1

How to send data from Orange Live Objects to AWS using HTTP POST, knowing that AWS needs authentication (CA, cert and private key) ?

Currently I got a 403 forbidden error as I don't send anything relative to secure connection.

I tried successfully with curl in adding --cacert --cert and --key but I don't know how to do that with the Orange REST API.

  • Where can I add these pieces of information?

  • Within the HTTP header?

  • Is there a specific value to enter?

Adam
  • 2,726
  • 1
  • 9
  • 22
BaptisteR
  • 13
  • 3
  • I just noticed the following requirement from the Orange API: `When using https to push data to a webhook, **the certification chain must be valid according to the default Java 8 JVM implementation**. Any self signed certificate or certificate issued by an unknown orginization (according to the JAVA 8 JVM) presented by a webhook will be refused and the http push action will not be executed.` - How to implement the certification chain in order to be compliant with the JVM recommandation ? – BaptisteR May 23 '19 at 11:27

2 Answers2

1

If you see that AWS replies with a 403 status code to the push, it means that the TLS handshake is OK.

If you need to set HTTP headers for authentication, you can specify these headers when you provision your action policy (see httpPush -> headers).

You can test the HTTP service with this endpoint : /api/v0/event2action/test/http-push available on the swagger : https://liveobjects.orange-business.com/swagger-ui/index.html#/Triggers_and_Actions_-_Test

Aurelien

aure_bobo
  • 138
  • 2
  • 8
  • Thanks Aurelien for this answer, the endpoint is very useful to test the HTTP service. As @Frederic-methel said, the port 8443 is not allowed (forbidden error) and the 443 seems to work as I get a **missing authentication error**. The question now is: how can I pass a CA, a certificate and a private key within a HTTP header? Thanks – BaptisteR May 29 '19 at 15:49
  • Hi Baptiste, you can provide HTTP headers thanks to the header field as you can see in the swagger example : "headers" : { "X-HEADER" : [ "value1", "value2" ] }. CA, certificate and private key are not transmitted in HTTP headers in general... do you have a reference to AWS doc so I can help you ? – aure_bobo May 31 '19 at 11:50
  • Hi Aurelien, I was wondering if that's something we do in general, maybe there is another way to export data to AWS then ? Anyway there is the HTTP post API REST doc: [HTTP API REST](https://docs.aws.amazon.com/fr_fr/iot/latest/developerguide/http.html) News about the port 443 compliance with certificate is available here: [IoT Core X509 on port 443](https://aws.amazon.com/about-aws/whats-new/2019/03/aws-iot-core-now-supports-http-rest-apis-with-x509-client-certificate-based-authentication-on-port-443/?nc1=h_ls) Thanks. – BaptisteR Jun 03 '19 at 07:08
  • Hi Baptiste, AWS expects here client certificate authentication, we don't provide the possibility to configure such part of the TLS handshake. Why don't you connect to LO from AWS with a MQTT client ? – aure_bobo Jun 04 '19 at 05:33
  • Hi Aurelien, I'm afraid AWS only provide a "test" MQTT client in order to visualize data that is coming to the online AWS IoT endpoint: it's not possible to connect it to another endpoint, such as LO. – BaptisteR Jun 04 '19 at 11:29
  • Ok, we cannot interface directly to AWS IoT Service. You should use an intermediate layer on Amazon to receive the data from Live Objects. You can define a custom HTTP endpoint connected to a lambda services that push this data to AWS IoT. – aure_bobo Jun 05 '19 at 12:26
0

hello probably you use a port that is not allowed by Live Objects. Allowed ports for push http are standard ones 80, 8080 and 443

Frédéric Methel
  • 202
  • 1
  • 2
  • Hello, thanks for the answer, I didn't know that. However I tried with the port 443 (port 8443 was used previously) and I get the same error. – BaptisteR May 23 '19 at 11:17