SOAP service testing: Difference between revisions
No edit summary |
No edit summary |
||
Line 3: | Line 3: | ||
|} | |} | ||
Creditinfo Eesti AS SOAP service is tested using <tt>curl</tt> software and the [[KiCompany_en | KiCompany]] service. Other Creditinfo Eesti AS SOAP services can also be tested in the same way. | |||
Authentication is possible using the certificate/key pair as well as the HTTP Basic Authentication user name and password. In addition to the password or certificate, the user needs to have been issued a permission to use the [[KiCompany_en | KiCompany]] service by | Authentication is possible using the certificate/key pair as well as the HTTP Basic Authentication user name and password. In addition to the password or certificate, the user needs to have been issued a permission to use the [[KiCompany_en | KiCompany]] service by Creditinfo Eesti AS customer service. | ||
If the following tests in the client's environment are successful, it can be stated that the certificate or password issued to the client is valid, and the permissions to use [[KiCompany_en | KiCompany]] are correctly set. | If the following tests in the client's environment are successful, it can be stated that the certificate or password issued to the client is valid, and the permissions to use [[KiCompany_en | KiCompany]] are correctly set. | ||
Line 12: | Line 12: | ||
== Network test == | == Network test == | ||
The request's source environment must be able to connect to the <tt>services.krediidiinfo.ee</tt> server using the tcp port number <tt>443</tt>. | The request's source environment must be able to connect to the <tt>services.krediidiinfo.ee</tt> server using the tcp port number <tt>443</tt>. Creditinfo Eesti AS has not set any IP-based limitations to that server. | ||
The <tt>netcat</tt> utility can be used in order to test whether there is a firewall blocking the connection: | The <tt>netcat</tt> utility can be used in order to test whether there is a firewall blocking the connection: | ||
Line 50: | Line 50: | ||
== Using curl== | == Using curl== | ||
The command-line tool <tt>curl</tt> is a convenient testing utility. To use the | The command-line tool <tt>curl</tt> is a convenient testing utility. To use the Creditinfo Eesti AS SOAP service, <tt>curl</tt> must be compiled with SSL support and must support https protocol. You can check whether this is the case by using the command <tt>curl --version</tt>; the result: | ||
curl 7.19.6 (x86_64-redhat-linux-gnu) libcurl/7.19.6 NSS/3.12.4.1 Beta zlib/1.2.3 libidn/0.6.14 libssh2/0.18 | curl 7.19.6 (x86_64-redhat-linux-gnu) libcurl/7.19.6 NSS/3.12.4.1 Beta zlib/1.2.3 libidn/0.6.14 libssh2/0.18 | ||
Line 58: | Line 58: | ||
=== curl SOAP request, using HTTP Basic Authentication === | === curl SOAP request, using HTTP Basic Authentication === | ||
Creditinfo Eesti AS has issued you a user name and password. In this example, the user name is "1234" and password is "abc123". | |||
curl -d @data.txt -u 1234:abc123 <nowiki>https://services.krediidiinfo.ee/soap.php?name=KiCompany</nowiki> | curl -d @data.txt -u 1234:abc123 <nowiki>https://services.krediidiinfo.ee/soap.php?name=KiCompany</nowiki> | ||
Line 69: | Line 69: | ||
=== curl SOAP request, using a certificate and a key as the authentication method === | === curl SOAP request, using a certificate and a key as the authentication method === | ||
To make a request you need a certificate file issued by | To make a request you need a certificate file issued by Creditinfo Eesti AS in the PEM format. In this example the file is named <tt>cert.pem</tt>. It looks like this: | ||
<pre> | <pre> | ||
-----BEGIN CERTIFICATE----- | -----BEGIN CERTIFICATE----- | ||
Line 173: | Line 173: | ||
curl -d @data.txt -u 1234:abZZ23 <nowiki>https://services.krediidiinfo.ee/soap.php?name=KiCompany</nowiki> | curl -d @data.txt -u 1234:abZZ23 <nowiki>https://services.krediidiinfo.ee/soap.php?name=KiCompany</nowiki> | ||
<pre> | <pre> | ||
Authentication of | Authentication of Creditinfo web service user failed! For assistance, please contact Creditinfo by calling (+372) 6659600. | ||
</pre> | </pre> | ||
Latest revision as of 14:13, 6 December 2016
eesti keeles |
Creditinfo Eesti AS SOAP service is tested using curl software and the KiCompany service. Other Creditinfo Eesti AS SOAP services can also be tested in the same way.
Authentication is possible using the certificate/key pair as well as the HTTP Basic Authentication user name and password. In addition to the password or certificate, the user needs to have been issued a permission to use the KiCompany service by Creditinfo Eesti AS customer service.
If the following tests in the client's environment are successful, it can be stated that the certificate or password issued to the client is valid, and the permissions to use KiCompany are correctly set.
Network test
The request's source environment must be able to connect to the services.krediidiinfo.ee server using the tcp port number 443. Creditinfo Eesti AS has not set any IP-based limitations to that server.
The netcat utility can be used in order to test whether there is a firewall blocking the connection:
nc -z -vv services.krediidiinfo.ee 443
In some operating systems the binary has a different name:
netcat -z -vv services.krediidiinfo.ee 443
The positive result would be:
Connection to services.krediidiinfo.ee 443 port [tcp/https] succeeded!
Examples of negative results:
nc: connect to services.krediidiinfo.ee port 443 (tcp) failed: Connection refused
nc: connect to services.krediidiinfo.ee port 443 (tcp) failed: Connection timed out
Also it should be possible to connect to the tcp port 80, of the same server, which hosts the wsdl files and this wiki. If the test fails, please contact your network administrator
SOAP request example
First of all we must know the name of the service to be requested. In this example we use the KiCompany service, so the request URI would be https://services.krediidiinfo.ee/soap.php?name=KiCompany.
Next we need the SOAP request itself, which is kept in a text file named data.txt, The contents of the file are as follows:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <SOAP-ENV:Body> <m:findCompanies xmlns:m="urn:KiCompany" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <name xsi:type="xsd:string">kredi</name> <count xsi:type="xsd:int">2</count> </m:findCompanies> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
This request searches for companies with names that starts with kredi and displays only the first two results. (The request involves the payment of a fee!)
Using curl
The command-line tool curl is a convenient testing utility. To use the Creditinfo Eesti AS SOAP service, curl must be compiled with SSL support and must support https protocol. You can check whether this is the case by using the command curl --version; the result:
curl 7.19.6 (x86_64-redhat-linux-gnu) libcurl/7.19.6 NSS/3.12.4.1 Beta zlib/1.2.3 libidn/0.6.14 libssh2/0.18 Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp Features: GSS-Negotiate IDN IPv6 Largefile SSL libz
curl SOAP request, using HTTP Basic Authentication
Creditinfo Eesti AS has issued you a user name and password. In this example, the user name is "1234" and password is "abc123".
curl -d @data.txt -u 1234:abc123 https://services.krediidiinfo.ee/soap.php?name=KiCompany
-d specifies the request. @ before the file name specifies that it is a request file, not a request. -u specifies user name and password, delimited with a colon.
curl SOAP request, using a certificate and a key as the authentication method
To make a request you need a certificate file issued by Creditinfo Eesti AS in the PEM format. In this example the file is named cert.pem. It looks like this:
-----BEGIN CERTIFICATE----- MIIEPpuguyIHJPOHuiGIOGilUYGOIGIYFGuyFUassafDFSDFpuASDaaGA1UEBhMC RUUxETAPiugUIOuphLBLUpuGIUIGigIPUbhpuiGIPYBuYBUKBLJYHFGuohGDVQQK Ew9LcmVkaWlkaWluZm8gQVMxCzAJBgNVBAsTAklUMSEwHwYDVQQDExhzZXJ2aWNl cy5rcmhlkjghGHGuZm8uZWUxITAfBgkqhkiG9w0BCQEWEml0QGtyZWRpaWRpaW5m by5lZTAeFw0wOTglgkGIOUGpguPIUgvIpiughphPhOPOUhpBHIUGMQswCQYDVQQG EwJFRTEQMA4GA1UECBMHRXN0b25pYTEQMA4GA1UEBxMHVGFsbGlubjEYMBYGA1UE VMtxvrdTVDhtRBDJrdYRBDRVBDTJrbDJBYYJRdYrdjbyRBUYRdBYJRdRRbUJrRYJ MTCMjfgukfgKGYGOYOUYGOygouYalsuUUGS4OCtgtrmzLw== -----END CERTIFICATE-----
Also you need a certificate key file in the PEM format, which, in this example, is named key.pem. This is a secret file and must not be transmitted via e-mail or by other unencrypted methods.
However, the contents of this file may be added directly to the cert.pem file (cat key.pem >> cert.pem), thus making it unnecessary to specify the key file for curl. Various programs specifically request such concatenated files. It looks similar to the following example; only the DSA option has some more differences:
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,C1AA09832249D61D P85/RJFo2AX638mWtcOTglgkGIOUGpguPIUgvIpiughphPhOPOUhi0I+l5s+JSn5c jx69XBvi5L+Ytci9RW3zUiWrUDv89IY6DEmwluLX39/gX0TW7U+wos5b7ng/sNLQ tMyzCtIDACoGb5xHl48c3vY3JUzhrzQWNt2vuFjpGJI1lSOH8h0MdbQEA8iFKIOZ ng0po3SPW8c5wJtnLuKy8uZWUxITAfBgkqhkiG9w0BCQEWEml08uZWUxITAfBgkq oHeRz6KkZyXo7vbCbDXSFTuSHiwVwslF7hHbmmiPc4RYxB2EWfTjSUe8Fti9SWPa iJY0OisiQbePnEigZhfRboVZmQZFPWopgy8uZWUxITAfBgkqhkiG9w0BCQEWEml0 8W1aXSBnNqtla1fmKKId9OkhiAZvavtKug8C9i27R2KR63h6uwq3ktwYtV1YWTHK Orx8Mf3HIGXpRSJJqjvZUu+xNrM06VcVajY9SJmt7OYXvSo5nKYguwbfGNh/FA7F Eo1KoKhQeGvWfCQzhEobc/QyegnklbaCUZhePoiL0Jk6Otgsav+2AA== -----END RSA PRIVATE KEY-----
Also, in the case of an encrypted key, you must know the certificate key password. The password in this example is abcd1234.
Making a request:
curl -d @data.txt -cert $PWD/cert.pem:abcd1234 --key $PWD/key.pem https://services.krediidiinfo.ee/soap.php?name=KiCompany
-d specifies the request, @ before the file name specifies that it is a request file, not a request.
--cert key specifies the location of certificate file. Absolute path must be used. curl is not looking for the file in given directory, hence the $PWD in the example.
If the key is encrypted, the password can be provided after the certificate file name, separating it from the file name by a colon.
--key determines the location of the key file. It is not necessary, if the certificate and key files are merged into a single file.
This is why the key password is specified with the --cert option, not here.
SOAP request results
Successful request
Successful request (line spacing added for easier reading):
<?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="urn:KiCompany" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <ns1:findCompaniesResponse> <companies SOAP-ENC:arrayType="ns1:CompanyIDData[2]" xsi:type="ns1:CompanyIDDataArray"> <item xsi:type="ns1:CompanyIDData"> <regCode xsi:type="ns1:regCode">11517686</regCode> <name xsi:type="xsd:string">KREDICO OÜ</name> </item> <item xsi:type="ns1:CompanyIDData"> <regCode xsi:type="ns1:regCode">90006012</regCode> <name xsi:type="xsd:string">KREDIIDI JA EKSPORDI GARANTEERIMISE SITHASUTUS KREDEX</name> </item> </companies> </ns1:findCompaniesResponse> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
Invalid requests
Error in GET parameter (KiCompan instead of KiCompany):
curl -d @data.txt -u 1234:abc123 https://services.krediidiinfo.ee/soap.php?name=KiCompan
<?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Body> <SOAP-ENV:Fault> <faultcode>SOAP-ENV:Server</faultcode> <faultstring>Incorrect HTTP GET parameter 'name' value!</faultstring> <faultactor></faultactor> <detail> <errorcode>-20002</errorcode> <line_no>157</line_no> </detail> </SOAP-ENV:Fault> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
Invalid user name, password or certificate:
curl -d @data.txt -u 1234:abZZ23 https://services.krediidiinfo.ee/soap.php?name=KiCompany
Authentication of Creditinfo web service user failed! For assistance, please contact Creditinfo by calling (+372) 6659600.
User has no permission to use KiCompany please contact our customer service:
curl -d @data.txt -u 1234:abc123 https://services.krediidiinfo.ee/soap.php?name=KiCompany
<?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Body> <SOAP-ENV:Fault> <faultcode>SOAP-ENV:Server</faultcode> <faultstring>Access denied for KiCompany!</faultstring> <faultactor></faultactor> <detail> <errorcode>-20003</errorcode> <line_no>106</line_no></detail> </SOAP-ENV:Fault> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
Missing SOAP request:
curl -u 1234:abc123 https://services.krediidiinfo.ee/soap.php?name=KiCompany
(no results)
Error in the SOAP request itself:
curl -d @vigane.txt -u 1234:abc123 https://services.krediidiinfo.ee/soap.php?name=KiCompany
<?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Body> <SOAP-ENV:Fault> <faultcode>SOAP-ENV:Client</faultcode> <faultstring>Bad Request</faultstring> </SOAP-ENV:Fault> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
or
<?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Body> <SOAP-ENV:Fault> <faultcode>SOAP-ENV:VersionMismatch</faultcode> <faultstring>Wrong Version</faultstring> </SOAP-ENV:Fault> </SOAP-ENV:Body> </SOAP-ENV:Envelope>