Java sample code to connect to WSS (RTDS)
Hello,
We are updating our application to be able to support WebSocket secured connection with RTDS.
We have several questions :
First, we udpated our ADS to be compatible with secured connection updating the below property :
*ads*distribution_ws_sink*connectionType : 1
Then we restarted the ads.
Is it all ?
Do we need to update/change other properties ?
What about these ones ?
*ads*distribution_ws_sink*serverCert :
*ads*distribution_ws_sink*serverPrivateKey :
Secondly, how can we test the connection ?
With wsapi_tryitnow, we can see that the connection to non secured WebSocket API is done through :
var WS_URL = 'ws://' + hostName + ':' + portNumber + '/WebSocket';
_websocket = new WebSocket(WS_URL, "tr_json2");
Is it the same with WSS ?
Do we need to change WS_URL from 'ws://' to 'wss://' ?
Do we need to change anything else ?
Thanks for the help.
Regards,
Best Answer
-
That www.test.com is a hostname for testing purposes.
You need to contact your internal team who generates those certificate and private key files to verify what the problem is.
To connect to an encrypted server, you need to install the certificate file on the client's machine and the application needs to use that certificate file to connect to the encrypted server.
For example, on Windows machines, you can use the openssl tool to convert the cert.pem to the cert.crt file.
openssl x509 -outform der -in cert.pem -out cert.crt
Then, install the cert.crt file on Windows machines.
I checked and found that the wsapi_tryitnow doesn't support the wss:// connections. Therefore, you need to use other tools instead, such as Postman or Python.
0
Answers
-
Hello @hgardon,
Most of your question is answered in a similar question here.
Since you are using Java, I would recommend that you use RTSDK - EMA Java which will ease a lot of development troubles like session and subscription management. EMA also has an option to use WebSockets as a transport layer - although I don't see any benefits of using it with local RTDS.
Here are Quickstart and Tutorials for EMA Java.
0 -
Currently, ADS supports WebSocket encrypted connections via the following configurations.
The encrypted WebSocket server requires a server certification file and server private key file. Typically, you need to contact your IT support team to generate this file. Otherwise, you can use the OpenSSL tool to generate these files for testing purpose. Please refer to the Configuring Encrypted Connections on ADS article.
Then, you need to add the certificate file to the Java truststore file (cacerts), as mentioned in that article.
Yes, you need to use the wss for the Websocket Encrypted connections.
server = String.format("wss://%s:%s/WebSocket", hostname, port);You can also refer to the Example on GitHub that shows how to establish a secure Websocket connection to Refinitiv Real-Time Optimized server.
0 -
Hello @hgardon
Additionally, this Choosing a Real-time Streaming API article might help you too.
0 -
Hello,
Thank you a lot for your answers.
@Gurpreet Unfortunately, we can not switch to EMA at this moment so we continue with WebSocket API.
@Jirapongse thank you for your input, so we generated the two following certificates :
* trrt.cer
* trrt.pemand we updated the distribution.cnf with the below :
We restarted all the services at the infra level.
We udpated the websocket.js file to :
Unfortunately, when trying to connect through wsapi_tryitnow, we got the following error :
Is there something we missed ?
Thanks,0 -
@hgardon
I can't see the pictures.
You can check the ADS log file to make sure that the server ran properly with those configurations.
0 -
Hi @Jirapongse ,
Indeed, I checked the ads logs and we have the below error :<trrt.1.ads: Error: Fri Mar 08 18:40:30 2024>
WS Server "distribution_ws_sink" initialization failed: </local/jenkins/workspace/RTDSCore_Release/OS/RH8-64/esdk/source/rtsdk/Cpp-C/Eta/Impl/Transport/ripcsslutils.c:1658> Error: 2001 ripcSSLSetupCTXServer() error loading certificate from file trrt.cerOpenSSL Error string: error:02001002:system library:fopen:No such file or directory:fopen('trrt.cer','r'):crypto/bio/bss_file.c:288:
OpenSSL Error string: error:20074002:BIO routines:file_ctrl:system lib:crypto/bio/bss_file.c:290:
OpenSSL Error string: error:140DC002:SSL routines:use_certificate_chain_file:system lib:ssl/ssl_rsa.c:596:Do you know where we need to put the certificates files ?
Currently they are located into these folders :./SOFTWARE/globalconfig/trrt.cer
./SOFTWARE/globalconfig/trrt.pem
./SOFTWARE/ads3.6.1.L1.linux.rrg/config/trrt.pem
./SOFTWARE/ads3.6.1.L1.linux.rrg/config/trrt.cer
Thanks,0 -
You can use absolute paths in the configurations.
*ads*distribution_ws_sink*serverCert : /<path>/cert.pem
*ads*distribution_ws_sink*serverPrivateKey : /<path>/key.pem1 -
@Jirapongse
Thanks,
I used absolute paths and I do not have the error anymore, but now I have :<trrt.1.ads: Error: Mon Mar 11 16:41:24 2024>
WS Server "distribution_ws_sink" initialization failed: </local/jenkins/workspace/RTDSCore_Release/OS/RH8-64/esdk/source/rtsdk/Cpp-C/Eta/Impl/Transport/ripcsslutils.c:1669> Error: 2001 ripcSSLSetupCTXServer() error loading private key from file /opt/refinitiv/SOFTWARE/globalconfig/trrt.pemOpenSSL Error string: error:2807106B:UI routines:UI_process:processing error:while reading strings:crypto/ui/ui_lib.c:545:
OpenSSL Error string: error:0906406D:PEM routines:PEM_def_callback:problems getting password:crypto/pem/pem_lib.c:59:
OpenSSL Error string: error:0907B068:PEM routines:PEM_read_bio_PrivateKey:bad password read:crypto/pem/pem_pkey.c:64:
OpenSSL Error string: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl/ssl_rsa.c:537:What does it means ? Our certificates are corrupted ?
We need to create new ones ?
Edit : I created new ones following the doc here : https://developers.lseg.com/en/article-catalog/article/configuring-encrypted-connections-on-ads
I have a question about : openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -subj '/CN=www.test.com'
www.test.com is the machine that is hosting the ADS infra ?With this change, I have no more error when restarting ads but I still can not connect to the infra using wsapi_tryitnow.
0 -
Hi @Jirapongse ,
Just to let you know that we finally managed to make it work !
Thanks a lot for the support !0
Categories
- All Categories
- 6 AHS
- 37 Alpha
- 161 App Studio
- 4 Block Chain
- 4 Bot Platform
- 16 Connected Risk APIs
- 47 Data Fusion
- 30 Data Model Discovery
- 608 Datastream
- 1.3K DSS
- 577 Eikon COM
- 4.9K Eikon Data APIs
- 7 Electronic Trading
- Generic FIX
- 7 Local Bank Node API
- Trading API
- 2.7K Elektron
- 1.3K EMA
- 236 ETA
- 519 WebSocket API
- 33 FX Venues
- 10 FX Market Data
- 1 FX Post Trade
- 1 FX Trading - Matching
- 12 FX Trading – RFQ Maker
- 5 Intelligent Tagging
- 2 Legal One
- 20 Messenger Bot
- 2 Messenger Side by Side
- 9 ONESOURCE
- 7 Indirect Tax
- 59 Open Calais
- 264 Open PermID
- 39 Entity Search
- 2 Org ID
- PAM
- PAM - Logging
- 8.4K Private Comments
- 6 Product Insight
- Project Tracking
- ProView
- ProView Internal
- 20 RDMS
- 1.4K Refinitiv Data Platform
- 367 Refinitiv Data Platform Libraries
- 3 Refinitiv Due Diligence
- LSEG Due Diligence Portal API
- 3 Refinitiv Due Dilligence Centre
- Rose's Space
- 1.1K Screening
- 18 Qual-ID API
- 13 Screening Deployed
- 23 Screening Online
- 10 World-Check Customer Risk Screener
- 990 World-Check One
- 44 World-Check One Zero Footprint
- 45 Side by Side Integration API
- Test Space
- 3 Thomson One Smart
- 1.2K TR Internal
- Global Hackathon 2015
- 2 Specialists Who Code
- 10 TR Knowledge Graph
- 150 Transactions
- 142 REDI API
- 1.7K TREP APIs
- 4 CAT
- 21 DACS Station
- 117 Open DACS
- 1.1K RFA
- 103 UPA
- 172 TREP Infrastructure
- 224 TRKD
- 886 TRTH
- 5 Velocity Analytics
- 5 Wealth Management Web Services
- 59 Workspace SDK
- 9 Element Framework
- 5 Grid
- 13 World-Check Data File
- Yield Book Analytics
- 46 中文论坛