Author Topic: Error in connection to REST service  (Read 47 times)

Mogens Christensen

  • Newbie
  • *
  • Posts: 12
Error in connection to REST service
« on: May 05, 2021, 12:08:10 am »
Hi!

In a Winbatch program i use this object WinHttp.WinHttpRequest.5.1,  sending changes to a ServiceNow REST service


The provider has changed TLS to mTLS, after that then program ends with this error message

http.send(request)
(281) GOSUB Error handler

WIL ERROR SUPPRESSED =>1261 (COM/CLR: Exception)

rc = IntControl(1000,8,0,0,0)
(281) VALUE INT => 0

status_txt = http.statusText
(281) VALUE INT => 0

TERMINAL WIL ERROR=>1261 (COM/CLR: Exception)

;;;END OF JOB;;;

---------- Begin structure stack dump ----------
  1 for                33 FOR a = 1 TO antal BY 1          ServNowDB2upd.wbt
  2 gosub              63 http.send(request)               ServNowDB2upd.wbt
-------- End structure stack dump --------

---------- Begin WWWBATCH.INI dump ----------
[COM & CLR Sub-system]
Function=InvokeMember
ErrorCode=9 (0x80020009)
ErrorDesc=Exception occurred.

Are ther other HTTP objects thats supports mTLS

Any help is appreciated
THANKS

td

  • Tech Support
  • *****
  • Posts: 3701
    • WinBatch
Re: Error in connection to REST service
« Reply #1 on: May 05, 2021, 07:21:09 am »
Mutual Transport Layer Security is usually more server to server or IOT related. I don't believe that Windows COM Automation-based HTTP protocol objects support it. You could check out the System.Net.Http .Net class as WinBatch supports .Net via its CLR hosting subsystem. However,  I don't see anything that indicates that the class does support mTLS but that could be because I just didn't look hard enough.

https://docs.microsoft.com/en-us/dotnet/api/system.net.http.httpclient?view=netframework-4.8

I will have to do a little more checking into the subject as this is not something that has come up before.

[edit] There are some indications that it is possible to perform mTLS client/server negotiations and data transfers using the above mentioned dotNet class. Still needs more research though.
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

td

  • Tech Support
  • *****
  • Posts: 3701
    • WinBatch
Re: Error in connection to REST service
« Reply #2 on: May 06, 2021, 10:19:33 am »
Here is a very crude example that sets up an mTLS connection to a site of your choice. Don't know if it actually works but it might give someone some ideas.

Code: Winbatch
ObjectClrOption("useany", "System")
ObjectClrOption("useany", "System.Net")
ObjectClrOption("useany", "System.Net.Http")
ObjectClrOption("useany", "System.Net.Http.WebRequest")

Uri = "https://www.sitethatretunrshtml.com"  ; Your URL goes here.
objUri = ObjectClrNew('System.Uri', Uri)
Encoding = ObjectClrNew( 'System.Text.Encoding' )
WebRequest = ObjectClrNew('System.Net.WebRequest')

;  Need TSL
objSvcManager = ObjectClrNew('System.Net.ServicePointManager')
; Require TLS1.2.
; https://docs.microsoft.com/en-us/dotnet/api/system.net.securityprotocoltype?view=netframework-4.8
protocols = ObjectClrType("System.Net.SecurityProtocolType",3072)   ;  TLS 1.2
objSvcManager.SecurityProtocol = protocols

; Create and configure a mTLS request handler for the client
; https://docs.microsoft.com/en-us/dotnet/api/system.net.http.webrequesthandler?view=netframework-4.8
strCert = 'C:\Temp\client\client.pfx'
objCert = ObjectClrNew('System.Security.Cryptography.X509Certificates.X509Certificate', strCert, 'passwordhere')
objReqHandler = ObjectClrNew('System.Net.Http.WebRequestHandler')
objReqHandler.ClientCertificates.Add(objCert)

; https://docs.microsoft.com/en-us/dotnet/api/system.net.security.authenticationlevel?view=net-5.0
Required = 2   ; Magic number.
Required = ObjectClrType('System.Net.Security.AuthenticationLevel', Required)
objReqHandler.AuthenticationLevel =  Required

objHttpClient = ObjectClrNew('System.Net.Http.HttpClient', objReqHandler)
objResponse = objHttpClient.GetAsync(Uri)
objResult = objResponse.Result()

; Crude sychronization loop...
for i = 1 to 10
   TimeDelay(1)
   Code = objResult.StatusCode
   if Code == 200 then break
next

Terminate(Code != 200, 'mTLS Get Request', 'Failed with status code: ':Code)

; Bunch of assumptions here but it may return more or less what you would expect.
objHttpContent = objResult.Content()
objStrTask = objHttpContent.ReadAsStringAsync()
strHtml = objStrTask.Result()

Message('HTML Dump', strHtml)
exit


You can use the Windoze 10 WLS to create a client certificate using openSSL.
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade