基于python证书的身份验证中的REST请求,在SOAPUI中工作

问题描述 投票:2回答:1

我正在针对https api服务器执行REST请求,它使用以下配置在soapui中工作,soapui rest request is successful

我已在SSL设置上添加了证书>密钥库soapui ssl preferences

self-signed-keystore.jks具有在服务器上受信任的密钥对,并且正在检查每个请求。如果证书有效,则服务器将返回json

使用此代码在python中尝试过,无法正常工作,我在SSL上遇到错误

requests.exceptions.SSLError:HTTPSConnectionPool(host ='xlocal',port = 8014):网址超过了最大重试次数:// api / path / here(由引起SSLError(SSLError(“不好的握手:错误([('SSL例程','tls_process_server_certificate','证书验证失败')],)“,),))

#!/usr/bin/env python3
import sys
import requests

API_ENDPOINT = "https://xlocal:8xxx/api/test/list"

#pem keys are exported from the jks using keytool explorer or 
#openssl pkcs12 -in soapui-keystore.p12  -nokeys -out soapuicert.pem
#openssl pkcs12 -in soapui-keystore.p12  -nodes -nocerts -out soapuikey.pem
NEW_CERT = r"C:\Users\myuser\self-signed-exported.cert.pem"
NEW_KEY = r"C:\Users\myuser\self-signed-exported.key.pem"

def main(argv):

    get = requests.get(API_ENDPOINT, cert=(NEW_CERT, NEW_KEY))
    get2 = requests.get(API_ENDPOINT, verify=NEW_CERT)

    print(get)
    print(get2)

if __name__ == "__main__":
    main(sys.argv[1:])

下面使用此代码在Java上运行。


public void getforObject() {
        restTemplate = new RestTemplate();
        try (FileInputStream fis = new FileInputStream(Project.keystorePath)) {
            KeyStore keyStore = SSL.getKeyStore(fis, Project.keystorePassword);
            SSLSocketFactory sslSocketFactory = SSL.getSSLSocketFactory(keyStore, Project.keystorePassword, trustAllCerts);
            SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslSocketFactory, (hostname, session) -> true);
            CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslConnectionSocketFactory).build();
            HttpComponentsClientHttpRequestFactory httpRequestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
            restTemplate.setRequestFactory(httpRequestFactory);

            String forObject = restTemplate.getForObject(LIST_URL, String.class);

        } catch (Exception e) {
            //SystemLogger.error("Error configuring ssl", e);
            throw new RuntimeException("Error: unable to configure ssl.", e);
        }
}

public class DummyX509TrustManager implements X509TrustManager {
        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
        @Override
        public void checkServerTrusted(X509Certificate[] paramArrayOfX509Certificate, String paramString)
                throws CertificateException {
        }
        @Override
        public void checkClientTrusted(X509Certificate[] paramArrayOfX509Certificate, String paramString)
                throws CertificateException {
        }
}

似乎是什么问题?有没有更好的方法可以在python中做到这一点?

python rest ssl client-certificates truststore
1个回答
0
投票

我怀疑问题不是您的python代码,而是您提供的证书链。

仅提供私钥证书是不够的-您必须提供密钥证书,以及链中以受信任的证书颁发机构终止的所有其他证书。

被要求您运行的openssl命令将转储证书链(通常是公共的)。您可以在pem文件中找到密钥的证书,并不表示证书链完整或正确。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.