Trying to access jira using rest API but getting SSL error,
url = "https://URL/rest/api/2/issue/"+issueId
resposnsenew=requests.request("GET",url, auth=('xya','Makkfafdk###5'))
File "D:\RestJIRA\restjiravenv\lib\site-packages\urllib3\contrib\pyopenssl.py", line 82, in <module>
ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
AttributeError: module 'ssl' has no attribute 'PROTOCOL_TLSv1'
Any idea how to solve the issue?
Related
I'm trying to user google sheets API service, which requires an HTTPS connection. I'm getting the following error
Exception Type: InsecureTransportError at my_site/google/success/
Exception Value: (insecure_transport) OAuth 2 MUST utilize https.
I am using Heroku, and on my settings it says AMC Status: ok. I verified that I'm using HTTPS by running curl -vI https://my_site/google/success
which returned:
SSL certificate verify ok
From my perspective it seems that I am using HTTPS, but I am getting this error. What could I be doing wrong? Surely I have something misconfigured Anything else I need to provide from troubleshooting? Here is the Full traceback:
traceback (most recent call last):
File "/app/.heroku/python/lib/python3.8/site-packages/django/core/handlers/exception.py", line 47, in inner
response = get_response(request)
File "/app/.heroku/python/lib/python3.8/site-packages/django/core/handlers/base.py", line 181, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/app/google_api/views.py", line 56, in authorize_success
flow.fetch_token(authorization_response=code)
File "/app/.heroku/python/lib/python3.8/site-packages/google_auth_oauthlib/flow.py", line 286, in fetch_token
return self.oauth2session.fetch_token(self.client_config["token_uri"], **kwargs)
File "/app/.heroku/python/lib/python3.8/site-packages/requests_oauthlib/oauth2_session.py", line 239, in fetch_token
self._client.parse_request_uri_response(
File "/app/.heroku/python/lib/python3.8/site-packages/oauthlib/oauth2/rfc6749/clients/web_application.py", line 203, in parse_request_uri_response
response = parse_authorization_code_response(uri, state=state)
File "/app/.heroku/python/lib/python3.8/site-packages/oauthlib/oauth2/rfc6749/parameters.py", line 256, in parse_authorization_code_response
raise InsecureTransportError()
import os
os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
I want use the python library ncclient 0.6.6 with Python 2.7.15 to connect to a NETCONF server (netopeer2) and read out the running config.
I tried to follow the example from the manual, running this code in the console:
with manager.connect(host="*the IP adress*", port=*the port*, timeout=None, username="*user*", password="*pwd*") as m:
c = m.get_config(source='running').data_xml
with open("%s.xml" % host, 'w') as f:
f.write(c)
As written in the manual, I try to disable public-key authentification with allow_agent and look_for_keys as False. Unfortunately, this does not work properly, because I get the error message:
File "<stdin>", line 1, in <module>
File "/home/sisc/.local/lib/python2.7/site-packages/ncclient/manager.py", line 177, in connect
return connect_ssh(*args, **kwds)
File "/home/sisc/.local/lib/python2.7/site-packages/ncclient/manager.py", line 143, in connect_ssh
session.connect(*args, **kwds)
File "/home/sisc/.local/lib/python2.7/site-packages/ncclient/transport/ssh.py", line 481, in connect
raise SSHUnknownHostError(known_hosts_lookup, fingerprint)
ncclient.transport.errors.SSHUnknownHostError: Unknown host key [e3:8d:35:a9:43:f9:3c:8a:f4:d3:88:5b:a9:36:93:59] for [[192.168.56.2]:1831]
I do not get why it still complains about the unknown host key, even though I explicitly disabled public-key authentification.
The netopeer NETCONF server is definitely running, for I get a "Hello" Message as soon as I try to SSH into it from out of the terminal.
Did I miss something?
m = manager.connect(host="172.17.0.2", port=830, username="netconf", password="netconf", hostkey_verify=False)
Did the trick. Hostkey_verify has to be false.
Trying to get a working installation of the Google EarthExplorer. I am inside a robust corporate firewall, and had to examine the certificate used by Chrome to verify the server/address being verified (using Chrome's dev tools).
After some reading - it looks like the situation is that:
1) when calling Initialize method on ee object, ee uses requests to manage the connection.
2) To configure the VirtualEnv correctly, I had to configure my virtualenv to use the organization provided certificate. Based on this SE (SE Python SSL Requests...) I was clued in to the fact that the python stack was using requests, which along with certifi manage a cert bundle for SSL on python.
3) After configuring the supplied certificate (matching that used with Chrome), I can open a connection to google inside my VirtualEnv using requests. Great!
(earthengine) X:\_01_VirtualEnvs\earthengine>python
Python 2.7.10 (default, May 23 2015, 09:40:32) [MSC v.1500 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import requests
>>> requests.get("https://earthengine.google.com/", verify = True)
<Response [200]>
>>>
I think this is 'working' now ... when I try the same outside of the VirtualEnv, I get failed SSL3_GET_SERVER_CERTIFICATE... message. This lets me know that I got my certificate in the right place, and it seems to be working correctly.
However, I'm still getting errors on the ee.Initialize():
>>> ee.Initialize()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "X:\_01_VirtualEnvs\earthengine\lib\site-packages\ee\__init__.py", line 9
3, in Initialize
ApiFunction.initialize()
File "X:\_01_VirtualEnvs\earthengine\lib\site-packages\ee\apifunction.py", lin
e 151, in initialize
signatures = data.getAlgorithms()
File "X:\_01_VirtualEnvs\earthengine\lib\site-packages\ee\data.py", line 410,
in getAlgorithms
return send_('/algorithms', {}, 'GET')
File "X:\_01_VirtualEnvs\earthengine\lib\site-packages\ee\data.py", line 738,
in send_
response, content = send_with_backoff()
File "X:\_01_VirtualEnvs\earthengine\lib\site-packages\ee\data.py", line 735,
in send_with_backoff
'Unexpected HTTP error: %s' % e.message)
ee.ee_exception.EEException: Unexpected HTTP error: [Errno 1] _ssl.c:510: error:
14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Anyone have any ideas on what is going wrong here? I thought that ee was using requests, therefore setting the python environments' requests properly.
From looking at the exception trace-back, it seems that ee has sub-class of requests based on the similarity of the trace-back signature... am I reading this right? The trace-back in both cases points towards the same _ssl.c:510 failure - failing on the same filename on the same line?
Is there a way to get more info from the exception? I'm really at a loss at this point.
So it looks like the EE stack is using httplib2 to handle the authentication. This gives a few options:
In data.py ~ line 700 Override the SSL check (the quick and dirty):
http = httplib2.Http(timeout=(_deadline_ms / 1000.0) or None,
disable_ssl_certificate_validation=True)
It looks like you should be able to explicitly direct httplib2 when instantiating the http connection object with:
HTTPLIB_CA_CERTS_PATH = os.environ.get('HTTPLIB_CA_CERTS_PATH')
http = httplib2.Http(timeout=(_deadline_ms / 1000.0) or None,
ca_certs=HTTPLIB_CA_CERTS_PATH)
I found this in the ca_certs_locator module, __init__.py. It is being sourced in the ee.Initialize() method (probably through something in data.py but I can't back track it. Regardless, the second option (explicitly passing the ca_certs path) doesn't solve the problem.
I'm rolling with the disable SSL validation, and using only earthengine.google.com endpoint.
In more recent versions, the ee.Initialize() method is accepting a http_transport argument, so we no longer need to modify its source code, but rather create it in our own:
_http_transport = httplib2.Http(disable_ssl_certificate_validation=True)
ee.Initialize(credentials, http_transport=_http_transport)
This way you can also control the ca_certs option, but I haven't tried that one.
I've been trying to set up my EndpointsV2 backend (billing has been enabled) with Firebase authentication but am always ending up with either an error when I attempt to generate the OpenAPI spec or a 401 Unauthorized when accessing the API.
My current configuration is as follows (errors out on OpenAPI generation):
main.py:
firebase_issuer = endpoints.Issuer(
issuer='https://securetoken.google.com/[GAE/FIREBASE_APP_ID]',
jwks_uri=('https://www.googleapis.com/service_accounts/v1/metadata/x509/'
'securetoken#system.gserviceaccount.com'))
issuers = {
"firebase": firebase_issuer
}
#endpoints.api("user", "v1", api_key_required=True,
issuers=issuers)
class UserApi(remote.Service):
#models.UserModel.query_method(
user_required=True,
path="info",
name="user.info",
http_method="GET")
def info(self, query):
return query.filter(
models.UserModel.owner == endpoints.get_current_user())
Error on OpenAPI Gen:
$ python lib/endpoints/endpointscfg.py get_openapi_spec main.UserApi --hostname [SERVICE-NAME].endpoints.[GAE_APP_ID].appspot.com
No handlers could be found for logger "endpoints.apiserving"
Traceback (most recent call last):
File "lib/endpoints/endpointscfg.py", line 633, in <module>
main(sys.argv)
File "lib/endpoints/endpointscfg.py", line 629, in main
args.callback(args)
File "lib/endpoints/endpointscfg.py", line 487, in _GenOpenApiSpecCallback
application_path=args.application)
File "lib/endpoints/endpointscfg.py", line 332, in _GenOpenApiSpec
application_path=application_path)
File "lib/endpoints/endpointscfg.py", line 214, in GenApiConfig
services, hostname=hostname))
File "D:\Users\Will\Documents\Projects\CardApp\backend\lib\endpoints\openapi_generator.py", line 973, in pretty_print_config_to_json
descriptor = self.get_openapi_dict(services, hostname)
File "D:\Users\Will\Documents\Projects\CardApp\backend\lib\endpoints\openapi_generator.py", line 959, in get_openapi_dict
return self.__api_openapi_descriptor(services, hostname=hostname)
File "D:\Users\Will\Documents\Projects\CardApp\backend\lib\endpoints\openapi_generator.py", line 872, in __api_openapi_descriptor
security_definitions)
File "D:\Users\Will\Documents\Projects\CardApp\backend\lib\endpoints\openapi_generator.py", line 691, in __method_descriptor
service.api_info.audiences, security_definitions)
File "D:\Users\Will\Documents\Projects\CardApp\backend\lib\endpoints\openapi_generator.py", line 722, in __x_security_descriptor
_INVALID_AUTH_ISSUER % default_auth_issuer)
api_exceptions.ApiConfigurationError: No auth issuer named google_id_token defined in this Endpoints API.
The error leads me to think that if I simply swap "firebase" for "google_id_token"in issuers that it may work but I have tried that and just gotten a 401.
I've also started to see this error in GAE Logging:
Cannot decode and verify the auth token. The backend will not be able to retrieve user info (/base/data/home/apps/s~[GAE/FIREBASE_PROJECT]/20170318t232908.399940418908006950/lib/google/api/control/wsgi.py:588)
Traceback (most recent call last):
File "/base/data/home/apps/s~[GAE/FIREBASE_PROJECT]/20170318t232908.399940418908006950/lib/google/api/control/wsgi.py", line 585, in __call__
service_name)
File "/base/data/home/apps/s~[GAE/FIREBASE_PROJECT]/20170318t232908.399940418908006950/lib/google/api/auth/tokens.py", line 83, in authenticate
"allow provider id: " + provider_id)
UnauthenticatedException: The requested method does not allow provider id: google_id_token
The idToken I am sending with my testing (done through Postman using the header Authorization: Bearer [idToken]) was generated using pyrebase and I checked jwt.io to confirm that it is in fact a valid token.
My initial thought is that I haven't set up the audiences correctly, but I'm not sure what it should be (though I have tried appending a ClientID from API Manager > Credentials).
Is it possible to authenticate with firebase using endpoints-proto-datastore on the endpointsv2 framework? If so, what do I need to do differently to get that working? If not, would the code that I have work right away without using endpoints-proto-datastore?
Edit:
Looks like this is an issue with the endpoints library itself
https://github.com/cloudendpoints/endpoints-python/issues/32
I think my university recently changed a firewall or filtering protocol with regards to Twitter's streaming API. However, for me to provide them more information, I'm going to have to figure out the details.
Ok, below is the simplest possible program to collect data from Twitter's stream:
from tweepy import Stream
from tweepy import OAuthHandler
from tweepy.streaming import StreamListener
ckey="[OMITED]"
csecret="[OMITED]"
atoken="[OMITED]"
asecret="[OMITED]"
class listener(StreamListener):
def on_data(self, data):
print(data)
return(True)
def on_error(self, status):
print status
auth = OAuthHandler(ckey, csecret)
auth.set_access_token(atoken, asecret)
twitterStream = Stream(auth, listener())
twitterStream.filter(track=["car"])
When I run this program on my laptop/home desktop, it works fine. However, I have a university computer setup for data collection and it produces the following error:
Traceback (most recent call last):
File "test.py", line 25, in <module>
twitterStream.filter(track=["car"])
File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/tweepy/streaming.py", line 228, in filter
self._start(async)
File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/tweepy/streaming.py", line 172, in _start
self._run()
File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/tweepy/streaming.py", line 106, in _run
conn.connect()
File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py", line 1278, in connect
server_hostname=server_hostname)
File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 352, in wrap_socket
_context=self)
File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 579, in __init__
self.do_handshake()
File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 808, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
Now, the thing is, I can open up Safari and browse the web. Further, data collection like this use to work (as of a month ago). The error says the SSL cert is failing verification (but strangely the original OAuth seems to work -- it is the filter command kicking up the error). Is there a way to get it to spit out if that is because an intermediate cert has been put in place? Or maybe a port is being blocked? Basically, is there a way to get a lot more details so I can go the university and say: 'you are blocking X'?
Any suggestions?
I've resolved the situation. It was an error relating to SSL sites that were signed with Digicerts.