I establish a server using WCF based on Https protocol, now i want to create a client using WSO2 WSF/C++(and the client code is generated by Code Generator Tool), however, i can't communicate with server, because the client is based on Http, not Https. And i do not know how to code my client, also there is little sample or code for reference, almost of them are based on http. Now, how can i code my client to implement Https protocol.Does any one know how should i use the API? Thanks!
Since WSF/C++ uses Axis2/C, the HTTPS configurations are same for both WSF/C++ and Axis2/C. You can find HTTPS configuration here.
Related
I am trying to add an API Gateway to a client-server system, which communicates through WebSockets.
The Server is an audio recognition engine that sits in a remote machine, and clients are connecting to it through WebSockets ('wss://...'), sending audio files and receiving their text translate representation.
My main goal is to add a free open-source API Gateway in the middle in order to authenticate\authorize\rate limit\etc (Tried Kong\Tyk\krakenD, but they are not free).
After searching the web, I focused on Apache APISIX gateway.
As a test, I managed to connect the APISIX to a client-server which communicates by http/https and it worked fine.
Moreover, I managed to connect the client with the server on regular websocket connection (ws://) and the data transactions were successful, but no matter what I do I cant connect to the secured connection. Are there any special configurations I should edit in the dashboard?
I'm wondering if anyone knows from experience if it's possible to use
the secured WebSockets with Apache APISIX and if yes, how exactly it should be done - because the docs are missing any informative info\examples, or if there are better solutions known to my problem.
The only WebSocket reference in APISIX dashboard -
What you should do is create an SSL object (you can find it in the sidebar on the left side). See https://apisix.apache.org/docs/apisix/admin-api/#ssl to learn the APISIX SSL object.
You can see an example at https://apisix.apache.org/docs/apisix/certificate
The SSL object provides the required TLS Certificate and Private Key so that this key pair can be used in a TLS handshake according to the TLS SNI sent from clients. After that, your client established a secured connection with APISIX, and now you can send the WebSocket traffic securely.
I have been looking for a web socket client implementation for few days to pass through Proxy, which is setup with NTLM Negotiate protocol.
I verified below implementations with NO success:
1. Glassfish's Tyrus client:
Tried both client managers below,
a. org.glassfish.tyrus.client.ClientManager ("org.glassfish.tyrus.bundles:tyrus-standalone-client:1.13")
b. org.glassfish.tyrus.container.jdk.client.JdkClientContainer ("org.glassfish.tyrus:tyrus-container-jdk-client:1.13.1")
2. Eclipse Tyrus client:
According to below issue, they does not support it yet.
https://github.com/eclipse-ee4j/tyrus/issues/381
3. Apache Tomcat client:
Verified Spring web socket client with underlying tomcat implementation.
org.apache.tomcat.websocket.WsWebSocketContainer ("org.apache.tomcat.embed:tomcat-embed-websocket:8.5.11")
4. Jetty:
Verified with 'org.eclipse.jetty.websocket:websocket-client:9.4.8.v20171121'.
Found (correct me if I am wrong here) that they only support 'BASIC' and 'DIGEST'.
NOTE: Most of above implementations support authentication scheme 'BASIC' and in some cases 'DIGEST'.
Proxy setup:
We have Squid proxy setup with NTLM (Negotiate) with Active Directory as a domain controller.
Our customer has a Blue coat proxy running with similar setup.
Client:
We have Java client (desktop application) runs on windows system and connects to various other servers (On HTTP 1.1 and WS/WSS) via a proxy.
NTLM Negotiate:
Client needs to accept the authentication challenge from proxy server and respond with logged-in user name with domain and a password hash (which it gets it from windows) to proxy server, which in turn validates against domain controller (active directory).
Java's HttplURLConnection and Apache Http Client implementations already support this mechanism while connecting to proxy for all Http requests. My need is to find a web socket client implementation to do the similar mechanism to support all requests (Http and WS/WSS) that my Java client makes on outbound traffic.
Summary of my request:
Please let me know, if anyone already came across this need and know an web socket implementation, which already supports connecting to NTLM (Negotiate) based proxy on windows systems.
If a similar question already exists and answered, please point me to that.
I'm trying to analyse what information an app is sending so I setup Charles but to my surprise nothing was logged out.
After decompiling the app I see that it doesn't use simple REST calls but rather a library called gRPC.
Is there a good tool out there that will allow me too see what is send out from the app?
The Mediator is a Cross-platform GUI gRPC debugging proxy like Charles but design for gRPC.
You can dump all gRPC requests without any configuration.
Mediator can render the binary message into a JSON tree, when you have the API schema.
It support decode gRPC/TLS, but you should download and install the Mediator Root Certificate to your device.
gRPC uses HTTP/2 as a transport protocol. Any proxy which supports HTTP/2 for both the front-end and back-end connections should be able to be used to inspect the packets a gRPC connection. Note, some proxies only support HTTP/2 for the front-end or back-end connections and those are incompatible with gRPC.
Envoy Proxy (https://www.envoyproxy.io/) supports proxying gRPC connections and can be configured to log out request information.
Some other example proxies include:
Nginx https://medium.com/nirman-tech-blog/nginx-as-reverse-proxy-with-grpc-820d35642bff
https://github.com/mwitkow/grpc-proxy
https://github.com/mercari/grpc-http-proxy
If you are asking for android there is a app called HttpCanry. It can log request/ respond.
If UDP is blocked, i need to enable HTTP(s) fallback with aspera connect plugin thru HAProxy. Has anyone successfully done this ? I have read all the documentation but there is nothing that describes the HAProxy use case
I assume you talk about a client side forward proxy.
If you use the IBM Aspera Connect Client, it comes with HTTP (forward) proxy configuration.
http://download.asperasoft.com/download/docs/connect/3.9.6/user_osx/webhelp/index.html#dita/network_environment.html
This will work when the client falls back to HTTP.
Note that the client will fallback to HTTP only if this feature is enabled on the server side.
You can see that by examining the parameters provided to the client by the browser (put in dev mode). In that case, it has http parameters (port).
Typically, parameter: https_fallback_port
If not, then there is no possible http fallback, and it will not use the (forward) proxy.
If you are talking about reverse proxy in front of a server configured with fallback, this is part of the (public) documentation of the IBM Aspera Proxy.
Is the data secure if posted programmatically (not through a browser) to an https endpoint?
My understanding is browser encrypts data and sends it to https endpoint. How can a Ruby or Node.js or any other program do the same?
Yes. If you connect to an https endpoint with curl, wget, or whatever library, the transfer is secure from the source of the connection to the destination. That source could be a server (your webserver) or the client browser.
However, if it's done in client side JS or other browser scripting language, you have to make sure the initial request from client to your site is secure as well if first passing secure data to the client for it to pass to the destination https server.
I checked node.js request library as well as Ruby HTTParty libraries. Both these support SSL encryption based on proper options (port: 443 etc.). In general if we use any well supported library that enables HTTP gets and posts, we should be covered in terms of transmitting data securely to the https endpoint.
I think I understand what you mean and that question has been answered. However, I would just point out that HTTPS does not make your data secure, only the connection and even that is only encrypted from eavesdropping which is not really secure.
There is, of course, lots more to think about and do to make your data secure end-to-end.