WSTP: STP Electra on Web service basis

31/08/2015 printable version

Used in a large corporate environment, STP Electra allowed automated access to the Electra system directly from customers' back-end systems (e.g. accounting and invoicing systems). SOA (Service-Oriented Architecture) technology has spread globally since the introduction of STP, and so Cardinal also developed a Web service-based upgrade for STP Electra. Similarly to the previous solution, the new STP module is also based on SOAP but it uses communication protocols which are compliant with international standards, so WSTP Electra now allows banking customers to forward their usual STP messages to the Electra system and the banking systems behind it in the form of standard Web service calls, regardless of the platforms or application development framework systems they are actually using.

The name of the WSTP module is an abbreviation of Web Service STP. To put it very simply, the purpose of WSTP is to move STP communication from the previous Unicorn-based protocol to the http/https-based standard Web service interface defined in WSDL. Compared to previous solutions, WSTP has the advantage of not requiring the integration of any Cardinal-developed components into our customers' systems. If a customer's system was developed in a software development environment allowing Web service calls, STP functionality will be immediately available based on the WSDL description for the WSTP module. The WSTP module works exactly the same way as the STP module in terms of requests and responses, which means that setting up complex business functions from basic building stones remains the customer's responsibility.

The development of the WSTP module was driven by the complexity of development tool integration tasks and also by the need to comply with the most recent security requirements. The WSTP component implementing the Web service supports not only the http protocol but also the https protocol, using OpenSSL implementation. Using the standard https protocol makes the WSTP module easy to audit also with respect to security and, also from a security perspective, easier to integrate into complex customer IT systems.

WSTP architecture

Similarly to the philosophy implemented in the STP Electra program, WSTP Electra contains all components needed to provide the WSTP functionality in a single package, which means that there is no need to install, run or maintain any additional third-party components (a database manager, a web server etc.). WSTP Electra has two operating modes, just like STP Electra:

  • Normal mode: This is the same as the conventional use of the Electra client program, where users can access the system manually, via a graphical user interface (mouse clicks + keyboard).
  • WSTP mode: The Electra client program receives and serves standard Web service calls sent via predefined TCP/IP ports using the http/https protocol.

WSTP module operation is basically the same as that of the STP module. As a first step, the bank must enable the module in the Electra client program. This enabling process must be performed for each client program, using the Administrator or WebAdmin program installed at the bank. Customers cannot access this switch in their client programs and perform this action on their own, so they will always need assistance from the bank for that.

Electra programs installed on customer systems often run in network mode, which means that a single program can be used by multiple users simultaneously. The WSTP service does not require the installation (and maintenance) of any additional programs as Cardinal has fully integrated the WSTP function into the original Electra program. To use the WSTP service, customers must designate an MS Windows workstation to run the Electra client program in WSTP mode. The .ini file located in the Electra work directory on this workstation must be set up for WSTP mode the same way as in the case of STP: Firstly, the workstation must be set to run the Electra client program in STP mode, and secondly, a TCP/IP port must be set up for the WSTP module to receive Web service calls. The initial values are set to the default http and https port values (80 and 443, respectively).

WSTP Electra uses its own internal 'mini web server' to receive web server calls, so our customers can simply run WSTP Electra, without the need to install, set up or maintain any other third-party programs. The WSTP Electra web server can be accessed online and only while WSTP Electra is running. When WSTP Electra is stopped, the WSTP web server stops running, as well.

WSTP supports not only http but also fully secure https communication. To provide https services, WSTP needs a private RSA key and a so called SSL certificate containing the name (IP address) of the host providing the Web service. WSTP Electra can retrieve the secret key and the SSL certificate from standard password-protected PKCS#12 files. This .p12 file can come from any source:

  • it can be generated by the customer (e.g. using a local CA application),
  • the customer can buy the key and the certificate from any Certificate Authority (CA),
  • the customer can use a unique key and certificate generated by the WSTP module.

Once https is set up in WSTP Electra, the client program will prompt the user to enter the path to the .p12 file (subdirectory and file name) and the password required for the use of the SSL key before activating the WSTP function when the program is run next time.

To provide WSTP services on the selected workstation, it is essential that it had the operating system components providing TCP/IP communication installed. (When MS Windows is installed on workstations, these components are automatically installed.) Following authorization by the bank and specifying the .ini settings on the selected workstation, the WSTP function is activated when the Electra client program is run next time, blocking all other functions of the client program running on the given computer. WSTP operation is indicated by a window opening on the Electra splash screen for the user to enter an external command. All incoming communication received by WSTP Electra is logged with a time stamp and the ID of the user executing the given action. WSTP log entries are added to the standard Electra log. The WSTP service can be stopped by closing the 'WSTP on' window displayed on the splash screen. When the window is closed, the client program switches to normal operation mode and starts to behave as if it were launched at that very moment without the WSTP function.

The WSTP Electra program must be properly exited at specific intervals (e.g. at the end of the day). This allows implementing any program upgrades the bank may have sent in the meantime. If necessary (e.g. due to an upgrade), the bank will require and/or disable WSTP Electra operation in the upgrade phase.

WSTP use

The Web service function already provided by WSTP Electra supports essentially four operating modes:

  • standard Web service calls (in the form of requests-responses),
  • WSDL documentation,
  • online help,
  • making an SSL key and certificate (p12).

WSTP Electra automatically selects the operating mode in which to respond based on the type of the calls received by the Web server and the specified URLs.

Important: The WSTP web server is not a general purpose web server and is used only for executing STP Electra calls. It will reject all other requests. The WSTP web server cannot connect to databases or run scripts. It does not allow accessing (downloading) operating system files.

Normal web service calls are responded to via a protocol (http/https) preset in WSTP, using standard SOAP messages. If the customer's system was developed in a software development environment which allows making Web service calls, requests to WSTP Electra can be sent as simple internal function calls. Web service operations and their parameters can be generated based on WSDL documentation.

Users can get online help and/or access WSDL documentation on available WSTP Electra Web service operations using a standard web browser. They must enter the appropriate protocol and the host name of the workstation running the WSTP Electra program in their browser's URL address field, and then specify the service they want to look up in the online help or the WSDL documentation.

Generation of SSL keys and certificates (p12) can also be initiated with a simple request sent from the browser's address field. When sending a key generation request, the browser will display some information. Before generating an SSL key, you must open the .ini file and specify the name you want to use for the workstation running the Web server and to be included in the certificate generated for the program. When this information is displayed in the browser, the user must enter the password for the .p12 file to be generated, then simply click on the 'Generate' button. Triggered by the SSL key generation request, the WSTP module will generate in the WSTP Electra main directory the required .p12 file and the self-signed CA certificate issuing the SSL certificate the file must contain.

Important: The key and the certificate generated by the WSTP module can only be used to access WSTP Electra via the https protocol.

 
 Related news:Related articles