如何在python中通过SSLsocket执行https请求
我使用以下代码执行ssl握手和ssl服务器的证书验证如何在python中通过SSLsocket执行https请求,python,ssl,https,Python,Ssl,Https,我使用以下代码执行ssl握手和ssl服务器的证书验证 import ssl import socket s = socket.socket() print "connecting..." #logging.debug("Connecting") # Connect with SSL mutual authentication # We only trust our server's CA, and it only trusts user certificates signed by it c
import ssl
import socket
s = socket.socket()
print "connecting..."
#logging.debug("Connecting")
# Connect with SSL mutual authentication
# We only trust our server's CA, and it only trusts user certificates signed by it
c = ssl.wrap_socket(s, cert_reqs=ssl.CERT_REQUIRED,
ssl_version=ssl.PROTOCOL_SSLv3, ca_certs='ca.crt',
certfile='user.crt', keyfile='user.key')
c.connect((constants.server_addr, constants.port))
我能够连接到服务器,并且证书已正确验证,但是,我不确定从这里该做什么。我需要通过套接字执行https操作,包括将XML发布到RESTAPI。我该怎么做呢?您可以从
urlib2.urlopensocketsslurllib如果您使用的是Python2,那么您有几个选项。一种是子类化
urllib2.HTTPSHandlerurllib2httplibwrap_sockethttplib.HTTPConnection(我仍然会考虑使用像PycURL一样的东西,正如我已经回答过的)
< P>这正是我在项目中所做的。这是我在项目中使用的REST客户机模块。它已经被修改以适应我的需要,但我想你可能会发现它也很有用。它需要httplib2:如果要使用httplib,您确实需要执行一些手动ssl处理,不幸的是,httplib不进行任何服务器证书验证。urllib2也是如此…@Bruno我通过另一个问题发现了这一点。这就是为什么我必须使用我发布的代码。您知道如何使用该连接获得经过身份验证的https连接吗?
"""
client.py
---------
Modified to allow validation server's certificate with external cacert list.
-- Arif Widi Nugroho <arif@sainsmograf.com>
Copyright (C) 2008 Benjamin O'Steen
This file is part of python-fedoracommons.
python-fedoracommons is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
python-fedoracommons is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with python-fedoracommons. If not, see <http://www.gnu.org/licenses/>.
"""
__license__ = 'GPL http://www.gnu.org/licenses/gpl.txt'
__author__ = "Benjamin O'Steen <bosteen@gmail.com>, Arif Widi Nugroho <arif@sainsmograf.com>"
__version__ = '0.1'
import httplib2
import urlparse
import urllib
import base64
from base64 import encodestring
from mime_types import *
import mimetypes
from cStringIO import StringIO
class Connection(object):
def __init__(self, base_url, username=None, password=None, cache=None, ca_certs=None, user_agent_name=None):
self.base_url = base_url
self.username = username
m = MimeTypes()
self.mimetypes = m.get_dictionary()
self.url = urlparse.urlparse(base_url)
(scheme, netloc, path, query, fragment) = urlparse.urlsplit(base_url)
self.scheme = scheme
self.host = netloc
self.path = path
if user_agent_name is None:
self.user_agent_name = 'Basic Agent'
else:
self.user_agent_name = user_agent_name
# Create Http class with support for Digest HTTP Authentication, if necessary
# self.h = httplib2.Http(".cache")
self.h = httplib2.Http(cache=cache, ca_certs=ca_certs)
self.h.follow_all_redirects = True
if username and password:
self.h.add_credentials(username, password)
def request_get(self, resource, args = None, headers={}):
return self.request(resource, "get", args, headers=headers)
def request_delete(self, resource, args = None, headers={}):
return self.request(resource, "delete", args, headers=headers)
def request_head(self, resource, args = None, headers={}):
return self.request(resource, "head", args, headers=headers)
def request_post(self, resource, args = None, body = None, filename=None, headers={}):
return self.request(resource, "post", args , body = body, filename=filename, headers=headers)
def request_put(self, resource, args = None, body = None, filename=None, headers={}):
return self.request(resource, "put", args , body = body, filename=filename, headers=headers)
def get_content_type(self, filename):
extension = filename.split('.')[-1]
guessed_mimetype = self.mimetypes.get(extension, mimetypes.guess_type(filename)[0])
return guessed_mimetype or 'application/octet-stream'
def request(self, resource, method = "get", args = None, body = None, filename=None, headers={}):
params = None
path = resource
headers['User-Agent'] = self.user_agent_name
BOUNDARY = u'00hoYUXOnLD5RQ8SKGYVgLLt64jejnMwtO7q8XE1'
CRLF = u'\r\n'
if filename and body:
#fn = open(filename ,'r')
#chunks = fn.read()
#fn.close()
# Attempt to find the Mimetype
content_type = self.get_content_type(filename)
headers['Content-Type']='multipart/form-data; boundary='+BOUNDARY
encode_string = StringIO()
encode_string.write(CRLF)
encode_string.write(u'--' + BOUNDARY + CRLF)
encode_string.write(u'Content-Disposition: form-data; name="file"; filename="%s"' % filename)
encode_string.write(CRLF)
encode_string.write(u'Content-Type: %s' % content_type + CRLF)
encode_string.write(CRLF)
encode_string.write(body)
encode_string.write(CRLF)
encode_string.write(u'--' + BOUNDARY + u'--' + CRLF)
body = encode_string.getvalue()
headers['Content-Length'] = str(len(body))
elif body:
if not headers.get('Content-Type', None):
headers['Content-Type']='text/xml'
headers['Content-Length'] = str(len(body))
else:
headers['Content-Type']='text/xml'
if method.upper() == 'POST':
headers['Content-Type']='application/x-www-form-urlencoded'
if args:
path += u"?" + urllib.urlencode(args)
request_path = []
if self.path != "/":
if self.path.endswith('/'):
request_path.append(self.path[:-1])
else:
request_path.append(self.path)
if path.startswith('/'):
request_path.append(path[1:])
else:
request_path.append(path)
resp, content = self.h.request(u"%s://%s%s" % (self.scheme, self.host, u'/'.join(request_path)), method.upper(), body=body, headers=headers )
return {u'headers':resp, u'body':content.decode('UTF-8')}
c = client.Connection('https://localhost:8000', certs='/path/to/cacert.pem')
# now post some data to the server
response = c.request_post('rest/path/', body=some_urlencoded_data)
if response['headers']['status'] == '200':
# do something...