[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SSL to Bank of America (was RE: SSL/GSKit message)

Sender: "Goodbar, Loyd (ETS - Water Valley)" <LGoodbar@xxxxxxxxxxxxxx>

Just a thought, I would try using the http_url_encoder. Do you need to send
the trailing CRLF on your post data? I let Scott's code handle the setup and
encoding.

Here is my code for posting the logon data (/free form):

d CONTENTTYPE     c                   'application/x-www-form-urlencoded'
d URLBASE         c                   'https://elink-http4.bankofamerica-
d                                     .com/'


// Login.
// Contents for this form.
// <FORM METHOD="POST"  ACTION="/servlet/MailboxServlet">
// <INPUT TYPE="TEXT" NAME="remote" SIZE="9" MAXLENGTH="64">
// <INPUT TYPE="PASSWORD" NAME="password" SIZE="9" MAXLENGTH="16">
// <INPUT TYPE="SUBMIT" NAME="Submit" VALUE="Submit" CHECKED="CHECKED">
// <INPUT TYPE="RESET" NAME="Cancel" VALUE="Reset">
// <INPUT TYPE="HIDDEN" NAME="operation" VALUE="LOGON">
// </FORM>
//
// Note: We DON'T need to send the Submit=CHECKED field.
sendstatusmsg( 'Logging in as ' + %trim(USERNAME) + '...' );
enc = *null;
enc = http_url_encoder_new();
if enc = *null;
     msg = http_error();
     sendescapemsg( msg );
     return;
endif;
http_url_encoder_addvar_s( enc : 'remote' : USERNAME );
http_url_encoder_addvar_s( enc : 'password' : PASSWORD );
http_url_encoder_addvar_s( enc : 'Submit' : 'Submit' );
// Note: We DON'T need to send the Submit=CHECKED field.
http_url_encoder_addvar_s( enc : 'operation' : 'LOGON' );
http_url_encoder_getptr( enc : mypointer : datasize );
rc = http_url_post( URLBASE + 'servlet/MailboxServlet' :
     mypointer : datasize : %trim(thisfilename) : HTTP_TIMEOUT :
     HTTP_USERAGENT : CONTENTTYPE );
exsr checkhttperror;
http_url_encoder_free( enc );

-----


Here are the contents from my debug file:

do_post(): entered
POST /servlet/MailboxServlet HTTP/1.1
Host: elink-http4.bankofamerica.com
User-Agent: http-api/1.14
Content-Type: application/x-www-form-urlencoded
Expect: 100-continue
Content-Length: 63


recvresp(): entered
SetError() #43: CommSSL_Read:  time-out!
senddoc(): entered
remote=BLAH&password=BLAH&Submit=Submit&operation=LOGON

recvresp(): entered
HTTP/1.1 200 OK
Server: Netscape-Enterprise/3.6 SP3
Date: Tue, 04 Apr 2006 12:21:55 GMT
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie,set-cookie2"
Set-cookie: jrunsessionid=5331645077878; path=/
Content-type: text/html
Connection: close


SetError() #13: HTTP/1.1 200 OK
recvdoc parms: identity 0
header_load_cookies() entered
cookie_parse() entered
cookie =  jrunsessionid=5331645077878; path=/
cookie attr jrunsessionid=5331645077878
cookie attr path=/
recvdoc(): entered
SetError() #0:
<HTML>
<HEAD><LINK rel="stylesheet" type="text/css" name="defaultstyle"
href="/cehttp/html/style.css">
<TITLE>Servlet Response Message</TITLE></HEAD>
<BODY>
<H2 align=center>Servlet has returned the following message</H2>
<HR>
Logon is successful.
<HR>
</BODY></HTML>

-----

When you receive the form, you'll need to capture the session cookie data
and send on subsequent requests. In ver 1.14, you can set automatic cookie
support.

If you need to compare more notes, let me know.


Loyd Goodbar
Senior programmer/analyst
BorgWarner
E/TS Water Valley
662-473-5713
-----Original Message-----
From: Sean Porterfield [mailto:sporter@xxxxxxxxxxxx] 
Sent: Monday, April 03, 2006 20:17
To: ftpapi@xxxxxxxxxxxxx
Subject: Re: SSL to Bank of America (was RE: SSL/GSKit message)

Sender: Sean Porterfield <sporter@xxxxxxxxxxxx>

I don't use the https_init() when I post to my own SSL enabled server, 
and it works fine.  I thought Scott said the procedure changed, and 
https_init was no longer required.  (See: 
http://www.scottklement.com/archives/ftpapi/200506/msg00088.html )

I followed the redirects with my browser, checked the frames, and found 
the page containing the login form was actually
https://elink-http4.bankofamerica.com/cehttp/html/logon.htm

If I load that page directly in my browser without the frames, I can log 
on just fine.  I'm trying the exact same thing in the program - post the 
data as if it had been on that form.  I am posting to
https://elink-http4.bankofamerica.com/servlet/MailboxServlet (URI)

  c                   eval      rc = http_url_post(URI: %addr(data):
  c                             %len(%trimr(data)):
  c                             '/tmp/httptest.html':
  c                             HTTP_TIMEOUT:
  c                             HTTP_USERAGENT:
  c                             'application/x-www-form-urlencoded')

That's when I get the 400 error from their server.  I'm not sure what 
they are expecting differently, though it seems it must be something in 
my data variable.  Having just looked at it again, it appears I set data 
as if it were a GET request.  I guess I should go look into how to 
properly code that part.

c                   eval      data = 'remote=' + %trim(USERID) +
c                             '&password=' + %trim(PASSWD) +
c                             '&Submit=Submit&operation=LOGON' +
c                             CRLF

Thanks for the nudge so far, it's always good to get a reminder to check 
parts that are expected to work.
--
Sean Porterfield


Goodbar, Loyd (ETS - Water Valley) wrote:
> Sender: "Goodbar, Loyd (ETS - Water Valley)" <LGoodbar@xxxxxxxxxxxxxx>
> 
> Sean,
> 
> Yes, I am using the elink-http4 address.
> How far have you gotten?
> 
> You do need to do http_init() before performing the first get.
> 
> If you review the generated HTML, Bank of America gives you a META tag to
> redirect to another page: 
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
> <HTML>
> <HEAD>
>    <META HTTP-EQUIV="Refresh" CONTENT="0;URL=cehttp/html/main.htm">
> </HEAD>
> </HTML>
> 
> I wrote a simplistic procedure to follow the META redirects until they run
> out. Eventually you get here:
> 
> https://elink-http4.bankofamerica.com/cehttp/html/main.htm
> 
> You need to remember the path /cehttp/html/ as your URL base for web page
> gets, but submit form requests to 
> 
> https://elink-http4.bankofamerica.com/servlet/MailboxServlet
> 
> My biggest problem was forgetting the correct content type for form data,
> which is Content-Type: application/x-www-form-urlencoded
> 
> Let me know how far you got. I can log in and retrieve files. 
> 
> HTH,
> Loyd
> 
> 
> Loyd Goodbar
> Senior programmer/analyst
> BorgWarner
> E/TS Water Valley
> 662-473-5713
> 
> -----Original Message-----
> From: Sean Porterfield [mailto:sporter@xxxxxxxxxxxx] 
> Sent: Thursday, March 30, 2006 17:02
> To: ftpapi@xxxxxxxxxxxxx
> Subject: Re: SSL/GSKit message
> 
> Sender: Sean Porterfield <sporter@xxxxxxxxxxxx>
> 
> Goodbar, Loyd (ETS - Water Valley) wrote:
> 
>>Scott, thanks for putting together the HTTPAPI - I was able to talk to 
>>Bank of America and retrieve mailbox files within a couple of days. A 
>>lot of that time was spent interpreting the conversation process and 
>>posting data correctly to the server. And the automatic cookie support 
>>is great!
> 
> 
> 
> Can you share?  All I've been able to get is error 400 from them.
> 
> Are you using https://elink-http4.bankofamerica.com/ for your connection?
> 
> As for the other part, I never messed with https_init or https_cleanup, 
> FWIW.
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------