关于ssl证书的格式转换以及各方式的使用收集以及案例,工具soap-ui

xiaoheliushuiya

浏览: 416179 次

最近访客更多访客>>

1754575407

necmy

huangwen566

hsgzs01

博主相关

博客

微博

相册

留言

关于我

文章分类

全部博客 (1029)

社区版块

存档分类

关于ssl证书的格式转换以及各方式的使用收集以及案例

http://stackoverflow.com/questions/12162975/openssl-not-enough-data

openssl x509 -inform der -in"c:\mydir\test.cer" -out"C:\mydir\certificate.pem"
openssl pkcs12 -in"c:\mydir\test.pfx" -nocerts -out"c:\mydir\test_pk.pem"

http://www.linuxspy.info/tag/convert-ssl-certificate-pfx-to-pem/

http://mccltd.net/blog/?p=1299

http://ruby-doc.org/stdlib-2.0/libdoc/openssl/rdoc/OpenSSL/X509/Certificate.html

truststore

http://mislav.uniqpath.com/2013/07/ruby-openssl/

http://blog.kabisa.nl/2009/12/04/ruby-and-ssl-certificate-validation/

http://stackoverflow.com/questions/2507902/how-to-validate-ssl-certificate-chain-in-ruby-with-net-http

http://stackoverflow.com/questions/9199660/why-is-ruby-unable-to-verify-an-ssl-certificate

http://www.ruby-doc.org/gems/docs/m/mack-encryption-0.8.3/EzCrypto/TrustStore.html

File.open("client_certificate.pem",'rb' ) { |f| cert = f.read }
File.open("client_key.pem",'rb' ) { |f| key = f.read }
http_session.cert =OpenSSL::X509::Certificate.new(cert)
http_session.key =OpenSSL::PKey::RSA.new(key,nil)

cert — key
https://github.com/augustl/net-http-cheat-sheet/blob/master/ssl_and_https.rb

http://www.spacevatican.org/2009/7/11/ruby-openssl-and-client-side-certificates/

http://stackoverflow.com/questions/10262676/add-ssl-to-a-connection

http://stackoverflow.com/questions/12836847/how-to-establish-a-ssl-enabled-tcp-ip-connection-in-ruby

http://stackoverflow.com/questions/7263960/convert-sslsocket-python-code-to-ruby

tiaoshi
https://www.google.com.hk/search?newwindow=1&safe=strict&espv=2&es_sm=91&q=SSL_connect+returned%3D1+errno%3D0+state%3DSSLv3+read+server+certificate+B%3A+certificate+verify+failed&oq=SSL_connect+returned%3D1+errno%3D0+state%3DSSLv3+read+server+certificate+B%3A+certificate+verify+failed&gs_l=serp.12...116986.116986.0.118655.1.1.0.0.0.0.97.97.1.1.0....0...1c.2.40.serp..1.0.0.Y62fuKpze98

http://stackoverflow.com/questions/4528101/ssl-connect-returned-1-errno-0-state-sslv3-read-server-certificate-b-certificat

http://blog.marc-seeger.de/2012/06/22/ruby-openssl-and-econnreset/

http://mislav.uniqpath.com/2013/07/ruby-openssl/

CONF_GW['cert_path']

---
development:
  cert_path: config/cert/dev/client.pem

require 'timeout'

module EciticHttp
  class Error < Exception
    attr_accessor :number
  end

  class SystemTimeoutError < Timeout::Error
  end

  class TCPTimeoutError < Timeout::Error
  end

  class ProductTypeResult
  end


  class SoapHttp
    include EciticHttp::XMLUtil

    # tcp_timeout做为open_timeout的时间,如果这个时间内没有能打开,则直接timeout退出 
    # timeout为原系统timeout,任务到时间后会退出
    # 这里默认改为10分钟 ，防止保留太多的TCP连接
    attr_accessor :response_data,:response_code,:post_data,:url, :cookie, :response_type,:timeout,:tcp_timeout

    def initialize(p={})
      @cookie         = p[:cookie]
      @url            = p[:url] || Setting.ecitic.order_query
      @response_type  = p[:response_type] || 'request'
      @timeout        = p[:timeout] || 600
      @tcp_timeout    = p[:tcp_timeout] || 120

    end
    
    def soap_login(method, post_data)
      headers = {
        'Referer'       => 'http://www.appfusion.net',
        'Content-Type'  => 'text/xml; charset=utf-8',
        'SOAPAction'    => 'http://service.xxxxxx.com'
      }
      headers['cookie'] = @cookie unless @cookie.blank?

      uri                      = URI.parse(@url.to_s)
      request_http             = Net::HTTP.new(uri.host, uri.port)
      request_http.use_ssl     = uri.scheme.upcase == 'HTTPS'
      request_http.verify_mode = OpenSSL::SSL::VERIFY_NONE
      request_http.ssl_version = :SSLv3

      pem = File.read(CONF_GW['cert_path'])
      request_http.cert = OpenSSL::X509::Certificate.new(pem)
      request_http.key  = OpenSSL::PKey::RSA.new(pem,'123456')

      Timeout::timeout(@timeout) {
        body = ""
        header = request_http.post(uri.path, post_data, headers) do |data|
          body << data
        end
        yield header,body
      }
    end

    def soap_http(method, params: {}, cookie: nil)
      @cookie = cookie
      
      post_data = resquest_to_xml(method, :hash => params)

      soap_login(method, post_data) do |header,body|
        puts "==#{method}== code   -- #{header.code}"        
        set_response_data(method,:header => header,:body => body) if header.code == '200'
        return self
      end
      nil
    end

    def resquest_to_xml(method, hash: {})
      hash_to_soap_xml(method, @response_type, hash)
    end

    def response_to_hash(method,xml_str)
      xml_to_hash(method,xml_str)
    end

    def set_response_data(method,header: nil, body: nil)
      @response_code = header.code
      @response_data = response_to_hash(method,body)
      @cookie        = header.response['set-cookie']
    end
  end
end

require 'cgi'

module EciticHttp
  module XMLUtil
    # hash to xml
    def to_request_xml(method,type,p={})
      require 'active_support/builder' unless defined?(Builder)
      xml = Builder::XmlMarkup.new(:indent=> p.size)
      xml.instruct!

      xml.message('method' => method, 'type' => type) do |node|
        p.each do |key,value|
          if key.to_sym == :dataSet && !value.blank?
            node.dataSet('count' => value.size) do |record_node|
              record_chind_node(value, record_node)
            end
          else
            node.tag! key,value
          end
        end
      end
    end
    def record_chind_node(dataSet,record_node)
      dataSet.each do |date|
        record_node.record date
      end
    end

    # hash to soap xml
    def hash_to_soap_xml(method,type,p={})
      xml = to_request_xml(method,type,p)
      puts xml
      data = <<-EOF
      <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
                        xmlns:ser="http://service.xxxxxxxxx.com">
          <soapenv:Header/>
          <soapenv:Body>
              <ser:#{method}>
                  <ser:paraXML>#{CGI.escapeHTML(xml)}</ser:paraXML>
              </ser:#{method}>
          </soapenv:Body>
      </soapenv:Envelope>
      EOF

    end

    def xml_to_hash(method,xml_str)
      begin
        hash = Hash.from_xml(xml_str)

        loginReturn = hash['Envelope']['Body']["#{method}Response"]["#{method}Return"]

        dom = Nokogiri::XML(loginReturn,nil,'utf-8')
        node = dom.xpath('message').first
        hash = node.element_children.each_with_object(Hash.new) do |e, h|
          h[e.name.to_sym] = e.content
          if e.name.to_sym == :resParam || e.name.to_sym == :dataSet
            h[e.name.to_sym] = e.element_children.each_with_object(Hash.new) do |er, h|
              h[er.name.to_sym] = er.content
            end
          end
          if e.name.to_sym == :dataSet
            h[e.name.to_sym] = []
            e.element_children.each_with_object(Hash.new) do |er, hm|
              h[e.name.to_sym] << er.content
            end
          end
        end
        puts "---#{method}-----xml_to_hash--------"
        puts hash.inspect
        hash
      rescue Exception => e
        Rails.logger.info e.backtrace.join("\n")
        nil
      end
    end
  end
end

soap-ui 查看工具调试特方便记得到证书密码