Venafi api
Jump to navigation
Jump to search
https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-GET-Certificates.php
https://docs.venafi.com/Docs/current/TopNav/Content/SDK/WebSDK/r-SDK-POST-Config-dntoguid.php
https://docs.venafi.com/Docs/current/TopNav/Content/SDK/AuthSDK/t-SDKa-Setup-OAuth.php
Platform->API->Integrations
Python
vcli.py
#!/usr/bin/python3
import argparse
import base64
import os
from pprint import pprint
import requests
class BearerAuth(requests.auth.AuthBase):
def __init__(self, token):
self.token = token
def __call__(self, r):
r.headers["authorization"] = "Bearer " + self.token
return r
class EnvDefault(argparse.Action):
def __init__(self, envvar, required=True, default=None, **kwargs):
if not default and envvar:
if envvar in os.environ:
default = os.environ[envvar]
if required and default:
required = False
super(EnvDefault, self).__init__(default=default, required=required,
**kwargs)
def __call__(self, parser, namespace, values, option_string=None):
setattr(namespace, self.dest, values)
parser = argparse.ArgumentParser(
description='Create Zabbix screen from all of a host Items or Graphs.')
parser.add_argument('-H', '--api-host', required=True, type=str,
default=os.environ.get('API_HOST'),
help='API host fqdn.')
parser.add_argument('-c', '--client_id', required=True, type=str,
default=os.environ.get('CLIENT_ID'),
help='API Integration Name/Client ID.')
parser.add_argument('-u', '--username', required=True, type=str,
default=os.environ.get('USERNAME'),
help='API Username.')
parser.add_argument('-p', '--password', required=True, type=str,
action=EnvDefault, envvar='PASSWORD',
help='API password.')
parser.add_argument('-s', '--scope', required=False, type=str,
default="certificate:manage",
help='API password.')
parser.add_argument('-d', '--cert-dn', required=True, type=str,
help='Certificate folder file path.')
parser.add_argument('-v', '--verbose',
action='store_true') # on/off flag
args = parser.parse_args()
def get_auth_token():
auth_json = {
"client_id": args.client_id,
"username": args.username,
"password": args.password,
"scope": args.scope
}
url = f'https://{args.api_host}/vedauth/authorize/oauth'
rsp = requests.post(url, json=auth_json)
token = rsp.json()['access_token']
return token
def get_crt_via_guid(token, cert_guid):
url = f"https://{args.api_host}/vedsdk/certificates/{{guid}}"
rsp = requests.get(url, auth=BearerAuth(token))
pprint(rsp.json())
return rsp.json()
def search_crt(token, limit, offset=0):
url1 = f"https://{args.api_host}/vedsdk/certificates/"
url2 = f"?parentdnrecursive=%5CVED%5CPolicy&limit={limit}&offset={offset}"
url = f"{url1}{url2}"
rsp = requests.get(url, auth=BearerAuth(token))
pprint(rsp.json())
return rsp.json()
def get_crt_via_dn(token, cert_dn):
cert_dn = cert_dn.replace("\\", "\\\\")
dn_json = {
"CertificateDN": cert_dn,
"Format": "Base64",
"IncludeChain": "true",
"RootFirstOrder": "true"
}
headers = {}
headers["authorization"] = "Bearer " + token
url = f"https://{args.api_host}/vedsdk/Certificates/Retrieve"
rsp = requests.post(url, json=dn_json, auth=BearerAuth(token))
crt_pem = base64.b64decode(rsp.json()['CertificateData'])
return crt_pem.decode('utf-8')
def main():
token = get_auth_token()
# search_crt(token, 2)
cert_pem = get_crt_via_dn(args.cert_dn)
print(cert_pem)
if __name__ == '__main__':
main()
Bash
Get Cert
Platform -> API -> Integrations and add one
{
"username": "<your_name>",
"password": "<your_password>",
"client_id": "CustomAdmin",
"scope": "certificate:manage;configuration:manage"
}
.env
set -a API_HOST=venafi.example.com USERNAME=foo PASSWORD=bar CLIENT_ID=apiIntergrationName SCOPE="certificate:manage"
. .env
Get cert example via path
#!/bin/bash
set -eu
if [ "$#" -ne 1 ]; then
echo "Usage: $0 <cert path>"
echo "Example: $0 \"MyFolder\Subfolder\mycert1\""
exit
fi
cert_path=$1
shopt -s expand_aliases
alias scurl="curl -sS -b cookies.txt -c cookies.txt -H 'Content-type: application/json' -H 'Accept: application/json'"
json=$(cat <<-EOF
{
"client_id":"$CLIENT_ID",
"username":"${USERNAME}",
"password":"${PASSWORD}",
"scope":"${SCOPE}"
}
EOF
)
rsp=$(scurl -X POST https://$API_HOST/vedauth/authorize/oauth -d "${json}")
token=$(echo "$rsp" | jq -r .access_token)
get_crt_via_guid(){
url="https://${API_HOST}/vedsdk/certificates/{${guid}}"
rsp=$(scurl -H "Authorization:Bearer ${token}" "$url" | jq)
echo "$rsp"
}
search_crt(){
# GET https://test.venafi.example/vedsdk/certificates/?parentdnrecursive=%5CVED%5CPolicy&limit=2&offset=0
# Authorization:Bearer 4MyGeneratedBearerTknz==
url="https://${API_HOST}/vedsdk/certificates/?parentdnrecursive=%5CVED%5CPolicy&limit=2&offset=0"
rsp=$(scurl -H "Authorization:Bearer ${token}" "$url" | jq)
echo "$rsp"
}
get_crt_via_dn(){
url="https://$API_HOST/vedsdk/Certificates/Retrieve"
# folder is cert path in all properties
cert_path=$(echo $cert_path | sed 's/\\/\\\\/g')
cert_prefix="\VED\Policy\Certificates\\"
cert_prefix=$(echo $cert_prefix | sed 's/\\/\\\\/g')
cert_dn="${cert_prefix}${cert_path}"
json=$(cat <<-EOF
{
"CertificateDN":"${cert_dn}",
"Format":"Base64",
"IncludeChain":"true",
"RootFirstOrder":"true"
}
EOF
)
rsp=$(scurl -H "Authorization:Bearer ${token}" -d "$json" "$url")
echo "$rsp" | jq -r .CertificateData | base64 -d
}
get_crt_via_dn