EldoS | Feel safer!

Software components for data protection, secure storage and transfer

HTTPS Post

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#12321
Posted: 02/05/2010 09:54:40
by Eugene Mayevski (EldoS Corp.)

Also, how large your actual files can be?


Sincerely yours
Eugene Mayevski
#12326
Posted: 02/06/2010 11:50:11
by Steve E (Basic support level)
Joined: 02/04/2010
Posts: 9

Hi Eugene,

I have captured 2 sessions, SBB and IPWorks. I have attached a file with containing the required information.


Thanks
Steve


[ Download ]
#12327
Posted: 02/06/2010 13:39:40
by Eugene Mayevski (EldoS Corp.)

Thank you, this has made your question clear. Initially I was confused by "file" in your question. Obviously you don't need to send a file. You just need to post form data. So you need to use the following code:

Code
var
SL : TStringList;
...
SL.Add('DataType=TEST');
SL.Add('DataFormat=IN');
SL.Add('Security=Bypass');
SL.Add('Protocol=HTTPS');
SL.Add('Data=' + ContentsOfYourStream);

Client.Post(URL, SL, '', '', nil, '', true);


This is if you want Secureblackbox to encode all parameters for you.

Or you can use Client.Post(URL, Stream), where Stream contains all you want to send, i.e. all parameters in encoded form AND your data.

There's no way to send some form data from text and another part of form data from the external stream.


Sincerely yours
Eugene Mayevski
#12328
Posted: 02/07/2010 09:12:29
by Steve E (Basic support level)
Joined: 02/04/2010
Posts: 9

Hi Eugene,

that works ok, now I see an encoding issue.

The file I am trying to post is a asci armor'd PGP file, but his is what I am seeing in the posted content.

%2D2D%2D2D%422D%4745%4E49%5020%5047%4D20%5345%4153%4547%2D2D%2D2D%D2D%560A%7265%6973%6E6F%203A%4750%6650%6572%7765%7261%2065%2E36%2E35%2033%6F66%2072%6F6E%2D6E%6F63%6D6D%726

Thanks Steve
#12329
Posted: 02/07/2010 10:51:50
by Eugene Mayevski (EldoS Corp.)

Aren't you URLEncoding the data before adding? Cause the component does it for you in it's "long" Post method (the one that takes both parameters and attached stream):

Code
    if Fields <> nil then
    begin
      SetLength(Buf, 0);
      for i := 0 to Fields.Count - 1 do
      begin
        SplitParam(Fields[i], ParamName, ParamValue, ValueExists);

        if ValueExists then
          EncVal := URLEncode(ParamName) + '=' + URLEncode(ParamValue)
        else
          EncVal := URLEncode(ParamName);

        if i = 0 then
          Buf := SBConcatBuffers(Buf, BytesOfString(EncVal))
        else
          Buf := SBConcatBuffers(Buf, BytesOfString('&' + EncVal));
      end;


Sincerely yours
Eugene Mayevski
#12330
Posted: 02/07/2010 12:56:51
by Steve E (Basic support level)
Joined: 02/04/2010
Posts: 9

Hi Eugene,

I don't want to URL Encode the data. I want it passed to the receiving server exactly as it is in the file. If my files contains "this is test data 123--123", then I would like to see

DataType=Test&DataFormat=IN&Security=Bypass&Protocol=HTTPS&Data="this is a test data 123--123"

If the data has %020%3D etc. Then receiving server chokes when trying parse the received data.



Thanks again.
Steve
#12334
Posted: 02/07/2010 15:09:01
by Eugene Mayevski (EldoS Corp.)

Then you need to build a stream yourself and post it using "short" form of Post method, i.e. Post(URL, Stream). The reason is that form data, as content type suggests, must be encoded. This applies to all form data. If you don't send encoded data, then you don't send form data, so you must not use that long form of Post.


Sincerely yours
Eugene Mayevski
#12336
Posted: 02/08/2010 10:48:33
by Eugene Mayevski (EldoS Corp.)

FYI: we've implemented MultiStream class, which lets you provide multiple streams where only one stream is expected. This class will go to SecureBlackbox 8, whose beta version is planned for February.


Sincerely yours
Eugene Mayevski
#12349
Posted: 02/09/2010 15:51:33
by Roland . (Basic support level)
Joined: 02/07/2010
Posts: 7

Quote
Stephen Etchells wrote:
Hi Eugene,

I don't want to URL Encode the data. I want it passed to the receiving server exactly as it is in the file. If my files contains "this is test data 123--123", then I would like to see

DataType=Test&DataFormat=IN&Security=Bypass&Protocol=HTTPS&Data="this is a test data 123--123"

If the data has %020%3D etc. Then receiving server chokes when trying parse the received data.

Thanks again.
Steve


I don't want to be rude but are you sure you want that? I don't think that is how a HTTP Post was ment to be working.
I was working on a HTTP Post today with the HTTPSClient, and all I do is create a StringList and add parameters to it, one of them being a big XML:
StringListObj.Add("xmlmsg=" + xmlmessagestring );
I was testing it and monitoring it with WireShark. I see the HTTPSClient encodes it as required for a HTTP Post, with the %0D%0A etc. When I post this to my PHP test script it arrives as it should, including fancy unicode chars and carriege returns + line feeds. The % encoding doesn't mess up the content, both client and server side should understand it as it is HTTP standard.
But maybe you're in a special situation in which you have good reason to do otherwise.

By the way, adding stuff like "&dummyparam=foobar" to that content string (which you add to the stringlist with parameter name) doesn't mess up the HTTP Post, it can stand these things. I'm not sure why though.
#12402
Posted: 02/11/2010 12:57:19
by Steve E (Basic support level)
Joined: 02/04/2010
Posts: 9

Hi Roland,

Our receiving server writes the received stream to file and then parses this file. The parser is basically looking for a preset number of Params of which one is called "Data". As a generale rule the data is base64 encoded. I am not sure what the parsing routines are looking for, but I do know that when it hits the % character it stops parsing. Which causes all sorts of problems because the parameters are not guaranteed to be in the same order for all inbound connections.

Anyway I fixed the issue using Eugene's suggestion of the short form of the post. Post(URL,Stream). Created the stream so that it contain the required params and data exactly as our server wants to see it.

Thanks for your interest.

Steve
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 5386 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!