This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ray_Burquest
Participant
‎2017-09-30 09:10 PM

Web API problem

Hi, I'm having an issue testing the v1.1 web-api. I can perform the initial login correctly and get the following response -

[uid:0529db8e-495a-4021-9826-e05ffa17baf5, sid:EYWMOM37tdp8Ji-SG9ioDlKR1Poop795DgwWqvyCe7c, url:https://192.168.31.134:443/web_api, session-timeout:600, last-login-was-at:[posix:1506825546427, iso-8601:2017-09-30T22:39-0400], api-server-version:1.1]

POST Success: HTTP/1.1 200 OK

I then add the sid into the next request (show-changes) and get the following response:

[code:generic_err_invalid_syntax, message:Login request message processing failed]
POST Failure: HTTP/1.1 400 Bad Request

I can validate the query at httpbin.org which shows the following is the query I am generating -

[args:[:], data:{"from-date":"2017-02-01T08:20:50","to-date":"2017-10-21"}, files:[:], form:[:], headers:[Accept:application/json, application/javascript, text/javascript, Connection:close, Content-Length:58, Content-Type:application/json, Host:httpbin.org, X-Chkp-Sid:EYWMOM37tdp8Ji-SG9ioDlKR1Poop795DgwWqvyCe7c], json:[from-date:2017-02-01T08:20:50, to-date:2017-10-21], origin:122.106.201.39, url:http://httpbin.org/post]

As far as I can see the headers look correct and I am passing the X-chkp-sid, though this is getting passed as X-Chkp-Sid I believe the http rfc states the header is case insensitive.

Can anyone help?

0 Kudos
16 Replies
Robert_Decker
Advisor
‎2017-10-01 03:10 AM

From where are you running the API commands?

Generally, you can redirect the Login command response with the session-id token into a file, and then use this token in the successive commands:

mgmt_cli login -u aa -p aaaa > sid.txt

mgmt_cli show-changes -s sid.txt

0 Kudos
Ray_Burquest
Participant
‎2017-10-01 04:50 PM
In response to Robert_Decker

Hi, I am running the API commands from an IDE (Intellij) using a groovy script.

I found the initial problem, I was making the 2nd post request using the same HTTPbuilder method call which was not working (I have not figured out why as I need to debug the tcp session to understand where that was failing) so I initiated a 2nd HTTPbuilder call and passed the X-chkp-sid in that and it works.

The issue I now have is that my 'logout' request is not working, trying to pass an empty 'body' gives me the response -

[code:generic_err_invalid_syntax, message:Payload is not valid]
HTTP/1.1 400 Bad Request

The v1.1 API manual shows the body to be empty in the logout API call.

0 Kudos
Maciej_Maczka
Contributor
‎2017-10-03 03:08 AM
In response to Ray_Burquest

Hi,

try body: { } 

mm

0 Kudos
Ray_Burquest
Participant
‎2017-10-03 04:20 PM
In response to Maciej_Maczka

No, body:{} just receives the same response -

[code:generic_err_invalid_syntax, message:Payload is empty]

I suspect the issue is due to the different default headers in how I am sending the request ie I make the request in a groovy script using HTPBuilder and not curl.

Can anyone provide the output (from a working script) from the following curl command so I can compare the headers -

curl -I https://x.x.x.x/web_api/logout

0 Kudos
Ray_Burquest
Participant
‎2018-01-27 08:37 PM
In response to Tomer_Sole

Thanks. I finally got round to looking at this again. As yet I cannot unravel the library to find the java coding that calls the logout API call. In the interim I have set the disconnect timeout (in the original login call) down to 10 seconds so that gets round the problem. It would be nice to clean up the session correctly though.

0 Kudos
Robert_Decker
Advisor
‎2018-01-28 01:01 AM
In response to Ray_Burquest

Hi,

The logout command requires the SID parameter from previous login command.

From API docs - 

https://sc1.checkpoint.com/documents/latest/APIs/index.html#web/logout~v1.1

Robert.

0 Kudos
Ray_Burquest
Participant
‎2018-01-28 06:29 PM
In response to Robert_Decker

Hi,

I am passing the SID, the problem I have is with an empty body payload -

response with no added body:

[code:generic_err_invalid_syntax, message:Payload is empty]

response with 'body = [ ]'

[code:generic_err_invalid_syntax, message:Payload is not valid]

Response with

body = [
        "session-comments" : "leaving now"
          ]
[code:generic_err_invalid_parameter_name, message:Unrecognized parameter [session-comments]]

I suspect the issue is with Groovy's RESTClient, possibly there is a way to construct this that equates to the python example given but I cannot find it.

Ray

0 Kudos
Robert_Decker
Advisor
‎2018-01-28 11:22 PM

Ray,

 The body of logout command should be empty, but the command header must contain the X-chkp-sid field having SID as a value -

POST {{server}}/logout
Content-Type: application/json
X-chkp-sid: {{session}}

{ }

Robert.

0 Kudos
Ray_Burquest
Participant
‎2018-01-28 11:27 PM
In response to Robert_Decker

Hi,

It does (note the uri path changes are not shown) -


httpLOGIN.request(POST,JSON ) { req ->
    headers.'Content-Type' = 'application/json'

    body = [
            "user"    : "user",
            "password": "password",
            "session-timeout" : 15,
            "read-only" : true,
     ]

    response.failure = { resp, json ->
        println(json)
        println "POST Failure. LOGIN: ${resp.statusLine}"
    }
    response.success = { resp, json ->
        println(json)
        CHKPsid = (json.sid)
        println "POST Success. LOGIN: ${resp.statusLine}"
    }
}
httpLOGOUT.request(POST,JSON) { req ->

    headers.'Content-Type' = 'application/json'
    headers.'x-chkp-sid' = CHKPsid
    body = [
            ""
              ]

    response.failure = { resp, json ->
        println (json)
        println "POST Failure. LOGOUT: ${resp.statusLine}"
    }
    response.success = { resp, json ->
        println (json)
        println "POST Success. LOGOUT: ${resp.statusLine}"
    }
}
0 Kudos
Robert_Decker
Advisor
‎2018-01-29 01:02 AM
In response to Ray_Burquest

Seems ok, but I'm not expert in Groovy script and cannot confirm that the final request is 100 compliant.

I'd like to know why our API rejects your posts. Therefore - 

Post again your login and logout commands.

Go to your management server and "cd $FWDIR/log". There is a log file named api.elg.

Open the file and go to the end, you should see the REST requests and responses for your commands.

Please copy and paste here the relevant log lines for examination.

Robert.

0 Kudos
Ray_Burquest
Participant
‎2018-01-29 01:53 AM
In response to Robert_Decker

Here you go (this is for the logout script as you see in my last message)-

--------------------------------------
2018-01-29 04:15:37,741  INFO org.apache.cxf.interceptor.LoggingInInterceptor.log:250 [qtp1931300154-27] - Inbound Message
----------------------------
ID: 397
Address: http://127.0.0.1:50276/web_api/logout
Encoding: ISO-8859-1
Http-Method: POST
Content-Type: application/json
Headers: {Accept=[application/json, application/javascript, text/javascript], connection=[keep-alive], Content-Length=[4], content-type=[application/json], Host=[127.0.0.1:50276], x-chkp-sid=[Y-fFsOhcAlWa5W4wRc580o9mFx14_HsK1yo53LwzQWU], X-Forwarded-For=[x.x.x.x], X-Forwarded-Host=[x.x.x.x.:4434], X-Forwarded-Host-Port=[4434], X-Forwarded-Server=[x.x.x.x]}
Payload: [""]
--------------------------------------
2018-01-29 04:15:37,748  WARN com.checkpoint.management.web_api_is.utils.helpers.RequestHeadersHelper.getMediaType_aroundBody6:24 [qtp1931300154-27] - Multiple Accept headers received. Falling back to default media type [application/json].
2018-01-29 04:15:37,749  INFO com.checkpoint.management.web_api_is.utils.helpers.ApiCache.<init>:25 [qtp1931300154-27] - Cache created and initialized
2018-01-29 04:15:37,750 ERROR com.checkpoint.management.web_api.utils.WebApiCommandExceptionUtils.getErrorReply:219 [qtp1931300154-27] -
com.fasterxml.jackson.databind.JsonMappingException: Can not deserialize instance of com.checkpoint.management.web_api.core.handler.commands.session.logout.WebApiLogoutRequest out of START_ARRAY token
 at [Source: [""]; line: 1, column: 1]
        at com.fasterxml.jackson.databind.JsonMappingException.from(JsonMappingException.java:148)
        at com.fasterxml.jackson.databind.DeserializationContext.mappingException(DeserializationContext.java:835)
        at com.fasterxml.jackson.databind.DeserializationContext.mappingException(DeserializationContext.java:831)
        at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromArray(BeanDeserializerBase.java:1220)
        at com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeOther(BeanDeserializer.java:165)
        at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:144)
        at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:3560)
        at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2576)
        at com.checkpoint.management.web_api.web_services.WebApiEntryPoint.postEntryPoint(WebApiEntryPoint.java:101)
        at sun.reflect.GeneratedMethodAccessor108.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
        at java.lang.reflect.Method.invoke(Method.java:508)
        at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:181)
        at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:97)
        at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
        at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
        at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
        at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
        at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)
        at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
        at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
        at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
        at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:268)
        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
        at org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:247)
        at org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:210)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
        at com.checkpoint.management.web_api.core.filter.LogCustomDebugFieldFilter.doFilter(LogCustomDebugFieldFilter.java:3)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
        at org.eclipse.jetty.server.handler.IPAccessHandler.handle(IPAccessHandler.java:203)
        at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
        at org.eclipse.jetty.server.Server.handle(Server.java:370)
        at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
        at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:960)
        at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1021)
        at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
        at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
        at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
        at java.lang.Thread.run(Thread.java:785)
2018-01-29 04:15:37,752  INFO com.checkpoint.management.web_api_is.utils.CsvFileWriterUtils.writeCsvLine:1 [qtp1931300154-27] - 2018-01-29,04:15:37 -0500,logout,FAILED,4
2018-01-29 04:15:37,754  INFO org.apache.cxf.interceptor.LoggingOutInterceptor.log:250 [qtp1931300154-27] - Outbound Message
---------------------------
ID: 397
Response-Code: 400
Content-Type: application/json
Headers: {Content-Type=[application/json], Date=[Mon, 29 Jan 2018 09:15:37 GMT]}
Payload: {
  "code" : "generic_err_invalid_syntax",
  "message" : "Payload is not valid"
}

0 Kudos
Robert_Decker
Advisor
‎2018-01-29 02:08 AM
In response to Ray_Burquest

Ok, thanks to this log records, the problem is now obvious - your payload is incorrect - 

Payload: [""]

It should be - 

Payload: {}

And indeed, in yor script you use - 

body = [""]

It shoud be - 

body = {}

Hope this helps.

Robert.

0 Kudos
Ray_Burquest
Participant
‎2018-01-29 02:32 AM
In response to Robert_Decker

Unfortunately, this

body = {}

is not valid...

Caught: java.lang.NullPointerException
java.lang.NullPointerException
    at groovyx.net.http.EncoderRegistry.encodeJSON(EncoderRegistry.java:318)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at groovyx.net.http.HTTPBuilder$RequestConfigDelegate.encodeBody(HTTPBuilder.java:1268)
    at groovyx.net.http.HTTPBuilder.doRequest(HTTPBuilder.java:442)
    at groovyx.net.http.HTTPBuilder.doRequest(HTTPBuilder.java:434)
    at groovyx.net.http.HTTPBuilder.request(HTTPBuilder.java:383)
    at groovyx.net.http.HTTPBuilder$request$0.call(Unknown Source)
    at Login.run(Login.groovy:188)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

As I stated earlier, I think its an issue with Groovy and the RESTclient, the httpLOGOUT is an iteration of HTTPBuilder ie

def httpLOGOUT = new HTTPBuilder(uri)

I think I need to post something on SatckOverflow so somebody from the Groovy developer group can tell me how to send a valid empty payload.

Ray

0 Kudos
Ray_Burquest
Participant
‎2019-06-06 12:33 AM
In response to Ray_Burquest

I resolved this, thought I would share the solution. When the CP api needs an empty payload, the way to do this in groovy and HTTPbuilder is:

body = [:]

PatrykP
Participant
‎2022-09-14 12:04 PM
In response to Ray_Burquest

I had exact problem when testing with Postman, you save my life.

Thank you Ray!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top