1. 首頁
  2. 問答
  3. 使用客戶端證書的自定義urllib開啓器

使用客戶端證書的自定義urllib開啓器

2011-04-18 26 views
5

我有一個我必須使用的API。該API由HTTPS進行保護並使用相互認證/客戶端證書。我有一個PEM文件和一個CRT文件。使用客戶端證書的自定義urllib開啓器

當我定期連接到服務器,使用PyOpenSSL我沒有問題,這裏是代碼:

import settings 
from OpenSSL import SSL 
import socket 

def verify(conn, cert, errnum, depth, ok): 
    # This obviously has to be updated 
    print 'Got certificate: %s' % cert.get_subject() 
    return ok 

def password_callback(maxlen, verify, extra): 
     print (maxlen, verify, extra) 
     return settings.DEPOSIT_CODE 

context = SSL.Context(SSL.SSLv23_METHOD) 
context.set_verify(SSL.VERIFY_NONE, verify) 
context.set_passwd_cb(password_callback) 
context.use_certificate_file(settings.CLIENT_CERT_FILE) 
context.use_privatekey_file(settings.PEM_FILE) 

sock = SSL.Connection(context, socket.socket(socket.AF_INET, socket.SOCK_STREAM)) 
sock.connect(("someserver.com",443)) 

http_get_request = """ 
GET/HTTP/1.1 

""" 
sock.write(http_get_request) 
print sock.recv(1000)

但是,因爲這是與客戶端證書的HTTPS API,我已經實現了開門紅吧,不知何故修改了代碼是在這裏:

import settings 
import socket 
import urllib2 

def verify(conn, cert, errnum, depth, ok): 
    # This obviously has to be updated 
    print 'Got certificate: %s' % cert.get_subject() 
    return ok 

def password_callback(maxlen, verify, extra): 
     print (maxlen, verify, extra) 
     return settings.DEPOSIT_CODE 

class MyHTTPSConnection(httplib.HTTPSConnection): 
    def connect(self): 
     context = SSL.Context(SSL.SSLv23_METHOD) 
     context.set_passwd_cb(password_callback) 
     context.use_certificate_file(settings.CLIENT_CERT_FILE) 
     context.set_verify(SSL.VERIFY_NONE, verify) 
     context.use_privatekey_file(settings.PEM_FILE) 
     self.sock = SSL.Connection(context, socket.socket(socket.AF_INET, socket.SOCK_STREAM)) 

class MyHTTPSHandler(urllib2.HTTPSHandler): 
    def https_open(self,req): 
     return self.do_open(MyHTTPSConnection,req) 

opener = urllib2.build_opener(urllib2.HTTPHandler,MyCHTTPSHandler) 
urllib2.install_opener(opener) 

f = urllib2.urlopen("https://sampleapiserver.com") 
print f.code

但是當我運行第二個代碼,我得到以下錯誤:

File "/usr/lib/python2.6/urllib2.py", line 126, in urlopen 
    return _opener.open(url, data, timeout) 
    File "/usr/lib/python2.6/urllib2.py", line 391, in open 
    response = self._open(req, data) 
    File "/usr/lib/python2.6/urllib2.py", line 409, in _open 
    '_open', req) 
    File "/usr/lib/python2.6/urllib2.py", line 369, in _call_chain 
    result = func(*args) 
    File "network.py", line 37, in https_open 
    return self.do_open(IRNICHTTPSConnection,req) 
    File "/usr/lib/python2.6/urllib2.py", line 1142, in do_open 
    h.request(req.get_method(), req.get_selector(), req.data, headers) 
    File "/usr/lib/python2.6/httplib.py", line 914, in request 
    self._send_request(method, url, body, headers) 
    File "/usr/lib/python2.6/httplib.py", line 951, in _send_request 
    self.endheaders() 
    File "/usr/lib/python2.6/httplib.py", line 908, in endheaders 
    self._send_output() 
    File "/usr/lib/python2.6/httplib.py", line 780, in _send_output 
    self.send(msg) 
    File "/usr/lib/python2.6/httplib.py", line 759, in send 
    self.sock.sendall(str) 
OpenSSL.SSL.Error: [('SSL routines', 'SSL_write', 'uninitialized')]

最後,我做錯了什麼?如果沒有,請幫我理解錯誤...

乾杯。

來源

2011-04-18 Hosane

+0

你能否澄清一下你說這是一個HTTP API的部分,但你想擺脫HTTP協議? – Keith 2011-04-18 11:36:37

回答

1

我不知道 - 但它看起來像你對我缺少做connect()調用的connect()方法:

self.sock.connect(("someserver.com",443))

而且httplib的HTTPS處理有包裝類SSL套接字,所以也許這些工作需要它?

來源

2011-04-18 08:33:34

+0

是的,這正是我昨天所做的,並已修復:) – Hosane 2011-04-20 06:15:48

3

看起來你在這裏增加了很多複雜性,你並不需要。如果你只是做簡單的客戶端證書驗證,你也許可以從下面的代碼片段脫身(source):在提供CERT-authenicated URL開啓到SudsClient的背景下使用

import httplib 
import urllib2 

# HTTPS Client Auth solution for urllib2, inspired by 
# http://bugs.python.org/issue3466 
# and improved by David Norton of Three Pillar Software. In this 
# implementation, we use properties passed in rather than static module 
# fields. 
class HTTPSClientAuthHandler(urllib2.HTTPSHandler): 
    def __init__(self, key, cert): 
     urllib2.HTTPSHandler.__init__(self) 
     self.key = key 
     self.cert = cert 
    def https_open(self, req): 
     #Rather than pass in a reference to a connection class, we pass in 
     # a reference to a function which, for all intents and purposes, 
     # will behave as a constructor 
     return self.do_open(self.getConnection, req) 
    def getConnection(self, host): 
     return httplib.HTTPSConnection(host, key_file=self.key, cert_file=self.cert) 


cert_handler = HTTPSClientAuthHandler(settings.PEMFILE, settings.CLIENT_CERT_FILE) 
opener = urllib2.build_opener(cert_handler) 
urllib2.install_opener(opener) 

f = urllib2.urlopen("https://sampleapiserver.com") 
print f.code

源構造函數,所以我將它剝離出來並使其成爲直接開啓者。

來源

2011-04-18 19:37:19 jathanism

+0

唯一的問題是你不能設置密碼回調(Python的內置SSL支持,直到版本3.3左右纔有這個功能),所以如果客戶端密鑰受密碼保護,則無法阻止底層SSL庫嘗試在終端上提示用戶。 – 2012-02-12 23:12:01

相關問題

 相關問題