('Accept','application/json');
header3 = http_createHeader('X-Authentication',token');
header_alive = [header1, header2, header3];
[keep_alive,extras] = urlread2(url_alive,'POST',[],header_alive);
keep_alive = loadjson(keep_alive);
keep_alive_status = keep_alive.status
My trouble starts when I am attempting to do the next step and load all available markets. I am trying to replicate this example code which is designed for Python
import requests
import json
endpoint = "https://api.betfair.com/exchange/betting/rest/v1.0/"
header = { 'X-Application' : 'APP_KEY_HERE', 'X-Authentication' : 'SESSION_TOKEN_HERE' ,'content-type' : 'application/json' }
json_req='{"filter":{ }}'
url = endpoint + "listEventTypes/"
response = requests.post(url, data=json_req, headers=header)
The code I am using for Matlab is below.
%% Get Markets
url = 'https://api.betfair.com/exchange/betting/rest/v1.0/listEventTypes/';
header_application = http_createHeader('X-Application','******');
header_authentication = http_createHeader('X-Authentication',token');
header_content = http_createHeader('content_type','application/json');
header_list = [header_application, header_authentication, header_content];
json_body = savejson('','filter: {}');
[list,extras] = urlread2(url_list,'POST',json_body,header_list)
I am having trouble with a http response code 415. I believe that the server cannot understand my parameter since the headings I have used with success previously.
Any help or advice would be greatly appreciated!
This is the error:
Response stream is undefined
below is a Java Error dump (truncated):
Error using urlread2 (line 217)
Java exception occurred:
java.io.IOException: Server returned HTTP response code: 415 for URL....
I looked at your problem and it seems to be caused by two things:
1) The content type should be expressed as 'content-type' and not 'content_type'
2) The savejson-function doesn't create an adequate json-string. If you use the json-request from the Python-script it works.
This code work for me:
%% Get Markets
url = 'https://api.betfair.com/exchange/betting/rest/v1.0/listEventTypes/';
header_application = http_createHeader('X-Application','*********');
header_authentication = http_createHeader('X-Authentication',token');
header_content = http_createHeader('content-type','application/json');
header_list = [header_application, header_authentication, header_content];
json_body = '{"filter":{ }}';
[list,extras] = urlread2(url,'POST',json_body,header_list)

How to use authentication details with a QNetWorkRequest in bb cascades?

I want to create a BB10 application using bb cascades in which i want to pass username and password to the server with a QNetWork http request. I tried the following
QNetworkRequest request = QNetworkRequest();
request.setRawHeader("Content-Type", "application/x-www-form-urlencoded");
request.setRawHeader("User-Agent", "Profile/MIDP-2.0 Configuration/CLDC-1.0");
request.setRawHeader("Content-Language", "en-US");
QString concatenated = "username:password";
QByteArray data = concatenated.toLocal8Bit().toBase64();
QString headerData = "Basic " + data;
req.setRawHeader("Authorization", headerData.toLocal8Bit());
QSslConfiguration config = request.sslConfiguration();
config.setPeerVerifyMode(QSslSocket::VerifyNone);
config.setProtocol(QSsl::TlsV1);
request.setSslConfiguration(config);
But this gives me an QNetworkReply error 202(ContentOperationNotPermittedError).What is the reason for this error? How can i solve this issue?
Thanks in Advance
This code works for me
QNetworkRequest request = QNetworkRequest();
request.setRawHeader("Authorization","Basic " + QByteArray(QString("%1:%2").arg(USER_NAME).arg(PASSWORD).toAscii()).toBase64());
request.setRawHeader("Content-Type", "application/x-www-form-urlencoded");
request.setRawHeader("Content-Language", "en-US");
QSslConfiguration config = request.sslConfiguration();
config.setPeerVerifyMode(QSslSocket::VerifyNone);
config.setProtocol(QSsl::TlsV1);
request.setSslConfiguration(config);

The request was aborted: Could not create SSL/TLS secure channel.

I want to implement Paypal dodirect method for user can do payment directly on my website instead of redirecting to user
so for that i have added this URL as https://www.sandbox.paypal.com/wsdl/PayPalSvc.wsdl
and i am using following code
PayPalAPIAAInterfaceClient objpaypalapiaainterfaceclient = new PayPalAPIAAInterfaceClient("paypalapiaa");
CustomSecurityHeaderType objcustomsecurityheadertype = new CustomSecurityHeaderType();
objcustomsecurityheadertype.Credentials = new UserIdPasswordType();
objcustomsecurityheadertype.Credentials.Signature = "a8ft-8ji.2tzocnfshfjj4ahgxn4avlxzply8bmsbupxafkbty2--c6p";
objcustomsecurityheadertype.Credentials.Username = "fred_1350925179_biz_api1.gmail.com";
objcustomsecurityheadertype.Credentials.Password = "1350925199";
DoDirectPaymentReq objdodirectpaymentreq = new DoDirectPaymentReq();
objdodirectpaymentreq.DoDirectPaymentRequest = new DoDirectPaymentRequestType();
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails = new DoDirectPaymentRequestDetailsType();
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.PaymentAction = new PaymentActionCodeType();
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.PaymentAction = PaymentActionCodeType.Sale;
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.PaymentDetails = new PaymentDetailsType();
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.CreditCard = new CreditCardDetailsType();
//objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.PaymentDetails.InvoiceID = "1";
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.IPAddress = Request.ServerVariables["remote_addr"].ToString();
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.CreditCard.CreditCardType = CreditCardTypeType.MasterCard;
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.PaymentDetails.OrderTotal = new BasicAmountType();
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.CreditCard.CardOwner = new PayerInfoType();
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.CreditCard.CardOwner.PayerName = new PersonNameType();
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.PaymentDetails.OrderTotal.currencyID = CurrencyCodeType.USD;
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.CreditCard.CardOwner.Address = new AddressType();
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.PaymentDetails.OrderTotal.Value = "120";
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.CreditCard.CreditCardNumber ="1111222233334444";
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.CreditCard.CVV2 = "258";
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.CreditCard.ExpMonth = 9;
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.CreditCard.ExpYear = 2013;
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.CreditCard.CardOwner.Payer = "rahularyansharma#gmail.com";
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.CreditCard.CardOwner.PayerName.FirstName = "Shakti";
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.CreditCard.CardOwner.PayerName.LastName = "Kapoor";
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.CreditCard.CardOwner.Address.Street1 ="test address";
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.CreditCard.CardOwner.Address.CityName = "Atlanta";
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.CreditCard.CardOwner.Address.StateOrProvince = "ga";
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.CreditCard.CardOwner.Address.Country = CountryCodeType.US;
objdodirectpaymentreq.DoDirectPaymentRequest.DoDirectPaymentRequestDetails.CreditCard.CardOwner.Address.PostalCode = "12345";
DoDirectPaymentResponseType objdodirectpaymentresponsetype = objpaypalapiaainterfaceclient.DoDirectPayment(ref objcustomsecurityheadertype, objdodirectpaymentreq);
now when i am run this code throwing followin exception
'
The request was aborted: Could not create SSL/TLS secure channel.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
You can confirm the SSL protocol for https://www.sandbox.paypal.com, using https://www.ssllabs.com/ssltest. The screenshot shows that it supports TLS 1.2 You will need to add the following two lines to your code at the point of making httpclient call:
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
Sample:
The implementation should solve the problem.
Sorry, i cannot add this as a comment/question.
It seems like one of certificates for paypal is not in the trusted list.
Can you try download paypal root certificate and install it as trusted CA?
I think this two links can help you:
https://www.sslshopper.com/ssl-certificate-not-trusted-error.html
and
http://raysilvadotnet.wordpress.com/2014/02/13/problema-system-net-webexception-the-request-was-aborted-could-not-create-ssltls-secure-channel/
(sorry, cannot insert more than 2 links as normal links)
Also, please make sure you authenticating via login/password not certificate. If you are using certificate for API, you should follow last paragraph of this link

Facebook chat reports "not-authorized", although "xmpp_login" is granted

I am trying to integrate the facebook chat into our mobile Flash/AIR application, and am using XIFF for the XMPP stuff. Of course, I had to modify some files for the newer Facebook API that uses access_token instead of sig and secret.
For those familiar with the xiff/smack API, here is how I establish the connection:
XFacebookPlatform.setFacebookSessionValues(AppData.FACEBOOK_APP_ID, AppData.getInstance().getFBSession().accessToken);
XMPPConnection.registerSASLMechanism("X-FACEBOOK-PLATFORM", XFacebookPlatform);
var con :XMPPConnection = new XMPPConnection();
con.server = "chat.facebook.com";
con.useAnonymousLogin = true;
con.connect(XMPPConnection.STREAM_TYPE_STANDARD);
.
Basically, I get to the point where I answer the challenge with what IMO should be a correct format:
var responseMap:Dictionary = new Dictionary();
responseMap.api_key = fb_api_key;
responseMap.call_id = 0;
responseMap.method = incomingChallengeMap.method;
responseMap.nonce = incomingChallengeMap.nonce;
responseMap.access_token = user_access_token;
responseMap.v = "1.0";
var challengeResponse:String = "api_key=" + responseMap.api_key;
challengeResponse += "&call_id=" + responseMap.call_id;
challengeResponse += "&method=" + responseMap.method;
challengeResponse += "&nonce=" + responseMap.nonce;
challengeResponse += "&access_token=" + responseMap.access_token;
challengeResponse += "&v=" + responseMap.v;
challengeResponse = Base64.encode( challengeResponse );
.
The response is sent, but as an answer I receive the following:
<failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
<not-authorized xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/>
This sounds like I did not grant the "xmpp_login", but I did. I checked that via the Graph API explorer, and for the same access_token it shows:
{
"data": [
{
"installed": 1,
"xmpp_login": 1,
"user_online_presence": 1,
"friends_online_presence": 1
}
]
}
This should be more than enough, I guess.
But still I get the "not-authorized" failure.
Any ideas what went wrong here?
Funny enough, the problem was this line:
var con :XMPPConnection = new XMPPConnection();
Which has to be replaced with this line:
var con :XMPPTLSConnection = new XMPPTLSConnection();
That's it. The facebook chat only authenticates with a TLS connection.
.
While that does make sense, the error message of
<failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
<not-authorized xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/>
is very misleading here, as it implies that something with the rights would be wrong.