I have to interact with an XML-RPC server that uses key authentication. Before accepting the request, the server verifies the key pair (ssl private key and ssl cert). I understand this is terrible, but it's what I have to work with.
My question is this: is there an easy way to pass the key and certificate in this request? I am using the xmlrpc/Client in Ruby, but the documentation does not seem to indicate this can be done. My current code is as follows:
Error:
/usr/lib/ruby/1.8/net/http.rb:586:in connect': sslv3 alert handshake failure >(OpenSSL::SSL::SSLError)
from /usr/lib/ruby/1.8/net/http.rb:586:inconnect'
from /usr/lib/ruby/1.8/net/http.rb:553:in do_start'
from /usr/lib/ruby/1.8/net/http.rb:542:instart'
from /usr/lib/ruby/1.8/net/http.rb:1035:in request'
from /usr/lib/ruby/1.8/net/http.rb:992:inpost2'
from /usr/lib/ruby/1.8/xmlrpc/client.rb:535:in do_rpc'
from /usr/lib/ruby/1.8/xmlrpc/client.rb:420:incall2'
from /usr/lib/ruby/1.8/xmlrpc/client.rb:410:in `call'
Class File:
class RpcRequest
require "xmlrpc/client"
# Automatically create the connection
def initialize(connection_params)
#connection = XMLRPC::Client.new(connection_params['host'], connection_params['path'], connection_params['port'], connection_params['proxy_host'], connection_params['proxy_port'], connection_params['user'], connection_params['password'], connection_params['use_ssl'], connection_params['timeout'])
end
# Make the xml rpc call
def make_call(method, request_params)
#response = #connection.call(method, request_params)
end
end
Driver file:
require 'RpcRequest.rb'
require 'config.rb'
require 'openssl'
# Define parameters for the connection
connect_params = Hash.new
connect_params['host'] = $host
connect_params['path'] = $path
connect_params['port'] = $port
connect_params['proxy_host'] = $proxy_host
connect_params['proxy_port'] = $proxy_port
connect_params['user'] = $user
connect_params['password'] = $password
connect_params['use_ssl'] = $use_ssl
connect_params['timeout'] = $timeout
# Define parameters for the request
request_params = Hash.new
request_params['fname'] = 'Robert'
request_params['lname'] = 'Jones'
request = RpcRequest.new(connect_params)
puts request.inspect
request.make_call('test.hello', request_params)
You can interact with the .http property of the client instance.
Related
I have making a post request in Ruby to a slack endpoint and its failing, here is my request, not sure what I'm missing:
#!/usr/bin/env ruby
#Notification Script Test
def send_slack_message
slack_rooms = [ '#test_channel_notify' ]
slack_token_file = (File.join(ENV['HOME'], '.slack_api_token'))
slack_api_token = (File.open(#slack_token_file).readlines)[0].chomp
msg = 'This is a test message send'
slack_url = "https://slack.com/api/chat.postMessage"
%x{curl -k -X POST -d"token=#{slack_api_token}\&channel=#{slack_rooms}\&text=#{msg}" '#{slack_url}'}
end
send_slack_message
I am getting the following error, not sure what I'm missing:
./cap2.rb:7:in `initialize': no implicit conversion of nil into String (TypeError)
from ./cap2.rb:7:in `open'
from ./cap2.rb:7:in `send_slack_message'
from ./cap2.rb:13:in `<main>'
I am a ruby novice so I may be missing everything would love some help!
The error says that you can't give nil to File.open. Make sure #slack_token_file exists and is not nil.
The slack API wants to receive the payload in this format: 'payload={"json": "data"}'
Using Net::HTTP you can make a POST request like this:
require 'net/http'
require 'uri'
def payload(message, channel)
{ channel: channel, username: 'your-username', text: message, icon_emoji: ':robot_face:' }
end
msg = 'This is a test message send'
body = payload(msg, '#test_channel_notify').to_json
url = URI("https://slack.com/api/chat.postMessage")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request.body = "payload=#{body}"
http.request(request)
While your original problem has been solved, I will provide an alternative solution which follows the more common practice of storing secret credentials as environment variables, not as files (which can, for example, more easily exfiltrated by accident, committed to source control, pasted to a presentation, etc).
Set SLACK_TOKEN in your environment, and then use:
#!/usr/bin/env ruby
#Notification Script Test
def send_slack_message
slack_rooms = [ '#test_channel_notify' ]
slack_api_token = ENV['SLACK_TOKEN']
msg = 'This is a test message send'
slack_url = "https://slack.com/api/chat.postMessage"
%x{curl -k -X POST -d"token=#{slack_api_token}\&channel=#{slack_rooms}\&text=#{msg}" '#{slack_url}'}
end
send_slack_message
I can't figure out how to parse this response. I'm only trying to extract one single count from this.
UPDATE:
How can I parse this XML response?
Here's my API connection information
I'm using Ruby irb, with HTTParty
require 'httparty'
api_key = "6e569b3d-3457-9485-edb2-eccd27272dbf"
secret_key = "MDVkYTQzMDgtOWRiOC04NDULTRkYWUtODQwOTc5ZDFkZTQ3NTZhOG1NWQtNmMzMi0xYjE0LWYMzgtNDc0YzU0MWYxYmUx"
def urlncode(string)
URI.escape(string, Regexp.new("[Generating an API Signature^#{URI::PATTERN::UNRESERVED}]"))
end
salt = rand(10000000000).to_s
hash = OpenSSL::HMAC.digest('sha256', secret_key, salt)
signature = urlncode(Base64.encode64(hash))
# controller / action
api_path = "/Tickets/TicketCount"
url = "http://support.myorganization.org/api/index.php?e=#{api_path}"
response = HTTParty.get("#{url}&apikey=#{api_key}&salt=#{salt}&signature=#{signature}").parsed_response
My response: (truncated)
response = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<ticketcount>\n<departments>\n<department id=\"0\">\n<totalitems><![CDATA[11]]></totalitems>\n<lastactivity><![CDATA[1423657406]]></lastactivity>\n<totalunresolveditems><![CDATA[11]]></totalunresolveditems>\n<ticketstatus id=\"1\" lastactivity=\"1423657406\" totalitems=\"6\" />\n<ticketstatus id=\"2\" lastactivity=\"1422566730\" totalitems=\"5\" />\n<tickettype id=\"1\" lastactivity=\"1423657406\" totalitems=\"11\" totalunresolveditems=\"11\" />\n<ownerstaff id=\"0\" lastactivity=\"1423657406\" totalitems=\"7\" totalunresolveditems=\"7\" />\n<ownerstaff id=\"4\" lastactivity=\"1420825202\" totalitems=\"2\" totalunresolveditems=\"2\" />\n<ownerstaff id=\"17\" lastactivity=\"1422452400\" totalitems=\"1\" totalunresolveditems=\"1\" />\n<ownerstaff id=\"26\" lastactivity=\"1422566730\" totalitems=\"1\"
When I try to do:
response['ticket count']
I get this: (which is obviously not all the data included)
irb(main):029:0> data['ticketcount']
=> "ticketcount"
I need to establish a TCP connection with my server which has a SSL enabled port, that I need to access.
I need to send a XML file and get the response from the server.
Before the SSL was enabled, I was able to get the data from the server using the below mentioned code.
require 'socket'
myXML = 'test_xml'
host = 'myhost.com'
port = 12482
socket = TCPSocket.open(host,port) # Connect to server
socket.send(myXML, 0)
response = socket.recvfrom(port)
puts response
socket.close
Now I have a 'certi.pfx' with which I need to establish a connection, Send my_xml data and get the response. How can this be done.
I would also like to know if I have the 'pem' and 'key' file, how can I establish a connection, Send my_xml data and get the response.
Please help.
require 'socket'
require 'openssl'
myXML = 'my_sample_data'
host = 'my_host.com'
port = my_port
socket = TCPSocket.open(host,port)
ssl_context = OpenSSL::SSL::SSLContext.new()
ssl_context.cert = OpenSSL::X509::Certificate.new(File.open("certificate.crt"))
ssl_context.key = OpenSSL::PKey::RSA.new(File.open("certificate.key"))
ssl_context.ssl_version = :SSLv23
ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, ssl_context)
ssl_socket.sync_close = true
ssl_socket.connect
ssl_socket.puts(myXML)
while line = ssl_socket.gets
p line
end
ssl_socket.close
Like this:
sock = TCPSocket.new('hostname', 443)
ctx = OpenSSL::SSL::SSLContext.new
ctx.set_params(verify_mode: OpenSSL::SSL::VERIFY_PEER)
#socket = OpenSSL::SSL::SSLSocket.new(sock, ctx).tap do |socket|
socket.sync_close = true
socket.connect
end
For a project I need to make an HTTPS call through a Socks5 proxy so I can access the remote API of a customer.
The original code I'm using is this:
url = "/proxyValidate?service=#{migration_station_verification_url}&ticket=#{service_ticket}"
if Rails.env == 'development'
uri = URI.parse(soe_cas_url + url)
Net::HTTP.SOCKSProxy('127.0.0.1', 1080).start(uri.host, uri.port) do |http|
res = http.get(uri.path)
doc = Nokogiri::XML(res)
doc.remove_namespaces!
doc.xpath('//sessionId').first.content
end
else
http = Net::HTTP.new(soe_cas_url)
http.use_ssl = true
req = Net::HTTP::Get.new(url)
res = http.request(req)
doc = Nokogiri::XML(res)
doc.remove_namespaces!
doc.xpath('//sessionId').first.content
end
The goal is to use the proxy only in development environment. When I make the call using the proxy I receive the error:
wrong status line: "<!DOCTYPE
Googling this shows I need to set the use_ssl flag to true, which works outside the development cycle. When using the socksify there is no such mechanism. If I call this inside the do block, I receive an error that the session is already started. Calling it outside the block returns an exception that no such function exists.
Anyone can tell me how to run SSL/HTTPS through the socksify proxy?
EDIT:
I'm currently playing around with pure sockets to get what I want, using the following code:
socket = Socket::TCPSocket.open('127.0.0.1', 1080)
ssl_context = OpenSSL::SSL::SSLContext.new
ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
ssl_context.ca_file = File.join(Rails.root, 'ssl', 'cacert.pem')
ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, ssl_context)
ssl_socket.sync_close = true
ssl_socket.connect
request = "GET #{url} HTTP/1.1\r\nAccept: */*\r\nHost: #{soe_cas_url}"
ssl_socket.puts(request)
ssl_socket.puts("")
response = ""
while (line = ssl_socket.gets)
response << line
end
This however fails at the ssl_socket.connect with the following error:
ssl_connect syscall returned=5 errno=0 state=sslv2/v3 read server hello a
I've tried using self-signed certificates, no certificates etc but nothing seems to work. I do know the endpoint relies on self-signed certificates on staging environmnet.
A vendor I grab a file from is changing from FTP to FTP over SSL.
I am trying to update my code from net/ftp to net/ftptls
The new host I need to connect to is not certified and my script reports back this error.
hostname was not match with the server certificate
The vendor will not fix this.
Looking at /usr/lib/ruby/1.8/net/ftptls.rb I thought it wouldn't be too hard to monkey-patch FTPTLS to ignore the untrusted host.
I tried changing verify_mode to OpenSSL::SSL::VERIFY_NONE and commenting out the post_connection_check` line.
neither worked.
Any thoughts on how to do this?
require 'socket'
require 'openssl'
require 'net/ftp'
module Net
class FTPTLS < FTP
def connect(host, port=FTP_PORT)
#hostname = host
super
end
def login(user = "anonymous", passwd = nil, acct = nil)
store = OpenSSL::X509::Store.new
store.set_default_paths
ctx = OpenSSL::SSL::SSLContext.new('SSLv23')
ctx.cert_store = store
ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
ctx.key = nil
ctx.cert = nil
voidcmd("AUTH TLS")
#sock = OpenSSL::SSL::SSLSocket.new(#sock, ctx)
#sock.connect
#sock.post_connection_check(#hostname)
super(user, passwd, acct)
voidcmd("PBSZ 0")
end
end
end
This may be the world's slowest answer, but I ran across your question and it helped my fix it myself, so I wanted to post for posterity.
You were very close, you just need to also comment out #post_connection_check.
What I did, rather than monkeypatching ruby itself, was bring a copy of this into /lib of my project.
module Net
class FTPTLS < FTP
def connect(host, port=FTP_PORT)
#hostname = host
super
end
def login(user = "anonymous", params = {:password => nil, :acct => nil, :ignore_cert => false})
store = OpenSSL::X509::Store.new
store.set_default_paths
ctx = OpenSSL::SSL::SSLContext.new('SSLv23')
ctx.cert_store = store
ctx.verify_mode = params[:ignore_cert] ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER
ctx.key = nil
ctx.cert = nil
voidcmd("AUTH TLS")
#sock = OpenSSL::SSL::SSLSocket.new(#sock, ctx)
#sock.connect
#sock.post_connection_check(#hostname) unless params[:ignore_cert]
super(user, params[:password], params[:acct])
voidcmd("PBSZ 0")
end
end
end
I also cleaned up the param passing a bit. You would use this like so:
require 'ftptls' # Use my local version, not net/ftptls
#ftp_connection = Net::FTPTLS.new()
#ftp_connection.passive = true
#ftp_connection.connect(host, 21)
#ftp_connection.login('user', :password => 'pass', :ignore_cert => true)
HTH
I know this is probably too late for Poul but I found the double-bag-ftps gem to be sufficient and easy to use when I had to do something similar.