Python中的JIRA OAuth流程

Question

I'm using the below snippet to sign the request and get request tokens for JIRA OAuth process.

import base64
import urlparse
from tlslite.utils import keyfactory
import oauth2 as oauth

consumer_key = 'oauth-sample-consumer'
consumer_secret = 'dont_care'

request_token_url = 'https://localhost:8090/jira/plugins/servlet/oauth/request-token'
access_token_url = 'https://localhost:8090/jira/plugins/servlet/oauth/access-token'
authorize_url = 'https://localhost:8090/jira/plugins/servlet/oauth/authorize'

class SignatureMethod_RSA_SHA1(oauth.SignatureMethod):
    name = 'RSA-SHA1'

    def signing_base(self, request, consumer, token):
        if not hasattr(request, 'normalized_url') or request.normalized_url is None:
            raise ValueError("Base URL for request is not set.")

        sig = (
            oauth.escape(request.method),
            oauth.escape(request.normalized_url),
            oauth.escape(request.get_normalized_parameters()),
        )

        key = '%s&' % oauth.escape(consumer.secret)
        if token:
            key += oauth.escape(token.secret)
        raw = '&'.join(sig)
        return key, raw

    def sign(self, request, consumer, token):
        """Builds the base signature string."""
        key, raw = self.signing_base(request, consumer, token)

        with open('../rsa.pem', 'r') as f:
            data = f.read()
        privateKeyString = data.strip()

        privatekey = keyfactory.parsePrivateKey(privateKeyString)
        signature = privatekey.hashAndSign(raw)

        return base64.b64encode(signature)


if __name__=='__main__':
    consumer = oauth.Consumer(consumer_key, consumer_secret)
    client = oauth.Client(consumer)
    client.set_signature_method(SignatureMethod_RSA_SHA1())

    resp, content = client.request(request_token_url, "POST")
    if resp['status'] != '200':
       raise Exception("Invalid response %s: %s" % (resp['status'],  content))

I have added the public key to JIRA consumer application. Now executing the above snippet always gives me this error:

Traceback (most recent call last):
  File "views.py", line 80, in <module>
    resp, content = client.request(request_token_url, "GET")
  File "/usr/local/lib/python2.7/dist-packages/oauth2/__init__.py", line 682, in request
    connection_type=connection_type)
  File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1570, in request
    (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
  File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1317, in _request
    (response, content) = self._conn_request(conn, request_uri, method, body, headers)
  File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1252, in _conn_request
    conn.connect()
  File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1044, in connect
    raise SSLHandshakeError(e)
httplib2.SSLHandshakeError: [Errno 1] _ssl.c:503: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 

I actually deleted my public key and again entered it in my consumer app to make sure there are no white spaces.

JIRA doesn't give any option to upload a public key file, so it has to be copied anyhow.

Answer 1

I got it solved using this certifi package

sudo pip install certifi

In code:

client.ca_certs = certifi.where()