example:

python

 import httplib

 import json

 import ssl

 import urllib2

 import requests

 CA_FILE = "etc/rdtagent/cert/server/ca.pem"

 CLIENT_CERT_FILE = "etc/rdtagent/cert/client/cert.pem"

 CLIENT_KEY_FILE = "etc/rdtagent/cert/client/key.pem" # This is your client cert!

 HOST = "127.0.0.1"

 PORT = 8443

 CACHE_URL = "/v1/cache"

 context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, cafile=CA_FILE)

 context.load_cert_chain(certfile=CLIENT_CERT_FILE, keyfile=CLIENT_KEY_FILE)

 connection = httplib.HTTPSConnection(HOST, port=PORT, context=context)

 # pem code

 # auth_header = 'Basic %s' % (":".join(["myusername","mypassword"]).encode('Base64').strip('\r\n'))

 # connection.request("POST", "/","",{'Authorization':auth_header})

 connection.request('GET', CACHE_URL)

 response = connection.getresponse()

 print(response.status, response.reason)

 data = response.read()

 print(json.loads(data))

 connection.close()

 # http://docs.python-requests.org/en/latest/

 res = requests.get("https://"+HOST+":"+str(PORT)+CACHE_URL, verify=CA_FILE, cert=(CLIENT_CERT_FILE, CLIENT_KEY_FILE), auth=('user', 'pass'))

 print res.json()

 # HTTPS Client Auth solution for urllib2, inspired by

 # http://bugs.python.org/issue3466

 # and improved by David Norton of Three Pillar Software. In this

 # implementation, we use properties passed in rather than static module

 # fields.

 class HTTPSClientAuthHandler(urllib2.HTTPSHandler):

     def __init__(self, ca, key, cert):

         urllib2.HTTPSHandler.__init__(self)

         self.ca = ca

         self.key = key

         self.cert = cert

     def https_open(self, req):

         #Rather than pass in a reference to a connection class, we pass in

         # a reference to a function which, for all intents and purposes,

         # will behave as a constructor

         return self.do_open(self.getConnection, req)

     def getConnection(self, host):

         print "*" * 80

         print host

         context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, cafile=self.ca)

         context.load_cert_chain(certfile=self.cert, keyfile=self.key)

         return httplib.HTTPSConnection(host, key_file=self.key, cert_file=self.cert, context=context)

 # cert_handler = HTTPSClientAuthHandler(CA_FILE, CLIENT_KEY_FILE, CLIENT_CERT_FILE)

 # opener = urllib2.build_opener(cert_handler)

 # urllib2.install_opener(opener)

 # https://docs.python.org/2/library/urllib2.html#examples

 f = urllib2.urlopen("https://"+HOST+":"+str(PORT)+CACHE_URL, context=context)

 print json.loads(f.read())

shell中直接执行:

python -c '

import requests

CA_FILE = "etc/rdtagent/cert/server/ca.pem"

CLIENT_CERT_FILE = "etc/rdtagent/cert/client/cert.pem"

CLIENT_KEY_FILE = "etc/rdtagent/cert/client/key.pem" # This is your client cert!

HOST = "127.0.0.1"

PORT = 8443

CACHE_URL = "/v1/cache"

print requests.get("https://"+HOST+":"+str(PORT)+CACHE_URL, verify=CA_FILE, cert=(CLIENT_CERT_FILE, CLIENT_KEY_FILE), auth=("user", "pass")).json()

'
CA_FILE="etc/rdtagent/cert/server/ca.pem"

CLIENT_CERT_FILE="etc/rdtagent/cert/client/cert.pem"

CLIENT_KEY_FILE="etc/rdtagent/cert/client/key.pem" # This is your client cert!

HOST="127.0.0.1"

PORT=8443

CACHE_URL="/v1/cache"

PASSWORD="pass"

USER="user"

python -c "

import requests

print requests.get('https://'+'$HOST'+':'+str($PORT)+'$CACHE_URL', verify='$CA_FILE', cert=('$CLIENT_CERT_FILE', '$CLIENT_KEY_FILE'), auth=('$USER', '$PASSWORD')).json()

"

Golang

$ cat goclient.go

 package main

 import (

         "crypto/tls"

         "crypto/x509"

         "flag"

         "fmt"

         "io/ioutil"

         "log"

         "net/http"

         _ "os"

 )

 var (

         certFile = flag.String("cert", "someCertFile", "A PEM eoncoded certificate file.")

         keyFile  = flag.String("key", "someKeyFile", "A PEM encoded private key file.")

         caFile   = flag.String("CA", "someCertCAFile", "A PEM eoncoded CA's certificate file.")

         url      = flag.String("url", "resource url", "The url of resource that client request.")

 )

 func main() {

         flag.Parse()

         //os.Getenv("HOST"))

         // Load client cert

         cert, err := tls.LoadX509KeyPair(*certFile, *keyFile)

         if err != nil {

                 log.Fatal(err)

         }

         // Load CA cert

         caCert, err := ioutil.ReadFile(*caFile)

         if err != nil {

                 log.Fatal(err)

         }

         caCertPool := x509.NewCertPool()

         caCertPool.AppendCertsFromPEM(caCert)

         // Setup HTTPS client

         tlsConfig := &tls.Config{

                 Certificates: []tls.Certificate{cert},

                 RootCAs:      caCertPool,

         }

         tlsConfig.BuildNameToCertificate()

         transport := &http.Transport{TLSClientConfig: tlsConfig}

         client := &http.Client{Transport: transport}

         resp, err := client.Get(*url)

         if err != nil {

                 fmt.Println(err)

         }

         contents, err := ioutil.ReadAll(resp.Body)

         fmt.Printf("%s\n", string(contents))

 }

$

CA_FILE="etc/rdtagent/cert/server/ca.pem"

CLIENT_CERT_FILE="etc/rdtagent/cert/client/cert.pem"

CLIENT_KEY_FILE="etc/rdtagent/cert/client/key.pem" # This is your client cert!

PASSWORD="pass"

USER="user"

CACHE_URL="https://127.0.0.1:8443/v1/cache"

$ go run goclient.go -CA $CA_FILE -cert $CLIENT_CERT_FILE -key $CLIENT_KEY_FILE -url $CACHE_URL

How Certificate Revocation Works

tls 双向认证 client端代码例子的更多相关文章

  1. linux运维、架构之路-Kubernetes集群部署TLS双向认证

    一.kubernetes的认证授权       Kubernetes集群的所有操作基本上都是通过kube-apiserver这个组件进行的,它提供HTTP RESTful形式的API供集群内外客户端调 ...

  2. Python自动化之rabbitmq rpc client端代码分析(原创)

    RPC调用client端解析 import pika import uuid # 建立连接 class FibonacciRpcClient(object): def __init__(self): ...

  3. [Java]Hessian客户端和服务端代码例子

    简要说明:这是一个比较简单的hessian客户端和服务端,主要实现从客户端发送指定的数据量到服务端,然后服务端在将接收到的数据原封不动返回到客户端.设计该hessian客户端和服务端的初衷是为了做一个 ...

  4. Envoy:TLS双向认证

    环境准备 主机 角色 数量 front-envoy front envoy 1 service envoy 作为内部后端的envoy 2 end 后端应用程序 2 访问 / front-envoy = ...

  5. swoole 异步非堵塞 server/端 client/端 代码,已经测试完毕。贴代码

    服务器环境  centos7.0  swoole4.3 php7.2 pcre4.8  nginx1.8   php-fpm server.php <?php class Server { pr ...

  6. openssl实现双向认证教程(服务端代码+客户端代码+证书生成)

    一.背景说明 1.1 面临问题 最近一份产品检测报告建议使用基于pki的认证方式,由于产品已实现https,商量之下认为其意思是使用双向认证以处理中间人形式攻击. <信息安全工程>中接触过 ...

  7. SSL握手通信详解及linux下c/c++ SSL Socket代码举例(另附SSL双向认证客户端代码)

    SSL握手通信详解及linux下c/c++ SSL Socket代码举例(另附SSL双向认证客户端代码) 摘自: https://blog.csdn.net/sjin_1314/article/det ...

  8. 使用wireshark观察SSL/TLS握手过程--双向认证/单向认证

    SSL/TLS握手过程可以分成两种类型: 1)SSL/TLS 双向认证,就是双方都会互相认证,也就是两者之间将会交换证书.2)SSL/TLS 单向认证,客户端会认证服务器端身份,而服务器端不会去对客户 ...

  9. 基于openssl的单向和双向认证

    1.前言 最近工作涉及到https,需要修改nginx的openssl模块,引入keyless方案.关于keyless可以参考CloudFlare的官方博客: https://blog.cloudfl ...

随机推荐

  1. inbox.MoveTo Folder does not move message out of inbox

    inbox.MoveTo Folder does not move message out of inbox #160  Closed vnwind opened this issue on 14 M ...

  2. android逆向四则运算

    不断更新 除法: ; bRet = a/b+; return bRet; .text:00001010 a = R0 ; int.text:00001010 b = R1 ; int.text:000 ...

  3. cocos2d-x 暂停/恢复 与场景相关(SceneGraph类型)的监听器

    开发过程中,我们经常会遇到这样的情况:想要让一个Layer中所有的Node对象的事件都停止响应. 在响应用户事件后,又要恢复该Layer的所有事件响应. 如: 用户想要显示一个模式对话框,显示对话框后 ...

  4. @responsebody 返回json

    添加jackson依赖 添加@ResponseBody 测试:  注意,如果输入中文,出现乱码现象,则需要@RequestMapping(value="/appinterface" ...

  5. CSU 1838 Water Pump(单调栈)

    Water Pump [题目链接]Water Pump [题目类型]单调栈 &题解: 这题可以枚举缺口,共n-1个,之后把前缀面积和后缀面积用O(n)打一下表,最后总面积减去前缀的i个和后缀的 ...

  6. LeetCode88.合并两个有序数组

    给定两个有序整数数组 nums1 和 nums2,将 nums2 合并到 nums1 中,使得 num1 成为一个有序数组. 说明: 初始化 nums1 和 nums2 的元素数量分别为 m 和 n. ...

  7. javaweb防止表单重新提交

    一.前台验证 1.首先在from表单加一个隐藏域字段,设值为true.例如: <input type="hideen" name="tokenFlag" ...

  8. 初识gispro

    因为之前一直用的arcmap,由于项目中用到三维数据的服务发布,需要用到gispro.Gispro与arcmap用法还是有些不同.仅用此文来记录一些简易操作. Gispro简介 ArcGIS Pro是 ...

  9. golang linux安装

    go在linux下的安装: [root@localhost src]# wget https://storage.googleapis.com/golang/go1.8.1.linux-amd64.t ...

  10. html5-增强的表单

    <!DOCTYPE html><html lang="en"><head>    <meta charset="UTF-8&qu ...