1. 技术文章
  2. Does SAVON support client side certificates authentication

Does SAVON support client side certificates authentication

一曲冷凌霜 提交于 2019-12-09 17:18:04

问题


I'm evaluating savon for consuming webservices... but I dont find any information if I can use a SSL client side certificate to authenticate against the server that provides the SOAP webservices. I read the documentation but didn't find anything about it.

Does anyone know if SAVON supports client side certificate authentication?

Regards Fak


回答1:


the latest stable version of Savon (2.2.0 at this moment) supports SSL client certificates via global options. Please refer to the SSL section in the documentation.

Here is some example code, assuming httpclient is used with httpi:

savonConfig = {
    :namespace => "http://...com",
    :endpoint => 'https://...:557/x/b/c',
    #:wsdl => 'https://...:557/x/b/c?wsdl',
    :log_level => :debug,
    :log => true,
    :ssl_verify_mode => :none,
    :ssl_cert_file => 'publicCert.pem',
    :ssl_cert_key_file => 'privateKey.pem',
    :ssl_cert_key_password => '1234',
    :open_timeout => 600,
    :read_timeout => 600
}

client = Savon.client savonConfig

soapBody = {
...
}


calcResponse = client.call(:charge, :message => soapBody)

If you have a pfx certificate/key file, you may have problems using it directly - so you might want to split them out into separate files - see this page for info: Extract public/private key from PKCS12 file for later use in SSH-PK-Authentification

Hope that helps!
Daniel




回答2:


We are having issues trying to get savon client to work with ssl client auth but at same time bypass host verification....

https://github.com/savonrb/savon/issues/679

client = Savon.client(log_level: :debug,
log: true,
ssl_verify_mode: :none,
ssl_cert_file: (Rails.root + 'signed.cer').to_s,
ssl_cert_key_file: ('private.key').to_s,
wsdl: "https://example.com/Service?wsdl",
endpoint: "https://example.com/Service")

fails with Like HTTPI GET request to wir.dhswir.org (net_http) HTTPI::SSLError: SSL_read: ssl handshake failure

no moe info..

We have tried savon 2.2.0, 2.3.0, and 2.11.0. with slightly varying error messages.

We are using same PEM formatted key and cert to savon and using unix WGET to compare. WGET will fail if we dont pass --no-check-certificate, however if we add that it passes and can do ssl client auth and get access

wget 'https://example.com/CDC/VaccinationService?wsdl'  --certificate=example-int-wi-signed.cer --private-key=private.key -O- --no-check-certificate


来源:https://stackoverflow.com/questions/15973285/does-savon-support-client-side-certificates-authentication

标签
ruby
ssl-certificate
savon
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!