我有一個問題,我不知道如何解決。因為這幾天我無法通過 indy 登錄到服務器(https://auth.bmwgroup.com、https://aos.bmwgroup.com、https://carver.bmwgroup.com)。
此服務器上啟用了 TLS 1.2 和 TLS 1.3。
所以我開始 HttpAnalyzer 來檢查問題出在哪里,我的程式開始作業,然后我關閉 HttpAnalyzer 并且我的程式不再作業了。
有人可以幫助解決問題。
我正在使用此代碼:
procedure TForm1.Server_NewInit;
var
List: TStringList;
URL, AuthID, ID_USER, ID_URL : AnsiString;
JSON: TStringStream;
l,p : string;
begin
idHttpC := TIdHTTP.Create(nil);
idHttpC.ConnectTimeout := 80000;
idHttpC.ReadTimeout := 80000;
idHttpC.AllowCookies := true;
// config Redirect's
idHttpC.RedirectMaximum := 35;
idHttpC.HandleRedirects := true;
idHttpC.HTTPOptions := [hoKeepOrigProtocol, hoTreat302Like303];
idHttpC.OnRedirect := IdHTTP1Redirect;
// create Cookie's
idCookieC := TIdCookieManager.Create(IdHttpC);
idHttpC.CookieManager := idCookieC;
// create OpenSSL
lIOHandlerC := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
lIOHandlerC.SSLOptions.Mode := sslmClient;
lIOHandlerC.SSLOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2];
idHttpC.IOHandler := lIOHandlerC;
// Nr1 execute redirect
..
// Nr2 serverinfo
..
// Nr3 getSessionInfo
..
// Nr4 internetb2x empty post to get AuthId
..
// Nr5 internetb2x POST JSON - authorisation nr1
..
// Nr6 getSessionInfo after login
..
// check for authorisation give me ok, so, pass and login are ok
..
// Nr7 step idFromSession
..
// Nr8 step get info about user id
..
// Nr9 execute new ID_URL
..
// Nr10 authorisation Nr 2
idHttpC.Request.Referer := idHttpC.URL.GetFullURI([]);
idHttpC.Request.CacheControl := 'no-cache';
idHttpC.Request.ContentType := 'application/x-www-form-urlencoded';
...
here i am getting problem
從 1 到 9 的步驟沒有任何問題,我比較了標題和內容資料,它們與啟動的分析器相同。
但是步驟 nr10 給了我啟動的分析器狀態
**RT HTTP/1.1 200 OK
RC 200
CT text/html**
Date: Mon, 22 Nov 2021 21:09:10 GMT
Server: Apache
Last-Modified: Thu, 27 May 2021 09:09:24 GMT
ETag: "1b8-5c34c1d88f900"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=8640000; includeSubDomains
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'
X-Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'
X-WebKit-CSP: default-src 'self' 'unsafe-inline' 'unsafe-eval'
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
X-Frame-Options: sameorigin
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
content-type: text/html; charset=iso-8859-1
Content-Length: 440
refresh: 0; URL=/carver_www/carverMain.jsp
并且沒有分析儀
**RT HTTP/1.1 403 Forbidden
RC 403
CT text/html**
Date: Mon, 22 Nov 2021 21:10:20 GMT
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Strict-Transport-Security: max-age=8640000; includeSubDomains
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'
X-Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'
X-WebKit-CSP: default-src 'self' 'unsafe-inline' 'unsafe-eval'
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
X-Frame-Options: sameorigin
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
Content-Language: de
第2部分 :
這里請求 nr9
// prepare new Request for ID_URL
idHttpC.Request.Clear;
idHttpC.Request.CustomHeaders.Clear;
idHttpC.Request.Accept := 'text/html, application/xhtml xml, */*';
idHttpC.Request.AcceptLanguage := 'de-DE';
idHttpC.Request.UserAgent := 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko';
idHttpC.Request.Host := 'auth.bmwgroup.com';
idHttpC.Request.CustomHeaders.Values['Connection'] := 'Keep-Alive';
idHttpC.Request.CustomHeaders.Values['DNT'] := '1';
idHttpC.Request.AcceptEncoding := 'gzip, deflate';
// Nr9 execute new ID_URL
try
res1 := idHttpC.Get(ID_URL);
HTML_SaveToFile(res1, 'sFile9.txt');
idHttpC.Response.RawHeaders.SaveToFile('RH9.txt');
except
on e:EIdSocketError do
ShowMessage('EIdSocketError: ' e.Message);
on e:EIdReadTimeout do
ShowMessage('EIdReadTimeout: ' e.Message);
on e:EIDHttpProtocolException do
ShowMessage('EIDHttpProtocolException: ' IntToStr(e.ErrorCode));
on e:Exception do
ShowMessage('Exception: ' e.Message);
end;
Memo4.Lines.Add('Nr9 done');
有了這個請求,我得到了檔案:
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="OAuth 2.0 Form Post">
<title>Submit This Form</title>
</head>
<body onl oad="javascript:document.forms[0].submit()">
<form method="post" action="https://carver.bmwgroup.com:443/agent/cdsso-oauth2">
<input type="hidden" name="id_token" value="...."/><input type="hidden" name="state" value="...."/>
</form>
</body>
</html>
我在步驟 10 中執行的這段代碼:
// Nr10 authorisation Nr 2
idHttpC.Request.Clear;
idHttpC.Request.Accept := 'text/html, application/xhtml xml, */*';
idHttpC.Request.Referer := idHttpC.URL.GetFullURI([]);
idHttpC.Request.AcceptLanguage := 'de-DE';
idHttpC.Request.UserAgent := 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko';
idHttpC.Request.ContentType := 'application/x-www-form-urlencoded';
idHttpC.Request.Host := 'carver.bmwgroup.com';
idHttpC.Request.CustomHeaders.Values['Connection'] := 'Keep-Alive';
idHttpC.Request.CustomHeaders.Values['DNT'] := '1';
idHttpC.Request.CacheControl := 'no-cache';
idHttpC.Request.AcceptEncoding := 'gzip, deflate';
List := TStringList.Create;
List.Add('id_token=' JSON_GET_ID(res1, 3, 0));
List.Add('state=' JSON_GET_ID(res1, 4, 0));
try
res1 := idHttpC.Post('https://carver.bmwgroup.com/agent/cdsso-oauth2', List);
FReeAndnil(List);
Memo4.Lines.Add('RT' idHttpC.Response.ResponseText);
Memo4.Lines.Add('RC' IntToStr(idHttpC.Response.ResponseCode));
Memo4.Lines.Add('CT' idHttpC.Response.ContentType);
HTML_SaveToFile(res1, 'sFile10.txt');
idHttpC.Response.RawHeaders.SaveToFile('RH10.txt');
except
on e:EIdSocketError do
ShowMessage('EIdSocketError: ' e.Message);
on e:EIdReadTimeout do
ShowMessage('EIdReadTimeout: ' e.Message);
on e:EIDHttpProtocolException do
ShowMessage('EIDHttpProtocolException: ' IntToStr(e.ErrorCode));
on e:Exception do
ShowMessage('Exception: ' e.Message);
end;
Memo4.Lines.Add('Nr10 done');
uj5u.com熱心網友回復:
授權
出于好奇,我在 google 上搜索了 bmwgroup api。從快速掃描中,我看到 API 需要傳遞不記名令牌。我沒有看到你通過那個。
通常,您首先通過第一次呼叫獲取令牌。在您的描述中,您寫道該部分有效,所以我猜您在上一步中收到了您的令牌。
這是一個標題,可能應該是這樣的:
Authorization: Bearer xxx,其中 xxx 是您的令牌。
或者至少你沒有在你擁有的地方粘貼任何代碼。
更快的除錯
無論如何,在遇到此類問題時除錯 Delphi 代碼可能既困難又緩慢。
我通常做的是獲取類似 Postman 的東西或使用 JetBrains IDE 并創建一個 .http 檔案(我見過人們也使用來自 VSCode 的 .http 檔案)。
我調整我的請求,直到我可以讓它“手動”作業。然后我向后作業以創建執行相同操作的 Delphi 代碼。這種方法通常比更新 pascal 代碼、編譯、運行、等待斷點命中、檢查除錯器中發生的事情等要快得多。
uj5u.com熱心網友回復:
問題出在第 nr9 步,在那里我得到了 indy 壓縮資料:
Accept-Ranges: bytes
Content-Encoding: gzip
為什么代碼與 httpAnalyzer 一起作業?因為 httpAnalyzer 通過擁有的庫記錄網路協議,在這種情況下 httpAnalyzer 為我解壓資料。
在我添加之后
idHttpC.Compressor := TIdCompressorZLib.Create(idHttpC);
代碼再次作業。
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/365216.html
標籤:德尔福 ssl http-status-code-403 印地 分析仪
下一篇:為不同的路由使用不同的客戶端證書
