HTTP Builder with Basic Auth & Client-Cert

MaP

Does mango's httpbuilder support client certificates? I would like mango to connect to an API using Basic Auth and a SSL/TLS client certificate to get some information to transfer to an existing PLC to control a plant. There is an existing modbus connection between Mango and the PLC. Does anyone have a recommendation on the best method to achieve the API integration in Mango?

MattFox

Basic Auth is fine as it's a header. Just write a wrapper for the HTTP Builder and save it as global function so you can use it throughout the mango space.

But why SSL/TLS? I have my doubts that it is possible but I cannot see why you need certificates just for an http connection. Care to share?

Fox

MaP

I have done a bit of quick research into Basic Auth and Client Certs and unfortunately its a valid combination apparently. Im double checking but the documentation says you need your basic auth credentials and a certificate. The api requests are all https requests.

I was hoping mango would be able to manage it without having to introduce another cloud server or service to manage the data feed. Trying to figure out if it can be done in a meta data source, a scripting source, or perhaps a python script. Keeping it in mango reduces networking requirements and complexity.

The documentation recommends testing with Postman where you can specify Basic Auth as the Authentication for base64 encoded credentials added to the headers and then add a Client side certificate through the Postman Security settings for client SSL certificates.

MattFox

Ah I see, reading into it I'm gonna say no. The builder is an HTTP builder, not HTTPS, so linking the appropriate certificate information will not be possible - at least that's how it appears.
You're going to have to use something to relay it with the desired credentials.
I wonder if @terrypacker can bring any light to this

Fox

MaP

Apprently I need to Generate a Certificate Signing Request (openSSL?) - Then
the Organisation Validates CSR.

Organisation Generates the SSL certificate from the CSR.
Distributes the Certificate details:
a. Users public certificate
b. Gateway public certificate
c. CA certificate

MaP

I noticed you could POST to https requests using httpbuilding - such as the slack integration.

function notifyToSlack(text, attachments) {
var url = "https://hooks.slack.com/services/xxxxxxx/yyyyyy/zzzzzzzzzzzzzzzzzzzzzzzzzz";
var headers = {
"Content-Type": "application/json"
};
var data = {
"text": text,
"attachments": attachments
};
HttpBuilder.post(url, headers, data).err(function(status, headers, data) {

    throw "Script failed with HTTP status : " + status;

}).resp(function(status, headers, data) {

    "Hallo" 

}).execute();

}

MattFox

@map said in HTTP Builder with Basic Auth & Client-Cert:

I noticed you could POST to https requests using httpbuilding - such as the slack integration.

Yes that's because the HTTPS is hosted on the server side, not the client side (your mango), you need SSL client support, Hence an HTTPS socket builder with the appropriate certs and handshaking.

Why are you doing this if you have a modbus connection?
Unless you're saying you're using this API to forward data from your modbus unit to it, and in which case, a third party will be needed

MaP

I have to log the API data and add it to an existing modbus connection the mango has with a PLC so the PLC and a SCADA system can make decisions/control options based on the data.

Things are so much easier with less secure connections! Certificate chains and such give me headaches. Its sounding like I will need to perhaps make a python script on the mango OS call it on boot and then also add a API connection to write from the python script into a mango data point. Was hoping for an easy win, alas.

MattFox

Hey if it were easy anyone could do it!
I'm sure you've got this. Best of luck MaP!

Fox