如何使用信任存储与请求模块的认证? [英] How to authenticate with requests module using a trust store?
问题描述
我目前正在写为我写了一个编译器,可以自动HTTP调用了一个RESTful API一个Python语言的插件。我设法获取登录/验证使用套接字和SSL模块的工作,但这种低级的做法似乎产生了潜在的问题与分析,以获得身份验证令牌和秘密的响应。请求模块似乎流行/高效的,但是,我似乎无法得到它为我的特定身份验证需要正常工作。我使用,我从用于Java的插件来验证我的.jks文件转换成一个.pem文件(仅包含公开密钥)的形式信任存储。服务器期望的用户名和密码,在请求主体的JSON格式提交。这里是code我一直在尝试使用方法:
I am currently writing a python language plugin for a compiler I have written that automates http calls for a RESTful API. I have managed to get the login/authentication working using the socket and ssl modules, but this low-level approach seems to create potential problems with parsing the response in order to obtain the authentication token and secret. The requests module seems popular/efficient, however, I cannot seem to get it to function properly for my particular authentication needs. I am using a trust store in the form of a .pem file (containing just a public key) that I converted from my .jks file used to authenticate for the Java plugin. The server expects the username and password to be submitted in the request body in json format. Here is the code I have been trying to use:
#Server and login data
...
host = 'localhost'
port = 8443
pem_file = "C:\\Users\\aharasta\\pycert.pem"
#Digest password with MD5 algorithm
m = hashlib.md5()
m.update(password)
encrypted_password = m.hexdigest()
url = <url>
data = {'userid': user_name, 'password': encrypted_password}
json_data = json.dumps(data)
headers = {'Content-type': 'application/json', 'Accept': 'text/plain', 'Content \
Length': len(json_data)}
r = requests.post(url, headers = headers, data = json_data, cert = pem_file)
print(r)
在执行时,该code将引发SSL错误消息:证书验证失败。如果我添加参数验证=假或验证= pem_file ,我会收到来自服务器的404响应。我还应该注意到,当我启动在调试模式下的服务器,并执行请求(与验证参数之一),它永远不会使它对服务器的身份验证方法,或与此有关的任何方法。任何见解或在这个问题上的帮助,将极大地的AP preciated!
Upon execution, this code will raise an SSL error stating "certificate verify failed". If I add the parameter verify = False or verify = pem_file, I will receive a 404 response from the server. I should also note that when I launch the server in debug mode and execute the request (with one of the verify parameters), it never makes it to the server's authentication methods, or any methods for that matter. Any insight or help on this matter would be greatly appreciated!
推荐答案
首先有与你贴什么一对夫妇的问题:
First there are a couple problems with what you posted:
-
您指定
主机和端口,但不举一个例子网址,所以我们可以猜测,您使用的是测试本地部署,并可以实际查看请求到服务器。我不知道你在说什么的方法,但是如果你使用一个类似于烧瓶服务器的发展,你可能不希望发送的验证作为JSON EN codeD数据。有认证头,是有原因的,并要求具有认证处理的一个原因。 ; - )
You specify
hostandportbut don't give an exampleurl, so we can guess that you're using a local deployment for testing and can actually view the requests to the server. I'm not sure what methods you're talking about, but if you're using something akin to Flask for server development, you might not want to send the Authentication as JSON encoded data. There are Authentication headers for a reason, and requests has Authentication handlers for a reason. ;-)
您不应指定的Content-Length 头自己。请求会为你做到这一点。除此之外,你(根据你发布的)错误指定它,因此404可能是接收服务器无法识别标头。
You shouldn't specify the Content-Length header yourself. requests will do this for you. Beyond that, you're specifying it incorrectly (according to what you posted), so the 404 may be from receiving a header your server doesn't recognize.
现在,应该没有理由指定验证=假,你可以指定证书= pem_file 或验证= pem_file 。一方或双方应该罚款,但你不应该使用验证=假。
Now, there should be no reason to specify verify=False, and you can specify either cert=pem_file or verify=pem_file. Either or both should be fine but you should never use verify=False.
最后, SSLError 时引发告诉你, PEM 文件你提供不匹配什么服务器指定它。考虑到这一点,你可能要检查你的本地服务器的设置。请求不处理证书验证本身,而是urllib3规定。我们只是将它设置根据您提供的参数。我怀疑这是urllib3的错,因为它提出了一个 SSLError 这源于标准库的 SSL 模块。
Finally, the SSLError that is raised is telling you that the pem file you're providing is not matching what the server is specifying it. With that in mind, you might want to check your local server's settings. Requests doesn't handle certificate verification itself, but urllib3 provides that. We just set it up based on the parameters you provide. And I doubt this is the fault of urllib3 since it raises an SSLError which arises from the standard library's ssl module.
修改
的解释是文档指定 *。PEM 与证书是无效的。你必须使用验证='/路径/要/ file.pem 来正确地做到这一点。
The explanation is in the documentation specifying a *.pem file with cert is invalid. You have to use verify='/path/to/file.pem' to do this correctly.
编辑#2
要检查已发送到你可以做到这一点的要求:
To inspect a request that was already sent you can do this:
r = requests.post(...)
r.request
# PreparedRequest('POST', url, ...)
r.request.body
r.request.headers
# etc.
要发送,你可以做以下修改之前的请求:
To modify a request before sending you can do the following:
from requests import Request, Session
s = Session()
r = Request('POST', url, datajson_data, headers=headers)
p = r.prepare()
p.body = 'New body'
p.headers = #etc.
s.send(p, verify=pem_file)
这篇关于如何使用信任存储与请求模块的认证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
