[英]THttpRio https (Wininet) with ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED error message
我正在使用Delphi XE7,在没有安装证书的PC上赢得8.1。
我有下一个Web服务https://wsp.hom.orizonbrasil.com.br:6214/tiss/v30200/tissSolicitacaoProcedimento
当我调用Web服务时,我在Delphi XE7中遇到此异常:“需要证书才能完成客户端身份验证 - URL: https ://wsp.hom.orizonbrasil.com.br:6214 / tiss / v30200 / tissSolicitacaoProcedimento - SOAPAction: “”
当我尝试使用SOAPUI(java)并获得此Web服务的响应时,端口不会阻止连接。
我正在尝试使用Altova xml间谍,我得到类似于delphi XE7的错误。
为什么SoapUI工作而XE7和XML SPY有证书问题?
最有可能的是,证书位于本地系统的ROOT证书存储区(受信任的根证书)中。
默认情况下,THTTPRIO不会在Delphi中加载它们(因此,它找不到正确的版本),而是在MY证书库中查找当前的USER。 要强制组件使用ROOT证书存储,您必须提供OnBeforePost,以便它可以打开证书实际存在的正确存储。
procedure Form1.OnBeforePost(const HTTPReqResp: THTTPReqResp; Data: Pointer);
const
CERT_STORE_PROV_SYSTEM_A = LPCSTR(9);
CERT_STORE_PROV_SYSTEM_W = LPCSTR(10);
{$IFDEF UNICODE}
CERT_STORE_PROV_SYSTEM = CERT_STORE_PROV_SYSTEM_W;
{$ELSE}
CERT_STORE_PROV_SYSTEM = CERT_STORE_PROV_SYSTEM_A;
{$ENDIF}
CERT_STORE_NO_CRYPT_RELEASE_FLAG = $00000001;
CERT_STORE_SET_LOCALIZED_NAME_FLAG = $00000002;
CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG = $00000004;
CERT_STORE_DELETE_FLAG = $00000010;
CERT_STORE_MANIFOLD_FLAG = $00000100;
CERT_STORE_ENUM_ARCHIVED_FLAG = $00000200;
CERT_STORE_UPDATE_KEYID_FLAG = $00000400;
CERT_STORE_READONLY_FLAG = $00008000;
CERT_STORE_OPEN_EXISTING_FLAG = $00004000;
CERT_STORE_CREATE_NEW_FLAG = $00002000;
CERT_STORE_MAXIMUM_ALLOWED_FLAG = $00001000;
CERT_SYSTEM_STORE_CURRENT_USER_ID = 1;
CERT_SYSTEM_STORE_LOCAL_MACHINE_ID = 2;
CERT_SYSTEM_STORE_LOCATION_SHIFT = 16;
CERT_SYSTEM_STORE_CURRENT_SERVICE_ID = 4;
CERT_SYSTEM_STORE_SERVICES_ID = 5;
CERT_SYSTEM_STORE_USERS_ID = 6;
CERT_SYSTEM_STORE_CURRENT_USER = CERT_SYSTEM_STORE_CURRENT_USER_ID shl CERT_SYSTEM_STORE_LOCATION_SHIFT;
CERT_SYSTEM_STORE_LOCAL_MACHINE = CERT_SYSTEM_STORE_LOCAL_MACHINE_ID shl CERT_SYSTEM_STORE_LOCATION_SHIFT;
CERT_SYSTEM_STORE_CURRENT_SERVICE = CERT_SYSTEM_STORE_CURRENT_SERVICE_ID shl CERT_SYSTEM_STORE_LOCATION_SHIFT;
CERT_SYSTEM_STORE_SERVICES = CERT_SYSTEM_STORE_SERVICES_ID shl CERT_SYSTEM_STORE_LOCATION_SHIFT;
CERT_SYSTEM_STORE_USERS = CERT_SYSTEM_STORE_USERS_ID shl CERT_SYSTEM_STORE_LOCATION_SHIFT;
{$IFDEF UNICODE}
CERT_STORE:PWChar = 'Root';
{$ELSE}
CERT_STORE:PAnsiChar = 'Root';
{$ENDIF}
var
HTTPRStore: IClientCertInfo;
hStore: pointer;
Flags: cardinal;
begin
HTTPReqResp.InvokeOptions:=[soPickFirstClientCertificate,soIgnoreInvalidCerts];
if UseSystemCertStore
then
begin
Flags:=CERT_STORE_OPEN_EXISTING_FLAG or CERT_STORE_READONLY_FLAG or CERT_SYSTEM_STORE_LOCAL_MACHINE or CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG;
HTTPRStore:=HTTPReqResp as IClientCertInfo;
try
hStore:=CertOpenStore(CERT_STORE_PROV_SYSTEM,
0,
0,
Flags,
CERT_STORE);
HTTPRStore.SetCertStore(hStore);
finally
HTTPRStore:=nil;
end;
end;
end;
来自https的wsimport:[错误] java.security.cert.CertificateException:不存在使用者替代名称
[英]wsimport from https: [ERROR] java.security.cert.CertificateException: No subject alternative names present
CLIENT-CERT auth方法可以与tomcat中的JDBC领域一起使用吗?
[英]Can CLIENT-CERT auth-method be used with a JDBC realm within tomcat?
使用Metro客户端缓冲传入的SOAP消息时发生错误
[英]Error occurred while buffering incoming SOAP message using Metro client
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.