使用.pem证书与Python进行SSL连接

Question

我正在尝试使用身份验证通过HTTPS连接建立成功的通信。我在Ubuntu 12.04上使用Python 2.7 w / Django 1.4。

我所遵循的API文档对身份验证有特定要求。包括您在下面找到的Authentication标题并发送证书信息。

这是代码：

import httplib
import base64

HOST = 'some.host.com'
API_URL = '/some/api/path'

username = '1234'
password = '5678'

auth_value = base64.b64encode('WS{0}._.1:{1}'.format(username, password))
path = os.path.join(os.path.dirname(__file__), 'keys/')
pem_file = '{0}WS{1}._.1.pem'.format(path, username)

xml_string = '<some><xml></xml><stuff></stuff></some>'

headers = { 'User-Agent'     : 'Rico',
            'Content-type'   : 'text/xml',
            'Authorization'  : 'Basic {0}'.format(auth_value),
          }



conn = httplib.HTTPSConnection(HOST, cert_file = pem_file)
conn.putrequest("POST", API_URL, xml_string, headers)
response = conn.getresponse()

我收到以下错误：

Traceback:
File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py" in get_response
  111.                         response = callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python2.7/dist-packages/django/views/decorators/csrf.py" in wrapped_view
  77.         return view_func(*args, **kwargs)
File "/home/tokeniz/tokeniz/gateway_interface/views.py" in processPayment
  37.         processCreditCard = ProcessCreditCard(token, postHandling)
File "/home/tokeniz/tokeniz/gateway_interface/credit_card_handling.py" in __init__
  75.             self.processGateway()
File "/home/tokeniz/tokeniz/gateway_interface/credit_card_handling.py" in processGateway
  95.         gateway = Gateway(self)
File "/home/tokeniz/tokeniz/gateway_interface/first_data.py" in __init__
  37.         self.postInfo()
File "/home/tokeniz/tokeniz/gateway_interface/first_data.py" in postInfo
  245.         response = conn.getresponse()
File "/usr/lib/python2.7/httplib.py" in getresponse
  1018.             raise ResponseNotReady()

Exception Type: ResponseNotReady at /processPayment/
Exception Value: 

为什么我收到此错误？

更新1： 我一直在使用他们给我的.pem文件（Link Point Gateway），但已经读过证书文件应该包含证书和RSA私钥。那是对的吗？我尝试发送包含两者的.pem文件并收到以下错误：

    Traceback:
File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py" in get_response
  111.                         response = callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python2.7/dist-packages/django/views/decorators/csrf.py" in wrapped_view
  77.         return view_func(*args, **kwargs)
File "/home/tokeniz/tokeniz/gateway_interface/views.py" in processPayment
  37.         processCreditCard = ProcessCreditCard(token, postHandling)
File "/home/tokeniz/tokeniz/gateway_interface/credit_card_handling.py" in __init__
  75.             self.processGateway()
File "/home/tokeniz/tokeniz/gateway_interface/credit_card_handling.py" in processGateway
  95.         gateway = Gateway(self)
File "/home/tokeniz/tokeniz/gateway_interface/first_data.py" in __init__
  37.         self.postInfo()
File "/home/tokeniz/tokeniz/gateway_interface/first_data.py" in postInfo
  251.         conn.request('POST', self.API_URL, self.xml_string, headers)
File "/usr/lib/python2.7/httplib.py" in request
  958.         self._send_request(method, url, body, headers)
File "/usr/lib/python2.7/httplib.py" in _send_request
  992.         self.endheaders(body)
File "/usr/lib/python2.7/httplib.py" in endheaders
  954.         self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py" in _send_output
  814.         self.send(msg)
File "/usr/lib/python2.7/httplib.py" in send
  776.                 self.connect()
File "/usr/lib/python2.7/httplib.py" in connect
  1161.             self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
File "/usr/lib/python2.7/ssl.py" in wrap_socket
  381.                      ciphers=ciphers)
File "/usr/lib/python2.7/ssl.py" in __init__
  141.                                         ciphers)

Exception Type: SSLError at /processPayment/
Exception Value: [Errno 336265225] _ssl.c:351: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib

我不知道这是向前还是向后迈出的一步。

更新2： 我在创建连接对象时尝试传递证书文件和密钥文件。

conn = httplib.HTTPSConnection(HOST, cert_file = pem_file, key_file = key_file)

我收到以下错误：

Traceback:
File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py" in get_response
  111.                         response = callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python2.7/dist-packages/django/views/decorators/csrf.py" in wrapped_view
  77.         return view_func(*args, **kwargs)
File "/home/tokeniz/tokeniz/gateway_interface/views.py" in processPayment
  37.         processCreditCard = ProcessCreditCard(token, postHandling)
File "/home/tokeniz/tokeniz/gateway_interface/credit_card_handling.py" in __init__
  75.             self.processGateway()
File "/home/tokeniz/tokeniz/gateway_interface/credit_card_handling.py" in processGateway
  95.         gateway = Gateway(self)
File "/home/tokeniz/tokeniz/gateway_interface/first_data.py" in __init__
  37.         self.postInfo()
File "/home/tokeniz/tokeniz/gateway_interface/first_data.py" in postInfo
  252.         conn.request('POST', self.API_URL, self.xml_string, headers)
File "/usr/lib/python2.7/httplib.py" in request
  958.         self._send_request(method, url, body, headers)
File "/usr/lib/python2.7/httplib.py" in _send_request
  992.         self.endheaders(body)
File "/usr/lib/python2.7/httplib.py" in endheaders
  954.         self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py" in _send_output
  814.         self.send(msg)
File "/usr/lib/python2.7/httplib.py" in send
  776.                 self.connect()
File "/usr/lib/python2.7/httplib.py" in connect
  1161.             self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
File "/usr/lib/python2.7/ssl.py" in wrap_socket
  381.                      ciphers=ciphers)
File "/usr/lib/python2.7/ssl.py" in __init__
  141.                                         ciphers)

Exception Type: SSLError at /processPayment/
Exception Value: [Errno 336265225] _ssl.c:351: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib

如果我尝试组合证书文件和密钥文件并将其作为证书参数发送，我会收到同样的错误。

Answer 1

似乎Python中的某些“更高级别”的库没有配备来处理这种身份验证连接。经过多天的尝试，我终于能够提出一个解决方案，直到套接字级别。

host = 'some.host.com'
service = '/some/api/path'
port = 443

# Build the authorization info
username = '1234'
password = '5678'
path = '/path/to/key/files/'
pem_file = '{0}WS{1}._.1.pem'.format(path, username)
key_file = '{0}WS{1}._.1.key'.format(path, username)
auth = base64.b64encode('WS{0}._.1:{1}'.format(username, password))

## Create the header
http_header = "POST {0} HTTP/1.0\nHost: {1}\nContent-Type: text/xml\nAuthorization: Basic {2}\nContent-Length: {3}\n\n"
req = http_header.format(service, host, auth, len(xml_string)) + xml_string

## Create the socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
conn = ssl.wrap_socket(sock, keyfile = key_file, certfile = pem_file)
conn.connect((host, port))
conn.send(req)

response = ''
while True:
    resp = conn.recv()
    response += resp

    if (resp == ''):
        break

我希望有人觉得这很有用。这个特殊的实现是使用Python与Link Point Gateway连接（First Data（Link Point）不支持）。谈谈整个项目的噩梦。哈哈

无论如何，对于使用Link Point时遇到问题的人，请注意他们提供的.key文件不足以在Python中创建连接。

openssl rsa -in orig_file.key -out new_file.key

然后使用new_file.key代替。