Skip to content

Commit e28944d

Browse files
sfonteneausfonteneau
committed
add verify params
1 parent 894bc92 commit e28944d

File tree

1 file changed

+11
-5
lines changed

1 file changed

+11
-5
lines changed

AADInternals.py

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626

2727
class AADInternals():
2828

29-
def __init__(self, proxies={},use_cache=True,save_to_cache=True,tenant_id=None,cache_file=os.path.join(os.path.dirname(os.path.realpath(__file__)),'last_token.json'),domain=None):
29+
def __init__(self, proxies={},use_cache=True,save_to_cache=True,tenant_id=None,cache_file=os.path.join(os.path.dirname(os.path.realpath(__file__)),'last_token.json'),domain=None,verify=True):
3030
"""
3131
Establish a connection with Microsoft and attempts to retrieve a token from Microsoft servers.
3232
Is initialization interactive if cache is not available : (M.F.A.)
@@ -37,6 +37,8 @@ def __init__(self, proxies={},use_cache=True,save_to_cache=True,tenant_id=None,c
3737
save_to_cache (bool): Define if the token give is backup in cache_file
3838
tenant_id (str): tenant id azure
3939
cache_file (str): Path to the cache_file (last token generated)
40+
domain (str): domain name , use for search tenant_id if tenant_id = None
41+
verify (str or Bool) : Allows you to specify SSL certificate verification when connecting to Microsoft servers. If `verify` is a path of type `str`, it must point to a certificate that will be used for SSL verification. If `verify` is of type `bool`, setting `True` enables certificate verification with the default certificate, while `False` disables all certificate verification.
4042
4143
Returns:
4244
None
@@ -48,14 +50,16 @@ def __init__(self, proxies={},use_cache=True,save_to_cache=True,tenant_id=None,c
4850
return None
4951

5052
self.proxies=proxies
53+
self.verify = verify
5154
self.use_cache=use_cache
5255
self.save_to_cache=save_to_cache
5356
self.cache_file=cache_file
5457

5558
self.requests_session_call_adsyncapi = requests.Session()
5659

5760
if domain and (not tenant_id):
58-
data = requests.get('https://login.microsoftonline.com/%s/.well-known/openid-configuration' % domain,proxies=proxies).content.decode('utf-8')
61+
62+
data = requests.get('https://login.microsoftonline.com/%s/.well-known/openid-configuration' % domain,proxies=proxies,verify=self.verify).content.decode('utf-8')
5963
tenant_id = json.loads(data)['token_endpoint'].split('https://login.microsoftonline.com/')[1].split('/')[0]
6064

6165
if not tenant_id:
@@ -81,6 +85,7 @@ def __init__(self, proxies={},use_cache=True,save_to_cache=True,tenant_id=None,c
8185
client_id,
8286
authority=f"https://login.microsoftonline.com/{tenant_id}",
8387
proxies=self.proxies,
88+
verify=self.verify,
8489
token_cache=self.token_cache
8590
)
8691

@@ -122,7 +127,8 @@ def call_graphapi(self,Command,select=''):
122127
response = requests.get(
123128
f"https://graph.microsoft.com/v1.0/{Command}{select}",
124129
headers={"Authorization": f"Bearer {self.get_token(['https://graph.microsoft.com/.default'])}"},
125-
proxies=self.proxies
130+
proxies=self.proxies,
131+
verify=self.verify
126132
)
127133

128134
return response.json().get('value', [])
@@ -803,7 +809,7 @@ def call_provisioningapi(self,envelope):
803809
headers = {
804810
'Content-type': 'application/soap+xml'
805811
}
806-
r = requests.post("https://provisioningapi.microsoftonline.com/provisioningwebservice.svc", headers=headers,data=envelope,proxies=self.proxies,timeout=15)
812+
r = requests.post("https://provisioningapi.microsoftonline.com/provisioningwebservice.svc", headers=headers,data=envelope,proxies=self.proxies,timeout=15,verify=self.verify)
807813
return r.content
808814

809815
#https://github.com/Gerenios/AADInternals/blob/b135545d50a5a473c942139182265850f9d256c2/AzureADConnectAPI_utils.ps1#L166
@@ -820,7 +826,7 @@ def call_adsyncapi(self,envelope,command,tenant_id,message_id,server=aadsync_ser
820826
"x-ms-aadmsods-appid":"1651564e-7ce4-4d99-88be-0a65050d8dc3",
821827
"x-ms-aadmsods-apiaction": command
822828
}
823-
r = self.requests_session_call_adsyncapi.post("https://%s/provisioningservice.svc" % server, headers=headers,data=envelope,proxies=self.proxies)
829+
r = self.requests_session_call_adsyncapi.post("https://%s/provisioningservice.svc" % server, headers=headers,data=envelope,proxies=self.proxies,verify=self.verify)
824830

825831
return r.content
826832

0 commit comments

Comments
 (0)