THttpRio https(Wininet),带有ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED错误消息

时间:2015-02-06 09:59:40

标签: web-services delphi ssl delphi-xe7

我正在使用Delphi XE7,在没有安装证书的PC上赢得8.1。

我有下一个网络服务https://wsp.hom.orizonbrasil.com.br:6214/tiss/v30200/tissSolicitacaoProcedimento

当我调用Web服务时,我在Delphi XE7中得到了这个异常: “完成客户端身份验证需要证书 - URL:https://wsp.hom.orizonbrasil.com.br:6214/tiss/v30200/tissSolicitacaoProcedimento - SOAPAction:”“

当我尝试使用SOAPUI(java)并获得此Web服务的响应时,端口不会阻止连接。

我正在尝试使用Altova xml间谍,我收到类似于delphi XE7的错误。

为什么SoapUI有效,而XE7和XML SPY有证书问题?

1 个答案:

答案 0 :(得分:0)

最有可能的是,证书位于本地系统的ROOT证书存储区(受信任的根证书)中。

THTTPRIO默认不会在Delphi中加载它们(因此,它找不到正确使用的版本),而是在MY证书库中查找当前的USER。要强制组件使用ROOT证书存储,您必须提供OnBeforePost,以便它可以打开证书实际存在的正确存储。 

procedure Form1.OnBeforePost(const HTTPReqResp: THTTPReqResp; Data: Pointer);

const
  CERT_STORE_PROV_SYSTEM_A   = LPCSTR(9);
  CERT_STORE_PROV_SYSTEM_W   = LPCSTR(10);
  {$IFDEF UNICODE}
  CERT_STORE_PROV_SYSTEM     = CERT_STORE_PROV_SYSTEM_W;
  {$ELSE}
  CERT_STORE_PROV_SYSTEM     = CERT_STORE_PROV_SYSTEM_A;
  {$ENDIF}


  CERT_STORE_NO_CRYPT_RELEASE_FLAG            = $00000001;
  CERT_STORE_SET_LOCALIZED_NAME_FLAG          = $00000002;
  CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG = $00000004;
  CERT_STORE_DELETE_FLAG                      = $00000010;
  CERT_STORE_MANIFOLD_FLAG                    = $00000100;
  CERT_STORE_ENUM_ARCHIVED_FLAG               = $00000200;
  CERT_STORE_UPDATE_KEYID_FLAG                = $00000400;
  CERT_STORE_READONLY_FLAG                    = $00008000;
  CERT_STORE_OPEN_EXISTING_FLAG               = $00004000;
  CERT_STORE_CREATE_NEW_FLAG                  = $00002000;
  CERT_STORE_MAXIMUM_ALLOWED_FLAG             = $00001000;

  CERT_SYSTEM_STORE_CURRENT_USER_ID  = 1;
  CERT_SYSTEM_STORE_LOCAL_MACHINE_ID = 2;
  CERT_SYSTEM_STORE_LOCATION_SHIFT   = 16;

  CERT_SYSTEM_STORE_CURRENT_SERVICE_ID  = 4;
  CERT_SYSTEM_STORE_SERVICES_ID         = 5;
  CERT_SYSTEM_STORE_USERS_ID            = 6;

  CERT_SYSTEM_STORE_CURRENT_USER    = CERT_SYSTEM_STORE_CURRENT_USER_ID shl CERT_SYSTEM_STORE_LOCATION_SHIFT;
  CERT_SYSTEM_STORE_LOCAL_MACHINE   = CERT_SYSTEM_STORE_LOCAL_MACHINE_ID shl CERT_SYSTEM_STORE_LOCATION_SHIFT;
  CERT_SYSTEM_STORE_CURRENT_SERVICE = CERT_SYSTEM_STORE_CURRENT_SERVICE_ID shl CERT_SYSTEM_STORE_LOCATION_SHIFT;
  CERT_SYSTEM_STORE_SERVICES        = CERT_SYSTEM_STORE_SERVICES_ID shl CERT_SYSTEM_STORE_LOCATION_SHIFT;
  CERT_SYSTEM_STORE_USERS           = CERT_SYSTEM_STORE_USERS_ID shl CERT_SYSTEM_STORE_LOCATION_SHIFT;

  {$IFDEF UNICODE}
  CERT_STORE:PWChar = 'Root';
  {$ELSE}
  CERT_STORE:PAnsiChar = 'Root';
  {$ENDIF}

var
  HTTPRStore: IClientCertInfo;
  hStore: pointer;
  Flags: cardinal;

begin
  HTTPReqResp.InvokeOptions:=[soPickFirstClientCertificate,soIgnoreInvalidCerts];

  if UseSystemCertStore
    then
      begin
        Flags:=CERT_STORE_OPEN_EXISTING_FLAG or CERT_STORE_READONLY_FLAG or CERT_SYSTEM_STORE_LOCAL_MACHINE or CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG;
        HTTPRStore:=HTTPReqResp as IClientCertInfo;
        try
          hStore:=CertOpenStore(CERT_STORE_PROV_SYSTEM,
            0,
            0,
            Flags,
            CERT_STORE);
          HTTPRStore.SetCertStore(hStore);
        finally
          HTTPRStore:=nil;
        end;
      end;
end;
相关问题
最新问题