关于ssl证书的格式转换以及各方式的使用 收集以及案例
http://stackoverflow.com/questions/12162975/openssl-not-enough-data
openssl x509 -inform der -in"c:\mydir\test.cer" -out"C:\mydir\certificate.pem"
openssl pkcs12 -in"c:\mydir\test.pfx" -nocerts -out"c:\mydir\test_pk.pem"
http://www.linuxspy.info/tag/convert-ssl-certificate-pfx-to-pem/
http://mccltd.net/blog/?p=1299
http://ruby-doc.org/stdlib-2.0/libdoc/openssl/rdoc/OpenSSL/X509/Certificate.html
truststore
http://mislav.uniqpath.com/2013/07/ruby-openssl/
http://blog.kabisa.nl/2009/12/04/ruby-and-ssl-certificate-validation/
http://stackoverflow.com/questions/2507902/how-to-validate-ssl-certificate-chain-in-ruby-with-net-http
http://stackoverflow.com/questions/9199660/why-is-ruby-unable-to-verify-an-ssl-certificate
http://www.ruby-doc.org/gems/docs/m/mack-encryption-0.8.3/EzCrypto/TrustStore.html
File.open("client_certificate.pem",'rb' ) { |f| cert = f.read }
File.open("client_key.pem",'rb' ) { |f| key = f.read }
http_session.cert =OpenSSL::X509::Certificate.new(cert)
http_session.key =OpenSSL::PKey::RSA.new(key,nil)
cert — key
https://github.com/augustl/net-http-cheat-sheet/blob/master/ssl_and_https.rb
http://www.spacevatican.org/2009/7/11/ruby-openssl-and-client-side-certificates/
http://stackoverflow.com/questions/10262676/add-ssl-to-a-connection
http://stackoverflow.com/questions/12836847/how-to-establish-a-ssl-enabled-tcp-ip-connection-in-ruby
http://stackoverflow.com/questions/7263960/convert-sslsocket-python-code-to-ruby
tiaoshi
https://www.google.com.hk/search?newwindow=1&safe=strict&espv=2&es_sm=91&q=SSL_connect+returned%3D1+errno%3D0+state%3DSSLv3+read+server+certificate+B%3A+certificate+verify+failed&oq=SSL_connect+returned%3D1+errno%3D0+state%3DSSLv3+read+server+certificate+B%3A+certificate+verify+failed&gs_l=serp.12...116986.116986.0.118655.1.1.0.0.0.0.97.97.1.1.0....0...1c.2.40.serp..1.0.0.Y62fuKpze98
http://stackoverflow.com/questions/4528101/ssl-connect-returned-1-errno-0-state-sslv3-read-server-certificate-b-certificat
http://blog.marc-seeger.de/2012/06/22/ruby-openssl-and-econnreset/
http://mislav.uniqpath.com/2013/07/ruby-openssl/
CONF_GW['cert_path']
---
development:
cert_path: config/cert/dev/client.pemrequire 'timeout'
module EciticHttp
class Error < Exception
attr_accessor :number
end
class SystemTimeoutError < Timeout::Error
end
class TCPTimeoutError < Timeout::Error
end
class ProductTypeResult
end
class SoapHttp
include EciticHttp::XMLUtil
# tcp_timeout做为open_timeout的时间,如果这个时间内没有能打开,则直接timeout退出
# timeout为原系统timeout,任务到时间后会退出
# 这里默认改为10分钟 ,防止保留太多的TCP连接
attr_accessor :response_data,:response_code,:post_data,:url, :cookie, :response_type,:timeout,:tcp_timeout
def initialize(p={})
@cookie = p[:cookie]
@url = p[:url] || Setting.ecitic.order_query
@response_type = p[:response_type] || 'request'
@timeout = p[:timeout] || 600
@tcp_timeout = p[:tcp_timeout] || 120
end
def soap_login(method, post_data)
headers = {
'Referer' => 'http://www.appfusion.net',
'Content-Type' => 'text/xml; charset=utf-8',
'SOAPAction' => 'http://service.xxxxxx.com'
}
headers['cookie'] = @cookie unless @cookie.blank?
uri = URI.parse(@url.to_s)
request_http = Net::HTTP.new(uri.host, uri.port)
request_http.use_ssl = uri.scheme.upcase == 'HTTPS'
request_http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request_http.ssl_version = :SSLv3
pem = File.read(CONF_GW['cert_path'])
request_http.cert = OpenSSL::X509::Certificate.new(pem)
request_http.key = OpenSSL::PKey::RSA.new(pem,'123456')
Timeout::timeout(@timeout) {
body = ""
header = request_http.post(uri.path, post_data, headers) do |data|
body << data
end
yield header,body
}
end
def soap_http(method, params: {}, cookie: nil)
@cookie = cookie
post_data = resquest_to_xml(method, :hash => params)
soap_login(method, post_data) do |header,body|
puts "==#{method}== code -- #{header.code}"
set_response_data(method,:header => header,:body => body) if header.code == '200'
return self
end
nil
end
def resquest_to_xml(method, hash: {})
hash_to_soap_xml(method, @response_type, hash)
end
def response_to_hash(method,xml_str)
xml_to_hash(method,xml_str)
end
def set_response_data(method,header: nil, body: nil)
@response_code = header.code
@response_data = response_to_hash(method,body)
@cookie = header.response['set-cookie']
end
end
endrequire 'cgi'
module EciticHttp
module XMLUtil
# hash to xml
def to_request_xml(method,type,p={})
require 'active_support/builder' unless defined?(Builder)
xml = Builder::XmlMarkup.new(:indent=> p.size)
xml.instruct!
xml.message('method' => method, 'type' => type) do |node|
p.each do |key,value|
if key.to_sym == :dataSet && !value.blank?
node.dataSet('count' => value.size) do |record_node|
record_chind_node(value, record_node)
end
else
node.tag! key,value
end
end
end
end
def record_chind_node(dataSet,record_node)
dataSet.each do |date|
record_node.record date
end
end
# hash to soap xml
def hash_to_soap_xml(method,type,p={})
xml = to_request_xml(method,type,p)
puts xml
data = <<-EOF
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://service.xxxxxxxxx.com">
<soapenv:Header/>
<soapenv:Body>
<ser:#{method}>
<ser:paraXML>#{CGI.escapeHTML(xml)}</ser:paraXML>
</ser:#{method}>
</soapenv:Body>
</soapenv:Envelope>
EOF
end
def xml_to_hash(method,xml_str)
begin
hash = Hash.from_xml(xml_str)
loginReturn = hash['Envelope']['Body']["#{method}Response"]["#{method}Return"]
dom = Nokogiri::XML(loginReturn,nil,'utf-8')
node = dom.xpath('message').first
hash = node.element_children.each_with_object(Hash.new) do |e, h|
h[e.name.to_sym] = e.content
if e.name.to_sym == :resParam || e.name.to_sym == :dataSet
h[e.name.to_sym] = e.element_children.each_with_object(Hash.new) do |er, h|
h[er.name.to_sym] = er.content
end
end
if e.name.to_sym == :dataSet
h[e.name.to_sym] = []
e.element_children.each_with_object(Hash.new) do |er, hm|
h[e.name.to_sym] << er.content
end
end
end
puts "---#{method}-----xml_to_hash--------"
puts hash.inspect
hash
rescue Exception => e
Rails.logger.info e.backtrace.join("\n")
nil
end
end
end
endsoap-ui 查看工具 调试特方便 记得到证书密码
6069
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
