From 3531e98c0ed37c01be2572c0aefc154f8e5caf4a Mon Sep 17 00:00:00 2001 From: Maciej Zieniuk Date: Sun, 22 Sep 2024 14:14:54 +0100 Subject: [PATCH] PM-11586: Bitwarden API self-signed certificate fix --- src/bitwarden_api.py | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/src/bitwarden_api.py b/src/bitwarden_api.py index 0d8f632..6b60390 100644 --- a/src/bitwarden_api.py +++ b/src/bitwarden_api.py @@ -1,3 +1,4 @@ +import os from typing import Optional, Dict, Any import requests @@ -37,6 +38,18 @@ def _join_urls(base: str, *paths: str): return url +def _get_custom_ca_certificate_location() -> Optional[str]: + if 'SPLUNK_HOME' not in os.environ: + return None + + app_cacerts_file = os.path.join(os.environ.get('SPLUNK_HOME'), 'etc', 'auth', + 'bitwarden_event_logs_cacerts.pem') + if not os.path.isfile(app_cacerts_file): + return None + + return app_cacerts_file + + class BitwardenApi: def __init__(self, api_config: BitwardenApiConfig): self.logger = get_logger() @@ -61,7 +74,8 @@ def get_access_token(self) -> str: response = requests.post(url, headers=headers, data=data, - timeout=REQUESTS_TIMEOUT) + timeout=REQUESTS_TIMEOUT, + verify=_get_custom_ca_certificate_location()) response_dict = self.__get_response_json(response) @@ -117,7 +131,8 @@ def __send_get_request(self, url: str, query_params: Optional[Dict[str, Any]]) - response = requests.get(url, headers=headers, params=query_params, - timeout=REQUESTS_TIMEOUT) + timeout=REQUESTS_TIMEOUT, + verify=_get_custom_ca_certificate_location()) return self.__get_response_json(response)