Skip to content

Instantly share code, notes, and snippets.

@luzfcb

luzfcb/consulta_cnj.py

Last active August 13, 2018 19:11
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save luzfcb/79b8105aa12f61c40c1553a3afb79b09 to your computer and use it in GitHub Desktop.
Save luzfcb/79b8105aa12f61c40c1553a3afb79b09 to your computer and use it in GitHub Desktop.
Download ZIP
consulta CNJ
Raw
consulta_cnj.py
#!/usr/bin/env python3
# para instalar as dependencias:
# python3 -m pip install zeep requests
from pathlib import Path
icp_cert_file_abs_path = str(Path(Path.home(), 'certs', 'icp_brasil_bundle.crt'))
print(icp_cert_file_abs_path)
import zeep # https://pypi.org/project/zeep/
class Transport(zeep.transports.Transport):
def __init__(self, cache=None, timeout=300, operation_timeout=None, session=None):
super(Transport, self).__init__(
cache=cache, timeout=timeout, operation_timeout=operation_timeout, session=session
)
self.session.headers['Content-Type'] = 'text/xml; charset=utf-8'
self.session.headers['User-Agent'] = '{} ({})'.format(
'NOME_DO_BOT',
self.session.headers['User-Agent']
)
# desativa validacao de certificado SSL/TLS
# solucao temporaria ate achar uma maneira de fazer
# python requests e openssl validar a cadeia de certificados
# emitidos pelo ICP-Brasil
# http://www.iti.gov.br/repositorio/84-repositorio/489-certificados-das-acs-da-icp-brasil-arquivo-unico-compactado
from requests import Session # https://pypi.org/project/requests/
session = Session()
session.verify = icp_cert_file_abs_path
# start
# isso aqui desativa a validacao do certificado
# comente a linha abaixo para ver o erro
#session.verify = False
# end
transport = Transport(session=session)
# documentacao: http://www.cnj.jus.br/sgt/infWebService.php
url_webservice = "https://www.cnj.jus.br/sgt/sgt_ws.php?wsdl"
client = zeep.Client(wsdl=url_webservice, transport=transport)
response = client.service.getDataUltimaVersao()
dict_response = zeep.helpers.serialize_object(response)
print("\nVersão webservice CNJ é: ")
print(dict_response)
Raw
generate_icp_brasil_bundle.sh
#!/bin/bash
# Require dos2unix unzip openssl
#
# Ubuntu:
# sudo apt-get install dos2unix
# OSX:
# brew install dos2unix
#
CERTS_BASE_FOLDER_NAME=$HOME/certs
CERTS_FOLDER_NAME=icp-brasil
CERTS_PACKAGE_URL=http://acraiz.icpbrasil.gov.br/credenciadas/CertificadosAC-ICP-Brasil/ACcompactado.zip
CERTS_DEST=${CERTS_BASE_FOLDER_NAME}/${CERTS_FOLDER_NAME}
mkdir -p ${CERTS_DEST}
cd ${CERTS_DEST}
rm ${CERTS_BASE_FOLDER_NAME}/icp_brasil_bundle.crt
rm -f *.crt
rm -f *.zip
wget "${CERTS_PACKAGE_URL}"
unzip ACcompactado.zip
for fn in $(file *.crt|grep data|sed 's/: *data//')
do
mv $fn $fn.der
openssl x509 -inform der -in $fn.der -out $fn
done
#rm *.der
for f in $(ls *.crt); do
dos2unix $f > /dev/null
openssl x509 -text -in $f >> ${CERTS_BASE_FOLDER_NAME}/icp_brasil_bundle.crt
done
echo -e "\n##############\nGenerated bundle cert file:\n"
echo -e "${CERTS_BASE_FOLDER_NAME}/icp_brasil_bundle.crt"
@luzfcb
Copy link
Author

luzfcb commented Aug 10, 2018

Erro obtido é:

SSLError: HTTPSConnectionPool(host='www.cnj.jus.br', port=443): Max retries exceeded with url: /sgt/sgt_ws.php?wsdl (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)'),))

@cuducos
Copy link

cuducos commented Aug 10, 2018

Nada também.

$ curl -sS --verbose --insecure --ssl-no-revoke --ssl-allow-beast -b /tmp/tmpq19uxa31 -c /tmp/tmpq19uxa31 https://www.receita.fazenda.gov.br/pessoajuridica/cnpj/cnpjreva/cnpjreva_solicitacao.asp
* TCP_NODELAY set
* Connected to www.receita.fazenda.gov.br (161.148.231.100) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* Unknown SSL protocol error in connection to www.receita.fazenda.gov.br:443
* Curl_http_done: called premature == 1
* stopped the pause stream!
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to www.receita.fazenda.gov.br:443

@davinirjr
Copy link

Tentei assim:

>>> session = requests.Session()
>>> session.verify
True
>>> session.verify = False
>>> session.get('https://www.receita.fazenda.gov.br/')
Traceback (most recent call last):
  File "<console>", line 1, in <module>
  File "/home/davinirjr/.virtualenvs/hivelocity.intranet/lib/python2.7/site-packages/requests/sessions.py", line 480, in get
    return self.request('GET', url, **kwargs)
  File "/home/davinirjr/.virtualenvs/hivelocity.intranet/lib/python2.7/site-packages/requests/sessions.py", line 468, in request
    resp = self.send(prep, **send_kwargs)
  File "/home/davinirjr/.virtualenvs/hivelocity.intranet/lib/python2.7/site-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/home/davinirjr/.virtualenvs/hivelocity.intranet/lib/python2.7/site-packages/requests/adapters.py", line 433, in send
    raise SSLError(e, request=request)
SSLError: EOF occurred in violation of protocol (_ssl.c:590)
>>>

@davinirjr
Copy link

O caso do @cuducos é diferente, acredito que vai precisar liberar o certificado (a cadeia toda) no SO

@cuducos
Copy link

cuducos commented Aug 10, 2018

Aqui foi com:

curl \
    --tlsv1.0 \
    -sS \
    --verbose \
    --cacert certs/AC_Secretaria_da_Receita_Federal_do_Brasil_v3.crt \
    --insecure \
    --ssl-no-revoke \
    --ssl-allow-beast \
    -b /tmp/cookie \
    -c /tmp/cookie \
    https://www.receita.fazenda.gov.br/pessoajuridica/cnpj/cnpjreva/cnpjreva_solicitacao.asp

O certificado baixei em http://iti.gov.br/repositorio/84-repositorio/489-certificados-das-acs-da-icp-brasil-arquivo-unico-compactado

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment