SSL support for http

Message

Zdeno Bielik · #1 Post by **Zdeno Bielik** » Mon Jul 13, 2015 8:41 am

Hi Roger,,

please, how is it possible do „secure“ version of example below?
Instead of http protocol there must be used httpS version.
I need process sensitive data, e.g. name, eMail, address – I think this rule/regulation is not only in our country.

Next info I found in Alaska’s Xbase++ doc:

By default, websocket communication is unencrypted. However, the WebsocketClient class also supports establishing connections encrypted via a Secure Socket Layer (SSL). For this, 443 must be specified as the port number when creating the websocket client object via the method :new().

So, I searched on internet and found also free or trial version of SSL certificates – for first tests or basic security it is OK...
and all certificates/organizations are officially supported in Windows like accepted authorities too!

https://www.startssl.com/?app=1 - FREE

https://www.geotrust.com/ssl/free-ssl-certificate - 30-day trial

https://www.freessl.com - 30-day trial

TIA & Regards
Zdeno

Code: Select all

***********************
METHOD Cxp:TestRegister
***********************

Local cRemoteIP := ::HttpRequest:GetVariable("REMOTE_ADDR")
Local nPos      := 0
*
Local cHtml := ''
Local i
Local aItems
Local cErrorMessage := ''
Local oForm
Local lSendForm := .T.
Local aVars
*
Local n, nMax
Local cLabel, cValue, nMaxSize, cVarName, cText
*
Local nPCount := 0
Local cGQC    := IIf( ( nPCount != 0 ), ::httpRequest:getQueryString(), '' )
*
Local aRet, aLog, lError
*
* Local cPath  := ( CurDrive() + ':\' + CurDir()  + '\' )
*
Local aUser := {}
Local oMySession
Local cTxtKosik
Local cCWN

::setErrorBlock()
BEGIN SEQUENCE


cHtml += '<html>' + CRLF
cHtml += '<head>' + CRLF
cHtml += '<meta content="text/html; charset=windows-1250" http-equiv="content-type">' + CRLF
* cHtml += '<!--- <meta http-equiv="refresh" content="5"> --->' + CRLF
* cHtml += '<style type="text/css">' ;
cHtml += '<style> ' ;
      +  'body {font-family:Segoe UI,Helvetica,Arial,sans-serif;' ;
      +  'font-size:16px;' ;
      +  '}' ;
      + '</style>' + CRLF
cHtml += '</head>' + CRLF


cHtml += '<body>' + CRLF

*

* cHtml += '<table border="1" style="width:100%">' + CRLF
/*
cHtml += '<table border="0">' + CRLF
cHtml += '  <tr>' + CRLF
cHtml += '    <td><a href = "/index.html">' + myLangMsg( MSG_HOME ) + '</a></td>' + CRLF
cHtml += '    <td>|</td>' + CRLF
cHtml += '    <td><a href = "/cxp/program">' + myLangMsg( MSG_PROGRAM ) + '</a></td>' + CRLF
cHtml += '    <td>|</td>' + CRLF

If ::MyGetValue( 'cCustomerName' ) == NIL .or. Empty( ::MyGetValue( 'cCustomerName' ) ) .or. ( ::MyGetValue( 'cCustomerName' ) == '(nikto)' )
   cHtml += '    <td>' + myLangMsg( MSG_LOGGED ) + ': <b>Nikto</b></td>' + CRLF
   cHtml += '    <td><a href = "/cxp/LogIn">' + myLangMsg( MSG_LOGIN ) + '</a></td>' + CRLF
   cHtml += '    <td><a href = "/cxp/TestRegister">' + 'TEST-Reg' + '</a></td>' + CRLF
   cHtml += '    <td>|</td>' + CRLF
Else
   aUser := { ::MyGetValue( 'cCustomerICO'   ), ;
              ::MyGetValue( 'cCustomerLogIn' ), ;
              ::MyGetValue( 'cCustomerName'  ), ;
              ::MyGetValue( 'cCustomerWebNo' )  ;
            }
   ::MySetValue( 'dDateAction', Date() )
   ::MySetValue( 'cTimeAction', Time() )
   UpdateUziv( @::cPath, ::MyGetValue( 'cCustomerLogIn' ) )
   cHtml += '    <td>' + myLangMsg( MSG_LOGIN ) + ': <b>' + Var2Char( ConvToAnsiCP( aUser[3] ) ) + '</b></td>' + CRLF
   cHtml += '    <td><a href = "/cxp/LogOut">' + myLangMsg( MSG_LOGOUT ) + '</a></td>' + CRLF
   cHtml += '    <td>|</td>' + CRLF
EndIf

cTxtKosik := IIf( Empty( ::MyGetValue( 'nSumKosik' ) ), ;
                       '', ;
                       ( ' <b>' + AS( Len( ::MyGetValue( 'aKosik' ) ) ) + ' ks</b> za ' ;
                       + '<b>' + AllTrim( Str( ::MyGetValue( 'nSumKosik' ), 12, 2 ) ) + ',- EUR</b>' ) ;
                )
*/

cHtml += '<table border="0">' + CRLF
cHtml += '  <tr>' + CRLF
cHtml += '    <td><a href = "/index.html">Home</a></td>' + CRLF
cHtml += '    <td>|</td>' + CRLF
cHtml += '    <td><a href = "/cxp/program">Program</a></td>' + CRLF
cHtml += '    <td>|</td>' + CRLF

   cHtml += '    <td>Logged: <b>None</b></td>' + CRLF
   cHtml += '    <td><a href = "/cxp/LogIn">Login</a></td>' + CRLF
   cHtml += '    <td>|</td>' + CRLF


cTxtKosik := ''

* cHtml += '    <td><a href = "/cxp/kosik">' + myLangMsg( MSG_BASKET ) + '</a> ' +  cTxtKosik +  '</td>' + CRLF
cHtml += '    <td><a href = "/cxp/kosik">' + 'Basket' + '</a> ' +  cTxtKosik +  '</td>' + CRLF

cHtml += '  </tr>' + CRLF
cHtml += '</table>' + CRLF


cHtml += '</br>' + CRLF

*


oForm := TestMyRegister():new()
aVars := oForm:getAllVars(::httpRequest:form)


// 1-label, 2-value, 3-maxsize, 4-varname, 5-text
aItems := { ;
 { 'Login',oForm:login,15,'login','' }, ;
 { 'Password',oForm:password,15,'password','' }, ;
 { 'Password (again)',oForm:rpassword,15,'rpassword','' }, ;
 { 'Surname',oForm:priezvisko,30,'priezvisko',''}, ;
 { 'Name',oForm:meno,30,'meno',''}, ;
 { 'Street',oForm:ulica,30,'ulica',''}, ;
 { 'ZIP',oForm:psc,5,'psc',''}, ;
 { 'City',oForm:obec,30,'obec',''}, ;
 { 'eMail',oForm:email,30,'email','' }, ;
 { 'Phone',oForm:telefon,15,'telefon','' }, ;
 { 'Mobil Phone',oForm:mobil,15,'mobil','' }, ;
 { 'Accepting <a href = "/cxp/vop" target="_blank">business conditions</a>',oForm:suhlas,1,'suhlas','' }  ;
}


cErrorMessage := ''
lSendForm := TestRegisterValidateVars(@aItems,@cErrorMessage)

cHtml += '<span style="color: red;">' ;
      +  '<small>' + Var2Char(cErrorMessage) + '</small>';
      +  '</span>' + BRCRLF


If lSendForm

   cHtml += '<form action="/cxp/testregister?submit" method="GET">' + CRLF

   cHtml += '<table border="0">' + CRLF

   nMax := Len( aItems )
*    // 1-label, 2-value, 3-maxsize, 4-varname, 5-text
   For n := 1 To nMax
        cLabel   := aItems[n,1]
        cValue   := aItems[n,2]
        nMaxSize := aItems[n,3]
        cVarName := aItems[n,4]
        cText    := aItems[n,5]
        cHtml += '<tr>' + CRLF

           cHtml += '<td align=right width=140>'+ cLabel + ':</td>' + CRLF
           cHtml += '<td style="color:red"><small>' + CRLF

           If ( n == 2 ) .or. ( n == 3 )
               If Empty( aItems[n,2] )
                  cHtml += '<input type="password"                        name="' + cVarName + '" size=' + AS(nMaxSize) + ' maxlength=' + AS(nMaxSize) + '>' + cText + CRLF
               Else
                  cHtml += '<input type="password" value="' + cValue + '" name="' + cVarName + '" size=' + AS(nMaxSize) + ' maxlength=' + AS(nMaxSize) + '>' + cText + CRLF
               EndIf
           ElseIf ( n == 12 )
               cHtml += '<input type="checkbox" name="' + cVarName + '" value="A">' + cText + CRLF
           Else
               If Empty( aItems[n,2] )
                  cHtml += '<input type=text                        name="' + cVarName + '" size=' + AS(nMaxSize) + ' maxlength=' + AS(nMaxSize) + '>' + cText + CRLF
               Else
                  cHtml += '<input type=text value="' + cValue + '" name="' + cVarName + '" size=' + AS(nMaxSize) + ' maxlength=' + AS(nMaxSize) + '>' + cText + CRLF
               EndIf
           EndIf

           cHtml += '</small></td>' + CRLF
       cHtml += '</tr>' + CRLF


       If n==3 .or. n==11
           cHtml += '<tr>' + CRLF
              cHtml += '<td align=right width=140><br></td>' + CRLF
           cHtml += '</tr>' + CRLF
       EndIf

   Next

   cHtml += '<tr>' + CRLF
      cHtml += '<td align=right width=140><br></td>' + CRLF
   cHtml += '</tr>' + CRLF

   cHtml += '<tr>' + CRLF
      cHtml += '<td align=right width=140>' + CRLF
          cHtml += '<input type="submit" value="Potvrï">' + CRLF
      cHtml += '</td>' + CRLF
   cHtml += '</tr>' + CRLF

   cHtml += '</table>' + CRLF

   cHtml += '</form>' + CRLF


   cHtml += '</br>' + CRLF

   *

   cHtml += '</br>' + CRLF

   cHtml += '<a href = "/cxp/register">New registration</a>' + CRLF
   cHtml += '|' + CRLF
   cHtml += '<a href = "/cxp/lostpassword">Lost password</a>' + CRLF

Else

*    cHtml += 'OK, form validated, we can continue...' + '</br>' + CRLF

   aRet := {}
   ASize(aRet,Len(aItems))
   aLog := {}
   ASize(aLog,2)
*    lError := SaveReg(@aItems,@cErrorMessage,@aRet,@aLog,::cPath)
   lError := .F.

   If ! lError
   Else
   EndIf

   If lError
      cHtml += Var2Char(cErrorMessage) + '<BR>' + CRLF
   Else
*        cHtml += PridajEmail( aLog[2] /*ICO*/, aItems[9,2] /*eMail*/, ::cPath, cRemoteIP, ::MyGetValue( 'cCustomerWebNo' ), ::MyGetValue( 'lSK' ) )
   EndIf
*

EndIf


cHtml += '<br>' + CRLF

cHtml += '<hr>' + CRLF

cHtml += '<small>'+ CRLF
cHtml += '<td>Your IP address: ' + cRemoteIP + '</td>' + CRLF
cHtml += '<td>|</td>' + CRLF
cHtml += '<td><a href = "/cxp/LogIn">Your history</a></td>' + CRLF
cHtml += '</small>'+ CRLF

cHtml += '</body>' + CRLF
cHtml += '</html>' + CRLF


RECOVER USING cHtml
END SEQUENCE

RETURN cHtml

*


CLASS TestMyRegister

EXPORTED:
VAR cPath

VAR login
VAR password
VAR rpassword

VAR priezvisko
VAR meno
VAR ulica
VAR psc
VAR obec
VAR email
VAR telefon
VAR mobil

VAR suhlas
VAR wid

INLINE METHOD init
LOCAL aVars, i
aVars := ::classdescribe()[3]
FOR i := 1 TO Len(aVars)
  ::&(aVars[i,1]) := ''
NEXT
RETURN self
* ---------

INLINE METHOD getAllVars(oForm)
LOCAL aVars, i, c
aVars := ::classdescribe()[3]
FOR i := 1 TO Len(aVars)
  aVars[i,1] := Lower(aVars[i,1])
  aVars[i,2] := oForm:&(aVars[i,1])
  ::&(aVars[i,1]) := aVars[i,2]
  aVars[i,3] := ''
NEXT
* ASort(aVars,,,{|a,b|a[1]<b[1]})
RETURN aVars
*
ENDCLASS

*

****************************************
Static FUNCTION TestRegisterValidateVars(aVars,cErrorMessage)
****************************************

LOCAL i, cVarName, cValue, lError := .f.
Local cTmpPassword  := '*'
Local cTmpRPassword := '*'

* cErrorMessage := ''

* wtf aVars

/*
priezvisko, meno, email, login, password, rpassword,
1-label, 2-value, 3-maxsize, 4-varname, 5-text
*/

FOR i := 1 TO Len(aVars)
    cVarName := aVars[i,4]
    cValue   := AllTrim(aVars[i,2])
    *
    If     cVarName == 'password'
       cTmpPassword  := cValue
    ElseIf cVarName == 'rpassword'
       cTmpRPassword := cValue
    EndIf
    *
    IF cVarName $ {'login','password','rpassword','priezvisko','meno','ulica','psc','obec','email',/*'telefon',*/'mobil','suhlas'} .AND. Empty(cValue)
       aVars[i,5] := ' ***'
       lError := .t.
    ELSEIF cVarName = 'login' .AND. (Len(cValue) < 6 )
       aVars[i,5] := ' Prihlasovacie meno musí ma minimálne 6 znakov'
       lError := .t.
    ELSEIF cVarName = 'login' .AND. NachadzaSaMedzera( cValue )
       aVars[i,5] := ' Prihlasovacie meno nesmie obsahova medzeru!'
       lError := .t.
    ELSEIF cVarName = 'password' .AND. (Len(cValue) < 6 )
       aVars[i,5] := ' Heslo musí ma minimálne 6 znakov'
       lError := .t.
    ELSEIF cVarName = 'password' .AND. NachadzaSaMedzera( cValue )
       aVars[i,5] := ' Heslo nesmie obsahova medzeru!'
       lError := .t.
    ELSEIF cVarName = 'rpassword' .AND. (Len(cValue) < 6 )
       aVars[i,5] := ' Heslo musí ma minimálne 6 znakov'
       lError := .t.
    ELSEIF cVarName = 'rpassword' .AND. NachadzaSaMedzera( cValue )
       aVars[i,5] := ' Heslo nesmie obsahova medzeru!'
       lError := .t.
    ELSEIF cVarName = 'priezvisko' .AND. (Len(cValue) < 2 )
       aVars[i,5] := ' Priezvizko musi mat minimalne 2 znaky'
       lError := .t.
    ELSEIF cVarName = 'meno' .AND. (Len(cValue) < 2 )
       aVars[i,5] := ' Meno musí ma minimálne 2 znaky'
       lError := .t.
    ELSEIF cVarName = 'ulica' .AND. (Len(cValue) < 2 )
       aVars[i,5] := ' Ulica musí ma minimálne 2 znaky'
       lError := .t.
    ELSEIF cVarName = 'psc' .AND. (Len(cValue) < 2 )
       aVars[i,5] := ' Ulica musí ma 5 znakov'
       lError := .t.
    ELSEIF cVarName = 'obec' .AND. (Len(cValue) < 2 )
       aVars[i,5] := ' Obec musí ma minimálne 2 znaky'
       lError := .t.
    ELSEIF cVarName = 'email' .AND. !('@'$cValue)
       aVars[i,5] := ' eMail musí obsahova znak "@"!'
       lError := .t.
    ELSEIF cVarName = 'email' .AND. !('.'$cValue)
       aVars[i,5] := ' eMail musí obsahova znak "."!'
       lError := .t.
    ELSEIF cVarName = 'email' .AND. (Len(cValue) < 6 )
       aVars[i,5] := ' eMail musí obsahova aspoò 6 znakov!' /*+ Str(Len(cValue))*/
       lError := .t.
    ELSEIF cVarName = 'email' .AND. NachadzaSaMedzera( cValue )
       aVars[i,5] := ' eMail nesmie obsahova medzeru!'
       lError := .t.
*     ELSEIF cVarName = 'telefon' .AND. (Len(cValue) < 10 )
*        aVars[i,5] := ' Telefón musí ma minimálne 10 znakov! '
    ELSEIF cVarName = 'mobil' .AND. ! TvarMobCis(cValue)
       aVars[i,5] := ' Telefónne èíslo musí ma 11 znakov a tvar 09xx-xxxxxx!'
       lError := .t.

    ELSEIF cVarName = 'suhlas' .AND. !(Upper(cValue)$'AÁ')
       aVars[i,5] := ' Povolená hodnota je A alebo Á!'
       lError := .t.

     ELSE
       aVars[i,5] := ' '
     ENDIF
NEXT

If ! Empty( cTmpPassword ) .and. ! Empty( cTmpRPassword )
   If ! ( cTmpPassword == cTmpRPassword )
*       cErrorMessage := ' Heslá sa nerovnajú !'
      cErrorMessage := ' Passwords are NOT the same!'
   EndIf
EndIf

IF lError
   cErrorMessage += ' Položky oznaèené *** musia by vyplnené!'
ELSE
*    cErrorMessage += ''
   cErrorMessage := ''
ENDIF

RETURN lError

* ---------

**************************
Function NachadzaSaMedzera( _cText )
**************************

Local lRet := .F.

If ( At( " ", _cText ) > 0 )
   lRet := .T.
EndIf

Return ( lRet )

*

*******************
Function TvarMobCis( _cTC )
*******************

Local lRet := .T.

If ( Len( _cTC ) != 11 )    && 09xx-123456
   lRet := .F.
EndIf
If ! OnlyDigit( SubStr( _cTC, 1, 4 ) )
   lRet := .F.
EndIf
If ! ( SubStr( _cTC, 5, 1 ) == '-' )
   lRet := .F.
EndIf
If ! OnlyDigit( SubStr( _cTC, 6, 6 ) )
   lRet := .F.
EndIf

Return ( lRet )

*

******************
Function OnlyDigit( _cText )
******************

Local cChar := ''
Local ix, nMax := Len( _cText )
Local lTemp := .T.
* wtf _cText

For ix := 1 To nMax
    If ! IsDigit( SubStr( _cText, ix, 1 ) )
       lTemp := .F.
       ix := nMax
       Loop
    EndIf
Next

Return ( lTemp )

*

****************
Function IsDigit( _cChar )
****************

Local nAsc := Asc( _cChar )
* wtf nAsc

If ( nAsc >= 48 ) .and. ( nAsc <= 57 )   && 0..9
   Return ( .T. )
EndIf

If ( _cChar == '.' )
   Return ( .T. )
EndIf

Return ( .F. )

*

#2 Post by **rdonnay** » Mon Jul 13, 2015 8:51 am

please, how is it possible do „secure“ version of example below?

httpEndPoint supports SSL but it does not yet support certificates (according to Steffen Pirsig).

Until it does, you will need to use STUNNEL as a workaround.

I am using this on 2 different servers.

Even Xb2.Net SSL requires STUNNEL.

I wrote a detailed document on how to do this.

Look at \expd20\stunnel.

Zdeno Bielik · #3 Post by **Zdeno Bielik** » Mon Jul 13, 2015 11:03 am

Roger,

ok, thanks for tip. Anyway, somewhere I do mistake...
I downloaded latest stunnel and instaling it.
Then I created stunnel.pem with selfsign.bat and starting stunel.

I tried run https://pc05025/cxp/testregister , but without success.
Note: http://pc05025/cxp/testregister works OK.

So, I changed cHost to https, but still without success.
DEFAULT cHost := "http://" + GetEnv('Computername')
cHost := "https://" + GetEnv('Computername')
Note: http://pc05025/cxp/testregister still worked OK.

just see atached images

Please, what do I do wrong?

p.s. please, have you any info, when certificates will be supported?

Zdeno

#4 Post by **rdonnay** » Mon Jul 13, 2015 11:56 am

Stunnel re-routes calls to port 443 to port 80.

You still need to start your httpEndPoint using port 80.

You also need to start Stunnel.exe.

p.s. please, have you any info, when certificates will be supported?

You should try to come to the European Devcon in November.
Steffen will answer all your questions.

I am not a spokesman for Alaska Software.
I only relay information as I here it.
Steffen has made no announcments, however he implied that there will be many more improvements to Xbase++ internet technologies before the devcon.

Zdeno Bielik · #5 Post by **Zdeno Bielik** » Tue Jul 14, 2015 8:08 am

Hi Roger,

hmmm, stunnel.exe is running and I have no problem sending e.g. eMails via it with Gmail account – see attached image.
But I still can’t figure out how to configure stunnel.conf or call index.html page that it accepts https/ssl protocol.

Please, can you look at it – many thanks.

Zdeno

#6 Post by **rdonnay** » Tue Jul 14, 2015 2:19 pm

But I still can’t figure out how to configure stunnel.conf or call index.html page that it accepts https/ssl protocol.

Does the server fail to respond to the https request or is the browser complaining that there is no certificate?

Zdeno Bielik · #7 Post by **Zdeno Bielik** » Tue Jul 14, 2015 10:08 pm

Roger,

Does the server fail to respond to the https request...

I think this is true - may be I am wrong:

this works for me:
http://pc:8080/index.html
or
http://pc:8080/cxp/testregister

this does not work:
https://pc:8080/index.html
or
https://pc:8080/cxp/testregister

it just still trying connect/show/load that pages, but without success – see attached image

... or is the browser complaining that there is no certificate?

There is no error/info about missing cetificate when I try open https version.
I have only self-signed certificate. This generated PEM file is not possible import into windows’s certificate repository.
Have I obtain any signed certificate from trusted CA for tests with CxpHttpServer on local computer too?

Zdeno Bielik · #8 Post by **Zdeno Bielik** » Thu Jul 16, 2015 2:56 am

Roger,

after re-reading documentation, it looks, if we want have secure communications,
there must be also implemented WebSocketHandler() and WebSocketClient().
If it is true, please, I kindly ask you, can you add this support into your CxpHttpServer example?
Many thanks.

Zdeno

HttpEndpoint() -An object of the class HttpEndpoint serves as a connection point for incoming HTTP or WebSocket connections.

WebHandler() - On web connections the class HttpEndpoint instantiates objects from user defined classes that must be derived from the class WebHandler. Those sub classes implement methods being called to serve the request.

WebSocketHandler() - WebsocketHandler is an abstract class which must be used to implement the handlers for websocket endpoints. To do this, a user-defined handler class derived from the class WebSocketHandler must be implemented that overloads the abstract methods :onText(), :onBinary(), :onConnect() and :onDisconnect().

On incoming websocket connections via the class HttpEndpoint an object of the user-defined handler class is instantiated to service the requests from the client. For this the methods :sendText() and :sendBinary() can be used to send messages to the connected client.

WebSocketClient() - Use the WebSocketClient class to implement the client of a websocket connection. A user-defined websocket client is derived from the class WebSocketClient and implements the methods ::onConnect(), :onDisconnect(), :onText() and :onBinary().

The example below demonstrates the implementation of the client side of a websocket connection. Refer to the example of WebSocketHandler() to see the implementation of the server side.

By default, websocket communication is unencrypted. However, the WebsocketClient class also supports establishing connections encrypted via a Secure Socket Layer (SSL). For this, 443 must be specified as the port number when creating the websocket client object via the method :new().

#9 Post by **rdonnay** » Thu Jul 16, 2015 7:13 am

Zdeno -

I have a deadline for another project I am working on this week.
I will get to it in a few days.

Roger

Zdeno Bielik · #10 Post by **Zdeno Bielik** » Fri Jul 17, 2015 6:45 am

Roger,

ok, super! Many thanks for now.

Zdeno

bb.donnay-software.com

SSL support for http

SSL support for http

Re: SSL support for http

Re: SSL support for http

Re: SSL support for http

Re: SSL support for http

Re: SSL support for http

Re: SSL support for http

Re: SSL support for http

Re: SSL support for http

Re: SSL support for http