ç§ã®ç¥ãéããèªèšŒã«äœ¿çšããŠããã¯ã©ã€ã¢ã³ãåŽã®èšŒææžã®ãã¹ã¯ãŒããæå®ããããšã¯ã§ããŸããã
éåžžãç§å¯éµãå«ã.pemãã¡ã€ã«ãåžžã«ãã¹ã¯ãŒãã§ä¿è·ããå¿
èŠããããããããã¯å°ãåé¡ã§ãã openssl
ã§ã¯ããã¹ã¯ãŒããªãã§äœæããããšãã§ããŸããã
äœãã®ãããªãã®ïŒ
requests.get('https://kennethreitz.com', cert='server.pem', cert_pw='my_password')
ãã®ããã«cert
ãã©ã¡ãŒã¿ã䜿çšããããšã«ãªã£ãŠããããšã確èªããŠãã ããïŒ cert=('server.pem', 'my_password')
@ sigmavirus24
ã¿ãã«ã¯(certificate, key)
ã§ãã çŸåšãæå·åãããããŒãã¡ã€ã«ã¯ãµããŒããããŠããŸããã
stdlibã¯ãããŒãžã§ã³3.3ã®ãµããŒãã®ã¿ãååŸããŸããã
@ t-8chãããŒã«ã«FSäžã®ãã¡ã€ã«ã«èª€ã£ãŠãªã³ã¯ããŸããã ;ïŒæ£ãããªã³ã¯ã
ããªãæ£ãã@ t-8chã ãããç§ããã¹ããã®åé¡ã«æ±ºããŠçããã¹ãã§ã¯ãªãçç±ã§ãã ïŒ/
ãããã£ãŠãçŸåšã®ã³ã³ã»ã³ãµã¹ã¯ãããããµããŒãããªããšããããšã§ãã 3.3以å€ã®ããŒãžã§ã³ã®Pythonã§ãµããŒããè¿œå ããã®ã«ã©ã®ãããã®äœæ¥ãå¿ èŠã«ãªãå¯èœæ§ããããŸããïŒ
ãã®ç¶æ ã§ãšã©ãŒãã¹ããŒããã®ã¯ã©ããããé£ããã§ããããïŒ ç§ã¯ã¡ããã©ãã®ã°ãããåé¡ã«ééããŸããããããŠãããç解ããã®ã«2æéããããŸãããããããšã©ãŒãæãããªãããã¯çŽ æŽãããã§ããããããã¯çŸåšãã ããã«ã«ãŒãããŠããã ãã§ãã çŽ æŽãããã©ã€ãã©ãªãããããšãïŒ
åŸ ã£ãŠãããã¯ã«ãŒãããŠãããšããã«åº§ã£ãŠããŸããïŒ å®è¡ã®ã©ãã§å€±æããŸããïŒ ã«ãŒãããå Žæãããã¬ãŒã¹ããã¯ãå°å·ã§ããŸããïŒ
ããã«ã¶ãäžãã£ãŠããããã§ãïŒ
r = requests.getïŒurlã
auth = headerauthã
cert = self.cert_tupleã
headers = headersã
ã¿ã€ã ã¢ãŠã= 10ã
verify = TrueïŒ
ã¿ã€ã ã¢ãŠããäžäžãããŠç¡é§ã«ããããšããŸããããã¿ã€ã ã¢ãŠãã®ããªãåã«èšŒææžã䜿çšã§ããªãããšãç¥ã£ãŠãããšæããŸãã ããããšãïŒ
ããããã¿ãŸãããã¯ã£ããããŸããã§ããã PythonãKeyboardInterruptäŸå€ãã¹ããŒããããã«ããã³ã°ãããŠããCtrl + Cã§åŒ·å¶çµäºãããã¬ãŒã¹ããã¯ã®ã©ãã«ãããã確èªããã€ããã§ããã ãªã¯ãšã¹ãã®ã©ãã§å®è¡ãåæ¢ããã®ãç¥ãããã
äœãèµ·ãã£ãŠããã®ãïŒãŸãã¯å°ãªããšãç§ãå€ãã®å Žåã«èŠããã®ïŒã¯ãOpenSSLããã¹ã¯ãŒãã§ä¿è·ããã蚌ææžãäžãããããšããŠãŒã¶ãŒã«ãã¹ã¯ãŒãã®å ¥åãæ±ãããšããããšã§ãã ãã°ã«ã¯è¡šç€ºãããïŒããã³ãããçŽæ¥åºåãããããïŒããŠãŒã¶ãŒãEnterããŒãæŒãã®ãåŸ ã£ãŠããããã¿ã€ã ã¢ãŠãããŸããã
èšããŸã§ããªããã³ãŒãããµãŒããŒäžã§å®è¡ãããŠããå Žåãããã¯åä»ã§å±éºãªåäœã§ãïŒããã»ã¹ã匷å¶çµäºãã以å€ã«å埩ã®ãªãã·ã§ã³ããªããããã¯ãŒã«ãŒããã³ã°ããããïŒã
ãã®å Žåããã¹ã¯ãŒãã®å ¥åãæ±ãã代ããã«ããªã¯ãšã¹ãã§äŸå€ãçºçãããæ¹æ³ã¯ãããŸããããããšãå®å šã«å¶åŸ¡äžèœã§OpenSSLã®ç®¡çäžã«ãããŸããïŒ
@maxnoelããã¯OpenSSLã®æã«ãããšç¢ºä¿¡ããŠããŸããã @ Lukasaã®è³ªåïŒãã®åé¡ã«é¢ããæåŸã®ã³ã¡ã³ãïŒã«çããããšãã§ããã°ãç§ãã¡ã«ã§ããããšããããã©ããã«ã€ããŠæ確ãªçããåºãã®ã«éåžžã«åœ¹ç«ã¡ãŸãã ã
ã€ã³ã¿ã©ã¯ãã£ããªPythonããã³ãããããOpenSSLããã¹ãã¬ãŒãºã®stdinã§ãããã¯ããŠããããšã確èªã§ããŸãã
>>> r = requests.get("https://foo.example.com/api/user/bill", cert=("client.crt", "client.key"))
Enter PEM pass phrase:
>>>
ããã¯ã°ã©ãŠã³ãããã»ã¹ããå®è¡ããŠããå ŽåãOpenSSLã¯ãã®å ¥åã®åŸ æ©ããããã¯ãããšæããŸãã
ãã®ãšããã§ãã ãããé²ãããã«ãªã¯ãšã¹ãã§ã§ããããšã¯ãããŸããïŒ ãã¹ã¯ãŒããæå®ãããŠããªããšãã«äŸå€ãçºçãããããšã¯ãstdinã§äœããèŠæ±ãããããã¯ããã«äŸ¿å©ã§ãïŒç¹ã«é察話åããã°ã©ã ã®å ŽåïŒã
ã©ããããããªãã®ã§ã¯ãªãããšæããŸãã @reaperhulkïŒ
OpenSSLããããå®è¡ããªãããã«ããæ¹æ³ã¯ããã€ããããŸãããããããpyOpenSSLã«ãã£ãŠå ¬éãããŠãããã©ããã¯ããããŸããã ãªã¯ãšã¹ãã¯ã©ãã§pyopensslãåŒã³åºããŠã¯ã©ã€ã¢ã³ã蚌ææžãããŒãããŸããïŒ å°ãæãããšãã§ããŸãã
@reaperhulkããã¯urllib3ã®ããããè¡ãã
stdlibã«ã€ããŠãéåžžã«ãã䌌ãåŠçãè¡ããŸãããããã¯ãŸã£ããå¥ã®åé¡ã«ãªããŸãã
ãããã£ãŠããã®ãããªãããã䜿çšããŠPyOpenSSLã§ãããè¡ãããšãã§ããŸãã stdlibããŒãžã§ã³ã§ã¯ããã¹ã¯ãŒããšãšãã«load_cert_chain
ã䜿çšããå¿
èŠããããŸãã
ãã®åé¡ã¯è§£æ±ºãããŸãããïŒ ç§ã¯çŸåšãApacheãµãŒããŒã«æ¥ç¶ããããšããŠãããšãã«ããã«ééããŠããŸãã
ãããŸããã
ã¯ã©ã€ã¢ã³ã蚌ææž/ããŒãå«ãå¯èœæ§ã®ããPKCSïŒ12圢åŒïŒããã³æå·åïŒã³ã³ãããŒã¯ã©ãã§ããïŒ ããã¯åãæ©èœãªã¯ãšã¹ãã«è©²åœããŸããïŒ
@mikelupoããã
@telam @mikelupo
ç§ã¯åãåé¡ãæ±ããŠããŠãã°ãŒã°ã«ã§ããããæ€çŽ¢ããŸãããæåŸã«ãpycurlã䜿çšããŠåé¡ã解決ããŸããã
ç§ã®ç¶æ³ã§ã¯ãopensslã䜿çšããŠ.pfxãã¡ã€ã«ã蚌ææžãšããŒïŒãã¹ãã¬ãŒãºã§æå·åãããïŒã®äž¡æ¹ãå«ã.pemãã¡ã€ã«ã«å€æããŠããã次ã®ã³ãŒããåŒã³åºããŸãã
import pycurl
import StringIO
b = StringIO.StringIO()
c = pycurl.Curl()
url = "https://example.com"
c.setopt(pycurl.URL, url)
c.setopt(pycurl.WRITEFUNCTION, b.write)
c.setopt(pycurl.CAINFO, "/path/cacert.pem")
c.setopt(pycurl.SSLKEY, "/path/key_file.pem")
c.setopt(pycurl.SSLCERT, "/path/cert_file.pem")
c.setopt(pycurl.SSLKEYPASSWD, "your pass phrase")
c.perform()
c.close()
response_body = b.getvalue()
ãšããã§ãã»ãã¥ãªãã£ã®ããã«ã pass phrase
ããŒãã³ãŒããè¡ããªãæ¹ãè¯ãã§ã
ãã¡ããã ãšã¯ãããåé¡ã¯å®éã«ã¯ãã¹ãã¬ãŒãºãå¿ èŠãªããšã§ã¯ãããŸãããé察話åã®GUIãŸãã¯ãªã¢ãŒãããã°ã©ã ã®å Žåã§ããOpenSSLã誰ããstdinã«ãã¹ãã¬ãŒãºãå ¥åããã®ãåŸ ã£ãŠããéã«ããã°ã©ã ããã³ã°ãããããšã§ãã
ãã¹ãã¬ãŒãºãå¿ èŠã§äœãæäŸãããŠããªãå Žåã¯ã代ããã«äŸå€ãçºçãããå¿ èŠããããŸãã
ããŒã«ããã©ã«ãã®ãã¹ãã¬ãŒãº ''ã䜿çšãããšãopensslã¯ãã³ã°ããŸããã
äžæ£ãªãã¹ã¯ãŒãããã¹ããè¿ãããŸãã ããã«pyãããŒãå€æŽã§ããŸã
次ã«ããã®èŠããã®ã¹ããŒã«ãªãã§ãŠãŒã¶ãŒã«éç¥ããŸã
ãã®æ©èœãè¿œå ããèšç»
è¿œå ãããã®ã§ãããçŸæç¹ã§ã¯è¿œå ããäºå®ã¯ãããŸããã
@botondusãªã¯ãšã¹ãã©ã€ãã©ãªã䜿çšããŠãããå®çŸããç°¡åãªæ¹æ³ãèŠã€ãããšæããŸãã ç§ã¯ãã®åé¡ã«çŽé¢ããŠããä»ã®äººã ã®ããã«ãããææžåããŠããŸãã
.p12蚌ææžãšããŒã®ãã¹ãã¬ãŒãºããããšä»®å®ããŸãã
// Generate the certificate file.
openssl pkcs12 -in /path/to/p12cert -nokeys -out certificate.pem
// Generate private key with passpharse, First enter the password provided with the key and then an arbitrary PEM password //(say: 1234)
openssl pkcs12 -in /path/to/p12cert -nocerts -out privkey.pem
ãŸã å®äºããŠããªãã®ã§ããµãŒããŒãšéä¿¡ããå¿ èŠããããã³ã«ãPEMãã¹ã¯ãŒããå¿ èŠãšããªãããŒãçæããå¿ èŠããããŸãã
// Running this command will prompt for the pem password(1234), on providing which we will obtain the plainkey.pem
openssl rsa -in privkey.pem -out plainkey.pem
ããã§ã certificate.pem
ãšplainkey.pem
ãäœæãããŸããã©ã¡ãã®ãã¡ã€ã«ãããªã¯ãšã¹ãã䜿çšããŠAPIãšéä¿¡ããããã«å¿
èŠã§ãã
ãããã®èšŒææžãšããŒã䜿çšãããªã¯ãšã¹ãã®äŸã次ã«ç€ºããŸãã
import requests
url = 'https://exampleurl.com'
headers = {
'header1': '1214141414',
'header2': 'adad-1223-122'
}
response = requests.get(url, headers=headers, cert=('~/certificate.pem', '~/plainkey.pem'), verify=True)
print response.json()
ã圹ã«ç«ãŠãã°ïŒ
cc @kennethreitz @Lukasa @ sigmavirus24
ã¢ããŸã³ããŸãã«ããã瀟å ã§è¡ã£ãŠãããšãããŠã®æšãéããŠèããããšããããŸãã
ç§ããã®åé¡ã«çŽé¢ããŠããŸãã ç§ã®æžå¿µã¯ããã¬ãŒã³ãªç§å¯éµããã¡ã€ã«ã·ã¹ãã ã«ä¿åããããªããšããããšã§ãïŒä»ã®äººã«çãŸãããªã¹ã¯ããããããããŸããïŒã ãããã£ãŠãç§ã®æèŠã§ã¯ããããå®è£
ããããã®ããæ¡åŒµå¯èœãªæ¹æ³ã¯ãç§å¯éµãæå®ããããã«ãã¡ã€ã«ãã¹ã®ä»£ããã«PEM encoded string of private key
ãããªãã®ã䜿çšããããšããµããŒãããããšã§ãã ç§å¯éµ/蚌ææžã®æå·å/埩å·åã¯ãéçºè
ã«æå©ãªæ¹æ³ã§ä»»ããŸããã
ãªã¯ãšã¹ãã®ãœãŒã¹ã³ãŒããèªãã åŸããªã¯ãšã¹ãã¯èšŒææž/ç§å¯éµãã¡ã€ã«ã®ã¿ããµããŒãããpythonã®ssl libã«äŸåããŠãããããå®è£
ã¯ç°¡åã§ã¯ãªãããã§ãã Python stdlibã®ä»£ããã«pyopensslã䜿çšã§ãããã©ããçåã«æã£ãŠããŸããïŒ pyopensslã«ã¯opensslæ¥ç¶ã®ã©ãããŒããããŸããhttpsïŒ//pyopenssl.readthedocs.io/en/latest/api/ssl.html#connection-objectsãåç
§ããŠ
PyOpenSSLãšä»ã®ããã€ãã®å¿ èŠãªäŸåé¢ä¿ãã€ã³ã¹ããŒã«ãããŠããéãããªã¯ãšã¹ãã¯ãã§ã«PyOpenSSLããµããŒãããŠããŸãã ãã ãããããå¿ é ã«ãªãããšã¯ãããŸãããæšæºã©ã€ãã©ãªãé©åã«äœ¿çšããããšãéèŠã§ãã
å°æ¥ã®ãªãªãŒã¹ã§ã¯ãTLSãåŠçããããã«SSLContextãªããžã§ã¯ããurllib3ã«æž¡ãããšããµããŒããããäºå®ã§ããããã«ããããã®æ©èœãæå¹ã«ãªããŸãã
ãã®åé¡ã«çŽé¢ããŠãã人ã®ããã«ããªã¯ãšã¹ããssl.SSLContext / OpenSSL.SSL.Contextãurllib3ã«æž¡ãæ©èœãè¿œå ãããŸã§ãæå·åããã蚌ææž/ããŒãã¡ã€ã«ã®äœ¿çšãå®éã«ãµããŒãããåé¿çããããŸãïŒæšæºã©ã€ãã©ãªã®ä»£ããã«PyOpenSSLãã€ã³ã¹ããŒã«ãããŠäœ¿çšãããŠããå¿ èŠããããŸãïŒ sslãã€ã³ã¹ããŒã«ãããŠããå Žåã¯ããããã¹ãã§ãïŒ
import requests
# Get the password from the user/configfile/whatever
password = ...
# Subclass OpenSSL.SSL.Context to use a password callback that gives your password
class PasswordContext(requests.packages.urllib3.contrib.pyopenssl.OpenSSL.SSL.Context):
def __init__(self, method):
super(PasswordContext, self).__init__(method)
def passwd_cb(maxlen, prompt_twice, userdata):
return password if len(password) < maxlen else ''
self.set_passwd_cb(passwd_cb)
# Monkey-patch the subclass into OpenSSL.SSL so it is used in place of the stock version
requests.packages.urllib3.contrib.pyopenssl.OpenSSL.SSL.Context = PasswordContext
# Use requests as normal, e.g.
endpoint = 'https://example.com/authenticated'
ca_certs = '/path/to/ca/certs/bundle'
certfile = '/path/to/certificate'
keyfile = '/path/to/encrypted/keyfile'
requests.get(endpoint, verify=ca_certs, cert=(certfile, keyfile))
@ahnolds ïŒããã¯PKCSïŒ12ãã¡ã€ã«ã§ãæ©èœããŸããããããšããã®PEMã®ã¿ã§ããïŒ
@Lukasa ïŒPKCSïŒ12ã®ã±ãŒã¹ã¯æ¬åœã«ããã§åŠçãããããšã«ãªã£ãŠããŸããããããšãå¥ã®åé¡ãéãå¿ èŠããããŸããïŒ
PKCSïŒ12ã¯é£ããåé¡ã§ãããåºæ¬çã«ã¯ãSSLContextãã«ã¹ã¿ãã€ãºããããã«å¿ èŠãªããšã¯äœã§ãããå¿ èŠããããŸãã
@Lukasa ïŒãªã¯ãšã¹ãã§åªããé«ã¬ãã«APIãæäŸããããšããã£ãšèããŠããŸããã ããšãã°ã cert=...
ããŒã¯ãŒããã©ã¡ãŒã¿ã䜿çšããŠclient_cert.p12
ãã¡ã€ã«åãšãã¹ã¯ãŒããæå®ããã ãã§ãã
@vogãããæ©èœãããã«ã¯ãã©ã®ã³ãŒããå¿ èŠã ãšæããŸããïŒ
@Lukasa requests
ã®å
éšã«ã€ããŠã¯ããããããªãã®ã§ããã§ã«ããã«ãããã®ãéå°è©äŸ¡ããŠãããããããŸãããã次ã®ãããããå®è¡ããå¿
èŠããããšæããŸãã
OpenSSL
ãã€ã³ãã£ã³ã°ãçŽæ¥åŒã³åºãæ°åã®åŒã³åºãã§è¡ãããŸãã ãã ããçµæã¯æååãšããŠã®PEM蚌ææžã§ãããïŒæå·åãããŠããªãïŒPEMãæååãšããŠäžäœå±€ã«æäŸããæ¹æ³ããŸã èŠã€ããŠããŸããïŒOpenSSL / python "ssl" "buffer"ã©ãããŒã䜿çšããå Žåãé€ããäŸïŒ wrap_bio
ã§ãããããã¯ææ°ã®Python 3ããŒãžã§ã³ã§ã®ã¿äœ¿çšå¯èœã§ãããPython 2ã§ã¯äœ¿çšã§ããŸããïŒãæåŸã®ãã€ã³ãã¯ãç§ãçŸåšåºæ¬çã«è¡ã£ãŠããããšã§ãããããã¯ãŸã£ãã奜ãã§ã¯ãªãããšã«æ³šæããŠãã ããã 蚌ææžãå«ãåçŽãªæååãOpenSSLã«æäŸã§ããªãã®ã¯ãªãã§ããïŒ ããã«ãPKCSïŒ12ã®ãã¡ã€ã«åãšãã¹ã¯ãŒããäžäœå±€ã«åçŽã«æž¡ããªãã®ã¯ãªãã§ããïŒ
@reaperhulkã«OpenSSLãšãã¹ããŒããšããŠã¿ã°ãã¯ã©ã€ã¢ã³ã蚌ææžã®PKCSïŒ12圢åŒã®èšŒææžãããŒãããããã®APIããªãããšãç解ããŠããŸãã ããã¯ã絶察ã«PEMã«å€æããå¿ èŠãããããšãæå³ããŸãã ã¡ã¢ãªå ã§ãããè¡ãããšã¯ç¢ºãã«å¯èœã§ãããããæç¹ã§ããã®ãšãã¹ããŒããååã«èæ ®ããŠãæž¡ãããSSLContextã«å§ä»»ããã ãã§ã¯ãªãã®ã§ã¯ãªãããšæããŸãã
@Lukasaãã®åé¡ãçå£ã«åãæ¢ããŠãããŠããããšãã ãããããŸãã«ãæè¡çã«èãããå Žåã¯ç³ãèš³ãããŸããããæ¬è³ªçã«ã¯ããã ãã§ãïŒ
ã¯ã©ã€ã¢ã³ã蚌ææžãä»ããŠãµãŒãã¹ã«ã¢ã¯ã»ã¹ãããã ã»ãšãã©ãã¹ãŠã®å Žæã§ãããããã¡ã€ã«ãšãã¹ã¯ãŒããšããŠååŸããŸãïŒãã¡ã€ã«ã¯PKCSïŒ12ã§ãšã³ã³ãŒããããŠããŸãïŒã Javaæšæºã©ã€ãã©ãªãªã©ã®ã»ãšãã©ã®APIã§ã¯ããã¡ã€ã«åãšãã¹ã¯ãŒããæå®ããã ãã§ãããã䜿çšã§ããŸãã
ãã ããPythonã§ã¯ãããã¯å°çã®ããã«è€éã§ãã
ãã®ãããã»ãšãã©èª°ããããããŸããã 代ããã«ãOpenSSLãä»ããŠãã¡ã€ã«ãšãã¹ã¯ãŒããæåã§PEMãã¡ã€ã«ã«å€æãããã®ãã¡ã€ã«ã䜿çšããŸãã ããã¯ããã®ãããªã¢ããªã±ãŒã·ã§ã³ã®ãã¹ãŠã®ãŠãŒã¶ãŒã®ç®¡çãªãŒããŒãããã§ãã ïŒPKCSïŒ12ïŒãã¡ã€ã«ãšãã¹ã¯ãŒãã«åçŽã«ååãä»ããããšã¯ã§ããªãããã§ãã
requests
ã©ã€ãã©ãªã¯ãå°ãªããšãJavaãšåããããåçŽã«ããå¿
èŠããããšæããŸãã
requests
ãã§ã«æããªè€éãªAPIãåçŽåããçŽ æŽãããä»äºãããŠãããPKCSïŒ12ã®ãŠãŒã¹ã±ãŒã¹ã¯æããªè€éãªAPIã®åãªãå¥ã®äŸã§ãã
PKCSïŒ12ã®ãŠãŒã¹ã±ãŒã¹ã¯ãæããªè€éãªAPIã®ãã1ã€ã®äŸã§ãã
ãããç§ã¯ããã«ãŸã£ããåæããŸãããã¹ã¿ãã¯ã®ã©ããã«PKCSïŒ12ãµããŒãã®ããã®ããçš®ã®ãœãªã¥ãŒã·ã§ã³ãããã°å®å šã«å¬ããã§ãã
ç§ãæããããšããŠããã®ã¯ããããæ©èœãããããã«å¿ èŠãªã³ãŒããšããã®çµæããããé 眮ããå Žæã§ãã ç§ã®æšè«ã¯æ¬¡ã®ãããªãã®ã§ãïŒ
cert=
ã®æ§æããŸã£ããå€æŽãããªãå ŽåïŒãµããŒãããããã®ãåºããã ãïŒãåäœãäœäžããŸããïŒã€ãŸããPKCSïŒ12ãã¡ã€ã«ãšPEMãã¡ã€ã«ã®éãã確å®ã«èŠåããããšãã§ããŸãããŸãã¯ãäž¡æ¹ã®ããžãã¯ãã§ãŒã³ãç°¡åã«åŠçããããšãã§ããŸãïŒãè¡šé¢ãžã®ååã«å°ããªå€æŽãšããŠã«ãŠã³ãããããããããããããã ãã®äŸ¡å€ããããŸãã ãã€ãŸãããããã©ãã»ã©åŸ®åŠã§ããããã³ãŒããã©ãã»ã©è€éã§ããããè¿œå ã®äŸåé¢ä¿ãå¿
èŠãã©ãããæ€èšãããã®æ
å ±ã䜿çšããŠã³ãŒããé
眮ããã®ã«æé©ãªå ŽæãèŠã€ããããšããããšã§ãã ããšãã°ãçŸåšãæšæºã©ã€ãã©ãªãPKCSïŒ12ãåŠçã§ããªããšãã_çæ_ããããŸããã€ãŸãã_ãããã_ãªã¯ãšã¹ãã¯[security]
ãšã¯ã¹ãã©ãã€ã³ã¹ããŒã«ãããŠããPKCSïŒ12ãã䜿çšã§ããŸããã ããã«æªãå Žåã«ã¯ãOpenSSLãã€ã³ãã£ã³ã°ã§äœ¿çšã§ããé¢æ°ããŸã£ãããªãå¯èœæ§ããããŸãããã®å Žåããããæ©èœãããã«ã¯ãå®éã®åä»ãªäœæ¥ãè¡ãå¿
èŠããããŸãã ã ããç§ã¯@reaperhulkã«å éããŠãããããã£ãã®
ãã®ãµããŒããè¿œå ãããããšãæãã§ããŸããäœæ¥ã®ç¯å²ãç¥ã£ãŠããäœäººãã®äººã ã«ããã§ã³ã¡ã³ãããŠããããå®éã«ç§»åããå¿ èŠã®ããå±±ã®å€§ãããç¥ãããŠãã ããã
PKCSïŒ12å®è£
ã®ãã1ã€ã®è©³çŽ°ïŒãã¹ã¯ãŒãããã€ãæååã§ã¯ãªãunicode
ãªããžã§ã¯ããšããŠæå®ãããŠããå Žåãå€ãããŒãžã§ã³ã®PythonOpenSSLãã€ã³ãã£ã³ã°ã¯å€±æããŸãã ãããã£ãŠã次ã®ããã«load_pkcs12()
ã«æž¡ãåã«å€æããå¿
èŠããããŸãã
if isinstance(password, unicode):
password_bytes = password.encode('utf8')
else:
password_bytes = password
pkcs12 = OpenSSL.crypto.load_pkcs12(pkcs12_data, password_bytes)
å®å
šãªã³ã³ããŒã¿ãŒã¯æ¬¡ã®ããã«ãªããŸãã pkcs12_data
ã¯ãã€ããªããŒã¿ãå«ããã€ãæååã§ãããšäºæ³ããã password
ã¯ãã€ãæååãŸãã¯Unicodeæååã§ããå¯èœæ§ããããŸãã
def pkcs12_to_pem(pkcs12_data, password):
# Old versions of OpenSSL.crypto.load_pkcs12() fail if the password is a unicode object
if isinstance(password, unicode):
password_bytes = password.encode('utf8')
else:
password_bytes = password
p12 = OpenSSL.crypto.load_pkcs12(pkcs12_data, password_bytes)
p12_cert = p12.get_certificate()
p12_key = p12.get_privatekey()
pem_cert = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, p12_cert)
pem_key = OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, p12_key)
pem = pem_cert + pem_key
return pem
åé¡ã®åé¡ã¯ãªã¯ãšã¹ããPKCSïŒ12ããã€ãã£ãã«ãµããŒãããå¿ èŠããããã©ããã§ãããããPKCSïŒ12ã®è°è«ã¯æåã®åé¡ã®ç¯å²ãè¶ ããŠããããã«æãããŸãã ç§ã¯ãããããèªèº«ã®åé¡ãæ±ããŠãããšæ祚ããŸãããããæããã«ããã¯æ åœè 次第ã§ãã
ãšã¯ãããæå·åãããŠããªãäžæãã¡ã€ã«ãå¿
èŠãšããªãåé¿çãšããŠã OpenSSL.crypto.dump_privatekey
ã¡ãœããã«ã¯ãªãã·ã§ã³ã®ãã¹ãã¬ãŒãºãã©ã¡ãŒã¿ãŒããããããæå·åãããç§å¯éµã®ã³ããŒãPEM圢åŒã§ååŸã§ããŸãã ããã¯ç§ãã¡ãå§ããæå·åãããPEMåé¡ã«ãããæžããã§ãããã
ãããã¯ã OpenSSL.SSL.Context
ã®use_privatekey
ã¡ãœããã䜿çšããåã«ææ¡ãããã®ãšåæ§ã®ããã¯ãäœæããããšãã§ããŸãã é ã®ãŠã£ãºãããïŒãã¹ããããŠããªãïŒæ¬¡ã®ãããªãã®
# From somewhere
pkcs12_data = ...
password_bytes = ...
class Pkcs12Context(requests.packages.urllib3.contrib.pyopenssl.OpenSSL.SSL.Context):
def __init__(self, method):
super(PasswordContext, self).__init__(method)
p12 = OpenSSL.crypto.load_pkcs12(pkcs12_data, password_bytes)
self.use_certificate(p12.get_certificate())
self.use_privatekey(p12.get_privatekey())
# Monkey-patch the subclass into OpenSSL.SSL so it is used in place of the stock version
requests.packages.urllib3.contrib.pyopenssl.OpenSSL.SSL.Context = Pkcs12Context
次ã«ã蚌ææžããŸã£ããæå®ããã«requests.get
ãªã©ã䜿çšããŸããããã¯ãã³ã³ã¹ãã©ã¯ã¿ãŒã§æ¢ã«åŠçãããŠããããã§ãã
ãã®ã¹ã¬ãããä»ãã確èªããŸãã ãªãªãžãã«ã®èšãæãïŒ
æå·åãããPEM圢åŒã®ã¯ã©ã€ã¢ã³ã蚌ææžãäžããããå Žåããªã¯ãšã¹ãã¯ãã¹ã¯ãŒãã®æäŸãåŠçã§ããŸããïŒ
ããã¯çŸåšã®æšæºã©ã€ãã©ãªã«ããã®ã§ããã®ãªãã·ã§ã³ãçµ±åããã®ã¯çŽ æŽãããããšã§ãã ããã¯ããšã³ã¿ãŒãã©ã€ãºã»ãã¥ãªãã£ã®èæ ®äºé ïŒèšŒææžãæå·åãããŠãããæå·åããããŸãŸã§ããããšãæå³ãããŠããå ŽåïŒã«ãšã£ãŠéåžžã«äŸ¡å€ããããŸãã
ãã®æç¹ã§ãããã¯ããã©ã³ã¹ããŒãã¢ããã¿ãŒã䜿çšããŠã«ã¹ã¿ã SSLã³ã³ããã¹ããurllib3ã«æž¡ãããšã§å®è¡ã§ããŸãã ããã¯ãæšæºã©ã€ãã©ãªã®SSLã³ã³ããã¹ãã§èš±å¯ãããŠããããšããã¹ãŠå®è¡ã§ããŸãã ããã§ã«ã¹ã¿ã ã³ã³ããã¹ããæž¡ãäŸãèŠãããšãã§ã
äžæãã¡ã€ã«ã䜿çšããŠ.pfxãš.p12ã.pemã«å€æããããšã§ããªã¯ãšã¹ãã§.pfxãš.p12ã䜿çšããããšãã§ããŸããã https://gist.github.com/erikbern/756b1d8df2d1487497d29b90e81f8068ãåç §ããŠ
èå³ãããã°PRãæåºã§ããŸãã äžæãã¡ã€ã«ãšã³ã³ããã¹ããããŒãžã£ãŒãé¿ããã®ã¯çŽ æŽãããããšã§ãã ãç¥ããäžããã
ããã¯ããŒãžãããå¯èœæ§ã¯äœãã§ãããæãå ¥ããŸããããã©ã³ã¹ããŒãã¢ããã¿ãä»ããŠPyOpenSSLã³ã³ããã¹ãããªã¯ãšã¹ãã«çŽæ¥æž¡ãããšãã§ããããã«ãªã£ãããããã®åé¡ãåé¿ã§ããå¯èœæ§ããããŸãã
ããã¯ããŒãžãããå¯èœæ§ã¯äœãã§ãããæãå ¥ããŸããããã©ã³ã¹ããŒãã¢ããã¿ãä»ããŠPyOpenSSLã³ã³ããã¹ãããªã¯ãšã¹ãã«çŽæ¥æž¡ãããšãã§ããããã«ãªã£ãããããã®åé¡ãåé¿ã§ããå¯èœæ§ããããŸãã
æ··ä¹±ããŠç³ãèš³ãããŸããããpfx / p12ã®ãµããŒãã¯äžè¬çã«ããŒãžãããªãå¯èœæ§ãé«ããšèšã£ãŠããŸããïŒ ïŒã³ã³ããã¹ããªã©ãéããŠãæ£ããæ¹æ³ã§è¡ããããšä»®å®ããŸãïŒã ãããè©ŠããŠã¿ãŠå¹žãã§ããããããããŒãžãããªãã®ã§ããã°ãæããã«ç§ã®æéã®äŸ¡å€ã¯ãããŸããã
ãããŒãžãããå¯èœæ§ãäœãããšããã®ã¯ãäžæãã¡ã€ã«ã®è§£æ±ºçã ãšæããŸãã
@erikbernæ確ã«ããããã«ãããçšåºŠäžè²«ããŠæ©èœãããœãªã¥ãŒã·ã§ã³ã«ã¢ãããŒãããŠããŒãžã§ããããšãããããæããŸãã ããšãã°ãurllib3ã®PyOpenSSL contribã¢ãžã¥ãŒã«ãä»ããŠPKCSïŒ12ã䜿çšãããœãªã¥ãŒã·ã§ã³ã¯åãå ¥ããããŸãã
ãã ããäžæãã¡ã€ã«ãœãªã¥ãŒã·ã§ã³ã¯åãå
¥ããããŸããïŒ@vogã§ç€ºãããŠããããã«ïŒã ããã¯ãPKCSïŒ12ã®ãµããŒããæšæºã©ã€ãã©ãªã§æ©èœããå¯èœæ§ãäœãããšãæå³ããŸããããã¯ãæšæºã©ã€ãã©ãªssl
ã¢ãžã¥ãŒã«ããµããŒããå
¬éããŠããªãããããã¹ãŠã®ãªã¯ãšã¹ãæ§æã§ãµããŒããããããã§ã¯ãªãããã§ãã
ããã§ããã ãŸãã埩å·åãããããŒããã£ã¹ã¯ã«ä¿åããã»ãã¥ãªãã£ãªã¹ã¯ããããããäžæãã¡ã€ã«ãäžè¯ã§ããããšã«åæããŸãã æ¥é±ãããèŠããããããŸããã ssl
ã¢ãžã¥ãŒã«ã«ã€ããŠãæèŠããå¯ãããã ãããããšãããããŸãâå¶éãrequests
ç¯å²å€ã®å Žåã¯ãæããã«æ³šæãå¿
èŠã§ãã
ç§ã¯ããã調ã¹ã ssl
ã¢ãžã¥ãŒã«ãcadata
åŒæ°ãè¿œå ããŸãããããã§ãpemããŒã¿ãçã®æååãšããŠæž¡ãããšãã§ããŸãïŒ https ïŒ
ãããæ©èœãããã«ã¯ãããããã®å Žæã§urllib3ã«ããããé©çšããå¿ èŠãããã®ã§ãããããå§ãããããããŸããã
@erikbernæ確ã«ããããã«ãé©åã«æ§æãããSSLContext
ãªããžã§ã¯ããTransportAdapter
ã䜿çšããŠurllib3ã«æž¡ãã ãã§ããã®ãããªã»ãšãã©ãã¹ãŠã®ãœãªã¥ãŒã·ã§ã³ãããé©åã«æ©èœããŸãã
https://github.com/kennethreitz/requests/issues/2519ã¯ãã®åé¡ãšåãããã«æããããããããããããŒãžããå¿ èŠããããŸã
ãã®åé¡ã«é¢ããæŽæ°ã¯ããã¹ã¯ãŒãã§æå·åãããã¯ã©ã€ã¢ã³ã蚌ææžã䜿çšããããšããŠããŸãããæ©èœãããããšãã§ããŸããã ãªã¯ãšã¹ã以å€ã®ãªãã·ã§ã³ãæ¢ãå¿ èŠããããŸããïŒ ã§ããã ãæ©ãè¿ä¿¡ããŠããã ããŸãããã
ãããææžåããŸããïŒ ãããç§ãã¡ã®æãèŠæã®å€ãã£ãæ©èœã ãšæããŸãã
ãã®ã¹ã¬ããã¯2013幎ã«å§ãŸã£ããšæããŸãããæåŸãŸã§èª¬æããã解決çã¯èŠã€ãããŸããã§ããã ãã¹ã¯ãŒããæäŸããããã®ãªãã·ã§ã³ãæäŸããŸãããïŒ ãããšãããã¯ãŸã é²è¡äžã§ããïŒ
äœæäžã®ã¢ããªã»ãã¥ãªãã£è£œåã§ãªã¯ãšã¹ãã䜿çšããããšããŠããŸãã ã ããã©ããªãã€ã³ã¿ã圹ã«ç«ã¡ãŸã
@AnoopPillaiãã®ã³ã¡ã³ãã確èªããŸãããïŒ https://github.com/requests/requests/issues/1573#issuecomment -188125157
ã¯ããç§ã¯ãã®ã³ã¡ã³ããèªã¿ãŸãããããã¯åé¿çã§ãããç§ã®å Žåãã¢ããªã±ãŒã·ã§ã³ã®å€éšã§è¡ãå¿ èŠãããããã2ã€ã®èšŒææžãã¡ã€ã«ã«å€æããããããŸããã ããã«ãæå·åããã.pemãã¡ã€ã«ã®ãã¹ã¯ãŒããä¿åããããã«ããŒã«ãã®ãããªãã®ã䜿çšããŸãã
ãã®ãã¹ã¯ãŒãã¯å®è¡æã«ã¢ããªã«ãã£ãŠåçã«ååŸããããããããŒãã³ãŒãã£ã³ã°ã¯äžèŠã§ãã
@AnoopPillaiããããŸããã
@kennethreitzããããææžåããŸããã§ããã
@AnoopPillaiãããããã¯åé¡ãªãåäœããŸãã ããã€ãã®äœã¬ãã«ã®ããã¯ã䜿çšããå¿
èŠããããŸãã ãã®å Žåããã©ã³ã¹ããŒãã¢ããã¿ã¬ãã«ã§SSLContext
ãurllib3ã«çŽæ¥æž¡ãããšãã§ããŸãã ããã«ãããåºã«ãªãé¢æ°ã«ã¢ã¯ã»ã¹ããŠããã¹ãã¬ãŒãºãŸãã¯ãã¹ãã¬ãŒãºé¢æ°ãæäŸã§ããŸãã ããããããããµããŒãããããšããå§ãããæ¹æ³ã§ãã
䟿å©ã ãšæã£ãäžæãã¡ã€ã«ã䜿çšãã@AnoopPillaiã®åé¿çïŒ https ïŒ //gist.github.com/erikbern/756b1d8df2d1487497d29b90e81f8068
ãããè¡ãæ¹æ³ãããããšãç§ã«ç¥ãããŠãããLukasaã«æè¬ããŸãã
ç§ã¯PythonãåããŠäœ¿çšãã3.6ããŒãžã§ã³ã䜿çšããŠããŸãã ã¯ã©ã€ã¢ã³ã蚌ææžã®ãã¹ã¯ãŒããæž¡ãããã®æå·ãªã©ã®ãªãã·ã§ã³ãèŠã€ããããšãã§ããå ŽæãæããŠãã ããã
@Erikbernç§ã¯äžæãã¡ã€ã«ã®è§£æ±ºçããŸã çµéšããŠããŸããããä»æ¥ãåãããšãèŠãŠãããŸãã è¿ä¿¡ããããšãããããŸãã
@AnoopPillai load_cert_chain
ãå¿
èŠã«ãªããŸãã
@LukasaãããææžåããŠ
ç³ãèš³ãããŸããããPythonã®çµéšãäžè¶³ããŠããããšãåå ã§ããå¯èœæ§ããããŸãããLukasaãäžèšã§èª¬æããã³ãŒããå€æŽããããšã¯ã§ããŸããã ç§ã®ã³ãŒãã¯æ¬¡ã®ãšããã§ãã
class DESAdapter(HTTPAdapter):
"""
A TransportAdapter that re-enables 3DES support in Requests.
"""
def init_poolmanager(self, *args, **kwargs):
context = create_urllib3_context(load_cert_chain='rtmqa-clientid.pem',password='weblogic')
kwargs['ssl_context'] = context
return super(DESAdapter, self).init_poolmanager(*args, **kwargs)
def proxy_manager_for(self, *args, **kwargs):
context = create_urllib3_context(load_cert_chain='rtmqa-clientid.pem', password='weblogic')
kwargs['ssl_context'] = context
return super(DESAdapter, self).proxy_manager_for(*args, **kwargs)
s = requests.Session()
s.mount(url, DESAdapter())
r = s.get(url, headers=request_header).json()
ãšã©ãŒãçºçããŸã
TypeErrorïŒcreate_urllib3_contextïŒïŒãäºæããªãããŒã¯ãŒãåŒæ° 'load_cert_chain'ãååŸããŸãã
ã¯ããããã¯ééãã§ãã ããªãã¯ãåŒã³åºãããcreate_urllib3_context
ãšãã®æ»ãå€ãååŸããåŸãåŒã³åºãload_cert_chain
è¿ããããªããžã§ã¯ãã®äžã«ã ã€ã³ã¿ã©ã¯ãã£ãã€ã³ã¿ããªã¿ã§ãããã®é¢æ°ãè©ŠããŠã¿ãŠãããããã©ã®ããã«æ©èœãããã確èªããŠãã ããã
Macã«ã€ã³ã¹ããŒã«ãããŠããurllib3..util.ssl_.pyã«ã¯ããã¹ã¯ãŒãã®ææ°ã®ãªãã·ã§ã³ããããŸããã
ããã¯ã³ãŒãã§ã
if certfile:
context.load_cert_chain(certfile, keyfile)
if HAS_SNI: # Platform-specific: OpenSSL with enabled SNI
return context.wrap_socket(sock, server_hostname=server_hostname)
ãã¹ã¯ãŒããªãã·ã§ã³ããããŸããã ssl_.pyãæŽæ°ããŠææ°ããŒãžã§ã³ãååŸããã«ã¯ã©ãããã°ããã§ããïŒ
@AnoopPillaiããªãã¯ããŸããã åŒæ°ãªãã§é¢æ°ãåŒã³åºããŠãããè¿ããããªããžã§ã¯ãã«å¯ŸããŠload_cert_chain
ãåŒã³åºããŸãã urllib3ãå€æŽããå¿
èŠã¯ãããŸããã
æ確ã«ããããã«ããã®ããã«ïŒ
ctx = create_urllib3_context()
ctx.load_cert_chain(your_arguments_here)
ãããææžåããŸããã:)
@ erikbern tempfileãœãªã¥ãŒã·ã§ã³ãè©ŠããŸãããã次ã®ãšã©ãŒãçºçããŸããïŒ
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/contrib/pyopenssl.py", line 441, in wrap_socket
cnx.do_handshake()
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/OpenSSL/SSL.py", line 1716, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/OpenSSL/SSL.py", line 1456, in _raise_ssl_error
_raise_current_error()
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/connectionpool.py", line 595, in urlopen
self._prepare_proxy(conn)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/connectionpool.py", line 816, in _prepare_proxy
conn.connect()
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/connection.py", line 326, in connect
ssl_context=context)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 329, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/contrib/pyopenssl.py", line 448, in wrap_socket
raise ssl.SSLError('bad handshake: %r' % e)
ssl.SSLError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/requests/adapters.py", line 440, in send
timeout=timeout
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/connectionpool.py", line 639, in urlopen
_stacktrace=sys.exc_info()[2])
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/util/retry.py", line 388, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='credit-cards-accounts-qa.kdc.capitalone.com', port=443): Max retries exceeded with url: /credit-cards-accounts/credit-cards/accounts/XqLuxBTABbIDvpw56ba34p2WV9JoWUSkPJ09hrBlWD8= (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Users/tsu892/Desktop/Office/Pythone-work/ASR-pythone/ASR-python3.6/test-request.py", line 48, in <module>
r = requests.get(url, headers=request_header, cert=cert).json()
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/requests/api.py", line 72, in get
return request('get', url, params=params, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/requests/api.py", line 58, in request
return session.request(method=method, url=url, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/requests/sessions.py", line 508, in request
resp = self.send(prep, **send_kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/requests/sessions.py", line 618, in send
r = adapter.send(request, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/requests/adapters.py", line 506, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='credit-cards-accounts-qa.kdc.capitalone.com', port=443): Max retries exceeded with url: /credit-cards-accounts/credit-cards/accounts/XqLuxBTABbIDvpw56ba34p2WV9JoWUSkPJ09hrBlWD8= (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
以äžã¯ç§ã®ã³ãŒãã§ãïŒ
import requests
import json
import OpenSSL.crypto
import tempfile
import os
import contextlib
import ssl
json_file='apiInput.json'
hdr_key=[]
hdr_value=[]
json_data=open(json_file)
data = json.load(json_data)
request_body={}
#pprint(data)
json_data.close()
request_data = data['request1']
request_header=request_data['header-data']
url=request_header['url']
@contextlib.contextmanager
def pfx_to_pem():
print('inside pfx tp pem')
with tempfile.NamedTemporaryFile(suffix='.pem') as t_pem:
f_pem = open(t_pem.name, 'wb')
fr_pfx = open('rtmqa-clientid.pfx', 'rb').read()
p12 = OpenSSL.crypto.load_pkcs12(fr_pfx,'xxxxxxxxx')
f_pem.write(OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, p12.get_privatekey()))
f_pem.write(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, p12.get_certificate()))
ca = p12.get_ca_certificates()
if ca is not None:
for cert in ca:
f_pem.write(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert))
f_pem.close()
yield t_pem.name
with pfx_to_pem() as cert:
print(cert)
r = requests.get(url, headers=request_header, cert=cert).json()
print(r.status_code)
print(r.json())
ç³ãèš³ãããŸããããããªãã®ã³ã¡ã³ãããèŠãŠããªããããå£ããŠããã®ãããããŸããã ç§ã¯ãããããããã®ã¢ããªã±ãŒã·ã§ã³ã«äœ¿çšããŸããããåé¡ã¯ãããŸããã§ãã
@Lukasaãã®ã³ãŒãå€æŽïŒä»¥äžã«è²Œãä»ããã³ãŒãïŒãè©ŠããŠã¿ããšãããtempfileã¡ãœããã§åŸãã®ãšåããšã©ãŒãçºçããŸããã
import requests
import json
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.ssl_ import create_urllib3_context
json_file='apiInput.json'
hdr_key=[]
hdr_value=[]
json_data=open(json_file)
data = json.load(json_data)
request_body={}
#pprint(data)
json_data.close()
request_data = data['request1']
request_header=request_data['header-data']
url=request_header['url']
class DESAdapter(HTTPAdapter):
"""
A TransportAdapter that re-enables 3DES support in Requests.
"""
def init_poolmanager(self, *args, **kwargs):
context = create_urllib3_context()
context.load_cert_chain('rtmqa-clientid.pem',password='weblogic')
kwargs['ssl_context'] = context
return super(DESAdapter, self).init_poolmanager(*args, **kwargs)
def proxy_manager_for(self, *args, **kwargs):
context = create_urllib3_context()
context.load_cert_chain('rtmqa-clientid.pem',password='weblogic')
kwargs['ssl_context'] = context
return super(DESAdapter, self).proxy_manager_for(*args, **kwargs)
s = requests.Session()
s.headers=request_header
s.mount(url, DESAdapter())
r = s.get(url)
/Users/tsu892/Python3.6/bin/python /Users/tsu892/Desktop/Office/Pythone-work/ASR-pythone/ASR-python3.6/Test-ASRreq.py
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/contrib/pyopenssl.py", line 441, in wrap_socket
cnx.do_handshake()
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/OpenSSL/SSL.py", line 1716, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/OpenSSL/SSL.py", line 1456, in _raise_ssl_error
_raise_current_error()
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/connectionpool.py", line 595, in urlopen
self._prepare_proxy(conn)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/connectionpool.py", line 816, in _prepare_proxy
conn.connect()
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/connection.py", line 326, in connect
ssl_context=context)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 329, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/contrib/pyopenssl.py", line 448, in wrap_socket
raise ssl.SSLError('bad handshake: %r' % e)
ssl.SSLError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/requests/adapters.py", line 440, in send
timeout=timeout
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/connectionpool.py", line 639, in urlopen
_stacktrace=sys.exc_info()[2])
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/util/retry.py", line 388, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='credit-cards-accounts-qa.kdc.capitalone.com', port=443): Max retries exceeded with url: /credit-cards-accounts/credit-cards/accounts/XqLuxBTABbIDvpw56ba34p2WV9JoWUSkPJ09hrBlWD8= (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Users/tsu892/Desktop/Office/Pythone-work/ASR-pythone/ASR-python3.6/Test-ASRreq.py", line 37, in <module>
r = s.get(url)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/requests/sessions.py", line 521, in get
return self.request('GET', url, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/requests/sessions.py", line 508, in request
resp = self.send(prep, **send_kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/requests/sessions.py", line 618, in send
r = adapter.send(request, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/requests/adapters.py", line 506, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='credit-cards-accounts-qa.kdc.capitalone.com', port=443): Max retries exceeded with url: /credit-cards-accounts/credit-cards/accounts/XqLuxBTABbIDvpw56ba34p2WV9JoWUSkPJ09hrBlWD8= (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
@erikbernã¯ãç§ã®ã©ãããããã®ã»ããã¢ããã®åé¡ã§ããå¯èœæ§ããããŸãã ç§ã¯MacãPythone3.6ã䜿çšããŠããŸã
6c40089ea258:~ tsu892$ pip3 show requests
Name: requests
Version: 2.18.4
Summary: Python HTTP for Humans.
Home-page: http://python-requests.org
Author: Kenneth Reitz
Author-email: [email protected]
License: Apache 2.0
Location: /Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages
Requires: idna, certifi, chardet, urllib3
6c40089ea258:~ tsu892$ pip3 show certifi
Name: certifi
Version: 2017.7.27.1
Summary: Python package for providing Mozilla's CA Bundle.
Home-page: http://certifi.io/
Author: Kenneth Reitz
Author-email: [email protected]
License: MPL-2.0
Location: /Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages
Requires:
蚌ææžã«äœãåé¡ããããšæããŸããïŒ
python -m requests.help
ã®åºåã¯äœã§ããïŒ
@Lukasaåºåã¯æ¬¡ã®ãšããã§ãã
6c40089ea258:~ tsu892$ python3 -m requests.help?
/Library/Frameworks/Python.framework/Versions/3.6/bin/python3: No module named requests.help?
ã³ãã³ãã©ã€ã³ããçå笊ãåé€ããŠãã ããã
6c40089ea258:~ tsu892$ python3 -m requests.help
{
"chardet": {
"version": "3.0.4"
},
"cryptography": {
"version": "2.0.3"
},
"idna": {
"version": "2.6"
},
"implementation": {
"name": "CPython",
"version": "3.6.2"
},
"platform": {
"release": "16.7.0",
"system": "Darwin"
},
"pyOpenSSL": {
"openssl_version": "1010006f",
"version": "17.2.0"
},
"requests": {
"version": "2.18.4"
},
"system_ssl": {
"version": "100020bf"
},
"urllib3": {
"version": "1.22"
},
"using_pyopenssl": true
}
ãããã£ãŠãçºçãããšã©ãŒã¯ããµãŒããŒã®TLS蚌ææžãæ€èšŒã§ããªãããšãåå ã§çºçããŸãã certifiãšOpenSSLã¯æ£ããããã«èŠããã®ã§ããµãŒããŒã誀åäœããŠãããšæããŸãã ã©ã®ãµãŒããŒã«å°éããããšããŠããŸããïŒ
ã¢ããªã±ãŒã·ã§ã³ã¯ã¯ã©ãŠãAWSã«ãããã€ãããŸãã ãã ããAPIãåŒã³åºããšãæåã«OSBã«éããã蚌ææžãèªèšŒãããŠããããªã¯ãšã¹ããAWSã«ã«ãŒãã£ã³ã°ãããŸãã
åã蚌ææžã䜿çšããpostmanãŸãã¯rubyã³ãŒãã䜿çšãããšAPIã¯æ£åžžã«æ©èœããŸã
ç¹å®ã®ã«ãŒã蚌ææžãå¿ èŠã§ããïŒ å°éãããã¹ãåãæããŠããã ããŸããïŒ
ãã¹ã®ãªããã¹ãURLã¯https://credit-cards-accounts-qa.kdc.capitalone.comã§ã
ããã¯å
éšãšã³ããã€ã³ãã§ã
ãããããã§äœãèµ·ãã£ãŠããã®ãããããŸããã openssl s_client -showcerts -connect credit-cards-accounts-qa.kdc.capitalone.com:443
ãå®è¡ããŠãå®å
šãªåºåãæäŸã§ããŸããïŒ
åé€ãããŸãã
ããã¯ãã°ããŒãã«ã«ä¿¡é ŒãããŠããã«ãŒã蚌ææžã䜿çšããŠããªãããã«èŠããŸãã ãã®ãµãŒãã¹ã®ã«ãŒã蚌ææžã¯ã©ãã«ãããŸããïŒ
ä»ã®èšŒææžã¯äœ¿çšããŠããŸããã èå°è£ã§ã«ãŒã蚌ææžã䜿çšãããŠãããã©ããããããªãã®ã§ããããèŠã€ããæ¹æ³ã¯ãããŸããïŒ
ãããChromeã®éçºè ããŒã«ã¯ããã䜿çšããŠããå®å šãªèšŒææžãã§ãŒã³ãæããŠãããŸãã
ããããã誰ããèŠãããšãã§ããããã«å éšèšŒææžããªã³ã©ã€ã³ã§æçš¿ããããªãã§ããã...
@erikbernããã¯å ¬éæ å ±ã§ãã åãã³ãã³ããå®è¡ããããšã§ãåãçµæãåŸãããšãã§ããŸãã
@ SethMichaelLarson @ erikbernã®GitHubãããã¡ã€ã«ã
@erikbern @ sigmavirus24ããïŒ èª°ãšè©±ããŠããã®ãããããªãã£ãã ç¶è¡ïŒ ð
éµäŸ¿é
éå¡ããå®è¡ãããšãsha-1蚌ææžä»¥å€ã¯äœã衚瀺ãããŸãã
ã©ãããããããããPycharmã«è¿œå ããå¿
èŠããããããããŸãã
ããªããæåéãChromeã§ãŠã§ããµã€ããé²èŠ§ãããªããããã§ååãªã¯ãã§ãã
@SethMichaelLarsonã¯ã©ã®ã³ãã³ããå®è¡ããŠããŸããïŒ åèãŸã§ã«ãã³ã¡ã³ãã¯åé€ãããŸãããã以åã«ããã«BEGINCERTIFICATEãããå šäœããããŸãã...ãªã³ã©ã€ã³ã§å ±æããããªããšæããŸã
@erikbernããã¯èšŒææžã®å ¬ééµã«ãããŸããã§ãã...
蚌ææžã¯å ¬éããŒã¿ã§ãã ãããã¯ãæ¥ç¶ãè©Šè¡ããããã³ã«ããããã¯ãŒã¯ãä»ããŠãã¬ãŒã³ããã¹ãã§éä¿¡ãããŸãã
蚌ææžãã§ãŒã³ã«ã¢ã¯ã»ã¹ããŸããããAPIããããããããã«äœ¿çšããŠããSha-1蚌ææžãš.Pem蚌ææžã®ã¿ãèŠã€ãããŸãã
@AnoopPillaiãã¹ã¯ãŒãä»ãã®ã¯ã©ã€ã¢ã³ãåŽpemãã¡ã€ã«ã䜿çšããŠã9æ1æ¥ã®ãµã³ãã«ã³ãŒããåé¡ãªãæ©èœããããã«ãªããŸããã ãã¹ãã¯éåžžââã®èšŒææžã䜿çšããŠããããã§ãã @Lukasaã«æè¬ããŸãïŒ
æ®å¿µãªãããTemp Fileã¡ãœããã䜿çšããŠãããŸã åé¡ãçºçããŠããŸãã Google Postmanã§.pfxã䜿çšã§ããèªèšŒã«åé¡ã¯ãããŸããïŒãããã£ãŠãã¯ã¬ãã³ã·ã£ã«ãæ©èœããããšã¯ããã£ãŠããŸãïŒããPythonã§401ãååŸããŠããŸãã æ®å¿µãªãããç§ãæ±ã£ãŠããäŒç€Ÿã®ãµããŒãæ åœè ã¯ããŸãå©ãã«ãªããŸããã§ãã-ãã©ãã«ã·ã¥ãŒãã£ã³ã°ã®ææ¡ã¯ãããŸããïŒ
ãã®æ®µéã§ã¯ãä»ã®äººãäžæãã¡ã€ã«æ¹åŒã§æåãããšå ±åããŠããŠã蚌ææžç®¡çããŒã ããäœãè¿äºããªããããã©ãã§åé¡ãæ¢ãã¹ããæ¬åœã«ããããŸããã
ã¢ããã€ã¹ãããã ããã°å¹žãã§ãããããç°¡åã«ããããã®è¿œå æ å ±ãæäŸã§ãããã©ãããç¥ãããã ããã
ããããšã ïŒïŒ
åãªãææ¡ã§ãããPFXãPEMã«å€æããŠã¿ãŸãããïŒ ãŸãããµãŒããŒããŠãŒã¶ãŒå/ãã¹ã¯ãŒãã䜿çšããŠããå Žåã¯ãauth =ïŒïŒã䜿çšããŠget / postãªã¯ãšã¹ããè¿œå ããå¿
èŠããããŸãã ãã¹ã¯ãŒãã§ä¿è·ãããPEMãã¡ã€ã«ã䜿çšããŠãäžèšã®class DESAdapter(HTTPAdapter)
ã¢ãããŒããæ°é±éåé¡ãªã䜿çšããŠããŸãã
@ideaseanãŸã ç¡å¹ãªã¯ã¬ãã³ã·ã£ã«ãååŸããŠããŸãã äžæãã¡ã€ã«ã¡ãœããçšã«èšè¿°ãããpfx_to_pemé¢æ°ã«ãã£ãŠçæããã.pemãã¡ã€ã«ãload_cert_chainã«åããå¿ èŠããããŸããïŒ ç§å¯éµãšèšŒææžãå«ãŸããŠããŸãã
.pfxã¯Postmanã§åäœããŸãããããã§ã¯èªèšŒãããªããããå€æããã»ã¹ã§åé¡ãçºçããŠããå¯èœæ§ããããŸããïŒ
äžæãã¡ã€ã«ã¡ãœããã¯äœ¿çšããŸããã§ããã äžèšã®9æ1æ¥ã®AnoopPillaiã®æçš¿ã«æžãããŠããããã«ãDESAdapterã¢ãããŒããã»ãŒäœ¿çšããŸããã
ç§ã¯ãã®ã³ãŒãå€æŽïŒä»¥äžã«è²Œãä»ããããã³ãŒãïŒãè©ŠããŠã¿ãŸããããtempfileã¡ãœããã§åŸãã®ãšåããšã©ãŒãçºçããŸããã
å€æããã»ã¹ã«ã€ããŠè©±ãããšã¯ã§ããŸããããããããè¯ããã¹ãã¯ãå€æãããpemãã¡ã€ã«ãPostmanã§äœ¿çšããŠã¿ãããšã§ãã
ãŸããç§ã®pemãã¡ã€ã«ã¯æå·å/ãã¹ã¯ãŒãã§ä¿è·ãããŠãããPythonãªã¯ãšã¹ãã¯çŸåšããããµããŒãããŠããªããããäžèšã®ã¢ãããŒãã䜿çšããããšã«ã泚æããŠãã ããã pemããã¹ã¯ãŒãã§ä¿è·ãããŠããªãå Žåã¯ããªã³ã¯ããšã«ãã€ãã£ããªã¯ãšã¹ãã䜿çšã§ããã¯ãã§ãïŒãã ãããã¡ã€ã«ã·ã¹ãã ã«ä¿è·ãããŠããªã蚌ææžããããŸãïŒã
@ideaseanãã®ã¡ãœããã«åŸã£ãŠ.pfxãå解ããããã°å±æ§ãšèšŒææžãå«ã.pemãã¡ã€ã«ãšãããã°å±æ§ãšæå·åãããç§å¯éµãå«ã.pemãã¡ã€ã«ãååŸããŸããã
ãŸã ç¡å¹ãªã¯ã¬ãã³ã·ã£ã«ãååŸããŠããã®ã§ãPostmanã«èšŒææžãå ¥ããŠãããããæ©èœãããã©ããã確èªããããšæããŸããããã®.pfxãæ£ãã解åã§ããªãçç±ãããããŸããã
ãŸããopensslã³ãã³ãopenssl pkcs12 -in <my_pfx>.pfx -out certificate.cer -nodes
ãè©ŠããŸãããã次ã®ããã«å€æŽããŠã401ãšã©ãŒãçºçããŸãïŒ context.load_cert_chain('certificate.cer')
äžèšã®.cerãã€ã³ã¹ããŒã«ããŸããããPostmanã¯APIåŒã³åºããè¡ããšãã«ããã䜿çšããããã«èŠæ±ããŸããïŒ.pfxã䜿çšããããã«èŠæ±ãããããã¢ãããšã¯ç°ãªããŸãïŒãä»ã«ã©ã®ããã«ãã®ç¹å®ã®èšŒææžã䜿çšãããããšãã§ãããããããŸããããã¥ã¡ã³ãã«èšèŒãããŠãããããªèšå®ã«ã¯ã蚌ææžãããã«ããªãããã§ãã
蚌ææžããã«ãSSLæ€èšŒã®ç¡å¹åãªã©ãå«ãŸããŠããªããã©ãŠã¶ããŒãžã§ã³ã®Postmanã䜿çšããŠããå¯èœæ§ããããŸããã¯ã©ã€ã¢ã³ãå šäœãè©ŠããŠèšŒææžã®èšå®ãå€æŽããŠãã ããã ãããã¯ããå°ãå€ããŠããã®ã§ãå¥ã®ã¹ã¬ããã§ãã®ãã£ã¹ã«ãã·ã§ã³ãç¶ããããšããå§ãããŸãã
@ mkane848ã¯ã ValueError: String expected
åãåã£ãŠããå
ã®ã³ã¡ã³ããèŠãŸããã https://github.com/pyca/pyopenssl/issues/701ããã³https://github.com/shazow/urllib3/issues/1275ã確èªããããšããå§ãã
ç§ã¯ããã䜿çšããŠãã¹ã¯ãŒãã§ãã©ã€ããŒããã ã䜿çšããŸãïŒ
from requests.adapters import HTTPAdapter
from urllib3.util.ssl_ import create_urllib3_context
class SSLAdapter(HTTPAdapter):
def __init__(self, certfile, keyfile, password=None, *args, **kwargs):
self._certfile = certfile
self._keyfile = keyfile
self._password = password
return super(self.__class__, self).__init__(*args, **kwargs)
def init_poolmanager(self, *args, **kwargs):
self._add_ssl_context(kwargs)
return super(self.__class__, self).init_poolmanager(*args, **kwargs)
def proxy_manager_for(self, *args, **kwargs):
self._add_ssl_context(kwargs)
return super(self.__class__, self).proxy_manager_for(*args, **kwargs)
def _add_ssl_context(self, kwargs):
context = create_urllib3_context()
context.load_cert_chain(certfile=self._certfile,
keyfile=self._keyfile,
password=str(self._password))
kwargs['ssl_context'] = context
åèãŸã§ã«ã requests
PKCSïŒ12ãµããŒããå¥ã®ã©ã€ãã©ãªãšããŠå®è£
ããŸããã
ã³ãŒãã¯ã¯ãªãŒã³ãªå®è£ ã§ããã¢ã³ããŒããããäžæãã¡ã€ã«ã䜿çšããŸããã 代ããã«ãã«ã¹ã¿ã SSLContextãæäŸããã«ã¹ã¿ã TransportAdapterã䜿çšãããŸãã
ãã£ãŒãããã¯ãæ¹åã¯å€§æè¿ã§ãïŒ
ãã¡ããã requests
ããã®æ©èœãçŽæ¥æäŸããããšãæã¿ãŸãããããã«å°éãããŸã§ããã®ã©ã€ãã©ãªã¯èŠçã軜æžããŸãã
ãããç°¡åã«å®è¡ã§ããã°éåžžã«äŸ¿å©ã§ãã
~~~
cert =ïŒ "cert.pem"ã "key.pem"ã "somepassphrase"ïŒïŒåå¥ã®èšŒææž/ããŒ
cert=("keycert.pem", None, "somepassphrase") # combined cert/key
~~~
... Python3.3以éã§ã®ã¿æ©èœãããšããŠãã ããã¯ãAPIãµãŒãã§ã¹ãžã®ãã€ããŒãªè¿œå ã«ãããŸããã
AFAICSãããã¯ãHTTPSConnectionããªãã·ã§ã³ã®password
åŒæ°ãåãå
¥ããããã«ãurllib3ã«å°ããªå€æŽãå ããããšãæå³ããŸãã ããã¯ssl_wrap_socket
ãä»ããŠæž¡ãããæçµçã«æ¬¡ã®ããã«ãªããŸãã
ãcertfileã®å ŽåïŒãã¹ã¯ãŒããNoneã§ãªãå ŽåïŒcontext.load_cert_chainïŒcertfileãkeyfileãpasswordïŒããããªããšïŒcontext.load_cert_chainïŒcertfileãkeyfileïŒã
ãã®å Žåãäžäœäºææ§ãããããµããŒããããŠããªãå€ããã©ãããã©ãŒã ã§ç§å¯éµãã¹ãã¬ãŒãºã䜿çšããããšããå Žåã«ã®ã¿äŸå€ãçºçããŸãã
ããšã泚æcontrib/pyopenssl.py
ã¢ããã¿ã¯ããã§ã«ãµããŒãã«ããã®äœåãªåŒæ°ãload_cert_chain
ãããã³ããã®python 2.7 ã
äœè«ã§ãããç§ã¯AWS KMSã䜿çšããŠãã·ãŒã¯ã¬ãããããŒã¿ã管çããŠãããããã¢ããªã±ãŒã·ã§ã³ã«ããŒãã³ãŒãã£ã³ã°ããã®ã§ã¯ãªããå®è¡æã«KMSããããŒãã¹ã¯ãŒããããŒãããŸãã
å人çã«ã¯ããã®å€æŽã«å察ããã€ããã¯ãããŸãããããã«ãããå šäœçã«å€ãã®ãŠãŒã¶ãŒã®ãŠãŒã¶ãŒã€ã³ã¿ãŒãã§ã€ã¹ãå€§å¹ ã«æ¹åããããšæããŸãã
@ sigmavirus24äœãèãã¯ãããŸããïŒ
@candlerb @kennethreitz PKCSïŒ12ã±ãŒã¹ããã®APIã«å«ããããšãã§ããŸããïŒ
cert=('keycert.p12', None, 'somepassphrase')
åºå¥ã¯ããã¡ã€ã«æ¡åŒµåïŒ *.p12
ãš*.pem
ïŒããŸãã¯ãã®ãã¡ã€ã«ã®æåã®ãã€ãã調ã¹ãããšã«ãã£ãŠè¡ãããšãã§ããŸãã
å®å šã«å®è¡ã§ããéãããªã¯ãšã¹ããpkcsïŒ12ãååŸã§ããããã«ããããšã«åé¡ã¯ãããŸãããç§ã®æèŠã§ã¯ãæœåºãããç§å¯éµãäžæãã¡ã€ã«ã«æžã蟌ãããšã¯ã§ããŸããã
Python pkcsïŒ12ãã°ãŒã°ã«ã§æ€çŽ¢ãããšã次ã®ããšãããããŸãã
ãã®ãããããããå«ããã¡ã€ã«åã§ã¯ãªããããŒ/蚌ææžèªäœãOpenSSLã«æž¡ãããããã«æ¥ç¶ããå¿ èŠããããšæããŸãã ããã¯ã¯ããã«å€§ããªå€åã®ããã«èãããŸãã
ãããé£ããããå Žåã¯ããŠãŒã¶ãŒãpkcsïŒ12ããªãã©ã€ã³ã§PEMã«å€æããå¿ èŠãããããšãæå³ããŸããããã¯éåžžã«ç°¡åã§ãïŒææžåã§ããŸãïŒã
@candlerb以åã®ã³ã¡ã³ãïŒhttps://github.com/requests/requests/issues/1573#issuecomment-348968658ïŒã§æžããããã«ã requests
ãšããŸãçµ±åããã¯ãªãŒã³ãªå®è£
ããã§ã«äœæããŸããã
ãããã£ãŠãããªãã説æããŠããåé¡ã¯ãã§ã«è§£æ±ºãããŠããŸãã
çŸåšãç§ã®å®è£
ã§ã¯ãæ°ããpkcs12_*
ããŒã¯ãŒãåŒæ°ãè¿œå ããŠãã§ããã ãéªéã«ãªããªãããã«ããŠããŸãã
ãããã代ããã«cert
ããŒã¯ãŒãåŒæ°ã«çµ±åããå¿
èŠããããšæããŸããç§ã®è³ªåã¯æ¬¡ã®ãšããã§ãã
cert=('keycert.p12', None, 'somepassphrase')
ã¯åãå
¥ããããŸããïŒïŒããã«ããããå¥ã®requests_pkcs12
ã©ã€ãã©ãªã§ã¯ãªãã requests
å
¥ããããšæããŸãããããããã®åé¡ã®æ代ãèãããšããããããã«äžæµã«è¡ãããšã¯ã»ãšãã©æåŸ
ã§ããŸãããããããã©ã®çš®é¡ã®å®è£
ãæ£ç¢ºã«å¿
èŠãã«ã€ããŠå
·äœçãªã¹ããŒãã¡ã³ããããã°ãããã«å¿ããŠå®è£
ã調æŽãããã«ãªã¯ãšã¹ããææ¡ããããšãã§ããŸããïŒ
ã ãããããã€ãã®ããšïŒ
certããŒã¯ãŒãããã®ããã«æ¡åŒµããã¹ãã§ã¯ãªããšæããŸãã ããã¯æé»çã«æ§é åãããããŒã¿ã§ããã人ã
ã¯ãã§ã«files
ããŒã¯ãŒãã®ã¿ãã«ã«ãã£ãŠæ··ä¹±ããŠããŸãã æ¢ç¥ã®æªããã¿ãŒã³ãç¶ããã®ã¯ã°ãããŠãããšæããŸãã
ã©ã¡ãããšããã°ãpkcs12ã¢ããã¿ãŒãå€æŽããŠãrequests-toolbeltã«ã¢ããã¹ããªãŒã ããå¿
èŠããããšæããŸãã pkcs12ãã¹ã¯ãŒãããã®ãªããžã§ã¯ãã®ã¡ã¢ãªã«ä¿åããã®ã§ã¯ãªããäžåºŠå€æŽããŠssl_context
ãäœæããæ¹ããããšæããŸãã
ããäžè¬çãªã±ãŒã¹ã§ãããåŠçããåã«ãä»ã«ãå®è¡ããå¿ èŠã®ããäœæ¥ããããšæããŸããããã«ã¯ãRequests3.0ã«é©åãªAPIã決å®ããããšãå«ãŸããŸãã
@ sigmavirus24ãã£ãŒãããã¯ãããããšãã
pkcs12_*
ããŒã¯ãŒããä¿æããŸããããPKCSïŒ12 TransportAdapter
ã¯ã©ã¹ã¯ã©ã®ããã«requests
å«ãŸããŸããïŒ ãã®ã¯ã©ã¹ã¯åã«requests
ã«è¿œå ãããã®ã§ããããããããšããããæ·±ããã¬ãã«ã«å«ããå¥ã®æ¹æ³ãããã®ã§ã request()/get()/...
ã©ãããŒãªãã§ãæ瀺çã«ããŒãããããšãªã䜿çšã§ããŸããã¢ããã¿ïŒ
ç§ã®çµç¹ã¯PKCS12蚌ææžã䜿çšããå¿
èŠãããããã®ããã«ã©ã€ãã©ãªã«å¿
èŠãªæ¡åŒµãè¡ãçšæããããŸãã .p12ãã¡ã€ã«ã.pemãã¡ã€ã«ã«åŸ©å·åããããšã¯ããªã¹ã¯ã倧ãããããšèŠãªããã察åŠããããã®è¿œå ã®æé ãè¿œå ãããŸãã ç¹å®ã®ã»ãã·ã§ã³ã«é©åãªssl_context
ãçæããŠæäŸããæ©èœãè¿œå ããããšæããŸãã ããã¯ãé©åã«å®è£
ãããŠãããšä»®å®ããŠãããŒã ãåãå
¥ããŠãæ§ããªããšæã£ãŠããæ©èœã§ããïŒ
ç°¡åãªãªãã€ã³ããŒïŒã¯ãªãŒã³ãªå®è£ ã¯ãã§ã«åœç€ŸããæäŸãããŠããŸãããåå¥ã®ã¢ããã¿ãŒãšããŠïŒ https ïŒ
ãªã¯ãšã¹ãèªäœã®ãã«ãªã¯ãšã¹ãã«èªç±ã«åãã©ãŒãããããŠãã ããã
éäžã§ããã€ããŒãªåé¡ãä¿®æ£ããããšããå§ãããŸããssl_contextã¯ãã»ãã·ã§ã³å šäœã§ã¡ã¢ãªã«ä¿æããã®ã§ã¯ãªããç¹å®ã®1ã€ã®æ¥ç¶ã«å¯ŸããŠã§ããã ãçãä¿æããå¿ èŠããããŸãã åç §ïŒ
éäžã§ä¿®æ£ããå Žåã¯ããªã¯ãšã¹ãèªäœã«å ããŠã httpsïŒ//github.com/m-click/requests_pkcs12ãžã®å°ããªãã«ãªã¯ãšã¹ããšããŠæäŸã§ãããšäŸ¿å©ã§ãã
ããããã°ãçŸåšrequests_pkcs12
ã©ã€ãã©ãªã䜿çšããŠãããã¹ãŠã®äººãããªã¯ãšã¹ãèªäœã®ããã«ïŒãã®åŸæ¹åãããïŒæ°ããAPIã«åãæ¿ããããšãªãããã®æ¹åããèªåçã«æ©æµãåããããšã«ãªããŸãã
ããã httpsïŒ//github.com/m-click/requests_pkcs12ã¯ç§ã®ããã«åããç§ãæãã§ããããšãæ£ç¢ºã«å®è¡ããŸããã ã©ããããããšã
ãŸãã @ vogã®å®è£
ã«æè¬ããæåŸ
ã©ããã«æ©èœããç§ã®å Žåã¯S3ã®ãããªå®å
šã§ãªãã¹ãã¬ãŒãžã«èšŒææž/ããŒãä¿æããåé¡ã解決ããŸãã ããŸãããã°ãããã¯requests
å°éããå¯èœæ§ããããŸãã
æãåèã«ãªãã³ã¡ã³ã
@botondusãªã¯ãšã¹ãã©ã€ãã©ãªã䜿çšããŠãããå®çŸããç°¡åãªæ¹æ³ãèŠã€ãããšæããŸãã ç§ã¯ãã®åé¡ã«çŽé¢ããŠããä»ã®äººã ã®ããã«ãããææžåããŠããŸãã
.p12蚌ææžãšããŒã®ãã¹ãã¬ãŒãºããããšä»®å®ããŸãã
蚌ææžãšç§å¯éµãçæããŸãã
ãŸã å®äºããŠããªãã®ã§ããµãŒããŒãšéä¿¡ããå¿ èŠããããã³ã«ãPEMãã¹ã¯ãŒããå¿ èŠãšããªãããŒãçæããå¿ èŠããããŸãã
ãã¹ãã¬ãŒãºãªãã§ããŒãçæããŸãã
ããã§ã
certificate.pem
ãšplainkey.pem
ãäœæãããŸããã©ã¡ãã®ãã¡ã€ã«ãããªã¯ãšã¹ãã䜿çšããŠAPIãšéä¿¡ããããã«å¿ èŠã§ãããããã®èšŒææžãšããŒã䜿çšãããªã¯ãšã¹ãã®äŸã次ã«ç€ºããŸãã
ã圹ã«ç«ãŠãã°ïŒ
cc @kennethreitz @Lukasa @ sigmavirus24