SOAP service testing

From services.krediidiinfo.ee
Revision as of 14:13, 6 December 2016 by Paavo (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Flag of Estonia.svg eesti keeles

Creditinfo Eesti AS SOAP service is tested using curl software and the KiCompany service. Other Creditinfo Eesti AS SOAP services can also be tested in the same way.

Authentication is possible using the certificate/key pair as well as the HTTP Basic Authentication user name and password. In addition to the password or certificate, the user needs to have been issued a permission to use the KiCompany service by Creditinfo Eesti AS customer service.

If the following tests in the client's environment are successful, it can be stated that the certificate or password issued to the client is valid, and the permissions to use KiCompany are correctly set.


Network test

The request's source environment must be able to connect to the services.krediidiinfo.ee server using the tcp port number 443. Creditinfo Eesti AS has not set any IP-based limitations to that server.

The netcat utility can be used in order to test whether there is a firewall blocking the connection:

nc -z -vv services.krediidiinfo.ee 443

In some operating systems the binary has a different name:

netcat -z -vv services.krediidiinfo.ee 443

The positive result would be:

Connection to services.krediidiinfo.ee 443 port [tcp/https] succeeded!

Examples of negative results:

nc: connect to services.krediidiinfo.ee port 443 (tcp) failed: Connection refused
nc: connect to services.krediidiinfo.ee port 443 (tcp) failed: Connection timed out

Also it should be possible to connect to the tcp port 80, of the same server, which hosts the wsdl files and this wiki. If the test fails, please contact your network administrator

SOAP request example

First of all we must know the name of the service to be requested. In this example we use the KiCompany service, so the request URI would be https://services.krediidiinfo.ee/soap.php?name=KiCompany.

Next we need the SOAP request itself, which is kept in a text file named data.txt, The contents of the file are as follows:

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <SOAP-ENV:Body>
    <m:findCompanies xmlns:m="urn:KiCompany" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
      <name xsi:type="xsd:string">kredi</name>
      <count xsi:type="xsd:int">2</count>
    </m:findCompanies>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

This request searches for companies with names that starts with kredi and displays only the first two results. (The request involves the payment of a fee!)

Using curl

The command-line tool curl is a convenient testing utility. To use the Creditinfo Eesti AS SOAP service, curl must be compiled with SSL support and must support https protocol. You can check whether this is the case by using the command curl --version; the result:

curl 7.19.6 (x86_64-redhat-linux-gnu) libcurl/7.19.6 NSS/3.12.4.1 Beta zlib/1.2.3 libidn/0.6.14 libssh2/0.18
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile SSL libz

curl SOAP request, using HTTP Basic Authentication

Creditinfo Eesti AS has issued you a user name and password. In this example, the user name is "1234" and password is "abc123".

curl -d @data.txt -u 1234:abc123 https://services.krediidiinfo.ee/soap.php?name=KiCompany
-d specifies the request. @ before the file name specifies that it is a request file, not a request.

-u specifies user name and password, delimited with a colon.


curl SOAP request, using a certificate and a key as the authentication method

To make a request you need a certificate file issued by Creditinfo Eesti AS in the PEM format. In this example the file is named cert.pem. It looks like this:

-----BEGIN CERTIFICATE-----
MIIEPpuguyIHJPOHuiGIOGilUYGOIGIYFGuyFUassafDFSDFpuASDaaGA1UEBhMC
RUUxETAPiugUIOuphLBLUpuGIUIGigIPUbhpuiGIPYBuYBUKBLJYHFGuohGDVQQK
Ew9LcmVkaWlkaWluZm8gQVMxCzAJBgNVBAsTAklUMSEwHwYDVQQDExhzZXJ2aWNl
cy5rcmhlkjghGHGuZm8uZWUxITAfBgkqhkiG9w0BCQEWEml0QGtyZWRpaWRpaW5m
by5lZTAeFw0wOTglgkGIOUGpguPIUgvIpiughphPhOPOUhpBHIUGMQswCQYDVQQG
EwJFRTEQMA4GA1UECBMHRXN0b25pYTEQMA4GA1UEBxMHVGFsbGlubjEYMBYGA1UE
VMtxvrdTVDhtRBDJrdYRBDRVBDTJrbDJBYYJRdYrdjbyRBUYRdBYJRdRRbUJrRYJ
MTCMjfgukfgKGYGOYOUYGOygouYalsuUUGS4OCtgtrmzLw==
-----END CERTIFICATE-----


Also you need a certificate key file in the PEM format, which, in this example, is named key.pem. This is a secret file and must not be transmitted via e-mail or by other unencrypted methods.

However, the contents of this file may be added directly to the cert.pem file (cat key.pem >> cert.pem), thus making it unnecessary to specify the key file for curl. Various programs specifically request such concatenated files. It looks similar to the following example; only the DSA option has some more differences:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,C1AA09832249D61D

P85/RJFo2AX638mWtcOTglgkGIOUGpguPIUgvIpiughphPhOPOUhi0I+l5s+JSn5c
jx69XBvi5L+Ytci9RW3zUiWrUDv89IY6DEmwluLX39/gX0TW7U+wos5b7ng/sNLQ
tMyzCtIDACoGb5xHl48c3vY3JUzhrzQWNt2vuFjpGJI1lSOH8h0MdbQEA8iFKIOZ
ng0po3SPW8c5wJtnLuKy8uZWUxITAfBgkqhkiG9w0BCQEWEml08uZWUxITAfBgkq
oHeRz6KkZyXo7vbCbDXSFTuSHiwVwslF7hHbmmiPc4RYxB2EWfTjSUe8Fti9SWPa
iJY0OisiQbePnEigZhfRboVZmQZFPWopgy8uZWUxITAfBgkqhkiG9w0BCQEWEml0
8W1aXSBnNqtla1fmKKId9OkhiAZvavtKug8C9i27R2KR63h6uwq3ktwYtV1YWTHK
Orx8Mf3HIGXpRSJJqjvZUu+xNrM06VcVajY9SJmt7OYXvSo5nKYguwbfGNh/FA7F
Eo1KoKhQeGvWfCQzhEobc/QyegnklbaCUZhePoiL0Jk6Otgsav+2AA==
-----END RSA PRIVATE KEY-----

Also, in the case of an encrypted key, you must know the certificate key password. The password in this example is abcd1234.


Making a request:

curl -d @data.txt -cert $PWD/cert.pem:abcd1234 --key $PWD/key.pem https://services.krediidiinfo.ee/soap.php?name=KiCompany


-d specifies the request, @ before the file name specifies that it is a request file, not a request.
--cert key specifies the location of certificate file. Absolute path must be used. curl is not looking for the file in given directory, hence the $PWD in the example.

If the key is encrypted, the password can be provided after the certificate file name, separating it from the file name by a colon.

--key determines the location of the key file. It is not necessary, if the certificate and key files are merged into a single file.

This is why the key password is specified with the --cert option, not here.


SOAP request results

Successful request

Successful request (line spacing added for easier reading):

<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="urn:KiCompany" 
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Body>
<ns1:findCompaniesResponse>
<companies SOAP-ENC:arrayType="ns1:CompanyIDData[2]" xsi:type="ns1:CompanyIDDataArray">
<item xsi:type="ns1:CompanyIDData">
<regCode xsi:type="ns1:regCode">11517686</regCode>
<name xsi:type="xsd:string">KREDICO OÜ</name>
</item>
<item xsi:type="ns1:CompanyIDData">
<regCode xsi:type="ns1:regCode">90006012</regCode>
<name xsi:type="xsd:string">KREDIIDI JA EKSPORDI GARANTEERIMISE SITHASUTUS KREDEX</name>
</item>
</companies>
</ns1:findCompaniesResponse>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Invalid requests

Error in GET parameter (KiCompan instead of KiCompany):

curl -d @data.txt -u 1234:abc123 https://services.krediidiinfo.ee/soap.php?name=KiCompan
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Server</faultcode>
<faultstring>Incorrect HTTP GET parameter 'name' value!</faultstring>
<faultactor></faultactor>
<detail>
<errorcode>-20002</errorcode>
<line_no>157</line_no>
</detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>


Invalid user name, password or certificate:

curl -d @data.txt -u 1234:abZZ23 https://services.krediidiinfo.ee/soap.php?name=KiCompany
Authentication of Creditinfo web service user failed! For assistance, please contact Creditinfo by calling (+372) 6659600.


User has no permission to use KiCompany please contact our customer service:

curl -d @data.txt -u 1234:abc123 https://services.krediidiinfo.ee/soap.php?name=KiCompany
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Server</faultcode>
<faultstring>Access denied for KiCompany!</faultstring>
<faultactor></faultactor>
<detail>
<errorcode>-20003</errorcode>
<line_no>106</line_no></detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>


Missing SOAP request:

curl -u 1234:abc123 https://services.krediidiinfo.ee/soap.php?name=KiCompany

(no results)


Error in the SOAP request itself:

curl -d @vigane.txt -u 1234:abc123 https://services.krediidiinfo.ee/soap.php?name=KiCompany
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Client</faultcode>
<faultstring>Bad Request</faultstring>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

or

<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:VersionMismatch</faultcode>
<faultstring>Wrong Version</faultstring>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>