Add ca_cert_data parameter to Python client.

This lets a client validate a server's CA certificate chain using a variable/constant containing PEM (`str`) or DER (`bytes`) data, rather than needing to reference a file on disk.
OpenAPITools · Feb 20, 2025 · f846077 · f846077
1 parent 9374dbd
commit f846077
Show file tree

Hide file tree

Showing 11 changed files with 43 additions and 2 deletions.
diff --git a/modules/openapi-generator/src/main/resources/python/asyncio/rest.mustache b/modules/openapi-generator/src/main/resources/python/asyncio/rest.mustache
@@ -47,7 +47,8 @@ class RESTClientObject:
         self.maxsize = configuration.connection_pool_maxsize
 
         self.ssl_context = ssl.create_default_context(
-            cafile=configuration.ssl_ca_cert
+            cafile=configuration.ssl_ca_cert,
+            cadata=configuration.ca_cert_data,
         )
         if configuration.cert_file:
             self.ssl_context.load_cert_chain(

diff --git a/modules/openapi-generator/src/main/resources/python/configuration.mustache b/modules/openapi-generator/src/main/resources/python/configuration.mustache
@@ -183,6 +183,8 @@ class Configuration:
     :param ssl_ca_cert: str - the path to a file of concatenated CA certificates
       in PEM format.
     :param retries: Number of retries for API requests.
+    :param ca_cert_data: str|bytes - verify the peer using concatenated CA
+      certificate data in PEM (str) or DER (bytes) format.
 
 {{#hasAuthMethods}}
     :Example:
@@ -289,6 +291,7 @@ conf = {{{packageName}}}.Configuration(
         ignore_operation_servers: bool=False,
         ssl_ca_cert: Optional[str]=None,
         retries: Optional[int] = None,
+        ca_cert_data: Optional[str | bytes] = None,
         *,
         debug: Optional[bool] = None,
     ) -> None:
@@ -373,6 +376,10 @@ conf = {{{packageName}}}.Configuration(
         self.ssl_ca_cert = ssl_ca_cert
         """Set this to customize the certificate file to verify the peer.
         """
+        self.ca_cert_data = ca_cert_data
+        """Set this to verify the peer using PEM (str) or DER (bytes)
+           certificate data.
+        """
         self.cert_file = None
         """client certificate file
         """

diff --git a/modules/openapi-generator/src/main/resources/python/rest.mustache b/modules/openapi-generator/src/main/resources/python/rest.mustache
@@ -66,6 +66,7 @@ class RESTClientObject:
             "ca_certs": configuration.ssl_ca_cert,
             "cert_file": configuration.cert_file,
             "key_file": configuration.key_file,
+            "ca_cert_data": configuration.ca_cert_data,
         }
         if configuration.assert_hostname is not None:
             pool_args['assert_hostname'] = (

diff --git a/.../echo_api/python-disallowAdditionalPropertiesIfNotPresent/openapi_client/configuration.py b/.../echo_api/python-disallowAdditionalPropertiesIfNotPresent/openapi_client/configuration.py
@@ -163,6 +163,8 @@ class Configuration:
     :param ssl_ca_cert: str - the path to a file of concatenated CA certificates
       in PEM format.
     :param retries: Number of retries for API requests.
+    :param ca_cert_data: str|bytes - verify the peer using concatenated CA
+      certificate data in PEM (str) or DER (bytes) format.
 
     :Example:
 
@@ -200,6 +202,7 @@ def __init__(
         ignore_operation_servers: bool=False,
         ssl_ca_cert: Optional[str]=None,
         retries: Optional[int] = None,
+        ca_cert_data: Optional[str | bytes] = None,
         *,
         debug: Optional[bool] = None,
     ) -> None:
@@ -277,6 +280,10 @@ def __init__(
         self.ssl_ca_cert = ssl_ca_cert
         """Set this to customize the certificate file to verify the peer.
         """
+        self.ca_cert_data = ca_cert_data
+        """Set this to verify the peer using PEM (str) or DER (bytes)
+           certificate data.
+        """
         self.cert_file = None
         """client certificate file
         """

diff --git a/...es/client/echo_api/python-disallowAdditionalPropertiesIfNotPresent/openapi_client/rest.py b/...es/client/echo_api/python-disallowAdditionalPropertiesIfNotPresent/openapi_client/rest.py
@@ -77,6 +77,7 @@ def __init__(self, configuration) -> None:
             "ca_certs": configuration.ssl_ca_cert,
             "cert_file": configuration.cert_file,
             "key_file": configuration.key_file,
+            "ca_cert_data": configuration.ca_cert_data,
         }
         if configuration.assert_hostname is not None:
             pool_args['assert_hostname'] = (

diff --git a/samples/client/echo_api/python/openapi_client/configuration.py b/samples/client/echo_api/python/openapi_client/configuration.py
@@ -163,6 +163,8 @@ class Configuration:
     :param ssl_ca_cert: str - the path to a file of concatenated CA certificates
       in PEM format.
     :param retries: Number of retries for API requests.
+    :param ca_cert_data: str|bytes - verify the peer using concatenated CA
+      certificate data in PEM (str) or DER (bytes) format.
 
     :Example:
 
@@ -200,6 +202,7 @@ def __init__(
         ignore_operation_servers: bool=False,
         ssl_ca_cert: Optional[str]=None,
         retries: Optional[int] = None,
+        ca_cert_data: Optional[str | bytes] = None,
         *,
         debug: Optional[bool] = None,
     ) -> None:
@@ -277,6 +280,10 @@ def __init__(
         self.ssl_ca_cert = ssl_ca_cert
         """Set this to customize the certificate file to verify the peer.
         """
+        self.ca_cert_data = ca_cert_data
+        """Set this to verify the peer using PEM (str) or DER (bytes)
+           certificate data.
+        """
         self.cert_file = None
         """client certificate file
         """

diff --git a/samples/client/echo_api/python/openapi_client/rest.py b/samples/client/echo_api/python/openapi_client/rest.py
@@ -77,6 +77,7 @@ def __init__(self, configuration) -> None:
             "ca_certs": configuration.ssl_ca_cert,
             "cert_file": configuration.cert_file,
             "key_file": configuration.key_file,
+            "ca_cert_data": configuration.ca_cert_data,
         }
         if configuration.assert_hostname is not None:
             pool_args['assert_hostname'] = (

diff --git a/samples/openapi3/client/petstore/python-aiohttp/petstore_api/configuration.py b/samples/openapi3/client/petstore/python-aiohttp/petstore_api/configuration.py
@@ -168,6 +168,8 @@ class Configuration:
     :param ssl_ca_cert: str - the path to a file of concatenated CA certificates
       in PEM format.
     :param retries: Number of retries for API requests.
+    :param ca_cert_data: str|bytes - verify the peer using concatenated CA
+      certificate data in PEM (str) or DER (bytes) format.
 
     :Example:
 
@@ -264,6 +266,7 @@ def __init__(
         ignore_operation_servers: bool=False,
         ssl_ca_cert: Optional[str]=None,
         retries: Optional[int] = None,
+        ca_cert_data: Optional[str | bytes] = None,
         *,
         debug: Optional[bool] = None,
     ) -> None:
@@ -346,6 +349,10 @@ def __init__(
         self.ssl_ca_cert = ssl_ca_cert
         """Set this to customize the certificate file to verify the peer.
         """
+        self.ca_cert_data = ca_cert_data
+        """Set this to verify the peer using PEM (str) or DER (bytes)
+           certificate data.
+        """
         self.cert_file = None
         """client certificate file
         """

diff --git a/samples/openapi3/client/petstore/python-aiohttp/petstore_api/rest.py b/samples/openapi3/client/petstore/python-aiohttp/petstore_api/rest.py
@@ -57,7 +57,8 @@ def __init__(self, configuration) -> None:
         self.maxsize = configuration.connection_pool_maxsize
 
         self.ssl_context = ssl.create_default_context(
-            cafile=configuration.ssl_ca_cert
+            cafile=configuration.ssl_ca_cert,
+            cadata=configuration.ca_cert_data,
         )
         if configuration.cert_file:
             self.ssl_context.load_cert_chain(

diff --git a/samples/openapi3/client/petstore/python/petstore_api/configuration.py b/samples/openapi3/client/petstore/python/petstore_api/configuration.py
@@ -169,6 +169,8 @@ class Configuration:
     :param ssl_ca_cert: str - the path to a file of concatenated CA certificates
       in PEM format.
     :param retries: Number of retries for API requests.
+    :param ca_cert_data: str|bytes - verify the peer using concatenated CA
+      certificate data in PEM (str) or DER (bytes) format.
 
     :Example:
 
@@ -265,6 +267,7 @@ def __init__(
         ignore_operation_servers: bool=False,
         ssl_ca_cert: Optional[str]=None,
         retries: Optional[int] = None,
+        ca_cert_data: Optional[str | bytes] = None,
         *,
         debug: Optional[bool] = None,
     ) -> None:
@@ -347,6 +350,10 @@ def __init__(
         self.ssl_ca_cert = ssl_ca_cert
         """Set this to customize the certificate file to verify the peer.
         """
+        self.ca_cert_data = ca_cert_data
+        """Set this to verify the peer using PEM (str) or DER (bytes)
+           certificate data.
+        """
         self.cert_file = None
         """client certificate file
         """

diff --git a/samples/openapi3/client/petstore/python/petstore_api/rest.py b/samples/openapi3/client/petstore/python/petstore_api/rest.py
@@ -76,6 +76,7 @@ def __init__(self, configuration) -> None:
             "ca_certs": configuration.ssl_ca_cert,
             "cert_file": configuration.cert_file,
             "key_file": configuration.key_file,
+            "ca_cert_data": configuration.ca_cert_data,
         }
         if configuration.assert_hostname is not None:
             pool_args['assert_hostname'] = (