关于ssl证书的格式转换以及各方式的使用 收集以及案例
http://stackoverflow.com/questions/12162975/openssl-not-enough-data
openssl x509 -inform der -in"c:\mydir\test.cer"
-out"C:\mydir\certificate.pem"
openssl pkcs12 -in"c:\mydir\test.pfx"
-nocerts -out"c:\mydir\test_pk.pem"
http://www.linuxspy.info/tag/convert-ssl-certificate-pfx-to-pem/
http://mccltd.net/blog/?p=1299
http://ruby-doc.org/stdlib-2.0/libdoc/openssl/rdoc/OpenSSL/X509/Certificate.html
truststore
http://mislav.uniqpath.com/2013/07/ruby-openssl/
http://blog.kabisa.nl/2009/12/04/ruby-and-ssl-certificate-validation/
http://stackoverflow.com/questions/2507902/how-to-validate-ssl-certificate-chain-in-ruby-with-net-http
http://stackoverflow.com/questions/9199660/why-is-ruby-unable-to-verify-an-ssl-certificate
http://www.ruby-doc.org/gems/docs/m/mack-encryption-0.8.3/EzCrypto/TrustStore.html
File.open("client_certificate.pem",'rb'
) { |f| cert = f.read }
File.open("client_key.pem",'rb'
) { |f| key = f.read }
http_session.cert =OpenSSL::X509::Certificate.new(cert)
http_session.key =OpenSSL::PKey::RSA.new(key,nil)
cert — key
https://github.com/augustl/net-http-cheat-sheet/blob/master/ssl_and_https.rb
http://www.spacevatican.org/2009/7/11/ruby-openssl-and-client-side-certificates/
http://stackoverflow.com/questions/10262676/add-ssl-to-a-connection
http://stackoverflow.com/questions/12836847/how-to-establish-a-ssl-enabled-tcp-ip-connection-in-ruby
http://stackoverflow.com/questions/7263960/convert-sslsocket-python-code-to-ruby
tiaoshi
https://www.google.com.hk/search?newwindow=1&safe=strict&espv=2&es_sm=91&q=SSL_connect+returned%3D1+errno%3D0+state%3DSSLv3+read+server+certificate+B%3A+certificate+verify+failed&oq=SSL_connect+returned%3D1+errno%3D0+state%3DSSLv3+read+server+certificate+B%3A+certificate+verify+failed&gs_l=serp.12...116986.116986.0.118655.1.1.0.0.0.0.97.97.1.1.0....0...1c.2.40.serp..1.0.0.Y62fuKpze98
http://stackoverflow.com/questions/4528101/ssl-connect-returned-1-errno-0-state-sslv3-read-server-certificate-b-certificat
http://blog.marc-seeger.de/2012/06/22/ruby-openssl-and-econnreset/
http://mislav.uniqpath.com/2013/07/ruby-openssl/
CONF_GW['cert_path'] --- development: cert_path: config/cert/dev/client.pem
require 'timeout' module EciticHttp class Error < Exception attr_accessor :number end class SystemTimeoutError < Timeout::Error end class TCPTimeoutError < Timeout::Error end class ProductTypeResult end class SoapHttp include EciticHttp::XMLUtil # tcp_timeout做为open_timeout的时间,如果这个时间内没有能打开,则直接timeout退出 # timeout为原系统timeout,任务到时间后会退出 # 这里默认改为10分钟 ,防止保留太多的TCP连接 attr_accessor :response_data,:response_code,:post_data,:url, :cookie, :response_type,:timeout,:tcp_timeout def initialize(p={}) @cookie = p[:cookie] @url = p[:url] || Setting.ecitic.order_query @response_type = p[:response_type] || 'request' @timeout = p[:timeout] || 600 @tcp_timeout = p[:tcp_timeout] || 120 end def soap_login(method, post_data) headers = { 'Referer' => 'http://www.appfusion.net', 'Content-Type' => 'text/xml; charset=utf-8', 'SOAPAction' => 'http://service.xxxxxx.com' } headers['cookie'] = @cookie unless @cookie.blank? uri = URI.parse(@url.to_s) request_http = Net::HTTP.new(uri.host, uri.port) request_http.use_ssl = uri.scheme.upcase == 'HTTPS' request_http.verify_mode = OpenSSL::SSL::VERIFY_NONE request_http.ssl_version = :SSLv3 pem = File.read(CONF_GW['cert_path']) request_http.cert = OpenSSL::X509::Certificate.new(pem) request_http.key = OpenSSL::PKey::RSA.new(pem,'123456') Timeout::timeout(@timeout) { body = "" header = request_http.post(uri.path, post_data, headers) do |data| body << data end yield header,body } end def soap_http(method, params: {}, cookie: nil) @cookie = cookie post_data = resquest_to_xml(method, :hash => params) soap_login(method, post_data) do |header,body| puts "==#{method}== code -- #{header.code}" set_response_data(method,:header => header,:body => body) if header.code == '200' return self end nil end def resquest_to_xml(method, hash: {}) hash_to_soap_xml(method, @response_type, hash) end def response_to_hash(method,xml_str) xml_to_hash(method,xml_str) end def set_response_data(method,header: nil, body: nil) @response_code = header.code @response_data = response_to_hash(method,body) @cookie = header.response['set-cookie'] end end end
require 'cgi' module EciticHttp module XMLUtil # hash to xml def to_request_xml(method,type,p={}) require 'active_support/builder' unless defined?(Builder) xml = Builder::XmlMarkup.new(:indent=> p.size) xml.instruct! xml.message('method' => method, 'type' => type) do |node| p.each do |key,value| if key.to_sym == :dataSet && !value.blank? node.dataSet('count' => value.size) do |record_node| record_chind_node(value, record_node) end else node.tag! key,value end end end end def record_chind_node(dataSet,record_node) dataSet.each do |date| record_node.record date end end # hash to soap xml def hash_to_soap_xml(method,type,p={}) xml = to_request_xml(method,type,p) puts xml data = <<-EOF <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://service.xxxxxxxxx.com"> <soapenv:Header/> <soapenv:Body> <ser:#{method}> <ser:paraXML>#{CGI.escapeHTML(xml)}</ser:paraXML> </ser:#{method}> </soapenv:Body> </soapenv:Envelope> EOF end def xml_to_hash(method,xml_str) begin hash = Hash.from_xml(xml_str) loginReturn = hash['Envelope']['Body']["#{method}Response"]["#{method}Return"] dom = Nokogiri::XML(loginReturn,nil,'utf-8') node = dom.xpath('message').first hash = node.element_children.each_with_object(Hash.new) do |e, h| h[e.name.to_sym] = e.content if e.name.to_sym == :resParam || e.name.to_sym == :dataSet h[e.name.to_sym] = e.element_children.each_with_object(Hash.new) do |er, h| h[er.name.to_sym] = er.content end end if e.name.to_sym == :dataSet h[e.name.to_sym] = [] e.element_children.each_with_object(Hash.new) do |er, hm| h[e.name.to_sym] << er.content end end end puts "---#{method}-----xml_to_hash--------" puts hash.inspect hash rescue Exception => e Rails.logger.info e.backtrace.join("\n") nil end end end end
soap-ui 查看工具 调试特方便 记得到证书密码