Print Page - Implementing secured RESTfull webservices using oAuth

Title: Implementing secured RESTfull webservices using oAuth
Post by: Lu?s T. on March 30, 2022, 11:07:15 am

I am trying to secure our webservices uing oAuth.
As I did not find anything natively implemented in Genero (I just found some examples of using oAuth as client, not as a server) I am trying to implement it by myself.
In oAuth the invocation of the webservices receives a Jason Web Token (JWT) in the header that should be validated to confirm the caller as access to the webservice.
The JWT is signed to garantee its integrity and it is when trying to validate the signature where I get stucked.
The signature algorithm is 'RS256' and I am trying to use xml.Signature.verifyString (https://4js.com/online_documentation/fjs-fgl-3.20.25-manual-html/#fgl-topics/c_gws_XmlSignature_verifyString.html). When I try to set the Signture Key, using The CryptoKey class (https://4js.com/online_documentation/fjs-fgl-3.20.25-manual-html/#fgl-topics/c_gws_XmlCryptoKey.html#c_gws_XmlCryptoKey) I get an error.

Code:

let key = xml.CryptoKey.Create("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256")
call  key.loadPEM("ciiSBqKB2SY_hcvJdxgzR.pem")

This is the stderr when I run it in AIX (I have set the FGLWSDEBUG variable):

Code:

WS-DEBUG (Security Info)
OpenSSL 1.1.1g  21 Apr 2020
WS-DEBUG END

WS-DEBUG (Security Warning)
Crypto library doesn't have any ZLIB compression algorithm.
WS-DEBUG END

WS-DEBUG (Security Warning)
SSL library wasn't compiled with support of RLE compression.
SSL library wasn't able to initiate the ZLIB compression library.
WS-DEBUG END

WS-INFO (Certificate authority) | Loading from directory /usr/informix/gnrdev1/fgl/web_utilities/certs | Loading from directory /var/ssl/certs
Program stopped at 'teste.4gl', line number 17.
FORMS statement error number -15648.
Xml security operation failed : xmlsec library function failed.

An this the output in Linux

Code:

WS-DEBUG (Security Info)
OpenSSL 1.1.1g  21 Apr 2020
WS-DEBUG END

WS-DEBUG (Security Warning)
Crypto library doesn't have any ZLIB compression algorithm.
WS-DEBUG END

WS-DEBUG (Security Warning)
SSL library wasn't compiled with support of RLE compression.
SSL library wasn't able to initiate the ZLIB compression library.
WS-DEBUG END

WS-INFO (Certificate authority) | Loading from directory /opt/informix/gnr-devstudio-3.20.09/fgl/web_utilities/certs | Loading from directory /etc/ssl/certs | Loading from directory /etc/pki/tls/certs
Program stopped at 'teste.4gl', line number 17.
FORMS statement error number -15648.
Xml security operation failed : crypto library function failed : openssl error: 151584876: PEM routines: get_name no start line.

I attached the pem file.
Thanks

Title: Re: Implementing secured RESTfull webservices using oAuth
Post by: Lu?s T. on March 30, 2022, 11:22:31 am

I am sorry but I put the wrong stderr.
I AIX should end with:

Code:

WS-INFO (Certificate authority) | Loading from directory /usr/informix/gnrdev1/fgl/web_utilities/certs | Loading from directory /var/ssl/certs
Program stopped at 'teste.4gl', line number 17.
FORMS statement error number -15648.
Xml security operation failed : crypto library function failed : openssl error: 621215852: DSO support routines: DSO_load functionality not supported.

I Linux:

Code:

WS-INFO (Certificate authority) | Loading from directory /opt/informix/gnr-devstudio-3.20.09/fgl/web_utilities/certs | Loading from directory /etc/ssl/certs | Loading from directory /etc/pki/tls/certs
Program stopped at 'teste.4gl', line number 17.
FORMS statement error number -15648.
Xml security operation failed : crypto library function failed : openssl error: 151584876: PEM routines: get_name no start line.

Title: Re: Implementing secured RESTfull webservices using oAuth
Post by: acacia s. on March 12, 2024, 05:32:58 am

Quote from: . on March 30, 2022, 11:07:15 am

Code:

let key = xml.CryptoKey.Create("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256")
call  key.loadPEM("ciiSBqKB2SY_hcvJdxgzR.pem")

This is the stderr when I run it in AIX (I have set the FGLWSDEBUG variable):

Code:

WS-DEBUG (Security Info)
OpenSSL 1.1.1g  21 Apr 2020
WS-DEBUG END

WS-DEBUG (Security Warning)
Crypto library doesn't have any ZLIB compression algorithm.
WS-DEBUG END

WS-DEBUG (Security Warning)
SSL library wasn't compiled with support of RLE compression.
SSL library wasn't able to initiate the ZLIB compression library.
WS-DEBUG END

WS-INFO (Certificate authority) | Loading from directory /usr/informix/gnrdev1/fgl/web_utilities/certs | Loading from directory /var/ssl/certs
Program stopped at 'teste.4gl', line number 17.
FORMS statement error number -15648.
Xml security operation failed : xmlsec library function failed.

An this the output in Linux

Code:

WS-DEBUG (Security Info)
OpenSSL 1.1.1g  21 Apr 2020
WS-DEBUG END

WS-DEBUG (Security Warning)
Crypto library doesn't have any ZLIB compression algorithm.
WS-DEBUG END

WS-DEBUG (Security Warning)
SSL library wasn't compiled with support of RLE compression.
SSL library wasn't able to initiate the ZLIB compression library.
WS-DEBUG END

WS-INFO (Certificate authority) | Loading from directory /opt/informix/gnr-devstudio-3.20.09/fgl/web_utilities/certs | Loading from directory /etc/ssl/certs | Loading from directory /etc/pki/tls/certs
Program stopped at 'teste.4gl', line number 17.
FORMS statement error number -15648.
Xml security operation failed : crypto library function failed : openssl error: 151584876: PEM routines: get_name no start line.

I attached the pem file.

basket random (https://basketrandom.pro)

Thanks

Looks like there's something wrong in your code.

Four Js Development Tools Forum

Discussions by product => Genero BDL => Topic started by: Lu?s T. on March 30, 2022, 11:07:15 am