dongshenghe1833 2018-10-14 09:31
浏览 29

使用MAC中的GO lang对具有pix证书的SOAP客户端进行HTTP Post调用

I want to make soap call using the go lang http requests. I am having the pfx certificate with password and I created the three pem extension files for private , client certificate and private key like below.

openssl pkcs12 -in XXXX.pfx -nocerts -nodes -out key.pem
openssl pkcs12 -in XXXX.pfx -cacerts -nokeys -out root.crt
openssl pkcs12 -in XXXX.pfx -clcerts -nokeys -out client.crt

Then I am executing the below GO Lang file which is causing the x509: certificate signed by unknown authority error.

package main

import (
    "bytes"
    "crypto/tls"
    "crypto/x509"
    "fmt"
    "io/ioutil"
    "log"
    "net/http"
    "time"
)

const (
    DATA = `XML_TEMPLATE`
)

func createClientConfig(ca, crt, key string) (*tls.Config, error) {
    caCertPEM, err := ioutil.ReadFile(ca)
    if err != nil {
        return nil, err
    }

    roots := x509.NewCertPool()
    ok := roots.AppendCertsFromPEM(caCertPEM)
    if !ok {
        panic("failed to parse root certificate")
    }

    cert, err := tls.LoadX509KeyPair(crt, key)
    if err != nil {
        return nil, err
    }
    return &tls.Config{
        CipherSuites:             []uint16{tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
        Certificates:             []tls.Certificate{cert},
        RootCAs:                  roots,
        InsecureSkipVerify:       false,
        PreferServerCipherSuites: true,
    }, nil
}

func main() {
    var url = "/certificates/"

    clientCert := url + "client.pem"
    clientKey := url + "key.pem"
    rootCert := url + "root.pem"

    tlsConfig, err := createClientConfig(rootCert, clientCert, clientKey)

    if err != nil {
        fmt.Println("Inside the error:::::", err)
        return
    }

    tlsConfig.BuildNameToCertificate()
    tr := &http.Transport{TLSClientConfig: tlsConfig}
    c := &http.Client{
        Transport: tr,
        Timeout:   15 * time.Second,
    }

    request_url := "URL"
    resp, errPost := c.Post(request_url, "text/xml", bytes.NewBufferString(DATA))
    if errPost != nil {
        log.Fatalf("post error: %v", errPost)
    }

    body, errBody := ioutil.ReadAll(resp.Body)
    resp.Body.Close()

    if errBody != nil {
        log.Fatalf("body error: %v", errBody)
    }

    fmt.Printf("done - body: %v", string(body))
}

If I make the InsecureSkipVerify as true I am getting data without any error. What should I do if I want to make it secure? is there any possible to send the pfx file and pass_phrase directly in http call?

  • 写回答

0条回答 默认 最新

    报告相同问题?

    悬赏问题

    • ¥15 划分vlan后不通了
    • ¥15 GDI处理通道视频时总是带有白色锯齿
    • ¥20 用雷电模拟器安装百达屋apk一直闪退
    • ¥15 算能科技20240506咨询(拒绝大模型回答)
    • ¥15 自适应 AR 模型 参数估计Matlab程序
    • ¥100 角动量包络面如何用MATLAB绘制
    • ¥15 merge函数占用内存过大
    • ¥15 Revit2020下载问题
    • ¥15 使用EMD去噪处理RML2016数据集时候的原理
    • ¥15 神经网络预测均方误差很小 但是图像上看着差别太大