tls 双向认证 client端代码例子
example:
python
import httplib
import json
import ssl
import urllib2
import requests CA_FILE = "etc/rdtagent/cert/server/ca.pem"
CLIENT_CERT_FILE = "etc/rdtagent/cert/client/cert.pem"
CLIENT_KEY_FILE = "etc/rdtagent/cert/client/key.pem" # This is your client cert!
HOST = "127.0.0.1"
PORT = 8443 CACHE_URL = "/v1/cache" context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, cafile=CA_FILE)
context.load_cert_chain(certfile=CLIENT_CERT_FILE, keyfile=CLIENT_KEY_FILE) connection = httplib.HTTPSConnection(HOST, port=PORT, context=context)
# pem code
# auth_header = 'Basic %s' % (":".join(["myusername","mypassword"]).encode('Base64').strip('\r\n'))
# connection.request("POST", "/","",{'Authorization':auth_header})
connection.request('GET', CACHE_URL)
response = connection.getresponse()
print(response.status, response.reason) data = response.read()
print(json.loads(data)) connection.close() # http://docs.python-requests.org/en/latest/
res = requests.get("https://"+HOST+":"+str(PORT)+CACHE_URL, verify=CA_FILE, cert=(CLIENT_CERT_FILE, CLIENT_KEY_FILE), auth=('user', 'pass'))
print res.json() # HTTPS Client Auth solution for urllib2, inspired by
# http://bugs.python.org/issue3466
# and improved by David Norton of Three Pillar Software. In this
# implementation, we use properties passed in rather than static module
# fields.
class HTTPSClientAuthHandler(urllib2.HTTPSHandler):
def __init__(self, ca, key, cert):
urllib2.HTTPSHandler.__init__(self)
self.ca = ca
self.key = key
self.cert = cert
def https_open(self, req):
#Rather than pass in a reference to a connection class, we pass in
# a reference to a function which, for all intents and purposes,
# will behave as a constructor
return self.do_open(self.getConnection, req)
def getConnection(self, host):
print "*" * 80
print host
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, cafile=self.ca)
context.load_cert_chain(certfile=self.cert, keyfile=self.key)
return httplib.HTTPSConnection(host, key_file=self.key, cert_file=self.cert, context=context) # cert_handler = HTTPSClientAuthHandler(CA_FILE, CLIENT_KEY_FILE, CLIENT_CERT_FILE)
# opener = urllib2.build_opener(cert_handler)
# urllib2.install_opener(opener) # https://docs.python.org/2/library/urllib2.html#examples
f = urllib2.urlopen("https://"+HOST+":"+str(PORT)+CACHE_URL, context=context)
print json.loads(f.read())
shell中直接执行:
python -c '
import requests
CA_FILE = "etc/rdtagent/cert/server/ca.pem"
CLIENT_CERT_FILE = "etc/rdtagent/cert/client/cert.pem"
CLIENT_KEY_FILE = "etc/rdtagent/cert/client/key.pem" # This is your client cert!
HOST = "127.0.0.1"
PORT = 8443 CACHE_URL = "/v1/cache"
print requests.get("https://"+HOST+":"+str(PORT)+CACHE_URL, verify=CA_FILE, cert=(CLIENT_CERT_FILE, CLIENT_KEY_FILE), auth=("user", "pass")).json()
'
CA_FILE="etc/rdtagent/cert/server/ca.pem"
CLIENT_CERT_FILE="etc/rdtagent/cert/client/cert.pem"
CLIENT_KEY_FILE="etc/rdtagent/cert/client/key.pem" # This is your client cert!
HOST="127.0.0.1"
PORT=8443
CACHE_URL="/v1/cache"
PASSWORD="pass"
USER="user"
python -c "
import requests
print requests.get('https://'+'$HOST'+':'+str($PORT)+'$CACHE_URL', verify='$CA_FILE', cert=('$CLIENT_CERT_FILE', '$CLIENT_KEY_FILE'), auth=('$USER', '$PASSWORD')).json()
"
Golang
$ cat goclient.go
package main import (
"crypto/tls"
"crypto/x509"
"flag"
"fmt"
"io/ioutil"
"log"
"net/http"
_ "os"
) var (
certFile = flag.String("cert", "someCertFile", "A PEM eoncoded certificate file.")
keyFile = flag.String("key", "someKeyFile", "A PEM encoded private key file.")
caFile = flag.String("CA", "someCertCAFile", "A PEM eoncoded CA's certificate file.")
url = flag.String("url", "resource url", "The url of resource that client request.")
) func main() { flag.Parse()
//os.Getenv("HOST"))
// Load client cert
cert, err := tls.LoadX509KeyPair(*certFile, *keyFile)
if err != nil {
log.Fatal(err)
} // Load CA cert
caCert, err := ioutil.ReadFile(*caFile)
if err != nil {
log.Fatal(err)
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert) // Setup HTTPS client
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{cert},
RootCAs: caCertPool,
}
tlsConfig.BuildNameToCertificate()
transport := &http.Transport{TLSClientConfig: tlsConfig}
client := &http.Client{Transport: transport} resp, err := client.Get(*url)
if err != nil {
fmt.Println(err)
}
contents, err := ioutil.ReadAll(resp.Body)
fmt.Printf("%s\n", string(contents))
}
$
CA_FILE="etc/rdtagent/cert/server/ca.pem"
CLIENT_CERT_FILE="etc/rdtagent/cert/client/cert.pem"
CLIENT_KEY_FILE="etc/rdtagent/cert/client/key.pem" # This is your client cert!
PASSWORD="pass"
USER="user"
CACHE_URL="https://127.0.0.1:8443/v1/cache"
$ go run goclient.go -CA $CA_FILE -cert $CLIENT_CERT_FILE -key $CLIENT_KEY_FILE -url $CACHE_URL
How Certificate Revocation Works
tls 双向认证 client端代码例子的更多相关文章
- linux运维、架构之路-Kubernetes集群部署TLS双向认证
一.kubernetes的认证授权 Kubernetes集群的所有操作基本上都是通过kube-apiserver这个组件进行的,它提供HTTP RESTful形式的API供集群内外客户端调 ...
- Python自动化之rabbitmq rpc client端代码分析(原创)
RPC调用client端解析 import pika import uuid # 建立连接 class FibonacciRpcClient(object): def __init__(self): ...
- [Java]Hessian客户端和服务端代码例子
简要说明:这是一个比较简单的hessian客户端和服务端,主要实现从客户端发送指定的数据量到服务端,然后服务端在将接收到的数据原封不动返回到客户端.设计该hessian客户端和服务端的初衷是为了做一个 ...
- Envoy:TLS双向认证
环境准备 主机 角色 数量 front-envoy front envoy 1 service envoy 作为内部后端的envoy 2 end 后端应用程序 2 访问 / front-envoy = ...
- swoole 异步非堵塞 server/端 client/端 代码,已经测试完毕。贴代码
服务器环境 centos7.0 swoole4.3 php7.2 pcre4.8 nginx1.8 php-fpm server.php <?php class Server { pr ...
- openssl实现双向认证教程(服务端代码+客户端代码+证书生成)
一.背景说明 1.1 面临问题 最近一份产品检测报告建议使用基于pki的认证方式,由于产品已实现https,商量之下认为其意思是使用双向认证以处理中间人形式攻击. <信息安全工程>中接触过 ...
- SSL握手通信详解及linux下c/c++ SSL Socket代码举例(另附SSL双向认证客户端代码)
SSL握手通信详解及linux下c/c++ SSL Socket代码举例(另附SSL双向认证客户端代码) 摘自: https://blog.csdn.net/sjin_1314/article/det ...
- 使用wireshark观察SSL/TLS握手过程--双向认证/单向认证
SSL/TLS握手过程可以分成两种类型: 1)SSL/TLS 双向认证,就是双方都会互相认证,也就是两者之间将会交换证书.2)SSL/TLS 单向认证,客户端会认证服务器端身份,而服务器端不会去对客户 ...
- 基于openssl的单向和双向认证
1.前言 最近工作涉及到https,需要修改nginx的openssl模块,引入keyless方案.关于keyless可以参考CloudFlare的官方博客: https://blog.cloudfl ...
随机推荐
- 一个简单的MapReduce示例(多个MapReduce任务处理)
一.需求 有一个列表,只有两列:id.pro,记录了id与pro的对应关系,但是在同一个id下,pro有可能是重复的. 现在需要写一个程序,统计一下每个id下有多少个不重复的pro. 为了写一个完整的 ...
- 编辑器source insight,sublime,编码 utf-8和 GB2312
source insight中,想要UTF-8的中文字符正常显示的话,目前没有直接支持的方法. 暂时只能通过将原UTF-8的格式的文件,转换为本地ANSI编码(此处是简体中文,对应的ANSI编码为GB ...
- js判断手机是安卓还是ios
//点击下载按钮判断appDown() { var u = navigator.userAgent; var isiOS = !!u.match(/\(i[^;]+;( U;)? CPU.+Mac O ...
- js语法没有任何问题但是就是不走,检查js中命名的变量名,用 service-area错误,改service_area (原)
js语法没有任何问题但是就是不走,检查js中命名的变量名,用 service-area错误,改service_area
- python ---多进程 Multiprocessing
和 threading 的比较 多进程 Multiprocessing 和多线程 threading 类似, 他们都是在 python 中用来并行运算的. 不过既然有了 threading, 为什么 ...
- spring 的核心类JdbcTemplate 方法
2018-11-29 10:28:02
- 20155228 2016-2017-2 《Java程序设计》第2周学习总结
20155228 2006-2007-2 <Java程序设计>第2周学习总结 教材学习内容总结 类型 Java可以区分为基本类型和类类型(或称参考类型).对于基本类型,使用时得考虑一下数据 ...
- python 修改xml文档 ing
原xml文件 <?xml version="1.0" encoding="utf-8"?> <catalog> <maxid> ...
- Spring源码阅读(三)
上一讲我们谈到单例生产关键方法getSingleton.getSingleton方法由DefaultSingletonBeanRegistry类实现.我们的抽象工厂AbstractBeanFactor ...
- 关于Weex你需要知道的一切
QCon第一天,GMTC全球移动技术大会联席主席.手淘技术老大庄卓然(花名南天)在Keynote上宣布跨平台开发框架Weex开始内测,并将于6月份开源,同时他们也放出官网:http://alibaba ...