Skip to content

Feature/accept mtls keys instead of paths #68

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
alexbourret wants to merge 4 commits into
base: feature/move-mtls-settings-to-presets
Choose a base branch
from
Open

Feature/accept mtls keys instead of paths #68

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
38af12d
storing key+certificats as passwords
alexbourret Apr 2, 2026
6252b88
using temp file for using key+certificats stored in presets
alexbourret Apr 2, 2026
734dd6c
adding mtls keys to data that should not be displayed
alexbourret Apr 2, 2026
987c597
beta.5
alexbourret Apr 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions parameter-sets/credential/parameter-set.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,15 +130,15 @@
{
"name": "mtls_certificate_path",
"label": "Path to certificate",
"description": "",
"type": "STRING",
"description": "or full certificate from -----BEGIN to END CERTIFICATE-----",
"type": "PASSWORD",
"visibilityCondition": "model.use_mtls==true"
},
{
"name": "mtls_key_path",
"label": "Path to key",
"description": "",
"type": "STRING",
"description": "or full key from -----BEGIN to END PRIVATE KEY-----",
"type": "PASSWORD",
"visibilityCondition": "model.use_mtls==true"
}
]
Expand Down
8 changes: 4 additions & 4 deletions parameter-sets/secure-basic/parameter-set.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,15 +55,15 @@
{
"name": "mtls_certificate_path",
"label": "Path to certificate",
"description": "",
"type": "STRING",
"description": "or full certificate from -----BEGIN to END CERTIFICATE-----",
"type": "PASSWORD",
"visibilityCondition": "model.use_mtls==true"
},
{
"name": "mtls_key_path",
"label": "Path to key",
"description": "",
"type": "STRING",
"description": "or full key from -----BEGIN to END PRIVATE KEY-----",
"type": "PASSWORD",
"visibilityCondition": "model.use_mtls==true"
}
]
Expand Down
8 changes: 4 additions & 4 deletions parameter-sets/secure-oauth/parameter-set.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,15 +64,15 @@
{
"name": "mtls_certificate_path",
"label": "Path to certificate",
"description": "",
"type": "STRING",
"description": "or full certificate from -----BEGIN to END CERTIFICATE-----",
"type": "PASSWORD",
"visibilityCondition": "model.use_mtls==true"
},
{
"name": "mtls_key_path",
"label": "Path to key",
"description": "",
"type": "STRING",
"description": "or full key from -----BEGIN to END PRIVATE KEY-----",
"type": "PASSWORD",
"visibilityCondition": "model.use_mtls==true"
}
]
Expand Down
4 changes: 2 additions & 2 deletions python-lib/dku_constants.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
class DKUConstants(object):
API_RESPONSE_KEY = "api_response"
FORBIDDEN_KEYS = ["token", "password", "api_key_value", "secure_token"]
FORBIDDEN_KEYS = ["token", "password", "api_key_value", "secure_token", "mtls_key_path", "mtls_certificate_path"]
FORM_DATA_BODY_FORMAT = "FORM_DATA"
PLUGIN_VERSION = "1.2.7"
PLUGIN_VERSION = "1.2.7-beta.5"
RAW_BODY_FORMAT = "RAW"
REPONSE_ERROR_KEY = "dku_error"
40 changes: 38 additions & 2 deletions python-lib/rest_api_client.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import requests
import time
import copy
import tempfile
from pagination import Pagination
from safe_logger import SafeLogger
from loop_detector import LoopDetector
Expand Down Expand Up @@ -184,14 +185,35 @@ def request(self, method, url, can_raise_exeption=True, **kwargs):
def request_with_redirect_retry(self, method, url, **kwargs):
# In case of redirection to another domain, the authorization header is not kept
# If redirect_auth_header is true, another attempt is made with initial headers to the redirected url
response = self.session.request(method, url, **kwargs)
response = self.request_with_cert(method, url, **kwargs)
if self.redirect_auth_header and not response.url.startswith(url):
redirection_kwargs = copy.deepcopy(kwargs)
redirection_kwargs.pop("params", None) # params are contained in the redirected url
logger.warning("Redirection ! Accessing endpoint {} with initial authorization headers".format(response.url))
response = self.session.request(method, response.url, **redirection_kwargs)
response = self.request_with_cert(method, response.url, **redirection_kwargs)
return response

def request_with_cert(self, method, url, **kwargs):
cert = kwargs.get("cert", None)
if cert and len(cert) == 2:
if cert[0].startswith("-----BEGIN CERTIFICATE") and cert[1].startswith("-----BEGIN PRIVATE KEY"):
logger.info("mTLS certificate and key are strings")
response = None
with tempfile.NamedTemporaryFile(mode="w", suffix=".crt") as tmp_certificate:
with tempfile.NamedTemporaryFile(mode="w", suffix=".key") as tmp_key:
tmp_certificate.write(
normalize_key(cert[0])
)
tmp_certificate.seek(0)
tmp_key.write(
normalize_key(cert[1])
)
tmp_key.seek(0)
kwargs["cert"] = (tmp_certificate.name, tmp_key.name)
response = self.session.request(method, url, **kwargs)
return response
return self.session.request(method, url, **kwargs)

def paginated_api_call(self, can_raise_exeption=True):
if self.pagination.params_must_be_blanked:
self.requests_kwargs["params"] = {}
Expand Down Expand Up @@ -278,3 +300,17 @@ def get_headers(response):
if isinstance(response, requests.Response):
return response.headers
return None


def normalize_key(key):
tempo_text = str(key)
tempo_text = tempo_text.replace("BEGIN CERTIFICATE", "BEGINCERTIFICATE")
tempo_text = tempo_text.replace("END CERTIFICATE", "ENDCERTIFICATE")
tempo_text = tempo_text.replace("-----BEGIN PRIVATE KEY-----", "-----BEGINPRIVATEKEY-----")
tempo_text = tempo_text.replace("-----END PRIVATE KEY-----", "-----ENDPRIVATEKEY-----")
tempo_text = tempo_text.replace(" ", "\n")
tempo_text = tempo_text.replace("BEGINCERTIFICATE", "BEGIN CERTIFICATE")
tempo_text = tempo_text.replace("ENDCERTIFICATE", "END CERTIFICATE")
tempo_text = tempo_text.replace("-----BEGINPRIVATEKEY-----", "-----BEGIN PRIVATE KEY-----")
tempo_text = tempo_text.replace("-----ENDPRIVATEKEY-----", "-----END PRIVATE KEY-----")
return tempo_text