Posted tagged ‘vasmalltalk’

« Smalltalk in The Cloud home page

CloudforkSSO – OpenID and OAuth support for Smalltalk

February 15, 2011

With the CloudforkSSO library you can let the users of your Seaside web application login using their Google or Yahoo accounts. This works using the OpenID2 protocol. CloudforkSSO also contains OAuth support. With this protocol you can ask users for permission to access their data on other websites.

Some providers that you can integrate with:

Google – Google supports OpenID2 and OAuth1. You can use them separately or together. With OpenID2 users can identify themselves using their Google accounts. It is also possible to get some information about the user. For example the user’s name and email address.

Google’s OAuth1 support is really powerful. With it you can access and modify (if the user agrees!) a users calendar, contact, documents and a lot more.

Twitter – Twitter supports OAuth1. You can ask a user for read-only or full permission.

Facebook – Facebook supports OAuth2. You can access the social graph of a user.

A demo of this library runs at http://sso.doit.st.

OpenID2 and OAuth1 are pretty complex protocols. CloudforkSSO implements part of the protocol, enough to support the major providers like Google, Yahoo and Twitter. OAuth2 is a simple protocol. If OAuth2 is all you need CloudforkSSO is probably overkill. A HTTP Client with ssl support is enough.

I developed CloudforkSSO in Pharo Smalltalk. Most providers require secure communication via https. As far as I know, the only HTTP Client for Squeak and Pharo that supports https is WebClient with SqueakSSL. This works fine on Windows but on Ubuntu Linux the SqueakSSL plugin doesn’t work with some providers, for example Twitter and Yahoo. Hopefully this will be fixed soon.

There is also a VA Smalltalk port on VAStGoodies.com which does work on Windows and Linux.

The package Cloudfork-SSO-Seaside contains a demo component that shows how you can use the functionality. Note that for OAuth you need an API key and secret for the provider you want to use. For OpenID it is important to set the correct realm. This is the host and port where your app is running. You can set these configuration properties using the Seaside configuration app:

Categories: Cloudfork
Tags: , ,

Comments: 6 Comments

Introducing WinCrypt for VA Smalltalk

July 10, 2009

WinCrypt is a new library for VA Smalltalk on Windows. It makes part of the cryptography functionality that is shipped with the Windows OS easily available from Smalltalk.

The following features are available in the initial version:

  • Symmetric encryption and decryption using RC4, DES, TripleDES and AES-256
  • The MD5, SHA and SHA-256 hash functions
  • The HMAC-MD5, HMAC-SHA and HMAC-SHA-256 message authentication functions.

The API is pretty simple to use. To encrypt a String or ByteArray using a password you can use the class methods defined in WinCryptCipher: 

| encryptedBytes |
encryptedBytes := WinCryptAES encrypt: 'my-dirty-little-secret' using: 'puppy'

The results is always a ByteArray. This ByteArray can be decrypted and converted to a String:

| encryptedBytes decryptedBytes |
encryptedBytes := WinCryptAES encrypt: 'my-dirty-little-secret' using: 'puppy'.
decryptedBytes := WinCryptAES decrypt: encryptedBytes using: 'puppy'.
^decryptedBytes asString

The ciphers use a key with a specific size for encryption and decryption. When you provide a password string the key is derived from this password using the MD5 hash algorithm. It is also possible to skip this step and supply your own key.

The WinCrypt library is open source and is published on VAStGoodies.com. The included SUnit tests show how the library can be used. The underlying Windows functions are documented on MSDN.

Categories: WinCrypt
Tags:

Comments: Be the first to comment

Introducing WinHttpClient for VA Smalltalk

June 17, 2009

WinHttpClient is a new HTTP client library for VA Smalltalk on Windows. This library uses a Windows DLL to perform the HTTP network operations. The DLL is called winhttp.dll and is available on all the current Windows platforms. Using this DLL all the features of the HTTP protocol can be used in an efficient way. This includes support for secure (https) connections.

This is a first release of the Smalltalk library; in this release not all the features are available from Smalltalk yet. But all the common functionality can already be used:

  • HTTP GET, POST and HEAD requests
  • Support for setting custom request headers and access to the response headers
  • Support for secure http (https) including support for client certificates
  • Streaming downloads and uploads
  • Proxy support
  • Server and proxy authentication support

We developed this library because the standard HTTP client of VA Smalltalk is not fully stable on Windows when using secure connections on multi-core systems. Nationaal Spaarfonds (a part of Delta Lloyd Group) has a VA Smalltalk application in production that needs to call secure webservices. This works fine most of the time but sometimes causes the image to freeze. See the Instantiations forum for a discussion of this problem.

WinHttpClient can be plugged into the VA Smalltalk webservice stack as a replacement for the standard HTTP client. Our stress tests show that the stability problems disappear after this switch.

The WinHttpClient library is open source and is available on VAStGoodies.com. If you are interested please try it out. If you have suggestions on how we can improve the API we would love to hear them. Contributions to add missing features are also very welcome.

WinHttpClient API

The API is structured the same way as the Windows winhttp library. You can find the documentation on MSDN: http://msdn.microsoft.com/en-us/library/aa384273(VS.85).aspx

Important concepts are Session, Connection and Request. Before you can do anything with the library you need a Session instance:

| session response |
session := WinHttpSession new.
response := session submitGetRequest: 
	'http://en.wikipedia.org/wiki/Smalltalk'

The WinHttpSession class has a number of submitXXX methods. These methods create and send HTTP requests and handle the responses. They return an instance of WinHttpResponse, this object contains the HTTP status, the HTTP header information and the contents.

If the contents of the response is possibly very large than it is better to use a streaming variant of the submit request which has a write stream as an argument. This method will still answer a WinHttpResponse instance but the contents variable of this instance will be nil.

After you have finished with the session you should send “session release”. This is because the session object contains a handle to a Windows structure that must be freed to prevent memory leaks. The class side of WinHttpSession contains a number of convenience submit methods that handle the release message for you.

WinHttpConnection

If you need to send multiple requests to the same host it is more efficient to work with a connection object instead of a session:

| session connection responses |
session := WinHttpSession new.
responses := OrderedCollection new.
connection := session connectTo: 'en.wikipedia.org'.
[
	responses 
		add: (connection submitGetRequest: '/wiki/Smalltalk');
		add: (connection submitGetRequest: '/wiki/HTTP');
		add: (connection submitGetRequest: '/wiki/Virtual_machine')
] ensure: [ connection release ].
responses

WinHttpRequest

Normally you don’t need to work with requests objects directly, you can just use the submit methods of the session or connection objects. Only when you need to set special options you need to access the request object directly. An example of this is when you want to send a request to a secure web server with an invalid server certificate. The default behavior of winhttp is to refuse the connection and throw an error. For example, if you want to accept certificates with an unknown certificate authority you need to set the “IgnoreUnknowsCA” option:

| url session connection request response |
	
url := 'https://www.securebutinvalid.com' sstAsUrl.
session := WinHttpSession new.
connection := session connectToUrl: url.
	
request := connection openGetRequest: url absolutePath.
request setSecurityOptionIgnoreUnknownCA.
request send.
response := request getResponse.

request release.
connection release.
session release.	
response

Note that we think this part of the WinHttpClient API is a bit awkward. The intention is to improve this in future versions.

Proxy support

WinHttp has support for proxy’s and a number of proxy authentication methods (Basic, NTLM etc). When you instantiate a session you can specify the proxy to use or you can use the defaultProxy class methods to set a default for all sessions.

It is also possible to copy the proxy settings that are configured in Internet Explorer. Use initProxyInfoFromIE class method of the Session class for this.

For more examples on how to use WinHttpClient see the unit tests in WinHttpClientTestApp.

Using WinHttpClient in the VA Webservice stack

The application WinHttpClientWebServiceSupportApp contains classes that can replace the standard HTTP Client with WinHttpClient for calling webservices. Thanks to the flexible way that webservice support is implemented in VA Smalltalk this is quite easy to do. We just have to replace the default HTTP and HTTPS dispatchHandlers with a custom version. We can do this when we create the webservice container:

| container httpHandler secureHttpHandler |

container := SstWSContainer containerNamed: 'test' ifNone: [ SstWSContainer createContainerNamed: 'test' ].
	
httpHandler := WinHttpDispatchHandler new.
secureHttpHandler := WinHttpDispatchHandler new.

container handlerFactory 
	register: httpHandler named: 'wsHttpClientRequestHandler' inNamespace: container handlerFactory globalNamespace;
	register: secureHttpHandler named: 'wsHttpsClientRequestHandler' inNamespace: container handlerFactory globalNamespace.
container

For a full example see the test class WinHttpWeatherForecastTest.

Secure webservices with client certificates

Supporting secure webservices that use HTTPS was very easy with WinHttpClient. But adding support for client certificates involved a bit more work. To set a client certificate for a request another Windows DLL is required: crypt32.dll. This DLL is also shipped with all the current Windows platforms. This DLL contains the functionality to handle certificates and all kinds of secure hashing, encrypting and decrypting functionality. In the future we can make all this functionality available from Smalltalk in a separate project. Currently WinHttpClient uses just a few functions from this DLL to set the correct certificate for a request.

You can tell the WinHttpDispatchHandler to use a client certificate by calling the setter method clientCertificateFilename:. The file you provide must be in one of the supported formats by Microsoft and must contain bot the certificate and the private key.

In the old situation we had the certificate and the private key in two separate pem files. WinHttp cannot handle this. We used openssl to convert the two pem files into a single pfx file:

openssl pkcs12 -export -out testcert.pfx -inkey testcertrsa.pem -certfile testcert.pem

Categories: WinHttpClient
Tags:

Comments: 2 Comments

Problems with Daylight saving time in VA Smalltalk

March 29, 2009

All the requests that Cloudfork-AWS sends to the Amazon web services contain the current date and time in Coordinated Universal Time (UTC). If this timestamp differs more than a few seconds from the current time you get an error. For example the S3 error: RequestTimeTooSkewed – The difference between the request time and the current time is too large. The reason for this time check is security, it prevents “record en playback” attacks.

So systems that make use of AWS must have the correct time and also the timezone must be correct. Otherwise the conversion to UTC will give the wrong result. A few days ago this all worked perfectly in VA Smalltalk, but tonight all AWS calls fail :-( Last night we in The Netherlands switched to Daylight saving time (DST). VA Smalltalk doesn’t seem to handle this very well. A call to “DateAndTime now” still returns an offset from UTC as one hour instead of two. It seems that this is a known problem.

Until this problem is fixed we have to use a less than elegant solution to get things working again. We have added a “DSTMode” flag, when this flag is true we subtract an extra hour when converting to UTC. You can enable this mode by executing:


CFPlatformServiceVASTUtils enableDSTMode: true

Support for the DSTMode was built into Cloudfork version jvds.79.

Categories: Cloudfork
Tags: , , , ,

Comments: 3 Comments

VA Smalltalk version of Cloudfork is ready for use

March 27, 2009

All the functionality of Cloudfork-AWS is now also available for VA Smalltalk. With Cloudfork-AWS you can access the Amazon S3, SQS and SimpleDB services from a simple to use Smalltalk interface. The code is hosted at VAStGoodies.com, the SourceForge for VA related projects.

All tests are green!

All tests are green!

As you can see all tests pass. Porting from one Smalltalk dialect to another is a tedious job, there are a lot of little differences you have to take care of. For example the asSortedCollection is case insensitive in VA Smalltalk and is case sensitive in Squeak/Pharo. Because of this the AWS signatures were calculated wrong in VA. Also the functionality for parsing xml and using http are completely different. We have isolated all this dialect specific stuff in a separate package/application.

For installation instructions and for reporting issues you can use our project page on Google code: http://code.google.com/p/cloudfork/wiki/InstallingForVASmalltalk

Categories: Cloudfork
Tags: , , ,

Comments: 1 Comment

Follow

Get every new post delivered to your Inbox.