PM-11586: Bitwarden API self-signed certificate fix

bitwarden · Sep 22, 2024 · 3531e98 · 3531e98
1 parent bec625f
commit 3531e98
Showing 1 changed file with 17 additions and 2 deletions.
diff --git a/src/bitwarden_api.py b/src/bitwarden_api.py
@@ -1,3 +1,4 @@
+import os
 from typing import Optional, Dict, Any
 
 import requests
@@ -37,6 +38,18 @@ def _join_urls(base: str, *paths: str):
     return url
 
 
+def _get_custom_ca_certificate_location() -> Optional[str]:
+    if 'SPLUNK_HOME' not in os.environ:
+        return None
+
+    app_cacerts_file = os.path.join(os.environ.get('SPLUNK_HOME'), 'etc', 'auth',
+                                    'bitwarden_event_logs_cacerts.pem')
+    if not os.path.isfile(app_cacerts_file):
+        return None
+
+    return app_cacerts_file
+
+
 class BitwardenApi:
     def __init__(self, api_config: BitwardenApiConfig):
         self.logger = get_logger()
@@ -61,7 +74,8 @@ def get_access_token(self) -> str:
         response = requests.post(url,
                                  headers=headers,
                                  data=data,
-                                 timeout=REQUESTS_TIMEOUT)
+                                 timeout=REQUESTS_TIMEOUT,
+                                 verify=_get_custom_ca_certificate_location())
 
         response_dict = self.__get_response_json(response)
 
@@ -117,7 +131,8 @@ def __send_get_request(self, url: str, query_params: Optional[Dict[str, Any]]) -
         response = requests.get(url,
                                 headers=headers,
                                 params=query_params,
-                                timeout=REQUESTS_TIMEOUT)
+                                timeout=REQUESTS_TIMEOUT,
+                                verify=_get_custom_ca_certificate_location())
 
         return self.__get_response_json(response)