Http_open with certificates self signed

error

ERROR: Unknown error term: permission_error(url,‘https://myhost:4242/qrs/about?xrfkey=0123456789abcdef’) (status(403,Forbidden))
ERROR: In:
ERROR: [11] throw(error(permission_error(url,‘https://myhost:4242/qrs/about?xrfkey=0123456789abcdef’),context(_23154,…)))
ERROR: [9] http_open:try_http_proxy(direct,[uri(‘https://myhost:4242/qrs/about?xrfkey=0123456789abcdef’),…|…],_23190,[cacert_file(…),.
…|…]) at /usr/lib/swi-prolog/library/http/http_open.pl:425
ERROR: [7]
ERROR: Note: some frames are missing due to last-call optimization.
ERROR: Re-run your program in debug mode (:- debug.) to get more detail.

My code

http_open(‘https://myhost:4242/qrs/about?xrfkey=0123456789abcdef’, In, [certificate_file(‘client.pem’), key_file(‘client_key.pem’), cert_verify_hook(cert_accept_any), header(‘x-qlik-xrfkey’, ‘0123456789abcdef’), header(‘X-Qlik-User’, ‘UserDirectory=internal;UserId=sa_repository’)]).

works with curl

curl --cert client.pem --insecure --key client_key.pem https://myhost:4242/qrs/about?xrfkey=0123456789abcdef --header “x-qlik-xrfkey: 0123456789abcdef” --header “X-Qlik-User: UserDirectory=internal;UserId=sa_repository” -v

https://help.qlik.com/en-US/sense-developer/February2020/Subsystems/RepositoryServiceAPI/Content/Sense_RepositoryServiceAPI/RepositoryServiceAPI-Example-Connect-cURL-Certificates.htm

The error is a nice 403 HTTP status, so the connection (SSL) goes well, but the server doesn’t like the authentication data. Possibly the server logs give a clue? Or you can use ?- debug(http(_)). before the http_open to see what is really exchanged.

It seems also a bit strange to but ignore security and pass additional certificates.

I would like to check if header parameters are correctly sent. url param value of xrfkey must be the same as header param x-qlik-xrfkey

 debug]  ?- http_open('https://myhost:4242/qrs/about?xrfkey=0123456789abcdef', _, [certificate_file('client.pem'), key_file('client_key.pem'),
cert_verify_hook(cert_accept_any), header('x-qlik-xrfkey', '0123456789abcdef'), header('X-Qlik-User', 'UserDirectory=internal;UserId=sa_repository')]
).
% http_open: Connecting to 'myhost':4242 ...
%       ok <stream>(0x5566dfb5c0b0) ---> <stream>(0x5566dfb59a40)                                                                           
% > GET /qrs/about?xrfkey=0123456789abcdef HTTP/1.1                                                                                                   
% > Host: 10.200.4.155:4242                                                                                                                           
% > User-Agent: SWI-Prolog                                                                                                                            
% > Connection: close                                                                                                                                 
% HTTP/1.1 403 Forbidden                                                                                                                              
% Cache-Control: private, must-revalidate, max-age=0                                                                                                  
% Transfer-Encoding: chunked                                                                                                                          
% Content-Type: text/html; charset=utf-8                                                                                                              
% Expires: Fri, 03 Apr 2020 11:46:39 GMT                                                                                                              
% Server: Microsoft-HTTPAPI/2.0                                                                                                                       
% Date: Fri, 03 Apr 2020 11:46:39 GMT                                                                                                                 
% Connection: close                                                                                                                                   
ERROR: Unknown error term: permission_error(url,'https://myhost:4242/qrs/about?xrfkey=0123456789abcdef') (status(403,Forbidden))                
ERROR: In:                                                                                                                                            
ERROR:   [11] throw(error(permission_error(url,'https://myhost:4242/qrs/about?xrfkey=0123456789abcdef'),context(_21666,...)))                   
ERROR:   [10] http_open:send_rec_header(<stream>(0x5566dfb5eb40,0x5566dfb5ec50),_21700,'10.200.4.155':4242,'/qrs/about?xrfkey=0123456789abcdef',[uri(
'https://myhost:4242/qrs/about?xrfkey=0123456789abcdef'),...|...],[visited(...),...|...]) at /usr/lib/swi-prolog/library/http/http_open.pl:525  
ERROR:    [9] http_open:try_http_proxy(direct,[uri('https://myhost:4242/qrs/about?xrfkey=0123456789abcdef'),...|...],_21780,[cacert_file(...),.
..|...]) at /usr/lib/swi-prolog/library/http/http_open.pl:425                                                                                         
ERROR:    [8] http_open:http_open('https://myhost:4242/qrs/about?xrfkey=0123456789abcdef',_21846,user:[...|...]) at /usr/lib/swi-prolog/library
/http/http_open.pl:378                                                                                                                                
ERROR:    [7] <user>                                                                                                                                  
Exception: (11) throw(error(permission_error(url, 'https://myhost:4242/qrs/about?xrfkey=0123456789abcdef'), context(_20958, status(403, 'For
bidden')))

http_open:send_rec_header(<stream>(0x5566dfb5eb40,0x5566dfb5ec50), _11422, 'myhost':4242, '/qrs/about?xrfkey=0123456789abcde
f', [uri('https://10.200.4.155:4242/qrs/about?xrfkey=0123456789abcdef'), scheme(https), authority('10.200.4.155:4242'), host('10.200.4.155'), port(42
42), request_uri('/qrs/about?xrfkey=0123456789abcdef')], [visited([[uri('https://myhost:4242/qrs/about?xrfkey=0123456789abcdef'), scheme(https)
, authority('myhost:4242'), host(...)|...]]), cacert_file(system(root_certificates)), cert_verify_hook(user:cert_accept_any), certificate_file(
'client.pem'), key_file('client_key.pem'), header('X-Qlik-User', 'UserDirectory=internal;UserId=sa_repository'), header(..., ...)])

Exception: (9) http_open:try_http_proxy(direct, [uri('https://myhost:4242/qrs/about?xrfkey=0123456789abcdef'), scheme(https), authority('10.
200.4.155:4242'), host('myhost'), port(4242), request_uri('/qrs/about?xrfkey=0123456789abcdef')], _11422, [cacert_file(system(root_certificates
)), cert_verify_hook(user:cert_accept_any), certificate_file('client.pem'), key_file('client_key.pem'), header('X-Qlik-User', 'UserDirectory=internal
;UserId=sa_repository'), header('x-qlik-xrfkey', '0123456789abcdef')]) ? creep
^  Exception: (8) http_open:http_open('https://myhost:4242/qrs/about?xrfkey=0123456789abcdef', _11422, user:[certificate_file('client.pem'), ke
y_file('client_key.pem'), cert_verify_hook(cert_accept_any), header('x-qlik-xrfkey', '0123456789abcdef'), header('X-Qlik-User', 'UserDirectory=intern
al;UserId=sa_repository')]) ? creep

I think you need the request_header option. The header option is for reading header info from the reply.

1 Like

Man thanks, now it works

http_open(‘https://myhost:4242/qrs/about?xrfkey=0123456789abcdef’, In, [certificate_file(‘client.pem’), key_file(‘client_key.pem’), cacerts(
file(‘root.pem’)), cert_verify_hook(cert_accept_any), request_header(‘Accept’=‘application/json’), request_header(‘x-qlik-xrfkey’=‘0123456789abcdef’)
, request_header(‘X-Qlik-User’=‘UserDirectory=internal;UserId=sa_repository’)]), json_read_dict(In, Dict), close(In).