Writing your own client
This section contains an explanation of the OpenSRS client/server data exchange. This information is useful if you want to write your own client.
XML client protocol fundamentals
In our XML Client Protocol (XCP), the sender of a message (request or reply) must always precede the message with the header 'Content-Length: X', where 'X' is the number of bytes in the actual message (without the header). This header must be followed by a carriage return and line feed combination. Counted bytes only occur on the first non-blank line.
Content-length: 55\015\012 # carriage return/line feed # blank lines are ignored
<?xml version='1.0' encoding='UTF-8' standalone='no' ?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'>
<OPS_envelope>
<header>
<version>0.9</version> </header>
<body>
<data_block>
[ etc ]
XCP allows empty space to be placed in the XML message, as long as the XML is still valid, so empty lines or end-of-line characters may be inserted (though they must be counted in the byte count).
For more information regarding the transmission of data over HTTPS, refer to this document: http://www.ietf.org/rfc/rfc2616.txt
MD5 examples
The following examples show how to add an MD5 Signature and create an XML packet for the various client languages.
use Digest::MD5 qw/md5_hex/;
md5_hex(md5_hex($xml, $private_key),$private_key)
md5(md5($xml.$private_key).$private_key);
protected String md5Sum(String str) { String sum = new
String();
try {
MessageDigest md5 = MessageDigest.getInstance("MD5");
sum = String.format("%032x", new BigInteger(1, md5.digest(str.getBytes())));
} catch (Exception ex) {
}
return sum;
}
public String getSignature(String xml) {
return md5Sum(md5Sum(xml + privateKey) + privateKey);
}
md5_obj = hashlib.md5()
md5_obj.update((xml + api_key).encode())
signature = md5_obj.hexdigest()
md5_obj = hashlib.md5()
md5_obj.update((signature + api_key).encode())
signature = md5_obj.hexdigest()
md5 = Digest::MD5.new
md5.update(xml + api_key)
signature = md5.hexdigest
md5 = Digest::MD5.new
md5.update(signature + api_key)
signature = md5.hexdigest
Coding examples
#!/usr/bin/perl
use strict;
use warnings;
use IO::Socket::SSL;
use Digest::MD5 qw/md5_hex/;
use LWP::UserAgent;
use Data::Dumper;
my $TEST_MODE = 1; # Will connect to OpenSRS's test environment
my $connection_options = {
'live' => {
# IP whitelisting required
api_host_port => 'rr-n1-tor.opensrs.net:55443',
api_key => '<YOUR API KEY>',
reseller_username => '<YOUR RESELLER USERNAME>',
},
'test' => {
# IP whitelisting not required
api_host_port => 'horizon.opensrs.net:55443',
api_key => '<YOUR API KEY>',
reseller_username => '<YOUR RESELLER USERNAME>',
},
};
my $connection_details;
if ($TEST_MODE) {
$connection_details = $connection_options->{'test'};
}
else {
$connection_details = $connection_options->{'live'};
}
my $ua = new LWP::UserAgent;
# Simple lookup command
my $xml = <<DATA;
<?xml version='1.0' encoding='UTF-8' standalone='no' ?>
<!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'>
<OPS_envelope>
<header>
<version>0.9</version>
</header>
<body>
<data_block>
<dt_assoc>
<item key="protocol">XCP</item>
<item key="action">LOOKUP</item>
<item key="object">DOMAIN</item>
<item key="attributes">
<dt_assoc>
<item key="domain">myfirstopensrsapitest.com</item>
</dt_assoc>
</item>
</dt_assoc>
</data_block>
</body>
</OPS_envelope>
DATA
my $response = $ua->post(
"https://$connection_details->{api_host_port}",
'Content-Type' => 'text/xml',
'X-Username' => $connection_details->{reseller_username},
'X-Signature' => md5_hex(
md5_hex( $xml, $connection_details->{api_key} ),
$connection_details->{api_key}
),
'Content' => $xml
);
print "Request to $connection_details->{api_host_port} as reseller: $connection_details->{reseller_username}\n$xml\n";
print "Response:\n";
if ( $response->is_success ) {
print Dumper( $response->content );
}
else {
print Dumper($response);
}
<?php
// Note: Requires cURL library
$TEST_MODE = true;
$connection_options = [
'live' => [
'api_host_port' => 'https://rr-n1-tor.opensrs.net:55443',
'api_key' => '<YOUR API KEY>',
'reseller_username' => '<YOUR RESELLER USERNAME>'
],
'test' => [
'api_host_port' => 'https://horizon.opensrs.net:55443',
'api_key' => '<YOUR API KEY>',
'reseller_username' => '<YOUR RESELLER USERNAME>'
]
];
if ($TEST_MODE) {
$connection_details = $connection_options['test'];
} else {
$connection_details = $connection_options['live'];
}
$xml = <<<EOD
<?xml version='1.0' encoding='UTF-8' standalone='no' ?>
<!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'>
<OPS_envelope>
<header>
<version>0.9</version>
</header>
<body>
<data_block>
<dt_assoc>
<item key="protocol">XCP</item>
<item key="action">LOOKUP</item>
<item key="object">DOMAIN</item>
<item key="attributes">
<dt_assoc>
<item key="domain">myfirstopensrsapitest.com</item>
</dt_assoc>
</item>
</dt_assoc>
</data_block>
</body>
</OPS_envelope>
EOD;
$data = [
'Content-Type:text/xml',
'X-Username:' . $connection_details['reseller_username'],
'X-Signature:' . md5(md5($xml . $connection_details['api_key']) . $connection_details['api_key']),
];
$ch = curl_init($connection_details['api_host_port']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $data);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
$response = curl_exec($ch);
echo 'Request as reseller: ' . $connection_details['reseller_username'] . "\n" . $xml . "\n";
echo "Response\n";
echo $response . "\n";
?>
import java.util.HashMap;
import java.io.*;
import java.security.MessageDigest;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
public class OpenSRSAPITest {
public static void main (String[] args) {
final boolean TEST_MODE = true;
HashMap <String, String> liveDetails = new HashMap <String,String>();
liveDetails.put("apiHostPort","https://rr-n1-tor.opensrs.net:55443");
liveDetails.put("apiKey", "<YOUR_API_KEY>");
liveDetails.put("resellerUsername", "<YOUR_RESELLER_USERNAME>");
HashMap <String, String> testDetails = new HashMap <String,String>();
testDetails.put("apiHostPort", "https://horizon.opensrs.net:55443");
testDetails.put("apiKey", "<YOUR_API_KEY>");
testDetails.put("resellerUsername", "<YOUR_RESELLER_USERNAME>");
HashMap <String, String> connectionDetails;
if (TEST_MODE)
connectionDetails = testDetails;
else
connectionDetails = liveDetails;
// Simple lookup command
String xml = "<?xml version='1.0' encoding='UTF-8' standalone='no' ?>" +
"<!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'>" +
"<OPS_envelope>" +
"<header>" +
"<version>0.9</version>" +
"</header>" +
"<body>" +
"<data_block>" +
"<dt_assoc>" +
"<item key='protocol'>XCP</item>" +
"<item key='action'>LOOKUP</item>" +
"<item key='object'>DOMAIN</item>" +
"<item key='attributes'>" +
"<dt_assoc>" +
"<item key='domain'>myfirstopensrsapitest.com</item>" +
"</dt_assoc>" +
"</item>" +
"</dt_assoc>" +
"</data_block>" +
"</body>" +
"</OPS_envelope>";
// Create signature
String signature = md5_hex( md5_hex(xml + connectionDetails.get("apiKey")) + connectionDetails.get("apiKey"));
System.out.println("Request as reseller: " + connectionDetails.get("resellerUsername"));
System.out.println(xml);
// Make HTTP Post
try {
URL url = new URL(connectionDetails.get("apiHostPort"));
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setDoOutput(true);
conn.setRequestMethod("POST");
conn.setRequestProperty("Content-Type", "text/xml");
conn.setRequestProperty("X-Username", connectionDetails.get("resellerUsername"));
conn.setRequestProperty("X-Signature", signature);
OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
writer.write(xml);
writer.flush();
System.out.println("Response Code: " + conn.getResponseCode());
System.out.println("Response Message: " + conn.getResponseMessage());
System.out.println("Response XML:");
String line;
BufferedReader reader = new BufferedReader(new InputStreamReader(conn.getInputStream()));
while ((line = reader.readLine()) != null) {
System.out.println(line);
}
writer.close();
reader.close();
}
catch (Exception e) {
e.printStackTrace();
}
}
private static String md5_hex(String s) {
try {
MessageDigest m = MessageDigest.getInstance("MD5");
m.update(s.getBytes(), 0, s.length());
BigInteger i = new BigInteger(1,m.digest());
return String.format("%1$032x", i);
}
catch (Exception e) {
e.printStackTrace();
}
return null;
}
}
#!/usr/bin/python
import requests
import hashlib
TEST_MODE = 1
connection_options = {
'live' : {
# IP whitelisting required
'reseller_username': '<YOUR RESELLER USERNAME>',
'api_key':'<YOUR API KEY>',
'api_host_port': 'https://rr-n1-tor.opensrs.net:55443',
},
'test' : {
# IP whitelisting not required
'reseller_username': '<YOUR RESELLER USERNAME>',
'api_key':'<YOUR API KEY>',
'api_host_port': 'https://horizon.opensrs.net:55443',
}
}
if TEST_MODE == 1:
connection_details = connection_options['test']
else:
connection_details = connection_options['live']
xml = '''
<?xml version='1.0' encoding='UTF-8' standalone='no' ?>
<!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'>
<OPS_envelope>
<header>
<version>0.9</version>
</header>
<body>
<data_block>
<dt_assoc>
<item key="protocol">XCP</item>
<item key="action">LOOKUP</item>
<item key="object">DOMAIN</item>
<item key="attributes">
<dt_assoc>
<item key="domain">myfirstopensrsapitest.com</item>
</dt_assoc>
</item>
</dt_assoc>
</data_block>
</body>
</OPS_envelope>
'''
md5_obj = hashlib.md5()
md5_obj.update((xml + connection_details['api_key']).encode())
signature = md5_obj.hexdigest()
md5_obj = hashlib.md5()
md5_obj.update((signature + connection_details['api_key']).encode())
signature = md5_obj.hexdigest()
headers = {
'Content-Type':'text/xml',
'X-Username': connection_details['reseller_username'],
'X-Signature':signature,
};
print("Request to {} as reseller {}:".format(connection_details['api_host_port'],connection_details['reseller_username']))
print(xml)
r = requests.post(connection_details['api_host_port'], data = xml, headers=headers )
print("Response:")
if r.status_code == requests.codes.ok:
print(r.text)
else:
print (r.status_code)
print (r.text)
#!/usr/bin/ruby
require 'uri'
require 'net/http'
require 'net/https'
require 'digest'
TEST_MODE = 1
connection_options = {
'live' => {
# IP whitelisting required
'reseller_username' => '<YOUR RESELLER USERNAME>',
'api_key' => '<YOUR API KEY>',
'api_host_port' => 'https://rr-n1-tor.opensrs.net:55443',
},
'test' => {
# IP whitelisting not required
'reseller_username' => '<YOUR RESELLER USERNAME>',
'api_key' => '<YOUR API KEY>',
'api_host_port' => 'https://horizon.opensrs.net:55443',
}
}
if TEST_MODE == 1
connection_details = connection_options['test']
else
connection_details = connection_options['live']
end
xml = <<-eos
<?xml version='1.0' encoding='UTF-8' standalone='no' ?>
<!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'>
<OPS_envelope>
<header>
<version>0.9</version>
</header>
<body>
<data_block>
<dt_assoc>
<item key="protocol">XCP</item>
<item key="action">LOOKUP</item>
<item key="object">DOMAIN</item>
<item key="attributes">
<dt_assoc>
<item key="domain">myfirstopensrsapitest.com</item>
</dt_assoc>
</item>
</dt_assoc>
</data_block>
</body>
</OPS_envelope>
eos
md5 = Digest::MD5.new
md5.update(xml + connection_details['api_key'])
signature = md5.hexdigest
md5 = Digest::MD5.new
md5.update(signature + connection_details['api_key'])
signature = md5.hexdigest
uri = URI.parse("#{connection_details['api_host_port']}/")
https = Net::HTTP.new(uri.host,uri.port)
https.use_ssl = true
req = Net::HTTP::Post.new(uri.path, initheader = { 'Content-Type' =>'text/xml',
'X-Username' => connection_details['reseller_username'],
'X-Signature' => signature,
})
req.body = xml
puts "Request to #{connection_details['api_host_port']} as reseller #{connection_details['reseller_username']}:"
res = https.request(req)
puts xml
puts "Response:"
if res.code == "200"
puts res.body
else
puts res.code
puts res.message
end
Data exchange
For each line of data passed, you must prepend the data with the length of the string packed in 'network' or big-endian order. In Perl, this is accomplished by:
$length = pack('n', length($data));
Where $data is the information you are going to send.
For example, assuming you have a socket SERVER already open to the server process, you could send data as follows:
print SERVER pack('n', length($data));
print SERVER $data;
Since you must always send the length of the string first, it will not work to simply telnet to the OpenSRS server and begin issuing commands.
Authentication handshake
The first step in communicating with the server process is the authentication handshake. This proceeds between the reseller Client and reseller Agent (server) as follows:
| Process | Description | |
|---|---|---|
| 1 | Reseller Client | Initiates connection with Reseller Agent (server process) on a specific TCP/IP hostname:port. Horizon: horizon.opensrs.net:55000 Live: rr-n1-tor.opensrs.net:55000 |
| 2 | Reseller Agent | Server sends an XCP 'check version' request. Perl Example (hash): { 'protocol' => 'XCP', 'action' => 'check', 'object' => 'version', 'attributes' => { 'sender' => 'OpenSRS SERVER', 'version' => '$VERSION', 'state' => 'ready' } } The values of $VERSION could be something such as 'XML:0.1', which indicates the language spoken and the minimum version of the client required by this RSA. At this point, the only value for 'state' is 'ready'. Other states may be added in the future. |
| 3 | Reseller Client | Client responds with an XCP 'check version' response (where version is the client's protocol version.) Note: This number should not be changed. It allows for API changes and backward compatibility. If you change the version number of the client, results may be unpredictable. Perl Example (hash): { 'protocol' => 'XCP', 'action' => 'check', 'object' => 'version', 'attributes' => { 'sender' => 'OpenSRS CLIENT', 'version' => 'XML:0.1', 'state' => 'ready' } } The only difference here is the value of the sender attribute. Again, the only valid state at this point is 'ready'. |
| 4 | Reseller Client | Client sends user data for authentication. This is done using the XCP 'authenticate user' request. Note: As a reseller, you have a password and a username. Do NOT send the password in this request, it is not needed. The current XML Perl Client actually sends the username in both the username and password fields. This is because the data packets are not encrypted at this stage of the transmission. Perl Example (hash): { 'protocol' => 'XCP', 'action' => 'authenticate', 'object' => 'user', 'attributes' => { 'crypt_type' => '', 'username' => '', 'password' => '' } } The crypt_type can be either 'des' or 'blowfish'. |
| 5 | Reseller Agent | If authentication is successful, the Reseller Agent (server side), sends the first challenge, but without XML. The challenge is a random number of random bits. |
| 6 | Reseller Client | The client returns the challenge's md5 checksum, encrypted with the Reseller's private key and without XML. |
| 7 | Reseller Agent | If the challenge is successful, the Reseller Agent (server) replies with an XCP 'authenticate user' response. Perl Example (hash): { 'protocol' => 'XCP', 'action' => 'reply', 'response_code' => '200', 'response_text' => 'Authentication Successful' } If the Reseller Agent deems that the Reseller Client has failed the challenge, it closes the socket without sending a decline reply because it is assumed that the Reseller Client cannot understand any of the encrypted messages anyway. Another possible response code would be code 310, if the reseller's command rate is exceeded. |
| 8 | Reseller Client | If the Reseller Client receives a response code of 200, it can then send its first XCP command. All further communication for the established session is encrypted. The first XCP command the client must send after being authenticated is 'set(cookie)'. This is required because the cookie is used for all further authenticated commands. |
Encryption
Supported ciphers
We currently supports the DES and Blowfish encryption algorithms.
The suggested method of using these encryption types is through their respective Perl modules, Crypt::DES and Crypt::Blowfish, which are then accessed through a common interface created by Crypt::CBC. For your convenience, Crypt::CBC is now included in the OpenSRS client distribution.
If you are unable to install Crypt::DES or Crypt::Blowfish there is a third option available: Crypt::Blowfish_PP, which is a module for Blowfish written in Pure Perl (PP). Our initial testing has shown this module to be at least 10 times slower than the standard Crypt::Blowfish, but it may be used as a last resort.
Private key
DES only supports keys of 8 bytes, while Blowfish supports keys of up to 56 bytes for greater security.
Private keys in OpenSRS are 112 characters in length (56 bytes), to provide the maximum security for people using Blowfish.
When creating your encryption cipher, do not use the private key in raw form. Instead, first pack the key into a hexadecimal binary string. In Perl this is accomplished with:
$private_key = pack('H*', $private_key);
You may then use the private key to create your encryption cipher, authenticate, and begin sending data to the server.
Updated over 1 year ago