tls 双向认证 client端代码例子
Posted lvmxh
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了tls 双向认证 client端代码例子相关的知识,希望对你有一定的参考价值。
example:
python
1 import httplib 2 import json 3 import ssl 4 import urllib2 5 import requests 6 7 8 CA_FILE = "etc/rdtagent/cert/server/ca.pem" 9 CLIENT_CERT_FILE = "etc/rdtagent/cert/client/cert.pem" 10 CLIENT_KEY_FILE = "etc/rdtagent/cert/client/key.pem" # This is your client cert! 11 HOST = "127.0.0.1" 12 PORT = 8443 13 14 CACHE_URL = "/v1/cache" 15 16 context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, cafile=CA_FILE) 17 context.load_cert_chain(certfile=CLIENT_CERT_FILE, keyfile=CLIENT_KEY_FILE) 18 19 connection = httplib.HTTPSConnection(HOST, port=PORT, context=context) 20 # pem code 21 # auth_header = ‘Basic %s‘ % (":".join(["myusername","mypassword"]).encode(‘Base64‘).strip(‘\r\n‘)) 22 # connection.request("POST", "/","",{‘Authorization‘:auth_header}) 23 connection.request(‘GET‘, CACHE_URL) 24 response = connection.getresponse() 25 print(response.status, response.reason) 26 27 data = response.read() 28 print(json.loads(data)) 29 30 connection.close() 31 32 33 34 # http://docs.python-requests.org/en/latest/ 35 res = requests.get("https://"+HOST+":"+str(PORT)+CACHE_URL, verify=CA_FILE, cert=(CLIENT_CERT_FILE, CLIENT_KEY_FILE), auth=(‘user‘, ‘pass‘)) 36 print res.json() 37 38 39 # HTTPS Client Auth solution for urllib2, inspired by 40 # http://bugs.python.org/issue3466 41 # and improved by David Norton of Three Pillar Software. In this 42 # implementation, we use properties passed in rather than static module 43 # fields. 44 class HTTPSClientAuthHandler(urllib2.HTTPSHandler): 45 def __init__(self, ca, key, cert): 46 urllib2.HTTPSHandler.__init__(self) 47 self.ca = ca 48 self.key = key 49 self.cert = cert 50 def https_open(self, req): 51 #Rather than pass in a reference to a connection class, we pass in 52 # a reference to a function which, for all intents and purposes, 53 # will behave as a constructor 54 return self.do_open(self.getConnection, req) 55 def getConnection(self, host): 56 print "*" * 80 57 print host 58 context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, cafile=self.ca) 59 context.load_cert_chain(certfile=self.cert, keyfile=self.key) 60 return httplib.HTTPSConnection(host, key_file=self.key, cert_file=self.cert, context=context) 61 62 63 # cert_handler = HTTPSClientAuthHandler(CA_FILE, CLIENT_KEY_FILE, CLIENT_CERT_FILE) 64 # opener = urllib2.build_opener(cert_handler) 65 # urllib2.install_opener(opener) 66 67 # https://docs.python.org/2/library/urllib2.html#examples 68 f = urllib2.urlopen("https://"+HOST+":"+str(PORT)+CACHE_URL, context=context) 69 print json.loads(f.read())
shell中直接执行:
python -c ‘ import requests CA_FILE = "etc/rdtagent/cert/server/ca.pem" CLIENT_CERT_FILE = "etc/rdtagent/cert/client/cert.pem" CLIENT_KEY_FILE = "etc/rdtagent/cert/client/key.pem" # This is your client cert! HOST = "127.0.0.1" PORT = 8443 CACHE_URL = "/v1/cache" print requests.get("https://"+HOST+":"+str(PORT)+CACHE_URL, verify=CA_FILE, cert=(CLIENT_CERT_FILE, CLIENT_KEY_FILE), auth=("user", "pass")).json() ‘
CA_FILE="etc/rdtagent/cert/server/ca.pem" CLIENT_CERT_FILE="etc/rdtagent/cert/client/cert.pem" CLIENT_KEY_FILE="etc/rdtagent/cert/client/key.pem" # This is your client cert! HOST="127.0.0.1" PORT=8443 CACHE_URL="/v1/cache" PASSWORD="pass" USER="user" python -c " import requests print requests.get(‘https://‘+‘$HOST‘+‘:‘+str($PORT)+‘$CACHE_URL‘, verify=‘$CA_FILE‘, cert=(‘$CLIENT_CERT_FILE‘, ‘$CLIENT_KEY_FILE‘), auth=(‘$USER‘, ‘$PASSWORD‘)).json() "
以上是关于tls 双向认证 client端代码例子的主要内容,如果未能解决你的问题,请参考以下文章
Golang TLS双向身份认证DoS漏洞分析(CVE-2018-16875)