example:

python

 import httplib

 import json

 import ssl

 import urllib2

 import requests

 CA_FILE = "etc/rdtagent/cert/server/ca.pem"

 CLIENT_CERT_FILE = "etc/rdtagent/cert/client/cert.pem"

 CLIENT_KEY_FILE = "etc/rdtagent/cert/client/key.pem" # This is your client cert!

 HOST = "127.0.0.1"

 PORT = 8443

 CACHE_URL = "/v1/cache"

 context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, cafile=CA_FILE)

 context.load_cert_chain(certfile=CLIENT_CERT_FILE, keyfile=CLIENT_KEY_FILE)

 connection = httplib.HTTPSConnection(HOST, port=PORT, context=context)

 # pem code

 # auth_header = 'Basic %s' % (":".join(["myusername","mypassword"]).encode('Base64').strip('\r\n'))

 # connection.request("POST", "/","",{'Authorization':auth_header})

 connection.request('GET', CACHE_URL)

 response = connection.getresponse()

 print(response.status, response.reason)

 data = response.read()

 print(json.loads(data))

 connection.close()

 # http://docs.python-requests.org/en/latest/

 res = requests.get("https://"+HOST+":"+str(PORT)+CACHE_URL, verify=CA_FILE, cert=(CLIENT_CERT_FILE, CLIENT_KEY_FILE), auth=('user', 'pass'))

 print res.json()

 # HTTPS Client Auth solution for urllib2, inspired by

 # http://bugs.python.org/issue3466

 # and improved by David Norton of Three Pillar Software. In this

 # implementation, we use properties passed in rather than static module

 # fields.

 class HTTPSClientAuthHandler(urllib2.HTTPSHandler):

     def __init__(self, ca, key, cert):

         urllib2.HTTPSHandler.__init__(self)

         self.ca = ca

         self.key = key

         self.cert = cert

     def https_open(self, req):

         #Rather than pass in a reference to a connection class, we pass in

         # a reference to a function which, for all intents and purposes,

         # will behave as a constructor

         return self.do_open(self.getConnection, req)

     def getConnection(self, host):

         print "*" * 80

         print host

         context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, cafile=self.ca)

         context.load_cert_chain(certfile=self.cert, keyfile=self.key)

         return httplib.HTTPSConnection(host, key_file=self.key, cert_file=self.cert, context=context)

 # cert_handler = HTTPSClientAuthHandler(CA_FILE, CLIENT_KEY_FILE, CLIENT_CERT_FILE)

 # opener = urllib2.build_opener(cert_handler)

 # urllib2.install_opener(opener)

 # https://docs.python.org/2/library/urllib2.html#examples

 f = urllib2.urlopen("https://"+HOST+":"+str(PORT)+CACHE_URL, context=context)

 print json.loads(f.read())

shell中直接执行:

python -c '

import requests

CA_FILE = "etc/rdtagent/cert/server/ca.pem"

CLIENT_CERT_FILE = "etc/rdtagent/cert/client/cert.pem"

CLIENT_KEY_FILE = "etc/rdtagent/cert/client/key.pem" # This is your client cert!

HOST = "127.0.0.1"

PORT = 8443

CACHE_URL = "/v1/cache"

print requests.get("https://"+HOST+":"+str(PORT)+CACHE_URL, verify=CA_FILE, cert=(CLIENT_CERT_FILE, CLIENT_KEY_FILE), auth=("user", "pass")).json()

'
CA_FILE="etc/rdtagent/cert/server/ca.pem"

CLIENT_CERT_FILE="etc/rdtagent/cert/client/cert.pem"

CLIENT_KEY_FILE="etc/rdtagent/cert/client/key.pem" # This is your client cert!

HOST="127.0.0.1"

PORT=8443

CACHE_URL="/v1/cache"

PASSWORD="pass"

USER="user"

python -c "

import requests

print requests.get('https://'+'$HOST'+':'+str($PORT)+'$CACHE_URL', verify='$CA_FILE', cert=('$CLIENT_CERT_FILE', '$CLIENT_KEY_FILE'), auth=('$USER', '$PASSWORD')).json()

"

Golang

$ cat goclient.go

 package main

 import (

         "crypto/tls"

         "crypto/x509"

         "flag"

         "fmt"

         "io/ioutil"

         "log"

         "net/http"

         _ "os"

 )

 var (

         certFile = flag.String("cert", "someCertFile", "A PEM eoncoded certificate file.")

         keyFile  = flag.String("key", "someKeyFile", "A PEM encoded private key file.")

         caFile   = flag.String("CA", "someCertCAFile", "A PEM eoncoded CA's certificate file.")

         url      = flag.String("url", "resource url", "The url of resource that client request.")

 )

 func main() {

         flag.Parse()

         //os.Getenv("HOST"))

         // Load client cert

         cert, err := tls.LoadX509KeyPair(*certFile, *keyFile)

         if err != nil {

                 log.Fatal(err)

         }

         // Load CA cert

         caCert, err := ioutil.ReadFile(*caFile)

         if err != nil {

                 log.Fatal(err)

         }

         caCertPool := x509.NewCertPool()

         caCertPool.AppendCertsFromPEM(caCert)

         // Setup HTTPS client

         tlsConfig := &tls.Config{

                 Certificates: []tls.Certificate{cert},

                 RootCAs:      caCertPool,

         }

         tlsConfig.BuildNameToCertificate()

         transport := &http.Transport{TLSClientConfig: tlsConfig}

         client := &http.Client{Transport: transport}

         resp, err := client.Get(*url)

         if err != nil {

                 fmt.Println(err)

         }

         contents, err := ioutil.ReadAll(resp.Body)

         fmt.Printf("%s\n", string(contents))

 }

$

CA_FILE="etc/rdtagent/cert/server/ca.pem"

CLIENT_CERT_FILE="etc/rdtagent/cert/client/cert.pem"

CLIENT_KEY_FILE="etc/rdtagent/cert/client/key.pem" # This is your client cert!

PASSWORD="pass"

USER="user"

CACHE_URL="https://127.0.0.1:8443/v1/cache"

$ go run goclient.go -CA $CA_FILE -cert $CLIENT_CERT_FILE -key $CLIENT_KEY_FILE -url $CACHE_URL

How Certificate Revocation Works

tls 双向认证 client端代码例子的更多相关文章

  1. linux运维、架构之路-Kubernetes集群部署TLS双向认证

    一.kubernetes的认证授权       Kubernetes集群的所有操作基本上都是通过kube-apiserver这个组件进行的,它提供HTTP RESTful形式的API供集群内外客户端调 ...

  2. Python自动化之rabbitmq rpc client端代码分析(原创)

    RPC调用client端解析 import pika import uuid # 建立连接 class FibonacciRpcClient(object): def __init__(self): ...

  3. [Java]Hessian客户端和服务端代码例子

    简要说明:这是一个比较简单的hessian客户端和服务端,主要实现从客户端发送指定的数据量到服务端,然后服务端在将接收到的数据原封不动返回到客户端.设计该hessian客户端和服务端的初衷是为了做一个 ...

  4. Envoy:TLS双向认证

    环境准备 主机 角色 数量 front-envoy front envoy 1 service envoy 作为内部后端的envoy 2 end 后端应用程序 2 访问 / front-envoy = ...

  5. swoole 异步非堵塞 server/端 client/端 代码,已经测试完毕。贴代码

    服务器环境  centos7.0  swoole4.3 php7.2 pcre4.8  nginx1.8   php-fpm server.php <?php class Server { pr ...

  6. openssl实现双向认证教程(服务端代码+客户端代码+证书生成)

    一.背景说明 1.1 面临问题 最近一份产品检测报告建议使用基于pki的认证方式,由于产品已实现https,商量之下认为其意思是使用双向认证以处理中间人形式攻击. <信息安全工程>中接触过 ...

  7. SSL握手通信详解及linux下c/c++ SSL Socket代码举例(另附SSL双向认证客户端代码)

    SSL握手通信详解及linux下c/c++ SSL Socket代码举例(另附SSL双向认证客户端代码) 摘自: https://blog.csdn.net/sjin_1314/article/det ...

  8. 使用wireshark观察SSL/TLS握手过程--双向认证/单向认证

    SSL/TLS握手过程可以分成两种类型: 1)SSL/TLS 双向认证,就是双方都会互相认证,也就是两者之间将会交换证书.2)SSL/TLS 单向认证,客户端会认证服务器端身份,而服务器端不会去对客户 ...

  9. 基于openssl的单向和双向认证

    1.前言 最近工作涉及到https,需要修改nginx的openssl模块,引入keyless方案.关于keyless可以参考CloudFlare的官方博客: https://blog.cloudfl ...

随机推荐

  1. 备份软件 FreeFileSync 怎么用

    现在,学会使用备份软件对电脑中的重要资料定期进行备份,已经成为许多办公一族的“必修课”.其中,FreeFileSync 作为一款由国外开源社区开发的免费备份软件,由于其支持跨平台(Windows.Li ...

  2. 利用Tensorflow实现神经网络模型

    首先看一下神经网络模型,一个比较简单的两层神经. 代码如下: # 定义参数 n_hidden_1 = 256 #第一层神经元 n_hidden_2 = 128 #第二层神经元 n_input = 78 ...

  3. 使用 nghttpx 搭建 HTTP/2 代理 (转)

    来自http://www.fanyue.info/2015/08/nghttpx-http2.html 使用 nghttpx 搭建 HTTP/2 代理 [转] HTTP/1.1,定义于 1999 年, ...

  4. Go linux 实践2

    今天,看看GO的高级语言特性-方法和接口 废话不多说,直接上代码 ************************************************* 1 package main 2 ...

  5. Cocos Code IDE (下载地址)

    Cocos Code IDE 1.2.0 下载地址       Cocos Code IDE 1.2.0 Win32 下载地址: http://www.cocos2d-x.org/filedown/c ...

  6. unity3d-知识汇总

    itween下载 http://www.youkexueyuan.com/exp_show/1147.html 代码修改精灵图片的透明度 UIBp.GetComponent<Image>( ...

  7. InstallShield :cannot rename directory ...

    InstallShield项目编译的生成目录文件夹需要关闭.

  8. Hadoop.之.入门部署

    一.课程目标 ->大数据是什么?大数据能做什么? ->什么是Hadoop?Hadoop的设计思想? ->Hadoop如何解决大数据的问题?(什么是hdfs与yarn.MapReduc ...

  9. Python全栈-数据库介绍与基本操作

    .数据库管理软件的由来 数据库的产生是为了解决数据的永久储存.数据安全.以及对方对外服务时能够实现并发服务等效果.例如解决前面所学的Scoket编程中,在不考虑硬件问题的基础上,服务端服务多个客户端时 ...

  10. Python 1.安装

    Python是一种开源语言,有很多第三方库. 1. Python3 及相关组件下载及安装 a. Python3下载:https://www.python.org/downloads/->点击以下 ...