What Web and Crypto components to use for Online Invoiceing REST API?

[MrSteering]

Hi Guys,

Pascal programming is my hobby. I should add an extension to my old program, what I already succesfully migrated from Delphi 7 to Lazarus...

The add-on is needed for the Hungarian NAV Online Invoice System REST API v3.0: https://onlineszamla.nav.gov.hu/api/files/container/download/Online%20Invoice%20System%203.0%20Interface%20Specification.pdf

I am newbie in web programming and encrypting, and need a bit of kickstarting help
I need to send, retrieve xml files and make encrypting. I would like to use as many stable/maintained and free components as possible, even if it is more work.
Specified encoding/decoding standard needs for the API:
- BASE64 encode/decode (RFC3548)
- SHA-512 encode (RFC6234)
- SHA3-512 encode (FIPS 202)
- AES-128 ECB decode (RFC3826)

Here is an example TokenExchange code I found (with commercial components), which illlustrates the needs of the REST API: https://example-code.com/delphiDll/nav_token_exchange.asp

I think I will need:
- fpWeb (TFPHTTPClient)
- CryptoLib4Pascal (as I saw it supports all)
- xml (I am using TXMLDocument already - did not find good xml binding support)

Can you please support me with some inputs on the components/packages I should use?
It would be great to have a code example based on the linked example using your proposed components/packages!

THANK YOU VERY MUCH!

[Thaddy]

The best crypto lib is by Xor-El So you are on the right way
https://github.com/Xor-el/CryptoLib4Pascal

[engkin]

I agree with Thaddy. You seem to have found all the right packages.

Page 16 of the pdf file has an example for calculating the signatue of the request. Here is a quick test:

Code: Pascal  [Select][+][-]

1. program project1;
2.  
3. {$mode objfpc}{$H+}
4.  
5. uses
6.   {$IFDEF UNIX}
7.   cthreads,
8.   {$ENDIF}
9.   Classes
10.   ,SysUtils
11.   ,ClpDigestUtilities
12.   ,ClpIDigest
13.   ,ClpCryptoLibTypes
14.   ,ClpConverters
15.  
16.   ,ClpEncoders
17.  
18.   ,RegExpr
19.  
20.   { you can add units after this };
21.  
22. function Timestamp2Str(const ATimestamp:string):string;
23. var
24.   re:TRegExpr;
25. begin
26.   re:=TRegExpr.Create;
27.   try
28.     re.Expression:='(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})(.\d{1,3})?Z';
29.     re.InputString:=ATimestamp;
30.     if re.Exec then
31.       Result:=re.Match[1]+re.Match[2]+re.Match[3]+re.Match[4]+re.Match[5]+re.Match[6]
32.     else
33.       Result:='';
34.   finally
35.     re.Free;
36.   end;
37. end;
38.  
39. function SHA3_512(AInput:String):String;
40. var
41.   LDigest:IDigest;
42.   LInputBytes:TCryptoLibByteArray;
43.   LOutputBytes:TCryptoLibByteArray=();
44. begin
45.   LDigest:=TDigestUtilities.GetDigest('SHA3-512');
46.   LInputBytes := TConverters.ConvertStringToBytes(AInput, TEncoding.UTF8);
47.   LDigest.BlockUpdate(LInputBytes, 0, Length(LInputBytes));
48.   SetLength(LOutputBytes,LDigest.GetDigestSize);
49.   LDigest.DoFinal(LOutputBytes, 0);
50.   Result:=TConverters.ConvertBytesToHexString(LOutputBytes,False);
51. end;
52.  
53. function invoiceHash(const AMsg:string; const invoiceOperation: string; const invoiceData:string):string;
54. var
55.   hash_base:string;
56.   hash_upper:string;
57. begin
58.   WriteLn(AMsg);
59.   hash_base:=invoiceOperation+invoiceData;
60.   WriteLn('hash_base: ',hash_base);
61.   hash_upper:=SHA3_512(hash_base);
62.   WriteLn('hash_upper: ',hash_upper);
63.   WriteLn;
64.   Result:=hash_upper;
65. end;
66.  
67. var
68.   requestId:string = 'TSTKFT1222564';
69.   timestamp:string = '2017-12-30T18:25:45.000Z';
70.   {technical user’s signature }key:string = 'ce-8f5e-215119fa7dd621DLMRHRLH2S';
71.  
72.   //the index#1 invoice data items
73.   invoiceOperation1:string = 'CREATE';
74.   invoiceData1:string = 'QWJjZDEyMzQ=';
75.  
76.   //the index#2 invoice data items
77.   invoiceOperation2:string = 'MODIFY';
78.   invoiceData2:string = 'RGNiYTQzMjE=';
79.  
80.   partial_authentication_value:string;
81.  
82.   ih:array of string;
83.   base_signature:string;
84.   request_signature:string;
85.   i: Integer;
86. begin
87.   ih:=[
88.     invoiceHash('First:', invoiceOperation1, invoiceData1),
89.     invoiceHash('Second:', invoiceOperation2, invoiceData2)
90.       ];
91.  
92.   partial_authentication_value:=requestId+Timestamp2Str(timestamp)+key;
93.   WriteLn('partial authentication value');
94.   WriteLn(partial_authentication_value);
95.   WriteLn('');
96.  
97.   base_signature:=partial_authentication_value;
98.   for i:=0 to High(ih) do
99.     base_signature:=base_signature+ih[i];
100.   SetLength(ih,0);
101.  
102.   WriteLn('base signature:');
103.   WriteLn(base_signature);
104.   WriteLn('');
105.  
106.   request_signature:=SHA3_512(base_signature);
107.   WriteLn('request signature:');
108.   WriteLn(request_signature);
109.  
110.   ReadLn;
111. end.

[MrSteering]

Thanx a lot Guys!

I go for it than

[MrSteering]

Let me ask for another shot.
Is there some documentation or good examples how to use TFPHttpClient for my needed operations:
- send requests xmls
- get response xmls
- post specific xmls
???

I think the xml handling I will be able to handle, however as earlier mentioned an xml binder would be great...

Thanx in advanced again.