How do I set a password to connect to a client authenticated web service for KeyFile?
I need to write a program (Delphi XE5, Indy 10: TIdHTTP and TIdSSLIOHandlerSocketOpenSSL) that can connect to a web service with client authentication. With a few days of work, it finally became successful. I can connect using authentication by setting the SSLOptions.CertFile and SSLOptions.KeyFile properties for the TIdSSLIOHandlerSocketOpenSSLs. It's okay. (I have a pfx file from my partner, I exported it to certificate and private key file with OpenSSL, so I use these 2 files in the program.)
I have one component TButton, TMemo and TIdHTTP in a form.
Source code (button click event - string IdHTTP1.Request.ContentType: = '.......' is only needed for communication due to server settings):
procedure TForm1.Button1Click(Sender: TObject);
var
URL: string;
XML: TStrings;
S: string;
Req: TStream;
SL: TStringList;
SSL1 : TIdSSLIOHandlerSocketOpenSSL;
begin
XML := TStringList.Create;
XML.Add('<soap:Envelope xmlns:ns="http://docs.oasis-open.org/ws-sx/ws-trust/200512" ' +
'xmlns:soap="http://www.w3.org/2003/05/soap-envelope">');
…
XML.Add(' <soap:Body>');
…
XML.Add(' </soap:Body>');
XML.Add('</soap:Envelope>');
URL := 'https://…………………….';
end
Req := TStringStream.Create(XML.Text, TEncoding.UTF8);
try
SSL1 := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
SSL1.SSLOptions.CertFile := 'd:\certificate.pem';
SSL1.SSLOptions.KeyFile := 'd:\private.pem';
SSL1.SSLOptions.Mode := sslmClient;
try
SSL1.SSLOptions.Method := sslvSSLv23;
IdHTTP1.IOHandler := SSL1;
IdHTTP1.Request.ContentType := 'application/soap+xml;charset=UTF-8;action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"';
S := IdHTTP1.Post(URL, Req);
finally
SSl1.Free;
end;
finally
Req.Free;
end;
ResultMemo.Lines.Add(Format('Response Code: %d', [IdHTTP1.ResponseCode]));
ResultMemo.Lines.Add(Format('Response Text: %s', [IdHTTP1.ResponseText]));
SL := TStringList.Create;
try
SL.Text := S;
ResultMemo.Lines.AddStrings(SL);
finally
SL.Free;
end;
end;
The problem is this: my partner said that this is not the best case if the file I am using is not password protected. They told me how to create a password protected (and encrypted) file for KeyFile with OpenSSL. When I install this password protected file in the SSLOptions.KeyFile, I get the following error message: "Failed to load key, verify password. Error: 0906A068: PEM routines: PEM_do_header: Invalid password."
I tried to set a password in the idHTTP1.Request.Password property, but the result is the same.
Question: how and where should I set a password for the KeyFile if I need to use a password protected key file? Since I have to publish the certificate files, the best solution would be to set a password in the program and use a password protected KeyFile instead of using a non password protected KeyFile.
Many thanks.
Best regards, Attila
source to share