HTTPS/Client-authenticated: Difference between revisions

← Older edit

HTTPS/Client-authenticated (view source)

Revision as of 10:14, 10 December 2023

6,779 bytes added , 5 months ago

m

→‎{{header|Wren}}: Another minor change

PureFox

9,476

edits

Revision as of 17:55, 5 October 2021 (view source) PureFox (talk \| contribs) m (→‎{{header\|Wren}}: Removed trans template as not applicable here.) ← Older edit		Latest revision as of 10:14, 10 December 2023 (view source) PureFox (talk \| contribs) m (→‎{{header\|Wren}}: Another minor change)
(10 intermediate revisions by 7 users not shown)
Line 4: This task is in general useful for use with [[Creating a SOAP Client\|webservice client]]s as it offers a high level of assurance that the client is an acceptable counterparty for the server. For example, [http://aws.amazon.com/ Amazon Web Services] uses this style of authentication. =={{header\|Arturo}}== <syntaxhighlight lang="arturo">r: request.get.certificate:"mycert.pem" "https://www.example.com" ø</syntaxhighlight> =={{header\|C sharp\|C#}}== {{works with\|C sharp\|3.0}} <~~lang~~syntaxhighlight lang="csharp"> using System; using System.Net; Line 32 ⟶ 36: } } </syntaxhighlight> ~~</lang>~~ =={{header\|Go}}== <~~lang~~syntaxhighlight Golang="go">package main import ( Line 73 ⟶ 77: } </syntaxhighlight> ~~</lang>~~ =={{header\|Java}}== <syntaxhighlight lang="java"> import java.io.BufferedInputStream; import java.io.FileInputStream; import java.net.URI; import java.net.URL; import java.security.KeyStore; import java.util.Scanner; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; public final class HTTPSClientAuthenticated { public static void main(String[] aArgs) throws Exception { final String keyStorePath = "the/path/to/keystore"; // The key store contains the client's certificate final String keyStorePassword = "my-password"; SSLContext sslContext = getSSLContext(keyStorePath, keyStorePassword); URL url = new URI("https://somehost.com").toURL(); HttpsURLConnection connection = (HttpsURLConnection) url.openConnection(); connection.setSSLSocketFactory(sslContext.getSocketFactory()); // Obtain response from the url BufferedInputStream response = (BufferedInputStream) connection.getInputStream(); try ( Scanner scanner = new Scanner(response) ) { String responseBody = scanner.useDelimiter("\\A").next(); System.out.println(responseBody); } } private static SSLContext getSSLContext(String aPath, String aPassword) throws Exception { KeyStore keyStore = KeyStore.getInstance("pkcs12"); keyStore.load( new FileInputStream(aPath), aPassword.toCharArray()); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("PKIX"); keyManagerFactory.init(keyStore, aPassword.toCharArray()); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(keyManagerFactory.getKeyManagers(), null, null); return sslContext; } } </syntaxhighlight> =={{header\|Julia}}== <~~lang~~syntaxhighlight lang="julia">using HTTP, MbedTLS conf = MbedTLS.SSLConfig(true, log_secrets="/utl/secret_key_log.log") Line 82 ⟶ 132: println(resp) </~~lang~~syntaxhighlight>{{output}}<pre> HTTP.Messages.Response: """ Line 102 ⟶ 152: =={{header\|Kotlin}}== <~~lang~~syntaxhighlight lang="scala">// version 1.2.0 import java.security.KeyStore Line 138 ⟶ 188: println(line) } }</~~lang~~syntaxhighlight> =={{header\|Lasso}}== <~~lang~~syntaxhighlight ~~Lasso~~lang="lasso">local(sslcert = file('myCert.pem')) local(x = curl('https://sourceforge.net')) #x->set(CURLOPT_SSLCERT, #sslcert->readstring) #sslcert->close #x->result->asString</~~lang~~syntaxhighlight> =={{header\|Mathematica}} / {{header\|Wolfram Language}}== <~~lang~~syntaxhighlight ~~Mathematica~~lang="mathematica">a = RunThrough["curl -E myCert.pem https://www.example.com", 1] For[ i=0, i < Length[a] , i++, SomeFunction[a]]</~~lang~~syntaxhighlight> =={{header\|Nim}}== <~~lang~~syntaxhighlight lang="nim">import httpclient, net var client = newHttpClient(sslContext = newContext(certFile = "mycert.pem")) var r = client.get("https://www.example.com")</~~lang~~syntaxhighlight> =={{header\|Perl}}== <~~lang~~syntaxhighlight ~~python~~lang="perl">#!/usr/bin/env perl -T use 5.018_002; use warnings; Line 178 ⟶ 228: else { say $res->status_line; }</~~lang~~syntaxhighlight> =={{header\|Phix}}== {{libheader\|Phix/libcurl}} Exactly the same as the HTTP#Phix task, except for the CURLOPT_SSLCERT part. <!--<syntaxhighlight lang="phix">(notonline)--> ~~<lang Phix>include builtins\libcurl.e~~ <span style="color: #008080;">without</span> <span style="color: #008080;">js</span> ~~curl_global_init()~~ <span style="color: #008080;">include</span> <span style="color: #000000;">builtins</span><span style="color: #0000FF;">\</span><span style="color: #000000;">libcurl</span><span style="color: #0000FF;">.</span><span style="color: #000000;">e</span> ~~atom curl = curl_easy_init()~~ <span style="color: #7060A8;">curl_global_init</span><span style="color: #0000FF;">()</span> ~~curl_easy_setopt(curl, CURLOPT_URL, "https://sourceforge.net")~~ <span style="color: #004080;">atom</span> <span style="color: #000000;">curl</span> <span style="color: #0000FF;">=</span> <span style="color: #7060A8;">curl_easy_init</span><span style="color: #0000FF;">()</span> ~~integer fn = open("myCert.pem","r")~~ <span style="color: #7060A8;">curl_easy_setopt</span><span style="color: #0000FF;">(</span><span style="color: #000000;">curl</span><span style="color: #0000FF;">,</span> <span style="color: #004600;">CURLOPT_URL</span><span style="color: #0000FF;">,</span> <span style="color: #008000;">"https://sourceforge.net"</span><span style="color: #0000FF;">)</span> ~~curl_easy_setopt(curl, CURLOPT_SSLCERT, get_text(fn))~~ <span style="color: #004080;">integer</span> <span style="color: #000000;">fn</span> <span style="color: #0000FF;">=</span> <span style="color: #7060A8;">open</span><span style="color: #0000FF;">(</span><span style="color: #008000;">"myCert.pem"</span><span style="color: #0000FF;">,</span><span style="color: #008000;">"r"</span><span style="color: #0000FF;">)</span> ~~close(fn)~~ <span style="color: #7060A8;">curl_easy_setopt</span><span style="color: #0000FF;">(</span><span style="color: #000000;">curl</span><span style="color: #0000FF;">,</span> <span style="color: #000000;">CURLOPT_SSLCERT</span><span style="color: #0000FF;">,</span> <span style="color: #7060A8;">get_text</span><span style="color: #0000FF;">(</span><span style="color: #000000;">fn</span><span style="color: #0000FF;">))</span> ~~object res = curl_easy_perform_ex(curl)~~ <span style="color: #7060A8;">close</span><span style="color: #0000FF;">(</span><span style="color: #000000;">fn</span><span style="color: #0000FF;">)</span> ~~curl_easy_cleanup(curl)~~ <span style="color: #004080;">object</span> <span style="color: #000000;">res</span> <span style="color: #0000FF;">=</span> <span style="color: #7060A8;">curl_easy_perform_ex</span><span style="color: #0000FF;">(</span><span style="color: #000000;">curl</span><span style="color: #0000FF;">)</span> ~~curl_global_cleanup()~~ <span style="color: #7060A8;">curl_easy_cleanup</span><span style="color: #0000FF;">(</span><span style="color: #000000;">curl</span><span style="color: #0000FF;">)</span> <span style="color: #7060A8;">curl_global_cleanup</span><span style="color: #0000FF;">()</span> ~~puts(1,res)</lang>~~ <span style="color: #7060A8;">puts</span><span style="color: #0000FF;">(</span><span style="color: #000000;">1</span><span style="color: #0000FF;">,</span><span style="color: #000000;">res</span><span style="color: #0000FF;">)</span> <!--</syntaxhighlight>--> =={{header\|PicoLisp}}== <~~lang~~syntaxhighlight ~~PicoLisp~~lang="picolisp">(in '(curl "-E" "myCert.pem" "https://www.example.com") (while (line) (doSomeProcessingWithLine @) ) )</~~lang~~syntaxhighlight> =={{header\|Python}}== <~~lang~~syntaxhighlight lang="python">import httplib connection = httplib.HTTPSConnection('www.example.com',cert_file='myCert.PEM') Line 208 ⟶ 261: response = connection.getresponse() data = response.read() </syntaxhighlight> ~~</lang>~~ =={{header\|Racket}}== Skeleton code to connect to a server: <~~lang~~syntaxhighlight lang="racket"> #lang racket (require openssl/mzssl) Line 220 ⟶ 273: (ssl-load-verify-root-certificates! ctx "my-cert.pem") (define-values [I O] (ssl-connect "www.example.com" 443 ctx)) </syntaxhighlight> ~~</lang>~~ =={{header\|Raku}}== (formerly Perl 6) <syntaxhighlight lang="raku" line> ~~<lang perl6>~~ # cert creation commands Line 253 ⟶ 306: $s.close; </syntaxhighlight> ~~</lang>~~ =={{header\|Ruby}}== <~~lang~~syntaxhighlight ~~Ruby~~lang="ruby">require 'uri' require 'net/http' Line 267 ⟶ 320: request = Net::HTTP::Get.new uri http.request request end</~~lang~~syntaxhighlight> =={{header\|Rust}}== {{works with\|Rust\|2021}} This implementation uses [https://crates.io/crates/reqwest reqwest], the de facto standard high-level HTTP(S) rust library. It is roughly equivalent in purpose and functionality to Python's [https://docs.python-requests.org/en/master/index.html requests]. ===Cargo.toml dependencies=== The blocking variant of the reqwest library is used here for simplicity's sake. An asynchronous API is also available. Native (system) TLS libraries are used instead of Rustls, the Rust TLS implementation, because we use a PKCS#12 certificate which at the time of writing does not seem to be available on Rustls. A PKCS#12 certificate is used instead of its PEM equivalent because reading password-protected PEM files [https://docs.rs/reqwest/0.11.6/reqwest/tls/struct.Identity.html#method.from_pem does not seem to be available] either. <syntaxhighlight lang="toml">reqwest = {version = "0.11", features = ["native-tls", "blocking"]}</syntaxhighlight> ===src/main.rs=== <syntaxhighlight lang="rust">use std::fs::File; use std::io::Read; use reqwest::blocking::Client; use reqwest::Identity; fn main() -> std::io::Result<()> { let identity = { let mut buf = Vec::new(); // Downloaded from https://badssl.com/certs/badssl.com-client.p12 File::open("badssl.com-client.p12")?.read_to_end(&mut buf)?; // Password is badssl.com Identity::from_pkcs12_der(&buf, "badssl.com").unwrap() }; let client = Client::builder().identity(identity).build().unwrap(); let response = client.get("https://client.badssl.com/").send().unwrap(); if !response.status().is_success() { eprintln!("HTTP error requesting URL: {}", response.status()); } println!("Got response from server: {}", response.text().unwrap()); Ok(()) }</syntaxhighlight> =={{header\|Scala}}== <~~lang~~syntaxhighlight ~~Scala~~lang="scala">import java.io.FileInputStream import java.net.URL import java.security.KeyStore Line 298 ⟶ 388: new BufferedSource(con.getInputStream).getLines.foreach(println(_)) }</~~lang~~syntaxhighlight> =={{header\|Tcl}}== Uses the [http://tls.sourceforge.net Tls] package. <~~lang~~syntaxhighlight lang="tcl">package require http package require tls Line 317 ⟶ 407: # Now as for conventional use of the “http” package set data [http::data $token] http::cleanup $token</~~lang~~syntaxhighlight> =={{header\|Wren}}== {{libheader\|libcurl}} An embedded program so we can ask the C host to communicate with libcurl for us. <~~lang~~syntaxhighlight ~~ecmascript~~lang="wren">/* ~~https_client~~HTTPS_Client-authenticated.wren / var CURLOPT_URL = 10002 Line 355 ⟶ 445: return } curl.easyCleanup()</~~lang~~syntaxhighlight> <br> We now embed this in the following C program, compile and run it. <~~lang~~syntaxhighlight lang="c">/ gcc ~~https_client~~HTTPS_Client-authenticated.c -o ~~https_client~~HTTPS_Client-authenticated -lcurl -lwren -lm / #include <stdio.h> Line 458 ⟶ 548: WrenVM vm = wrenNewVM(&config); const char* module = "main"; const char* fileName = "~~https_client~~HTTPS_Client-authenticated.wren"; char script = readFile(fileName); WrenInterpretResult result = wrenInterpret(vm, module, script); Line 474 ⟶ 564: free(script); return 0; }</~~lang~~syntaxhighlight> =={{header\|zkl}}== Uses libCurl. <~~lang~~syntaxhighlight lang="zkl">var CURL=Import("zklCurl"), c=CURL(); c.setOpt("SSLCERT","certFile.pem"); c.setOpt("SSLCERTTYPE","pem"); c.get("http://zenkinetic.com"); // lame example to show how to read</~~lang~~syntaxhighlight> {{omit from\|Batch File\|Does not have network access.}} {{omit from\|Brainf**}} {{omit from\|Commodore BASIC\|Does not have network access}} {{omit from\|EasyLang\|Has no internet functions}} {{omit from\|Inform 7\|Does not have network access.}} {{omit from\|Locomotive Basic\|Does not have network access.}}