如何在 Rust 中使用客户端证书发出请求 [英] How to make a request with client certificate in Rust
问题描述
我有一个使用 Docker 容器在 Bluemix 中部署微服务的项目.所有微服务都是用 Java 编写的,并且使用 JKS 文件进行通信.
I have a project with microservices deployed in Bluemix with Docker containers. All microservices are written in Java and the communication is using JKS files.
我还使用 Express.js 在 Node.js 中开发了一个微服务.为了使用其他微服务,我使用 Request 模块 和 option.agentOptions功能和一个 pfx 文件,像这样:
I also developed a microservice in Node.js with Express.js. To consume the other microservices, I used the Request module with option.agentOptions feature and a pfx file, like this:
var options = {
uri: config.get("https://www.example.com/ms/service"),
method: 'POST',
body: data,
json: true,
headers: {
'Content-Type': 'application/json; charset=UTF-8'
},
agentOptions: {
pfx: fs.readFileSync(config.get("/path/to/file.pfx")),
passphrase: config.get("passphraseText"),
servername: config.get("serverName")
}
};
request(options, function (error, response, data) {
//handing response
});
我尝试将 Solicit crate 与 默认示例 用于 HTTPS,但失败并显示:
I tried to use the Solicit crate with default example for HTTPS but it fails with:
4 | use solicit::http::client::tls::TlsConnector;
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Could not find `tls` in `client`
我找不到其他 crate、库或框架来制作它,我该如何提出这个请求?
I couldnt find another crate, library or framework for made it, how can I make this requests?
编辑
显然,由于缺乏维护,Solicit 不能替代它,因此它不再是该问题的替代解决方案,这就是原因.
Apparently Solicit isn't an alternative for its lack of maintenance so it is no longer an alternative solution to this question, Here's the reason.
推荐答案
目前,您应该更喜欢 hyper 客户端而不是 solicit.后者自 2015 年以来一直没有更新,并且 hyper 正在得到更好的维护.将 hyper = "0.10.10" 和 hyper-native-tls = "0.2.2" 添加到您的依赖项中.为了指定要使用的客户端证书,我们可以利用 native_tls 的特性.特别是 TlsConnectorBuilder 和 Pkcs12就是你要找的.
At the moment, you should prefer the hyper client over solicit. The latter has not been updated since 2015, and hyper is being given better maintenance. Add hyper = "0.10.10", and hyper-native-tls = "0.2.2" to your dependencies. For specifying the client certificate to use, we can leverage the features of native_tls. In particular, TlsConnectorBuilder and Pkcs12 are what you're looking for.
use std::fs::File;
use std::io::Read;
use hyper::client::Client;
use hyper::net::HttpsConnector;
use hyper_native_tls::NativeTlsClient;
use hyper_native_tls::native_tls::{TlsConnector, Pkcs12};
// fetch the PKCS12 client certificate
let cert = {
let cert_file = File::open("/path/to/cert.pfx")?;
let mut cert_raw = Vec::new();
cert_file.read_to_end(&mut cert_raw)?;
Pkcs12::from_der(&cert_raw, "mypassword")?
};
// specify the TLS connection with the builder pattern
let tls_conn = TlsConnector::builder()
.identity(cert)?
.build()?;
let ssl = NativeTlsClient::from(tls_conn)?;
let https_conn = HttpsConnector::new(ssl);
// proceed as usual
let client = Client::with_connector(https_conn);
let endpoint = "https://www.example.com/ms/service");
let resp = client.get(endpoint).send()?;
<小时>
在 solicit 中,文档 声明 tls 子模块仅在为此依赖项启用tls"功能时可用.然而,这会导致进一步的依赖冲突(参见 为什么即使我的 Cargo.toml 中有 openssl 0.7.14,solicit 0.4.4 仍会尝试使用 openssl 0.9.12?).坚持使用 hyper 而不是 solicit 是更安全的选择.
In solicit, the documentation states that the tls submodule was only available when the "tls" feature is enabled for this dependency. Nevertheless, this would lead to further dependency conflicts (see Why does solicit 0.4.4 attempt to use openssl 0.9.12 even though I have openssl 0.7.14 in my Cargo.toml?). Sticking to hyper instead of solicit is a much safer choice.
这篇关于如何在 Rust 中使用客户端证书发出请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
