Angus Robertson

I used shared memory 20 years ago, but there is no queuing as such. So my later applications use sockets, specifically the ICS IP Log Streaming Component that handles all the connection and retries if lost (when the service stops) with minimal application code and events, with my own simple ASCII protocol on top for different messages. Being TCP, queuing is automatic, buffer sizes permitting. ICS has a sample that illustrates this. Angus

The ICS download page is http://wiki.overbyte.eu/wiki/index.php/ICS_Download The latest is V8.70 which added more features for Office 365 User Authorities. Angus

ICS will open PKCS7 files as well, but they are usually certificates only, no private key. If you have a P12 file, that is the same as PFX, use it as the bundle. The SslCliCert property of the TSslHttpRest component can be loaded with certificate and private key from separate files, with the LoadFromPEMFile() and PrivateKeyLoadFromPemFile() methods, but this is not done in the sample since a bundle is safer, once you have a bundle. The PEM Tool will also open all these files and save a bundle file, look at the Create Certificates tab. There are dozens of fields and buttons because there are so many options, But you just need to specify Cert File, click Load Certificate and it will be displayed in the yellow box, then Prv Key File, click Load Key and it will be displayed, then Inter Certs Fiie, click Load Inters, and you should now see all three components displayed. At the bottom, specify PEM Certs File and PKCS12 Certs File, tick Save Private Key in Cert File and Save Inter Certs, then click Save PEM Cert and save PKCS12 Cert and you will have two new bundles. You don't need anything else, but this tool will also create new certificates, private keys and certificate requests, and sign requests to issue private certificates for LANs. It will also install certificates into the Windows store and display the various stores and read the contents. Angus

If the private key contains a public key that matches the public key first certificate, the tools will say so. If you built the PEM file by hand, it could be failing because you missed a single character somewhere, done that myself. But without the real certificates, this is all guess work. You really should ask the API supplier to provide a proper bundle file, ideally PFX/PKCS12 format (which Windows also prefers) which is harder to corrupt. Angus

Usually the private key is placed after the certificate in the bundle file, otherwise tools would have to look ahead at all certificates in the file. Angus

Not seen five year code signing certificates before, my Sectigo certificate does not expire for another two years and there is nothing to stop me using ir during that time. Once signed, it is not possible to know how it was done, unless Windows keeps a database of intermediates and dates or something. SignMyCode does appear to offer prices very similar or cheaper than K-Software for Sectigo,, but never heard of them before, hope it is not a scam. I'd avoid the even cheaper Certera code signing certificate unless you find out who actually issues it. Angus

Never heard of Exchange Web Service protocol, but ICS has a TIcsRestEmail component that uses the graph.microsoft.com/v1.0/me/sendMail API, there is a sample in OverbyteIcsHttpRestTst,dpr. Angus

I renewed with K-Software a year ago and don't seem to have noted which URL created the private key, but it probably worked with Firefox which is my standard browser. There are only a couple of sites I need to use Edge to access. Angus

OverbyteIcsPemTool 'View Bundle File' button will list each certificate and key in the bundle file, so one of mine starts: Certificate file C:\certificates\x_magsys_co_uk-bundle.pem ISSUED TO (Subject) Common Name (CN): *.magsys.co.uk Alt Name (DNS): *.magsys.co.uk, *.magsys.uk, magsys.co.uk, magsys.uk xxx ISSUED BY Common Name (CN): R3 Organisation (O): Let's Encrypt xxx !! Private key available for certificate: ECDSA Key Encryption prime256v1 256 bits, 128 security bits !! Intermediate certificates: Total 1 #1 Issued to (CN): R3, (O): Let's Encrypt If it does not say !! Private key available, the file can not be used for SSL/TLS client or server, the intermediate is required for most server applications, but probably not for clients. You may need to specify a password to read the private key. Angus

Thanks, useful, but it should also be a menu item somewhere so people can find it without resorting to documentation. Angus

I built all the ICS FMX packages yesterday with 11.3, no problems. Updating GetIt installed components really needs some work, far too many errors and restarts required. Being able to print a list of what GetIt has installed and where would be really useful since we expected to repeat it all after a minor upgrade like 11.3. Angus

The ICS github repository is unofficial and never updated, it should be removed to avoid confusion with https://svn.overbyte.be/svn/ where you will find the latest ICS. Never tested ICS with jumbo packets, there are no special settings I'm aware of. More likely to be an OS issue, what are you using? Angus

While ReceiveStr may not have MaxLen, other similar functions do, so it's backward compatible. Since it is defaulted, you can ignore it. Angus

You get different errors as you correct each different problem. ICS will raise an authentication window for a 401 error, at that point it has no idea what authentication scheme is needed. You should build the ICS OverbyteIcsPemtool sample and try and open your PEM bundle with the View Bundle File button on the first tab, it should show the certificate details and whether there is a matching private key. Angus

Okay, so the REST server does not want Json but POST with REST Content 'URL, Encoded Body'. Angus

I would fix the Json parameters first, that was the "Missing or invalid grant_type" error you received, then worry about headers, most of which are standard. Angus

Because you have not shown most of the posted parameters, it's impossible to say exactly what is wrong. The postman page says there are nine headers necessary, some may be sent already by ICS, others may need adding using 'Extra Headers', where you have typed ExtraHeaders for some reason. it should be headername:headervalue. Also Json parameters need to be correctly encoded, if you look at the TRestOAuth.GrantAuthToken method in OverbyteIcsSslHttpOAuth.pas, you'll see that when adding the client Id and secret and other parameters they are added with the Raw option so they are not escaped as Json strings, in the GUI you should replace RPTypeStr with RPTypeObj so that the values are not quoted. Angus

ICS installation errors are usually due to the library paths not being updated to that of the packages and source files. Installing using GetIt does all that automatically, although makes it harder to update to newer versions. This would be better discussed in https://en.delphipraxis.net/forum/37-ics-internet-component-suite/ Angus

Why would you think that? The last release was in November 2022 which you can install from GetIt, and the latest SVN update was last week. The latest OpenSSL DLLs are installed with the samples, updated this month. Angus

Yes, but the ICS download page is http://wiki.overbyte.eu/wiki/index.php/ICS Once you have it installed run the SSLDemos OverbyteIcsHttpRestTst sample, it does everything you need. However that sample expects your client certificate to be provided as a bundle file for ease of configuration, ie the certificate, key and intermediate in a single PEM or PFX file. The PemTool sample does all that, although a text editor also works for PEM. There is an ICS support topic here. Angus

Client certificates are unrelated to REST, OAuth2 or tokens. They are an alternate means of server authentication by HTTPS clients to HTTPS servers, not that common except for corporate VPNs and high security financial applications. It is quite hard to buy a commercial client certificate, for email for instance, they are usually issued by corporates for employees and customers. I don't use the TRestClient component, but I'm not aware it supports client certificates. You need a proper component library like ICS that has full support for REST, Auth2, tokens and client certificates. Angus

ICS V8.70 has been released at: http://wiki.overbyte.eu/wiki/index.php/ICS_Download ICS is a free internet component library for Delphi 7, 2006 to 2010, XE to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo, 10.3 Rio, 10.4 Sydney and 11.0 and C++ Builder 2006 to XE3, 10.2 Tokyo, 10.3 Rio, 10.4 Sydney and 11. ICS supports VCL and FMX, Win32, Win64 and MacOS 32-bit targets. The distribution zip includes the latest OpenSSL 3.0.7 win32, with other versions of OpenSSL being available from the download page. Major Changes in ICS V8.70 include: 1 - V8.70 has various minor improvements providing better compatibility with modern compilers such as more unicode overloads to avoid ANSI string warnings and casts, and more use of TBytes to avoid ANSI strings. Updated various samples to use TIcsRestEmail to support OAuth2 authentication for GMail and Outlook that no longer allow old authentication protocols. 2 - The TIcsFileCopy, TIcsFtpMulti and TIcsHttpMulti file transfer components now support file zipping and unzipping using System.Zip in recent Delphi compilers, instead of the obsolete VclZip which is no longer available. Before a file copy or FTP upload, files may be automatically zipped, useful for large log files, after a file copy, FTP or HTTP download, files may be unzipped in various ways. 3 - Added support to TIcsFileCopy to copy file names longer than 259 characters by adding \\?\ to the start of long names passed to Windows APIs, if supported by the disk file system, unicode APIs only. Fixed a problem deleting empty directories after copying. Fixed a problem with BuildDirList2 with COMPILER16_UP. 4 - The OverbyteIcsXferTst sample has a new tabs, 'Single File Copy' to test the CopyOneFile method and 'Zip/Unzipping Files' to test zipping and unzipping that has always been supported by the components but not this demo. 5 - Allow content compression for HTTP and FTP using System.Zlib in newer versions of Delphi instead of the OverbyteIcsZLibObj unit to avoid duplication. Only Delphi 11.1 and later have the same ZLIB 1.2.12 as ICS, so will automatically used System.Zip. Beware a new version of OverbyteIcsDefs.inc is required to allow ZLIB to work correctly, otherwise it will default to using the DLL which is unlikely to be available, it is not in the distribution. So either install the new inc file and customise it, or copy the ZLIB changes to your own inc file. 6 - In TWsocket, added ReceiveTB(var Data : TBytes; MaxLen : Integer = -1): Integer; where MaxLen is optional, to receive TCP data into a TBytes dynamic array of bytes. Also ReceiveFromTB and ReceiveFrom6TB for UDP datagrams. The last release added similar SendTB functions, so buffer pointers and ANSI strings can now be avoided. 7 - Added UTF-8 support to TIcsIpStrmLog, to convert received lines from UTF-8 to Unicode with unicode compilers (as String) and converts sent data to UTF-8. Changed FRxBuffer to TBytes, use SendTB and ReceiveTB methods with TBytes. 8 - Updated OpenSSL to 3.0.7 and 1.1.1s. OpenSSL 3.0.6 was withdrawn shortly after release, we never distributed it. 9 - In OverbyteIcsSslHttpOAuth, added an OAuth2 and Rest Email Microsoft User Authority property to access different user authorities, defaults to 'consumers' but can be changed to 'common' or an Azure Active Directory tenant GUID for corporate accounts. 10 - Added TIcsRestEmail to support OAuth2 authentication to the OverbyteIcsSslMultiWebServ, OverbyteIcsSslMultiFtpServ and OverbyteIcsDDWebService samples, since GMail and Outlook that no longer allow old authentication protocols. 11 - In the TIcsInetAlive component, added a new method AliveMethEither so internet alive checking works if either ping or HTTP works, instead of one or the other. More detailed release notes are at http://wiki.overbyte.eu/wiki/index.php/ICS_V8.70 Angus

This will be in SVN next week, seems simpler but needs an extra line of code to check the TBytes length. Angus

COM tools of that sort from that era using type libraries were usually aimed at Visual Studio projects, specifically Visual Basic, even if written in Delphi. It was a way of extending the language with features difficult to code in Visual Basic. Also, VBScript used for ASP web applications. Not sure if that will help your searches for the product... Angus

The old SSL FTP sample has buttons named Delete and Rename which send the FTP command to delete and rename files on an FTP server. But you should really look at the OverbyteIcsXferTst sample which uses more modern techniques so you don't need to worry about sending individual commands, you can ask it to sync a local and remote directory and it will delete old files while copying new or changed files Angus