Difference between revisions of "Venafi api"
Jump to navigation
Jump to search
Line 166: | Line 166: | ||
EOF | EOF | ||
) | ) | ||
− | |||
rsp=$(scurl -X POST https://$API_HOST/vedauth/authorize/oauth -d "${json}") | rsp=$(scurl -X POST https://$API_HOST/vedauth/authorize/oauth -d "${json}") | ||
token=$(echo "$rsp" | jq -r .access_token) | token=$(echo "$rsp" | jq -r .access_token) | ||
− | url="https://$API_HOST/vedsdk/ | + | get_crt_via_guid(){ |
+ | url="https://${API_HOST}/vedsdk/certificates/{${guid}}" | ||
+ | rsp=$(scurl -H "Authorization:Bearer ${token}" "$url" | jq) | ||
+ | echo "$rsp" | ||
+ | } | ||
− | + | search_crt(){ | |
− | + | # GET https://test.venafi.example/vedsdk/certificates/?parentdnrecursive=%5CVED%5CPolicy&limit=2&offset=0 | |
− | + | # Authorization:Bearer 4MyGeneratedBearerTknz== | |
− | + | url="https://${API_HOST}/vedsdk/certificates/?parentdnrecursive=%5CVED%5CPolicy&limit=2&offset=0" | |
+ | rsp=$(scurl -H "Authorization:Bearer ${token}" "$url" | jq) | ||
+ | echo "$rsp" | ||
+ | } | ||
− | json=$(cat <<-EOF | + | |
− | + | get_crt_via_dn(){ | |
− | + | url="https://$API_HOST/vedsdk/Certificates/Retrieve" | |
− | + | ||
− | + | # folder is cert path in all properties | |
− | + | cert_path=$(echo $cert_path | sed 's/\\/\\\\/g') | |
− | + | cert_prefix="\VED\Policy\Certificates\\" | |
+ | cert_prefix=$(echo $cert_prefix | sed 's/\\/\\\\/g') | ||
+ | cert_dn="${cert_prefix}${cert_path}" | ||
+ | |||
+ | json=$(cat <<-EOF | ||
+ | { | ||
+ | "CertificateDN":"${cert_dn}", | ||
+ | "Format":"Base64", | ||
+ | "IncludeChain":"true", | ||
+ | "RootFirstOrder":"true" | ||
+ | } | ||
EOF | EOF | ||
) | ) | ||
− | rsp=$(scurl -H "Authorization:Bearer ${token}" -d "$json" "$url") | + | rsp=$(scurl -H "Authorization:Bearer ${token}" -d "$json" "$url") |
+ | |||
+ | echo "$rsp" | jq -r .CertificateData | base64 -d | ||
+ | } | ||
− | + | get_crt_via_dn | |
``` | ``` |
Revision as of 17:18, 8 April 2023
https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-GET-Certificates.php
https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-POST-Config-dntoguid.php
https://docs.venafi.com/Docs/current/TopNav/Content/SDK/AuthSDK/t-SDKa-Setup-OAuth.php
Platform->API->Integrations
Python
vcli.py
#!/usr/bin/python3 import argparse import base64 import os from pprint import pprint import requests class BearerAuth(requests.auth.AuthBase): def __init__(self, token): self.token = token def __call__(self, r): r.headers["authorization"] = "Bearer " + self.token return r class EnvDefault(argparse.Action): def __init__(self, envvar, required=True, default=None, **kwargs): if not default and envvar: if envvar in os.environ: default = os.environ[envvar] if required and default: required = False super(EnvDefault, self).__init__(default=default, required=required, **kwargs) def __call__(self, parser, namespace, values, option_string=None): setattr(namespace, self.dest, values) parser = argparse.ArgumentParser( description='Create Zabbix screen from all of a host Items or Graphs.') parser.add_argument('-H', '--api-host', required=True, type=str, default=os.environ.get('API_HOST'), help='API host fqdn.') parser.add_argument('-c', '--client_id', required=True, type=str, default=os.environ.get('CLIENT_ID'), help='API Integration Name/Client ID.') parser.add_argument('-u', '--username', required=True, type=str, default=os.environ.get('USERNAME'), help='API Username.') parser.add_argument('-p', '--password', required=True, type=str, action=EnvDefault, envvar='PASSWORD', help='API password.') parser.add_argument('-s', '--scope', required=False, type=str, default="certificate:manage", help='API password.') parser.add_argument('-d', '--cert-dn', required=True, type=str, help='Certificate folder file path.') parser.add_argument('-v', '--verbose', action='store_true') # on/off flag args = parser.parse_args() def get_auth_token(): auth_json = { "client_id": args.client_id, "username": args.username, "password": args.password, "scope": args.scope } url = f'https://{args.api_host}/vedauth/authorize/oauth' rsp = requests.post(url, json=auth_json) token = rsp.json()['access_token'] return token def get_crt_via_guid(token, cert_guid): url = f"https://{args.api_host}/vedsdk/certificates/{{guid}}" rsp = requests.get(url, auth=BearerAuth(token)) pprint(rsp.json()) return rsp.json() def search_crt(token, limit, offset=0): url1 = f"https://{args.api_host}/vedsdk/certificates/" url2 = f"?parentdnrecursive=%5CVED%5CPolicy&limit={limit}&offset={offset}" url = f"{url1}{url2}" rsp = requests.get(url, auth=BearerAuth(token)) pprint(rsp.json()) return rsp.json() def get_crt_via_dn(token, cert_dn): cert_dn = cert_dn.replace("\\", "\\\\") dn_json = { "CertificateDN": cert_dn, "Format": "Base64", "IncludeChain": "true", "RootFirstOrder": "true" } headers = {} headers["authorization"] = "Bearer " + token url = f"https://{args.api_host}/vedsdk/Certificates/Retrieve" rsp = requests.post(url, json=dn_json, auth=BearerAuth(token)) crt_pem = base64.b64decode(rsp.json()['CertificateData']) return crt_pem.decode('utf-8') def main(): token = get_auth_token() # search_crt(token, 2) cert_pem = get_crt_via_dn(args.cert_dn) print(cert_pem) if __name__ == '__main__': main()
Bash
Get Cert
.env
set -a API_HOST=venafi.example.com USERNAME=foo PASSWORD=bar CLIENT_ID=apiIntergrationName SCOPE="certificate:manage"
. .env
Get cert example via path
#!/bin/bash set -eu if [ "$#" -ne 1 ]; then echo "Usage: $0 <cert path>" echo "Example: $0 \"MyFolder\Subfolder\mycert1\"" exit fi cert_path=$1 shopt -s expand_aliases alias scurl="curl -sS -b cookies.txt -c cookies.txt -H 'Content-type: application/json' -H 'Accept: application/json'" json=$(cat <<-EOF { "client_id":"$CLIENT_ID", "username":"${USERNAME}", "password":"${PASSWORD}", "scope":"${SCOPE}" } EOF ) rsp=$(scurl -X POST https://$API_HOST/vedauth/authorize/oauth -d "${json}") token=$(echo "$rsp" | jq -r .access_token) get_crt_via_guid(){ url="https://${API_HOST}/vedsdk/certificates/{${guid}}" rsp=$(scurl -H "Authorization:Bearer ${token}" "$url" | jq) echo "$rsp" } search_crt(){ # GET https://test.venafi.example/vedsdk/certificates/?parentdnrecursive=%5CVED%5CPolicy&limit=2&offset=0 # Authorization:Bearer 4MyGeneratedBearerTknz== url="https://${API_HOST}/vedsdk/certificates/?parentdnrecursive=%5CVED%5CPolicy&limit=2&offset=0" rsp=$(scurl -H "Authorization:Bearer ${token}" "$url" | jq) echo "$rsp" } get_crt_via_dn(){ url="https://$API_HOST/vedsdk/Certificates/Retrieve" # folder is cert path in all properties cert_path=$(echo $cert_path | sed 's/\\/\\\\/g') cert_prefix="\VED\Policy\Certificates\\" cert_prefix=$(echo $cert_prefix | sed 's/\\/\\\\/g') cert_dn="${cert_prefix}${cert_path}" json=$(cat <<-EOF { "CertificateDN":"${cert_dn}", "Format":"Base64", "IncludeChain":"true", "RootFirstOrder":"true" } EOF ) rsp=$(scurl -H "Authorization:Bearer ${token}" -d "$json" "$url") echo "$rsp" | jq -r .CertificateData | base64 -d } get_crt_via_dn