| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Simulate cURL command with HTTPRequest nodes. |
« View previous topic :: View next topic » |
| Author |
Message
|
| Cogito-Ergo-Sum |
 Posted: Wed Nov 02, 2011 4:49 am Post subject: Simulate cURL command with HTTPRequest nodes. |
 |
|
Master
Joined: 07 Feb 2006
Posts: 293
Location: Bengaluru, India
|
Hi,
I am required to make a couple of calls to a HTTPS server that is currently being done with cURL command.
| Code: |
| curl -k -L -b cookie.txt -c cookie.txt host/authentication |
In the command above, the switches are as follows:
-k: This option explicitly allows cURL to perform "insecure" SSL connections and transfers. All SSL connections are attempted to be made secure by using the CA certificate bundle installed by default. This makes all connections considered "insecure" to fail unless -k/--insecure is used.
-L: If the server reports that the requested page has moved to a different location (indicated with a Location: header and a 3XX response code) this option will make cURL redo the request on the redirected URL.
-b: This points to a local cookie file. This allows the HTTP server to receive all the cookie data within the file.
-c: This specifies the file that cURL is allowed to write cookie data to after a completed operation. cURL writes all cookies previously read from a specified file as well as all cookies received from the remote server. The file will be written using the Netscape cookie file format. If you set the file name to a single dash, "-", the cookies will be written to stdout.
Can you please give me hints as to how this cURL command can be implemented using HTTPRequest node in WMB 7.0 ?
_________________
ALL opinions are welcome.
-----------------------------
Debugging tip:When you have eliminated all which is impossible, then whatever remains, however improbable, must be the truth.
---Sherlock Holmes |
|
| Back to top |
|
 |
| harish_td |
| Posted: Wed Nov 02, 2011 5:23 pm Post subject: |
|
|
Master
Joined: 13 Feb 2006
Posts: 236
|
I might not be adding value, but as you'd have discovered by now cURL is a full blown utility, that can be used for various scenarios.
The HTTPRequest node might not completely provide you with the functionality that you need (i.e Cookie Management). There is already a SSL fall-back mechanism implemented in WMB's HTTPRequest node to negotiate the Cipher Spec and the SSL Version to be used between the WMB (HTTP Client) and the Back-end HTTP Server. This is very different from the SSL negotiation that cURL does.
If cURL can do it why cannot WMB/DataPower do it is a question that I have been asked to answer several times.
The short answer is that either of these proprietary products is not a replacement for a utility (grep, netstat, etc)
Worst case scenario, you can try to encapsulate the curl libraries in Java/PHP to do this. I am not sure whether it would work though. |
|
| Back to top |
|
|
| Cogito-Ergo-Sum |
| Posted: Wed Nov 02, 2011 9:50 pm Post subject: |
|
|
Master
Joined: 07 Feb 2006
Posts: 293
Location: Bengaluru, India
|
| harish_td wrote: |
| Worst case scenario, you can try to encapsulate the curl libraries in Java/PHP to do this. I am not sure whether it would work though. |
I did consider that and might eventually go that path.
Thanks !
_________________
ALL opinions are welcome.
-----------------------------
Debugging tip:When you have eliminated all which is impossible, then whatever remains, however improbable, must be the truth.
---Sherlock Holmes |
|
| Back to top |
|
|
| mqjeff |
| Posted: Thu Nov 03, 2011 2:26 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
Have you gone through and tried to just connect to the URL from Broker?
Is there something that is needed from the cookie? |
|
| Back to top |
|
|
| Cogito-Ergo-Sum |
| Posted: Thu Nov 03, 2011 2:36 am Post subject: |
|
|
Master
Joined: 07 Feb 2006
Posts: 293
Location: Bengaluru, India
|
| Quote: |
| Have you gone through and tried to just connect to the URL from Broker? |
You mean, mention the URL in HTTPRequest node ? Yes, I did. This is a HTTPS URL and well, the connection did not happen. I keep getting a Connection Refused message in the log. That is probably because, I have not set up the security configuration for certificates, etc. Then again, from the command line, cURL is able to work without having to use certificates. So, I was thinking, if this feature could be emulated by HTTPRequest.
_________________
ALL opinions are welcome.
-----------------------------
Debugging tip:When you have eliminated all which is impossible, then whatever remains, however improbable, must be the truth.
---Sherlock Holmes |
|
| Back to top |
|
|
| Cogito-Ergo-Sum |
| Posted: Wed Nov 09, 2011 10:16 pm Post subject: |
|
|
Master
Joined: 07 Feb 2006
Posts: 293
Location: Bengaluru, India
|
| Quote: |
| Is there something that is needed from the cookie? |
Yes. I was hoping to have a node in the flow to parse the response headers, look for the Set-Cookie header and copy it over for the next cURL command converted to a HTTPRequest node. But, for that, the connection should go ahead.
I got a link to a useful a Java class : SSLPoke.java. I created a Java project in the WMB ToolKit itself so that there are no JRE issues. Running that class shows a certificate chaining error. (I think, it might be bad form to publicise the CA details; hence I have obfuscated them in the console output pasted below).
| Code: |
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=CA, O="CA, Inc.", C=XX is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error |
To get around this issue, I followed the steps to set up the PKI. And yet, the error persists.
Can somebody guide me please ?
_________________
ALL opinions are welcome.
-----------------------------
Debugging tip:When you have eliminated all which is impossible, then whatever remains, however improbable, must be the truth.
---Sherlock Holmes |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Nov 09, 2011 10:25 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
You are probably using an older package / cert store and missing the CA Authority's intermediate cert.
You may have up to 3 cert from the CA to get to the trusted root.
So a full cert path might look like this:
| Code: |
CA root
CA intermediate 1
CA cert used to sign certs
CA signed cert of a private party (you or your correspondent).... |
If you are missing the CA intermediate 1 cert for example you need to go to the CA authority's website, download said cert and upload it to your trust store...
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| Cogito-Ergo-Sum |
| Posted: Thu Nov 10, 2011 12:01 am Post subject: |
|
|
Master
Joined: 07 Feb 2006
Posts: 293
Location: Bengaluru, India
|
| fjb_saper wrote: |
| You are probably using an older package / cert store and missing the CA Authority's intermediate cert. |
But when I try out the sample for SSL connectivity from Apache HTTP Components, with the same keystore as used here, the hand-shake happens correctly. The issue with Apache HTTP Components I am having now is, whether with HTTP GET or HTTP POST, the authentication of my user ID and password fails. Of course, it works on the web page.
_________________
ALL opinions are welcome.
-----------------------------
Debugging tip:When you have eliminated all which is impossible, then whatever remains, however improbable, must be the truth.
---Sherlock Holmes |
|
| Back to top |
|
|
| Cogito-Ergo-Sum |
| Posted: Thu Nov 10, 2011 2:58 am Post subject: SSL now working ... |
|
|
Master
Joined: 07 Feb 2006
Posts: 293
Location: Bengaluru, India
|
I am not sure what was the sequence of events. But, I stopped and started the broker again with the keystore in place. And, this time, the HTTPRequest node is able to connect to the HTTPS server and obtain the response correctly. 
For now, I am directing the Out terminal of the HTTPRequest node to an output file which is not showing the response headers. I have tried using the Mapping node that has a folder for HTTPResponseheader but it does not have the field for Set-Cookie. Therefore, I am not able to locate the cookie that needs to be set for the next HTTPRequest call. 
How do I trap the headers ?
_________________
ALL opinions are welcome.
-----------------------------
Debugging tip:When you have eliminated all which is impossible, then whatever remains, however improbable, must be the truth.
---Sherlock Holmes |
|
| Back to top |
|
|
| smdavies99 |
| Posted: Thu Nov 10, 2011 3:30 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
~Did you try putting a TraceNode on the OutTerminal?
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| Cogito-Ergo-Sum |
| Posted: Thu Nov 10, 2011 4:10 am Post subject: |
|
|
Master
Joined: 07 Feb 2006
Posts: 293
Location: Bengaluru, India
|
| smdavies99 wrote: |
| ~Did you try putting a TraceNode on the OutTerminal? |
Yes. And, I can see the Set-Cookie header in the trace. Thanks for the tip !
| Code: |
(0x01000000:Name):HTTPResponseHeader = ( ['WSRSPHDR' : 0x92e3828]
(0x03000000:NameValue):X-Original-HTTP-Status-Line = 'HTTP/1.1 200 OK' (CHARACTER)
(0x03000000:NameValue):X-Original-HTTP-Status-Code = 200 (INTEGER)
(0x03000000:NameValue):Content-Type = 'text/html; charset=UTF-8' (CHARACTER)
(0x03000000:NameValue):Content-Language = 'en-US' (CHARACTER)
(0x03000000:NameValue):Set-Cookie = 'foo=bar; Path=/' (CHARACTER)
(0x03000000:NameValue):Transfer-Encoding = 'chunked' (CHARACTER)
(0x03000000:NameValue):Date = 'Thu, 10 Nov 2011 12:07:40 GMT' (CHARACTER)
(0x03000000:NameValue):Server = 'WebSphere Application Server/7.0' (CHARACTER)
(0x03000000:NameValue):Expires = 'Thu, 01 Dec 1994 16:00:00 GMT' (CHARACTER)
(0x03000000:NameValue):Cache-Control = 'no-cache="set-cookie, set-cookie2"' (CHARACTER)
|
Wonder why I am unable to see in the Mapping node ...
_________________
ALL opinions are welcome.
-----------------------------
Debugging tip:When you have eliminated all which is impossible, then whatever remains, however improbable, must be the truth.
---Sherlock Holmes |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
