HTTPS/Client-authenticated: Difference between revisions

Content added Content deleted

Inline

Revision as of 12:59, 2 November 2013

Demonstrate how to connect to a web server over HTTPS where that server requires that the client present a certificate to prove who (s)he is. Unlike with the HTTPS request with authentication task, it is not acceptable to perform the authentication by a username/password or a set cookie.

This task is in general useful for use with webservice clients as it offers a high level of assurance that the client is an acceptable counterparty for the server. For example, Amazon Web Services uses this style of authentication.

Lasso

<lang Lasso>local(sslcert = file('myCert.pem')) local(x = curl('https://sourceforge.net'))

x->set(CURLOPT_SSLCERT, #sslcert->readstring)
sslcert->close
x->result->asString</lang>

Mathematica

<lang Mathematica>a = RunThrough["curl -E myCert.pem https://www.example.com", 1] For[ i=0, i < Length[a] , i++, SomeFunction[a]]</lang>

PicoLisp

<lang PicoLisp>(in '(curl "-E" "myCert.pem" "https://www.example.com")

  (while (line)
     (doSomeProcessingWithLine @) ) )</lang>

Python

<lang python>import httplib

connection = httplib.HTTPSConnection('www.example.com',cert_file='myCert.PEM') connection.request('GET','/index.html') response = connection.getresponse() data = response.read() </lang>

Racket

Skeleton code to connect to a server: <lang racket>

lang racket

(require openssl/mzssl) (define ctx (ssl-make-client-context)) (ssl-set-verify! ctx #t) ; verify the connection (ssl-load-verify-root-certificates! ctx "my-cert.pem") (define-values [I O] (ssl-connect "www.example.com" 443 ctx)) </lang>

Run BASIC

<lang runbasic>html "

LOGIN
UserName	" TEXTBOX #userName, "" html "
Password:	" PasswordBox #passWord, "" html "
" button #si, "Signin", [doSignin] html " " button #ex, "Exit", [exit] html "

"

WAIT

[doSignin] loginUserName$ = trim$(#userName contents$()) loginPassWord$ = trim$(#passWord contents$()) if (loginUserName$ = "admin" and loginPassWord$ = "admin" then

  print "Login ok"
 else
  print "invalid User or Pass"
  cls
  goto [loop]

end if

print Platform$ ' OS where Run BASIC is being hosted print UserInfo$ ' Information about the user's web browser print UserAddress$ ' IP address of the user

[exit] end</lang>

Tcl

Uses the Tls package. <lang tcl>package require http package require tls

set cert myCert.p12 http::register https 443 [list \

   ::tls::socket -certfile $cert -password getPass]

proc getPass {} {

   return "myPassword";  # Just a noddy example...

}

Make a secure authenticated connection

set token [http::geturl https://verysecure.example.com/]

Now as for conventional use of the “http” package

set data [http::data $token] http::cleanup $token</lang>

@@ Line 4: / Line 4: @@
 This task is in general useful for use with [[Creating a SOAP Client|webservice client]]s as it offers a high level of assurance that the client is an acceptable counterparty for the server. For example, [http://aws.amazon.com/ Amazon Web Services] uses this style of authentication.
+=={{header|Lasso}}==
+<lang Lasso>local(sslcert = file('myCert.pem'))
+local(x = curl('https://sourceforge.net'))
+#x->set(CURLOPT_SSLCERT, #sslcert->readstring)
+#sslcert->close
+#x->result->asString</lang>
 =={{header|Mathematica}}==
 <lang Mathematica>a = RunThrough["curl -E myCert.pem https://www.example.com", 1]
 For[ i=0, i < Length[a] , i++, SomeFunction[a]]</lang>
 =={{header|PicoLisp}}==