Website van John de Graaff

User Tools

Site Tools

Sidebar

Writing /var/www/html/john.de-graaff.net/webroot/wiki/data/cache/c/c2533cd8a0c1201b6d29df68ed2b12d0.metadata failed
Writing /var/www/html/john.de-graaff.net/webroot/wiki/data/cache/1/1f10ce0ff6fdde6fb355676c1344517e.metadata failed
Writing /var/www/html/john.de-graaff.net/webroot/wiki/data/cache/1/1f10ce0ff6fdde6fb355676c1344517e.xhtml failed

img_6759_face.jpg .

Navigatie

xmlrpc
Writing /var/www/html/john.de-graaff.net/webroot/wiki/data/cache/c/c2533cd8a0c1201b6d29df68ed2b12d0.xhtml failed

XML-RPC info

Resources

Suggested XML-RPM format

Voor de beveiliging worden een aantal maatregelen genomen:

  • de XML-RPC interface gebeurd via HTTP (SSL beveiliging)
  • in de aanvraag wordt “KlantNr” gespecificeerd, dit is het debiteurennummer in de database
  • in de aanvraag wordt een “AuthNounce” code gestuurd, dit is een random getal van een bepaalde formaat/lengte
  • in de aanvraag wordt een “AuthKey” code gestuurd, dit is de AuthNounce code vercijfert met een vaste sleutel die bij beide partijen bekend is.
  • er wordt slecht 1 XML-RPC aanvraag per 3 seconden beantwoord (om Denial-of-Service attacks tegen te gaan)
  • bij een authenticatiefout wordt 30 seconden lang niet geantwoord (om brute-force key hacking pogingen tegen te gaan)

requestPolis

query example 

<?xml version="1.0"?>
<methodCall>
  <methodName>ingosur.requestPolis</methodName>
  <params>
    <param>
      <name>KlantNr</name>        <value><int>...</int></value>
      <name>AuthNounce</name>     <value><int>12345</int></value>
      <name>AuthKey</name>        <value><int>54321</int></value>
      <name>Ingangsdatum</name>   <value><dateTime.iso8601>...</dateTime.iso8601></value>
      <name>Looptijd</name>       <value><int>...</int></value>
      <name>Kenteken1</name>      <value><string>...</string></value>
      <name>Chassisnr1</name>     <value><string>...</string></value>
      <name>Categorie1</name>     <value><string>...</string></value>
      <name>Merk1</name>          <value><string>...</string></value>
      <name>Kenteken2</name>      <value><string>...</string></value>
      <name>Chassisnr2</name>     <value><string>...</string></value>
      <name>Categorie2</name>     <value><string>...</string></value>
      <name>Merk2</name>          <value><string>...</string></value>
      <name>Naam</name>           <value><string>...</string></value>
      <name>Adres</name>          <value><string>...</string></value>
      <name>Woonplaats</name>     <value><string>...</string></value>
      <name>Land</name>           <value><string>...</string></value>
      <name>Paspoortnummer</name> <value><string>...</string></value>
    </param>
  </params>
</methodCall>

response example 

<?xml version="1.0"?>
<methodResponse>
  <params>
    <param>
      <name>KlantNr</name>        <value><int>...</int></value>
      <name>Polisnummer</name>    <value><string>...</string></value>
      <name>AanvraagTijd</name>   <value><dateTime.iso8601>...</dateTime.iso8601></value>
      <name>Betaald</name>        <value><boolean>...</boolean></value>
      <name>Ingetrokken</name>    <value><boolean>...</boolean></value>
      <name>PDFlink</name>        <value><string>https://secure.ingosur.nl/online/printpdf.php?polisnr=224900000&KlantNr=123$AuthNounce=12345&AuthKey=54321</string></value>
      <name>Ingangsdatum</name>   <value><dateTime.iso8601>...</dateTime.iso8601></value>
      <name>Einddatum</name>      <value><dateTime.iso8601>...</dateTime.iso8601></value>
      <name>Kenteken1</name>      <value><string>...</string></value>
      <name>Chassisnr1</name>     <value><string>...</string></value>
      <name>Merk1</name>          <value><string>...</string></value>
      <name>Kenteken2</name>      <value><string>...</string></value>
      <name>Chassisnr2</name>     <value><string>...</string></value>
      <name>Categorie</name>      <value><string>...</string></value>
      <name>Merk2</name>          <value><string>...</string></value>
      <name>Naam</name>           <value><string>...</string></value>
      <name>Adres</name>          <value><string>...</string></value>
      <name>Woonplaats</name>     <value><string>...</string></value>
      <name>Land</name>           <value><string>...</string></value>
      <name>Paspoortnummer</name> <value><string>...</string></value>
    </param>
  </params>
</methodResponse>

infoPolis

query example 

<?xml version="1.0"?>
<methodCall>
  <methodName>ingosur.infoPolis</methodName>
  <params>
    <param>
      <name>KlantNr</name>        <value><int>...</int></value>
      <name>AuthNounce</name>     <value><int>12345</int></value>
      <name>AuthKey</name>        <value><int>54321</int></value>
      <name>Polisnummer</name>    <value><string>...</string></value>
    </param>
  </params>
</methodCall>

response example 

<?xml version="1.0"?>
<methodResponse>
  <params>
    <param>
      <name>KlantNr</name>        <value><int>...</int></value>
      <name>Polisnummer</name>    <value><string>...</string></value>
      <name>AanvraagTijd</name>   <value><dateTime.iso8601>...</dateTime.iso8601></value>
      <name>Betaald</name>        <value><boolean>...</boolean></value>
      <name>Ingetrokken</name>    <value><boolean>...</boolean></value>
      <name>PDFlink</name>        <value><string>https://secure.ingosur.nl/online/printpdf.php?polisnr=224900000&KlantNr=123$AuthNounce=12345&AuthKey=54321</string></value>
      <name>Ingangsdatum</name>   <value><dateTime.iso8601>...</dateTime.iso8601></value>
      <name>Einddatum</name>      <value><dateTime.iso8601>...</dateTime.iso8601></value>
      <name>Kenteken1</name>      <value><string>...</string></value>
      <name>Chassisnr1</name>     <value><string>...</string></value>
      <name>Merk1</name>          <value><string>...</string></value>
      <name>Kenteken2</name>      <value><string>...</string></value>
      <name>Chassisnr2</name>     <value><string>...</string></value>
      <name>Categorie</name>      <value><string>...</string></value>
      <name>Merk2</name>          <value><string>...</string></value>
      <name>Naam</name>           <value><string>...</string></value>
      <name>Adres</name>          <value><string>...</string></value>
      <name>Woonplaats</name>     <value><string>...</string></value>
      <name>Land</name>           <value><string>...</string></value>
      <name>Paspoortnummer</name> <value><string>...</string></value>
    </param>
  </params>
</methodResponse>

Example of PHP implementation

This is a working example of XML-RPC in PHP.
Found this on: http://nl2.php.net/xmlrpc

clienttest.php 

<?php
function do_call($host, $port, $request) {
    $fp = fsockopen($host, $port, $errno, $errstr);
    $query =
      "POST /servertest.php HTTP/1.0\n".
      "User_Agent: My Egg Client\n".
      "Host: ".$host."\n".
      "Content-Type: text/xml\n".
      "Content-Length: ".strlen($request).
      "\n\n".
      $request."\n";

    if (!fputs($fp, $query, strlen($query))) {
        $errstr = "Write error";
        return 0;
    }

    $contents = '';
    while (!feof($fp)) {
        $contents .= fgets($fp);
    }

    fclose($fp);
    return $contents;
}

$host = 'www.networkconcepts.nl';
$port = 80;
$request = xmlrpc_encode_request('cycle', 'egg');
$response = do_call($host, $port, $request);
echo "\n\n<pre>\n$response\n</pre>\n\n"
?>

servertest.php 

<?php
function lifecycle($method, $params) {
/* 
$method = 'cycle', $params = (array of) request parameter(s); $data is 
also passed from xmlrpc_server_call_method, if we had any data to pass.
*/
    switch($params[0]) {
        case 'egg':
            $reply = 'All eggs will be birds one day.';
        break;
        default:
            $reply = 'That must have been an otheregg';
    }
    return $reply;
}

$server = xmlrpc_server_create();

/* register the 'external' name and then the 'internal' name */
xmlrpc_server_register_method($server, "cycle", "lifecycle");

// no you don't need 'always on', and no $_POST doesn't work.
$request = $HTTP_RAW_POST_DATA; 

/*
the parameters here are 'server, xml-string and user data'.  
There's supposed to be an optional 'output options' array too, 
but I can't get it working :( hence header() call 
*/
$response = xmlrpc_server_call_method($server, $request, null);
header('Content-Type: text/xml');
print $response;

xmlrpc_server_destroy($server);
?>

The request sent 

POST /servertest.php HTTP/1.0
User_Agent: My Egg Client
Host: www.networkconcepts.nl
Content-Type: text/xml
Content-Length: 185

<?xml version="1.0" encoding="iso-8859-1"?>
<methodCall>
<methodName>cycle</methodName>
<params>
 <param>
  <value>
   <string>egg</string>
  </value>
 </param>
</params>
</methodCall>

The response received 

HTTP/1.1 200 OK
Date: Fri, 25 Jan 2008 22:28:46 GMT
Server: Apache/2.0.52 (CentOS)
X-Powered-By: PHP/4.3.9
Content-Length: 190
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="iso-8859-1"?>
<methodResponse>
<params>
 <param>
  <value>
   <string>All eggs will be birds one day.</string>
  </value>
 </param>
</params>
</methodResponse>
/var/www/html/john.de-graaff.net/webroot/wiki/data/pages/xmlrpc.txt · Last modified: 2019/03/06 07:33 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki