GSKit

Discussions related to HTTPAPI (An HTTP Client Package for RPG programming.) http://www.scottklement.com/httpapi/
Post Reply
Oliver_superU
Posts: 4
Joined: Thu Jul 31, 2025 8:34 am

GSKit

Post by Oliver_superU »

Hi everyone, I have an issue accessing the API that returns a token to me.
Claude AI told me the reason and the solution, what do you think about it?

Actions to test (in order of priority)

Check the permissions on the *SYSTEM keystore file:
In the 5250 command line, run:
WRKLNK '/QIBM/UserData/ICSS/Cert/Server/DEFAULT.KDB' --> I don't have access
then option 9 (Display authority). Your profile (or *PUBLIC) must have at least *R (read) access.
If this is not the case, ask an admin to run:
CHGAUT OBJ('/QIBM/UserData/ICSS/Cert/Server/DEFAULT.KDB') USER(YOUR_PROFILE) DTAAUT(*R)
CHGAUT OBJ('/QIBM/UserData/ICSS/Cert/Server/DEFAULT.RDB') USER(YOUR_PROFILE) DTAAUT(*R)
___________________________________________________
Here is the call log:
The log confirms that gsk_env_init fails — my profile does not have authorization to access the *SYSTEM keystore.
SSL version 2 support disabled
SSL version 3 support disabled
Old interface to TLS version 1.0 support enabled
TLS version 1.0 support enabled
TLS version 1.1 support enabled
TLS version 1.2 support enabled
TLS version 1.3 support enabled
initializing GSK environment
(GSKit) Access to the key database is not allowed.
ssl_error(6003): (GSKit) Access to the key database is not allowed.
SetError() 24: gsk_env_init: (GSKit) Access to the key database is not allowed.
http_close(): entered
________________________________________________________
Here is how I access this API:

// =================================================================
// GETTOKEN : OAuth2 PUT call to retrieve an access_token
// =================================================================
Dcl-Proc GETTOKEN Export;
Dcl-pi GETTOKEN;
Prm_Token char(2048);
Prm_TokenType char(50);
Prm_Retour char(3);
Prm_MessageErreur char(200);
end-pi;

Dcl-S lUrl varchar(400);
Dcl-S lBody varchar(2000);
Dcl-S lMyJSON varchar(32767:4) Inz(*Blanks);
Dcl-S lRc int(10) Inz;
Dcl-S lErreur_http int(10);
Dcl-S lwwErrorMsg char(80);

lMyJSON = *blanks;
Prm_Token = *blanks;
Prm_TokenType = *blanks;
Prm_Retour = *blanks;
Prm_MessageErreur = *blanks;

file_debug = '/tmp/token' + %trim(user) + '.log';
if w_debug = 'O';
http_debug(*ON: file_debug);
else;
http_debug(*OFF: file_debug);
endif;

Http_xproc(HTTP_POINT_ADDL_HEADER:%paddr(SetHeaderToken));

lUrl = 'https://wamwg-int.groupement.systeme-u.fr'
+ '/wam/oauth2/intranet_u_centrale/access_token';

http_setCCSIDs( 1208: 0 );
http_setoption( 'NETWORK-CCSID' : '1208' );
HTTP_SetFileCCSID(1208);

// SSL Initialization: *SYSTEM certificate store (DCM)
https_init('*SYSTEM');

monitor;

lBody = 'grant_type=client_credentials'
+ '&client_id=suiviperf-adiddaaxxxion-ms-int'
+ '&client_secret=%5DdBH6%5gght%21KLR%24%3F.fk%3Fp%23'
+ '&scope=default';

lRc = http_req( 'POST'
: lUrl
: *omit
: lMyJSON
: *omit
: lBody
: 'application/x-www-form-urlencoded' );

If lRc = 1 or lRc = 200;
data-into Ds_Token
%DATA(lMyJSON
: 'doc=string case=convert +
allowextra=yes allowmissing=yes')
%PARSER('YAJLINTO');

Prm_Token = Ds_Token.access_token;
Prm_TokenType = Ds_Token.token_type;
Prm_Retour = '200';
else;
Prm_Retour = %Char(lRc);
if %len(lMyJSON) > 0;
Prm_MessageErreur = %subst(lMyJSON : 1 :
%min(%len(lMyJSON) : 200));
endif;
endif;

on-error;
http_error(lErreur_http);
lwwErrorMsg = http_error(lErreur_http);
http_dmsg('GETTOKEN Error #' +
%trim(%editc(lErreur_http:'L')) +
': '+ lwwErrorMsg);
Prm_Retour = %subst(lwwErrorMsg:10:3);
if Prm_retour = '404';
Prm_MessageErreur = 'HTTP/1.1 404 Not Found';
else;
if %len(lMyJSON) > 0;
Prm_MessageErreur = %subst(lMyJSON : 1 :
%min(%len(lMyJSON) : 200));
endif;
endif;
endmon;

Return;
End-Proc GETTOKEN;
```"
Top
Scott Klement
Site Admin
Posts: 976
Joined: Sun Jul 04, 2021 5:12 am

Re: GSKit

Post by Scott Klement »

You have to have both R and X authority to all of the directories in the path as well as *R to the actual certificate store files.

This is a copy/paste from the HTTPAPI readme file:

Code: Select all

CHGAUT OBJ('/') +
        USER(SCOTTK) DTAAUT(*RX)
 CHGAUT OBJ('/QIBM') +
        USER(SCOTTK) DTAAUT(*RX)
 CHGAUT OBJ('/QIBM/UserData') +
        USER(SCOTTK) DTAAUT(*RX)
 CHGAUT OBJ('/QIBM/UserData/ICSS') +
        USER(SCOTTK) DTAAUT(*RX)
 CHGAUT OBJ('/QIBM/UserData/ICSS/CERT') +
        USER(SCOTTK) DTAAUT(*RX)
 CHGAUT OBJ('/QIBM/UserData/ICSS/CERT/SERVER')
        USER(SCOTTK) DTAAUT(*RX)
 CHGAUT OBJ('/QIBM/UserData/ICSS/CERT/SERVER/DEFAULT.KDB')
        USER(SCOTTK) DTAAUT(*R)
 CHGAUT OBJ('/QIBM/UserData/ICSS/CERT/SERVER/DEFAULT.RDB')
        USER(SCOTTK) DTAAUT(*R)
Check the / directory before giving the *RX above, you may already have that authority (or better).

Replace my userid (SCOTTK) with the userid of the user who needs access. Or if you want all users to have access, replace my userid with *PUBLIC.
Top
Post Reply

Return to “HTTPAPI”