0

I am trying to access the Thycotic Secret server API which uses oauth2. I am using a code snippet that their support page give as an example:

import http.client
import urllib
import json
import requests

site = 'https://servername/SecretServer'
authApi = '/oauth2/token'
api = site + '/api/v1'
username = 'my.username'
password = 'my.password'
cert_path = 'C:\\Users\\usr\\AppData\\Local\\Programs\\Python\\Python38-32\\lib\\site-packages\\certifi\\cacert.pem'

#Authenticate to Secret Server
def getAuthToken(username, password):
    creds = {}
    creds['username'] = username
    creds['password'] = password
    creds['grant_type'] = 'password'

    uri = site + authApi
    headers = {'Accept':'application/json', 'content-type':'application/x-www-form-urlencoded'}
    resp = requests.post(uri, data=creds, headers=headers, verify=cert_path)

    if resp.status_code not in (200, 304):
        raise Exception("Problems getting a token from Secret Server for %s. %s %s" % (username, resp.status_code, resp))
    return resp.json()["access_token"]

#REST call to retrieve a secret by ID
def GetSecret(token, secretId):
    headers = {'Authorization':'Bearer ' + token, 'content-type':'application/json'}
    resp = requests.get(api + '/secrets/' + str(secretId), headers=headers)    

    if resp.status_code not in (200, 304):
        raise Exception("Error retrieving Secret. %s %s" % (resp.status_code, resp))    
    return resp.json()

#REST call method to update the secret on the server
def UpdateSecret(token, secret):        
    headers = {'Authorization':'Bearer ' + token, 'content-type':'application/json'}
    secretId = secret['id']
    resp = requests.put(api + '/secrets/' + str(secretId), json=secret, headers=headers, verify=cert_path)    

    if resp.status_code not in (200, 304):
        raise Exception("Error updating Secret. %s %s" % (resp.status_code, resp))    
    return resp.json()

#Retrieves the secret item by its "slug" value
def GetItemBySlug(secretItems, slug):
    for x in secretItems['items']:
        if x['slug'] == slug:
            return x
    raise Exception('Item not found for slug: %s' % slug)

#Updates the secret item on the secret with the updated secret item
def UpdateSecretItem(secret, updatedItem):
    secretItems = secret['items']
    for x in secretItems:
        if x['itemId'] == updatedItem['itemId']:
            x.update(updatedItem)
            return
    raise Exception('Secret item not found for item id: %s' % str(updatedItem['itemId']))


print("Attempting authentication for %s..." % username)
token = getAuthToken(username, password)
print("Authentication successful.")
print()

Running the code above gives the following results:

    Traceback (most recent call last):
  File "c:/Users/jason.mattis/Documents/Scripts/Backup Script/Backup_Script/ss-test2.py", line 66, in <module>
    token = getAuthToken(username, password)
  File "c:/Users/jason.mattis/Documents/Scripts/Backup Script/Backup_Script/ss-test2.py", line 23, in getAuthToken
    resp = requests.post(uri, data=creds, headers=headers, verify=cert_path)
  File "C:\Users\jason.mattis\AppData\Local\Programs\Python\Python38-32\lib\site-packages\requests\api.py", line 119, in
post
    return request('post', url, data=data, json=json, **kwargs)
  File "C:\Users\jason.mattis\AppData\Local\Programs\Python\Python38-32\lib\site-packages\requests\api.py", line 61, in request
    return session.request(method=method, url=url, **kwargs)
  File "C:\Users\jason.mattis\AppData\Local\Programs\Python\Python38-32\lib\site-packages\requests\sessions.py", line 530, in request
    resp = self.send(prep, **send_kwargs)
  File "C:\Users\jason.mattis\AppData\Local\Programs\Python\Python38-32\lib\site-packages\requests\sessions.py", line 643, in send
    r = adapter.send(request, **kwargs)
  File "C:\Users\jason.mattis\AppData\Local\Programs\Python\Python38-32\lib\site-packages\requests\adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='prc0-pam3000.americas.nwea.pvt', port=443): Max retries exceeded
with url: /SecretServer/oauth2/token (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)')))

Running this on Windows 10 and Python 3.8.2. Doing my own research I found the following Click Here didn't help. Any help with this is appreciated.

Jrm1715
  • 3
  • 3
  • The servers certificate isn't valid (self signed or unknown CA). https://stackoverflow.com/questions/30405867/how-to-get-python-requests-to-trust-a-self-signed-ssl-certificate is probably more in terms of what you need. – Torxed May 11 '20 at 21:09
  • @jrm1715 We have a new Python SDK released for Secret Server that you can find on GitHub [here](https://github.com/thycotic/python-tss-sdk) but is also published to the PyPI. – Shawn Melton May 14 '20 at 16:30

0 Answers0