Delphi and Java Cryptography Extension (JCE)

[Richard_Stevens 2]

Hello,

 

I'm trying to access a REST API that apparently uses the Java Cryptography Extension (JCE) over https. I'm having no luck connecting using the REST Debugger so I'm guessing I do actually need to integrate this library somehow.

 

Is this even possible in Delphi, or should I use a different toolset?

 

Thanks

Richard

[stijnsanders 35]

That is a bit vague. Do you know how JCE is used to encrypt the REST API? If it's used behind the scenes to perform what is needed for the security of the https protocol, that should get handled by the transport layer.

[Richard_Stevens 2]

This is the extent of the documentation that is supplied:

 

• HTTPS (Java Cryptography Extension (JCE) is necessary)
• Basic Auth: username + password

 

So I don't really have much to go on. It may be that it's all behind the scenes as you say and it should effectively be handled for me. But I can't seem to get the Rest debugger to get anything meaningful - not even an error message, so I wondered if it was possibly something I had to explicitly handle.

 

Thanks for your reply.

 

[stijnsanders 35]

Basic Auth is, if I recall correctly, adding a request header 'Authorization' with a value of 'Basic ' followed by username+':'+password Base64 encoded.

Do you have anything that is calling the API already, running locally, so you could use a browser debugger or Fiddler on and intercept the API call?

Edited November 10, 2018 by stijnsanders

[Richard_Stevens 2]

We can get data out via the Postman app (https://www.getpostman.com/). This is fine for browsing the structure and seeing what the data looks like.

 

What am I looking for that will help me understand what I need to do in Delphi?

 

Here's a sample header taken from Postman:

 

Date →Fri, 09 Nov 2018 15:00:10 GMT
Content-Type →application/json;charset=UTF-8
Transfer-Encoding →chunked
Connection →keep-alive
Set-Cookie →AWSALB=jAfTXFbbqaRUWZZqgSQn871lc+Zdm1qfE4mR75Zpivsns7Fa/24r++Y4K7jP2ohPpTccySdj7VE5uWh5j0+THr6zFw/Gp1y1B7RXWd1QncyvE/Z1PevyzmwlszgI; Expires=Fri, 16 Nov 2018 15:00:10 GMT; Path=/

 

Sample Response:

{"status":"SUCCESS","data":{"lastUpdated":"2018-05-28T08:06:54Z","dateCreated":"2018-04-24T12:12:44Z","name":"XXX: 2018 - IFRS 16","description":null,"id":737}}

[stijnsanders 35]

Those are all response headers, do you get to see the request headers as well?

[Guest]

6 hours ago, stijnsanders said:

That is a bit vague. Do you know how JCE is used to encrypt the REST API? If it's used behind the scenes to perform what is needed for the security of the https protocol, that should get handled by the transport layer.

I agree. JCE is a library for java. https://en.m.wikipedia.org/wiki/Java_Cryptography_Extension so you should not need it. Did you select the correct port?

 

It's to enable SSL when using java. Windows should do it for you, at least on the client side.

Edited November 10, 2018 by Guest
Clarification?

[Richard_Stevens 2]

I will look at it again tomorrow with a colleague to see if I'm missing something obvious. Thanks to you both for your replies so far.

[Richard_Stevens 2]

As you both rightly guessed, the JCE was a completely irrelevant.

 

The Delphi REST debugger and components work fine - providing I use an http address not the https one that I needed in Postman. I don't really know why - but it works.

 

Thanks again

Richard