How to use .p12 certificate to authenticate rest api

Ujjawal Khare picture Ujjawal Khare · Jun 18, 2018 · Viewed 9.8k times · Source

I have received a certificate.p12 with username and password.
While I am able to use Rest Client for post requests after i install this certificate in my system.
How can i use this certificate to authenticate post requests on Rest API using Python requests method ?
I am using below code but it is not working.

import requests
headers = {'Content-Type': 'application/json'}
payload = {'folder': '/Trial/trial_dir'}
response = requests.post('https://<IP>:8080/siteapi/availabletests', params=payload, headers=headers, verify='C:\\Users\\ukhare\\Desktop\\sigos\\cert.p12', auth=('trial_test','trialtest'))

And getting below error:

Traceback (most recent call last):
  File "D:\m\Python34\lib\site-packages\urllib3\connection.py", line 171, in _new_conn
    (self._dns_host, self.port), self.timeout, **extra_kw)
  File "D:\m\Python34\lib\site-packages\urllib3\util\connection.py", line 79, in create_connection
    raise err
  File "D:\m\Python34\lib\site-packages\urllib3\util\connection.py", line 69, in create_connection
    sock.connect(sa)
ConnectionRefusedError: [WinError 10061] No connection could be made because the target machine actively refused it

During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
      File "D:\m\Python34\lib\site-packages\urllib3\connectionpool.py", line 600, in urlopen
        chunked=chunked)
      File "D:\m\Python34\lib\site-packages\urllib3\connectionpool.py", line 343, in _make_request
        self._validate_conn(conn)
      File "D:\m\Python34\lib\site-packages\urllib3\connectionpool.py", line 849, in _validate_conn
        conn.connect()
      File "D:\m\Python34\lib\site-packages\urllib3\connection.py", line 314, in connect
        conn = self._new_conn()
      File "D:\m\Python34\lib\site-packages\urllib3\connection.py", line 180, in _new_conn
        self, "Failed to establish a new connection: %s" % e)
    urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x036B0230>: Failed to establish a new connection: [WinError 10061] No connection could be made because the target machine actively refused it

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
      File "D:\m\Python34\lib\site-packages\requests\adapters.py", line 445, in send
        timeout=timeout
      File "D:\m\Python34\lib\site-packages\urllib3\connectionpool.py", line 638, in urlopen
        _stacktrace=sys.exc_info()[2])
      File "D:\m\Python34\lib\site-packages\urllib3\util\retry.py", line 398, in increment
        raise MaxRetryError(_pool, url, error or ResponseError(cause))
    urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='IP', port=8080): Max retries exceeded with url: /siteapi/availabletests?folder=%2FTrial%2Ftrial_dir (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x036B0230>: Failed to establish a new connection: [WinError 10061] No connection could be made because the target machine actively refused it',))

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
      File "D:\m\Python34\lib\site-packages\requests\api.py", line 112, in post
        return request('post', url, data=data, json=json, **kwargs)
      File "D:\m\Python34\lib\site-packages\requests\api.py", line 58, in request
        return session.request(method=method, url=url, **kwargs)
      File "D:\m\Python34\lib\site-packages\requests\sessions.py", line 512, in request
        resp = self.send(prep, **send_kwargs)
      File "D:\m\Python34\lib\site-packages\requests\sessions.py", line 622, in send
        r = adapter.send(request, **kwargs)
      File "D:\m\Python34\lib\site-packages\requests\adapters.py", line 513, in send
        raise ConnectionError(e, request=request)
    requests.exceptions.ConnectionError: HTTPSConnectionPool(host='IP', port=8080): Max retries exceeded with url: /siteapi/availabletests?folder=%2FTrial%2Ftrial_dir (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x036B0230>: Failed to establish a new connection: [WinError 10061] No connection could be made because the target machine actively refused it',))

Answer

Ujjawal Khare picture Ujjawal Khare · Jun 20, 2018

Ref: https://github.com/m-click/requests_pkcs12

I was using payload

data={"folder": "/Trial/trial_dir"}

which is a dictionary while it should be a proper string of dictionary

data='{"folder": "/Trial/trial_dir"}'

So the following are the findings for successful post requests with python :-

  1. Header parameter should be a dictionary.

e.g.

headers={'Content-Type': 'application/json'} 
  1. Data parameter should be a dictionary in string format.

e.g.

data='{"folder": "/Trial/trial_dir"}'
  1. Verify should be set to False : verify=False as to ignore verifying the SSL certificate.

Below is the status and contents received from request I made:

>>> import json
>>> from requests_pkcs12 import get,post
>>> url = 'https://IP:8080/siteapi/availabletests'
>>> pkcs12_filename = 'C:\\Users\\ukhare\\Desktop\\tests\\trial_tata.p12'
>>> pkcs12_password = 'trialtest'
>>> response = post(url, data='{"folder": "/Trial/trial_dir"}', headers={'Content-Type': 'application/json'}, verify=False, pkcs12_filename=pkcs12_filename,pkcs12_password=pkcs12_password)


D:\m\Python34\lib\site-packages\urllib3\connectionpool.py:857: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
>>> print(response.status_code)
200
>>> print(json.dumps(json.loads(response.content.decode("utf-8")), indent=4, separators=(',', ': '), sort_keys=True))
{
    "availableTests": [
        "/Trial/trial_test/HTTP_Download"
    ],
    "serviceError": null