11.5.1 Calling Rest Service Using Https Passing On Json

[Tony Prettyman]

Trying to make a call to a TaxWare REST Service to get tax information.

It's an https call to https://sstwsuat.taxware.net:443/.

Their documentation states:
For client integrations to the hosted environment, user authentication will
happen based on user name and password along with Taxware -compliant
security. Secure certificates will not be required.

When I try to call their site through Progress 11.5.1 (using RequestBuilderost) I pass in a Header of
Authorization TAX usrid : hmac
Where the hmac is a hmac-SHA1 value combining 5 different values. I have compared the value I get with an online generator (and a java app that works) and it's correct.

Anyway, when I call from Progress, I get an error:
Secure Socket Layer (SSL) failure, error code -54: self signed certificate in certificate chain: for bc3f2570.0 (9318). I didn't have to install any certificate for Java in Eclipse and it worked. But I tried anway in Progress, and after downloading and installing certificate, I get a different error:

Challenge cannot be empty

I am unfamiliar with HTTPS, SSL, and certificates, but need to get this working... It works in Java, but they also do something when generating the Httpsconnection that talks about SSL and a trust manager which I don't see an equivalent of in Progress:
public static HttpsURLConnection getHttpsConnection(String urlpath,
String request, Connection c) throws Exception {
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}

public void checkClientTrusted(X509Certificate[] certs,
String authType) {
}

public void checkServerTrusted(X509Certificate[] certs,
String authType) {
}
} };

HttpsURLConnection urlConnection = null;
try {

// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection
.setDefaultSSLSocketFactory(sc.getSocketFactory());

// Create all-trusting host name verifier
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};

// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
URL url = new URL(urlpath);
urlConnection = (HttpsURLConnection) url.openConnection();
urlConnection.setDoInput(true);
urlConnection.setDoOutput(true);
urlConnection.setRequestMethod(defaultHttpMethod);
urlConnection.setUseCaches(false);
urlConnection.setConnectTimeout(10000);
// urlConnection.setReadTimeout(10000);
} catch (NoSuchAlgorithmException e) {
throw new NoSuchAlgorithmException(
"NoSuchAlgorithmException getting SSL Context in getHttpsConnection(): "
+ e.getMessage());
} catch (KeyManagementException e) {
throw new KeyManagementException(
"KeyManagementException initializing SSL Context in getHttpsConnection(): "
+ e.getMessage());
} catch (MalformedURLException e) {
throw new MalformedURLException(
"MalformedURLException obtaining URL object in getHttpsConnection(): "
+ e.getMessage());
} catch (IOException e) {
throw new IOException(
"IOException opening URL Connection object in getHttpsConnection(): "
+ e.getMessage());
}
return urlConnection;
}

 

[Tony Prettyman]

Figured it out. The "Challenge cannot be empty" was a bad error from the ABL (or didn't give me a lot of info). Found that 3 files were being placed by the Developer Studio in the WRK directory (good to know for troubleshooting). One of them said "Unauthorized: Hashes do not match". Found a typo in the hash I was creating, and then also found a typo in the URL address. I had a lowercase t when it wanted an uppercase T in calcTax. So picky!

Pretty pumped now though. Calling a REST webservice through HTTPS sending JSON and receiving JSON back using a hash created from HMAC-SHA1 in 11.5.1 Progress!