HTTPS/Client-authenticated: Difference between revisions
m
→{{header|Wren}}: Another minor change
m (→{{header|Wren}}: Removed trans template as not applicable here.) |
m (→{{header|Wren}}: Another minor change) |
||
(10 intermediate revisions by 7 users not shown) | |||
Line 4:
This task is in general useful for use with [[Creating a SOAP Client|webservice client]]s as it offers a high level of assurance that the client is an acceptable counterparty for the server. For example, [http://aws.amazon.com/ Amazon Web Services] uses this style of authentication.
=={{header|Arturo}}==
<syntaxhighlight lang="arturo">r: request.get.certificate:"mycert.pem" "https://www.example.com" ø</syntaxhighlight>
=={{header|C sharp|C#}}==
{{works with|C sharp|3.0}}
<
using System;
using System.Net;
Line 32 ⟶ 36:
}
}
</syntaxhighlight>
=={{header|Go}}==
<
import (
Line 73 ⟶ 77:
}
</syntaxhighlight>
=={{header|Java}}==
<syntaxhighlight lang="java">
import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.net.URI;
import java.net.URL;
import java.security.KeyStore;
import java.util.Scanner;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
public final class HTTPSClientAuthenticated {
public static void main(String[] aArgs) throws Exception {
final String keyStorePath = "the/path/to/keystore"; // The key store contains the client's certificate
final String keyStorePassword = "my-password";
SSLContext sslContext = getSSLContext(keyStorePath, keyStorePassword);
URL url = new URI("https://somehost.com").toURL();
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
connection.setSSLSocketFactory(sslContext.getSocketFactory());
// Obtain response from the url
BufferedInputStream response = (BufferedInputStream) connection.getInputStream();
try ( Scanner scanner = new Scanner(response) ) {
String responseBody = scanner.useDelimiter("\\A").next();
System.out.println(responseBody);
}
}
private static SSLContext getSSLContext(String aPath, String aPassword) throws Exception {
KeyStore keyStore = KeyStore.getInstance("pkcs12");
keyStore.load( new FileInputStream(aPath), aPassword.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("PKIX");
keyManagerFactory.init(keyStore, aPassword.toCharArray());
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), null, null);
return sslContext;
}
}
</syntaxhighlight>
=={{header|Julia}}==
<
conf = MbedTLS.SSLConfig(true, log_secrets="/utl/secret_key_log.log")
Line 82 ⟶ 132:
println(resp)
</
HTTP.Messages.Response:
"""
Line 102 ⟶ 152:
=={{header|Kotlin}}==
<
import java.security.KeyStore
Line 138 ⟶ 188:
println(line)
}
}</
=={{header|Lasso}}==
<
local(x = curl('https://sourceforge.net'))
#x->set(CURLOPT_SSLCERT, #sslcert->readstring)
#sslcert->close
#x->result->asString</
=={{header|Mathematica}} / {{header|Wolfram Language}}==
<
For[ i=0, i < Length[a] , i++, SomeFunction[a]]</
=={{header|Nim}}==
<
var client = newHttpClient(sslContext = newContext(certFile = "mycert.pem"))
var r = client.get("https://www.example.com")</
=={{header|Perl}}==
<
use 5.018_002;
use warnings;
Line 178 ⟶ 228:
else {
say $res->status_line;
}</
=={{header|Phix}}==
{{libheader|Phix/libcurl}}
Exactly the same as the HTTP#Phix task, except for the CURLOPT_SSLCERT part.
<!--<syntaxhighlight lang="phix">(notonline)-->
<span style="color: #008080;">without</span> <span style="color: #008080;">js</span>
<span style="color: #008080;">include</span> <span style="color: #000000;">builtins</span><span style="color: #0000FF;">\</span><span style="color: #000000;">libcurl</span><span style="color: #0000FF;">.</span><span style="color: #000000;">e</span>
<span style="color: #7060A8;">curl_global_init</span><span style="color: #0000FF;">()</span>
<span style="color: #004080;">atom</span> <span style="color: #000000;">curl</span> <span style="color: #0000FF;">=</span> <span style="color: #7060A8;">curl_easy_init</span><span style="color: #0000FF;">()</span>
<span style="color: #7060A8;">curl_easy_setopt</span><span style="color: #0000FF;">(</span><span style="color: #000000;">curl</span><span style="color: #0000FF;">,</span> <span style="color: #004600;">CURLOPT_URL</span><span style="color: #0000FF;">,</span> <span style="color: #008000;">"https://sourceforge.net"</span><span style="color: #0000FF;">)</span>
<span style="color: #004080;">integer</span> <span style="color: #000000;">fn</span> <span style="color: #0000FF;">=</span> <span style="color: #7060A8;">open</span><span style="color: #0000FF;">(</span><span style="color: #008000;">"myCert.pem"</span><span style="color: #0000FF;">,</span><span style="color: #008000;">"r"</span><span style="color: #0000FF;">)</span>
<span style="color: #7060A8;">curl_easy_setopt</span><span style="color: #0000FF;">(</span><span style="color: #000000;">curl</span><span style="color: #0000FF;">,</span> <span style="color: #000000;">CURLOPT_SSLCERT</span><span style="color: #0000FF;">,</span> <span style="color: #7060A8;">get_text</span><span style="color: #0000FF;">(</span><span style="color: #000000;">fn</span><span style="color: #0000FF;">))</span>
<span style="color: #7060A8;">close</span><span style="color: #0000FF;">(</span><span style="color: #000000;">fn</span><span style="color: #0000FF;">)</span>
<span style="color: #004080;">object</span> <span style="color: #000000;">res</span> <span style="color: #0000FF;">=</span> <span style="color: #7060A8;">curl_easy_perform_ex</span><span style="color: #0000FF;">(</span><span style="color: #000000;">curl</span><span style="color: #0000FF;">)</span>
<span style="color: #7060A8;">curl_easy_cleanup</span><span style="color: #0000FF;">(</span><span style="color: #000000;">curl</span><span style="color: #0000FF;">)</span>
<span style="color: #7060A8;">curl_global_cleanup</span><span style="color: #0000FF;">()</span>
<span style="color: #7060A8;">puts</span><span style="color: #0000FF;">(</span><span style="color: #000000;">1</span><span style="color: #0000FF;">,</span><span style="color: #000000;">res</span><span style="color: #0000FF;">)</span>
<!--</syntaxhighlight>-->
=={{header|PicoLisp}}==
<
(while (line)
(doSomeProcessingWithLine @) ) )</
=={{header|Python}}==
<
connection = httplib.HTTPSConnection('www.example.com',cert_file='myCert.PEM')
Line 208 ⟶ 261:
response = connection.getresponse()
data = response.read()
</syntaxhighlight>
=={{header|Racket}}==
Skeleton code to connect to a server:
<
#lang racket
(require openssl/mzssl)
Line 220 ⟶ 273:
(ssl-load-verify-root-certificates! ctx "my-cert.pem")
(define-values [I O] (ssl-connect "www.example.com" 443 ctx))
</syntaxhighlight>
=={{header|Raku}}==
(formerly Perl 6)
<syntaxhighlight lang="raku" line>
# cert creation commands
Line 253 ⟶ 306:
$s.close;
</syntaxhighlight>
=={{header|Ruby}}==
<
require 'net/http'
Line 267 ⟶ 320:
request = Net::HTTP::Get.new uri
http.request request
end</
=={{header|Rust}}==
{{works with|Rust|2021}}
This implementation uses [https://crates.io/crates/reqwest reqwest], the de facto standard high-level HTTP(S) rust library. It is roughly equivalent in purpose and functionality to Python's [https://docs.python-requests.org/en/master/index.html requests].
===Cargo.toml dependencies===
The blocking variant of the reqwest library is used here for simplicity's sake. An asynchronous API is also available.
Native (system) TLS libraries are used instead of Rustls, the Rust TLS implementation, because we use a PKCS#12 certificate which at the time of writing does not seem to be available on Rustls. A PKCS#12 certificate is used instead of its PEM equivalent because reading password-protected PEM files [https://docs.rs/reqwest/0.11.6/reqwest/tls/struct.Identity.html#method.from_pem does not seem to be available] either.
<syntaxhighlight lang="toml">reqwest = {version = "0.11", features = ["native-tls", "blocking"]}</syntaxhighlight>
===src/main.rs===
<syntaxhighlight lang="rust">use std::fs::File;
use std::io::Read;
use reqwest::blocking::Client;
use reqwest::Identity;
fn main() -> std::io::Result<()> {
let identity = {
let mut buf = Vec::new();
// Downloaded from https://badssl.com/certs/badssl.com-client.p12
File::open("badssl.com-client.p12")?.read_to_end(&mut buf)?;
// Password is badssl.com
Identity::from_pkcs12_der(&buf, "badssl.com").unwrap()
};
let client = Client::builder().identity(identity).build().unwrap();
let response = client.get("https://client.badssl.com/").send().unwrap();
if !response.status().is_success() {
eprintln!("HTTP error requesting URL: {}", response.status());
}
println!("Got response from server: {}", response.text().unwrap());
Ok(())
}</syntaxhighlight>
=={{header|Scala}}==
<
import java.net.URL
import java.security.KeyStore
Line 298 ⟶ 388:
new BufferedSource(con.getInputStream).getLines.foreach(println(_))
}</
=={{header|Tcl}}==
Uses the [http://tls.sourceforge.net Tls] package.
<
package require tls
Line 317 ⟶ 407:
# Now as for conventional use of the “http” package
set data [http::data $token]
http::cleanup $token</
=={{header|Wren}}==
{{libheader|libcurl}}
An embedded program so we can ask the C host to communicate with libcurl for us.
<
var CURLOPT_URL = 10002
Line 355 ⟶ 445:
return
}
curl.easyCleanup()</
<br>
We now embed this in the following C program, compile and run it.
<
#include <stdio.h>
Line 458 ⟶ 548:
WrenVM* vm = wrenNewVM(&config);
const char* module = "main";
const char* fileName = "
char *script = readFile(fileName);
WrenInterpretResult result = wrenInterpret(vm, module, script);
Line 474 ⟶ 564:
free(script);
return 0;
}</
=={{header|zkl}}==
Uses libCurl.
<
c.setOpt("SSLCERT","certFile.pem"); c.setOpt("SSLCERTTYPE","pem");
c.get("http://zenkinetic.com"); // lame example to show how to read</
{{omit from|Batch File|Does not have network access.}}
{{omit from|Brainf***}}
{{omit from|Commodore BASIC|Does not have network access}}
{{omit from|EasyLang|Has no internet functions}}
{{omit from|Inform 7|Does not have network access.}}
{{omit from|Locomotive Basic|Does not have network access.}}
|