I am running the following keyword below to create a client cert session and it creates it perfectly fine:
Create Client Cert Session alias=${alias} url=${url} client_certs=(${cert_path},${key_path}) verify=${False}
${cert_path} = /path/to/cert.pem
${key_path} = /path/to/key.pem
However, when I try to do a get request using the following keyword it gives me the following error:
Get Request alias=${alias} uri=${Enrollment_URI}
Error:
OSError: Could not find the TLS certificate file, invalid path: (
I printed out the path for the cert from the session object within the python requests library and it prints out like this:
('(', '/', 'p', 'a', 't', 'h', '/', 't', 'o', '/', 'c', 'e', 'r', 't', '.', 'p', 'e', 'm',')')
This is printed from the function that is sending the get request, not the session creation.
From the error, it looks like the function in the get request is only reading the first ( in the path above and not recognizing it. I am not sure if there is something I should be doing to the path before I pass it into the keyword.
Robot is not python. client_certs=(${cert_path},${key_path}) doesn't pass a tuple as the client_certs value. It is passing a string that literally beings with a ( as the first character. That is why you get an error with invalid path '('.
If you need to pass a list to Create client cert session, you have to create the list in a separate step:
#{client certs}= create list ${cert_path} ${key_path}
Create Client Cert Session alias=${alias} url=${url} client_certs=${client certs} verify=${False}
Related
I making an api request using karate where one of the api request params takes a filter condition (which is a java script object).
I am using a literal notation to create a java script object as shown below. This code is in a separate filter.js file.
function() {
var params = {
val1:[],
val2:[]
};
return params;
}
Now i call the above .js file in the karate scenario as below:
Scenario: Test
Given path 'filtertest/'
* param filter = call read('classpath:feature/common/filter/filter.js')
When method get
Ran the above and when i check the log, the api throws bad request error. I looked at the request url and there i can see that the ':' in the js file where I am assigning a value to a object key is replaced with %3A which i believe is the ASCII encoding for ':'. (the param with its values below)
?filter=%7B%22val1%22%3A%5B%5D%2C%22val2%22%3A%5B%5D
What I want is the ':' to come as it is from the .js call as the server side expects the filter param values as key value pairs.
Is there a way I can achieve this?
If your server cannot decode an encoded : it is a bug: https://www.w3schools.com/tags/ref_urlencode.asp
If you really need this - the workaround is to use the url keyword and build it manually, path and param will always encode.
Given url baseUrl + '/filtertest?filter=foo:bar'
I was trying to create a driver for openstack using apache libcloud. It doesn't raise any error even if the user credentials are wrong. So When i checked the faq i found an answer as given in the link
Apache libcloud FAQ
But it doesn't seem to be effective since querying each time to check whether the user is authenticated will reduce the performance if the query returns a bulk of data.
When i checked the response i got from the api there is a field called driver.connection.auth_user_info and i found that the field is empty if the user is not authenticated. So can i use this method as a standard? Any help is appreciated
An openstack driver for libcloud is already available:
from libcloud.compute.types import Provider
from libcloud.compute.providers import get_driver
os = get_driver(Provider.OPENSTACK)
params = {'key': 'username', 'ex_force_service_region':'regionOne',
'ex_force_service_name':'nova', 'ex_force_auth_version':'2.0_password',
'ex_force_auth_url':'http://127.0.0.1:5000',
'ex_force_service_type':'compute', 'secret':'password',
'ex_tenant_name':'tenant'}
driver = os(**params)
But libcloud does not check the credentials by just creating the driver object. Instead, the creds will be validated only when a request is sent. If the internal exception InvalidCredsError is thrown the credentials are invalid, and an own variable could be set:
from libcloud.common.types import InvalidCredsError
validcreds = False
try:
nodes = driver.list_nodes()
if nodes.count >= 0:
validcreds = True
except InvalidCredsError:
print "Invalid credentials"
except Exception as e:
print str(e)
I would not rely on the internal variable auth_user_info because it could change over time.
I am trying to port a class I use to connect to Cryptsy's authenticated API to Python 3.3. I have managed to solve the data type issues, and am getting something that is at least getting a request from the website, but it is rejecting my authentication, this is the code, API keys are not included, for obvious reasons...:
req['method'] = method
req['nonce'] = int(time.time())
post_data = urllib.parse.urlencode(req)
sign = hmac.new(self.Secret, str.encode(post_data), hashlib.sha512).hexdigest()
headers = {
'Sign': sign,
'Key': self.APIKey
}
print('headers: ',headers)
print('post data: ',post_data)
b=urllib.parse.urlencode(headers)
print(b)
test=post_data + '&'+ b
print('test: ',test)
data=test.encode()
print('data: ',data)
ret = urllib.request.urlopen(urllib.request.Request('https://www.cryptsy.com/api', data))
q=ret.read()
w=q.decode()
e=json.loads(w)
return self.post_process(e)
And this is the response from the server:
{'error': 'Unable to Authorize Request - Check Your Post Data', 'success': '0'}
Thanks.
The original script had the DATA and HEADERS components for the Request, but was somehow formatted in a way that confused Python 3 into thinking the HEADERS part was a TIMEOUT argument, and throwing an error about it needing to be an INT. This sent me on a wild goose chase of trying to concatenate the DATA and HEADERS.
I'm trying to send a request with:
ActiveXObject("WinHttp.WinHttpRequest.5.1")
however this requires a client certificate to do so (which we have been provided).
Having tested in PHP cURL I can do so with:
curl_setopt($SOAP, CURLOPT_SSLCERT,$filepathtocertificate);
Which works fine. However I must use IIS running asp(javascript) and point to the certificate store of the machine the script is running on with:
SetClientCertificate("LOCAL_MACHINE\\Personal\\Certificate subject");
for our actual deployment. The MS documentation (http://msdn.microsoft.com/en-us/library/windows/desktop/aa384055(v=vs.85).aspx) suggests that the path above has to state the 'subject' of the certificate, however the certificate seems to have several subjects and no combination of several or all of them seems to yeild any results and I am stuck with the following error before the request is even sent:
WinHttp.WinHttpRequest error '80072f0c'
A certificate is required to complete client authentication
Looking in the certificate store and using other scripts in the same folder show they are definitely there but have subjects like:
C=US, O=Organisation NAme, OU="Another Organisation Name, Inc.", CN=Organisation Name Root
Or similar.
Any advice on what parameters SetClientCertificate needs to be given to select and send certificates in the certificate store would be much appreciated.
I had a lot of trouble with this same issue - using winhttp 5.1 from a scripting language to set a client certificate before a send.
I had used mmc with the certificates snap-in to import the certificate in CURRENT_USER \ Personal - but the Winhttp SetClientCertificate didn't seem to be doing anything, nor was I able to pick up any error code or message so it was a case of repeated trial and error - the SetClientCertificate string should be something like "Location\store\subject" eg "CURRENT_USER\Personal\My Certificate" (or \ \ if your language requires \ to be escaped) -the final part being 'subject' which is not as clear as it should be. Under MMC the subject is broken into many elements.
I eventually got it working by dropping the location and store - they were the defaults so I may have been fortunate - and providing just the subject field - the value I used for the subject field was the value in the line "CN = " under subject (when the cert is opened under mmc) - but this (perhaps coincidentally) was also the value in the 'Issued To' column on the main mmc certificate list. In my case it worked - clearly if there is a cert with these two values different then you'd need to try each.
Hope this helps if somebody is similarly stuck.
This is a very old question yet I had to find an answer today. The answer provided above by #JSL helped me. If you only provide the certificate subject name then it works! So it is clear that there is a mistake in the way full path is specified.
I got the right info for Windows 7 from this link https://msdn.microsoft.com/en-us/library/windows/desktop/aa384076(v=vs.85).aspx
here is VBA script that works.
Dim objHttp As New WinHttp.WinHttpRequest
objHttp.Open "GET", url, False
objHttp.SetClientCertificate "CURRENT_USER\My\TestCert"
objHttp.send
Valid locations are LOCAL_MACHINE and CURRENT_USER and
Valid store names are "MY", "Root", and "TrustedPeople".
Remember to escape the backslashes in C++, C# etc.
I'm using SugarCRM CE 6.0.3.
When I make REST API calls like get_entry_list(), I always get this error:
{'description': 'The session ID is invalid',
'name': 'Invalid Session ID',
'number': 11}
I am very sure that I am logged in and using the correct session ID. In fact, when I can successfully call get_user_id() and retrieve my own user ID.
Googling has not produced any helpful results, anyone else encountered this problem?
I have found the problem, it is really just a matter of bad documentation on SugarCRM's part. The parameter naming is all wrong in this document:
http://developers.sugarcrm.com/docs/OS/6.0/-docs-Developer_Guides-Sugar_Developer_Guide_6.0-Chapter%202%20Application%20Framework.html#9000259
Simple fix for this problem: Do not use named parameters when making REST calls in SugarCRM. i.e. Use positional parameters (JSON array) for 'rest_data' in API calls.
I encountered this issue with the set_entry api call. For me the issue is one of the values that I was submitting to the call contained special characters that the api couldn't handle. My solution was to urlencode the value, and Sugar decodes it on their end. See below:
$name = "abc's ; 10/10/2013";
$values = array(
"name"=>$name
);
$sugar->set_entry("Accounts", $values);
The above threw the Invalid session ID error. Below is the code that works:
$name = urlencode("abc's ; 10/10/2013");
$values = array(
"name"=>$name
);
$sugar->set_entry("Accounts", $values);