[英]Add certificate to both server and client using WCF and gSOAP
I have WCF web service that need to be secured using SSL/TLS protocol. 我有需要使用SSL / TLS协议保护的WCF Web服务。 In the other hand I have C++ client that consume WCF web service using gSOAP library .
另一方面,我有使用gSOAP库使用WCF Web服务的C ++客户端。 Already only server needs to have certificate.
已经只有服务器需要具有证书。 Now I have tasked to enforce client to have certificate.
现在,我的任务是强制客户端获得证书。 My earlier implementation for client is like this:
我之前为客户端实现的方式是这样的:
soap_ssl_init();
int soapResult = soap_ssl_client_context(soapPtr, SOAP_SSL_NO_AUTHENTICATION, "client.pem", NULL,
NULL, "cacert.pem", NULL);
if (soapResult)
{
soap_print_fault(soapPtr, stderr);
throw new ClientLogException("Can not use ssl for comminucations!");
}
else
{
}
struct soap mySoap = *soapPtr;
WSHttpBinding_USCOREILogServicesProxy proxy(mySoap);
input.request = &request;
int callCode = proxy.CallWebService(WEB_SERVICE_ADDRESS, NULL, &input, response);
if (callCode != 0)
{
cout << "Web service call code: " + callCode << endl;
throw new ClientLogException("Error in calling web service with call code: " + callCode);
}
which I does it from gSOAP documents . 我从gSOAP文档中做到这一点 。 It works fine with only server required to have certificate.
它仅适用于需要具有证书的服务器。 I viewed communication using WireShark and connection was completely encrypted.
我查看了使用WireShark进行的通信,并且连接已完全加密。
Now for enforcing client to use certificate, I am going to use Nine simple steps to enable X.509 certificates on WCF article. 现在要强制客户端使用证书,我将使用九个简单步骤在WCF文章上启用X.509证书 。 But the article uses a C# WCF client.
但是本文使用了C#WCF客户端。 I must implement client configuration in my gSOAP C++ client.
我必须在我的gSOAP C ++客户端中实现客户端配置。 I can add client certificate in above code when calling
soap_ssl_client_context
and in third parameter. 当调用
soap_ssl_client_context
和第三个参数时,可以在上述代码中添加客户端证书。
I have 2 problem here: 我在这里有2个问题:
1- I don't know is it possible calling web service that both client and server have certificates and communication be secured when server uses WCF and client uses gSOAP. 1-我不知道当服务器使用WCF并且客户端使用gSOAP时,是否有可能调用Web服务来使客户端和服务器都具有证书并且通信得到保护。
2- In the CodeProject article it seems that web service call is using http and I am wonder there is no encryption in communication. 2-在CodeProject文章中,似乎Web服务调用使用的是http,而且我想知道通信中没有加密。
In the end if anyone has better solution, or recommend other tools will be welcome. 最后,如果有人有更好的解决方案,或者推荐其他工具,我们将欢迎您。
HTTPS works out of the box with gsoap if you compile with -DWITH_OPENSSL
and link against the OpenSSL libs. 如果使用
-DWITH_OPENSSL
编译并链接到OpenSSL库,则HTTPS可以与gsoap一起使用。 The out-of-the-box default settings will encrypt messages with https://
, but this does not enforce authentication because you need to register the server certificates first with soap_ssl_client_context()
as you point out. 开箱即用的默认设置将使用
https://
加密消息,但这不会强制执行身份验证,因为您需要指出的是,首先需要使用soap_ssl_client_context()
注册服务器证书。
To authenticate both server and client, the gsoap manual suggests the following: 为了同时验证服务器和客户端, gsoap手册提出了以下建议:
int soapResult = soap_ssl_client_context(soapPtr,
SOAP_SSL_DEFAULT, // requires server to authenticate
"client.pem", // client cert (+public key) to authenticate to server
"password", // you need this when client.pem is encrypted
NULL, // capath to certs, when used
"cacert.pem", // should contain the server cert
NULL);
Also, you may need to convert PEM to CER (or the other way) for windows. 另外,您可能需要将Windows的PEM转换为CER (或其他方式)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.