7

我正在评估 savon 是否使用 Web 服务……但如果我可以使用 SSL 客户端证书对提供 SOAP Web 服务的服务器进行身份验证,我找不到任何信息。我阅读了文档,但没有找到任何关于它的信息。

有谁知道 SAVON 是否支持客户端证书身份验证?

问候法克

4

2 回答 2

14

Savon 的最新稳定版本(目前为 2.2.0)通过全局选项支持 SSL 客户端证书。请参阅文档中的 SSL 部分。

下面是一些示例代码,假设 httpclient 与 httpi 一起使用:

savonConfig = {
    :namespace => "http://...com",
    :endpoint => 'https://...:557/x/b/c',
    #:wsdl => 'https://...:557/x/b/c?wsdl',
    :log_level => :debug,
    :log => true,
    :ssl_verify_mode => :none,
    :ssl_cert_file => 'publicCert.pem',
    :ssl_cert_key_file => 'privateKey.pem',
    :ssl_cert_key_password => '1234',
    :open_timeout => 600,
    :read_timeout => 600
}

client = Savon.client savonConfig

soapBody = {
...
}


calcResponse = client.call(:charge, :message => soapBody)

如果您有 pfx 证书/密钥文件,则直接使用它可能会遇到问题 - 因此您可能希望将它们拆分为单独的文件 - 请参阅此页面以获取信息:从 PKCS12 文件中提取公钥/私钥供以后在 SSH 中使用- PK-认证

希望有帮助!
丹尼尔

于 2013-06-29T17:00:01.157 回答
2

We are having issues trying to get savon client to work with ssl client auth but at same time bypass host verification....

https://github.com/savonrb/savon/issues/679

client = Savon.client(log_level: :debug,
log: true,
ssl_verify_mode: :none,
ssl_cert_file: (Rails.root + 'signed.cer').to_s,
ssl_cert_key_file: ('private.key').to_s,
wsdl: "https://example.com/Service?wsdl",
endpoint: "https://example.com/Service")

fails with Like HTTPI GET request to wir.dhswir.org (net_http) HTTPI::SSLError: SSL_read: ssl handshake failure

no moe info..

We have tried savon 2.2.0, 2.3.0, and 2.11.0. with slightly varying error messages.

We are using same PEM formatted key and cert to savon and using unix WGET to compare. WGET will fail if we dont pass --no-check-certificate, however if we add that it passes and can do ssl client auth and get access

wget 'https://example.com/CDC/VaccinationService?wsdl'  --certificate=example-int-wi-signed.cer --private-key=private.key -O- --no-check-certificate
于 2015-04-07T21:35:32.910 回答