consulta CNJ

consulta_cnj.py

#!/usr/bin/env python3

# para instalar as dependencias:
# python3 -m pip install zeep requests
from pathlib import Path
icp_cert_file_abs_path = str(Path(Path.home(), 'certs', 'icp_brasil_bundle.crt'))

print(icp_cert_file_abs_path)

import zeep  # https://pypi.org/project/zeep/

class Transport(zeep.transports.Transport):
    def __init__(self, cache=None, timeout=300, operation_timeout=None, session=None):
        super(Transport, self).__init__(
            cache=cache, timeout=timeout, operation_timeout=operation_timeout, session=session
        )
        self.session.headers['Content-Type'] = 'text/xml; charset=utf-8'
        self.session.headers['User-Agent'] = '{} ({})'.format(
            'NOME_DO_BOT',
            self.session.headers['User-Agent']
        )



# desativa validacao de certificado SSL/TLS
# solucao temporaria ate achar uma maneira de fazer
# python requests e openssl validar a cadeia de certificados
# emitidos pelo ICP-Brasil
# http://www.iti.gov.br/repositorio/84-repositorio/489-certificados-das-acs-da-icp-brasil-arquivo-unico-compactado
from requests import Session  # https://pypi.org/project/requests/
session = Session()

session.verify = icp_cert_file_abs_path

# start
# isso aqui desativa a validacao do certificado
# comente a linha abaixo para ver o erro
#session.verify = False
# end


transport = Transport(session=session)
# documentacao: http://www.cnj.jus.br/sgt/infWebService.php
url_webservice = "https://www.cnj.jus.br/sgt/sgt_ws.php?wsdl"
client = zeep.Client(wsdl=url_webservice, transport=transport)

response = client.service.getDataUltimaVersao()
dict_response = zeep.helpers.serialize_object(response)

print("\nVersão webservice CNJ é: ")
print(dict_response)

generate_icp_brasil_bundle.sh

#!/bin/bash

# Require dos2unix unzip openssl
#
# Ubuntu:
# sudo apt-get install dos2unix
# OSX:
# brew install dos2unix
# 


CERTS_BASE_FOLDER_NAME=$HOME/certs
CERTS_FOLDER_NAME=icp-brasil
CERTS_PACKAGE_URL=http://acraiz.icpbrasil.gov.br/credenciadas/CertificadosAC-ICP-Brasil/ACcompactado.zip


CERTS_DEST=${CERTS_BASE_FOLDER_NAME}/${CERTS_FOLDER_NAME}

mkdir -p ${CERTS_DEST}
cd ${CERTS_DEST}

rm ${CERTS_BASE_FOLDER_NAME}/icp_brasil_bundle.crt
rm -f *.crt
rm -f *.zip

wget "${CERTS_PACKAGE_URL}"

unzip ACcompactado.zip

for fn in $(file *.crt|grep data|sed 's/: *data//')
do
  mv $fn  $fn.der
  openssl x509 -inform der -in $fn.der -out $fn
done
#rm *.der

for f in $(ls *.crt); do
  dos2unix $f > /dev/null
  openssl x509 -text -in $f >> ${CERTS_BASE_FOLDER_NAME}/icp_brasil_bundle.crt
done

echo -e "\n##############\nGenerated bundle cert file:\n"
echo -e "${CERTS_BASE_FOLDER_NAME}/icp_brasil_bundle.crt"

Erro obtido é:

SSLError: HTTPSConnectionPool(host='www.cnj.jus.br', port=443): Max retries exceeded with url: /sgt/sgt_ws.php?wsdl (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)'),))

Nada também.

$ curl -sS --verbose --insecure --ssl-no-revoke --ssl-allow-beast -b /tmp/tmpq19uxa31 -c /tmp/tmpq19uxa31 https://www.receita.fazenda.gov.br/pessoajuridica/cnpj/cnpjreva/cnpjreva_solicitacao.asp
* TCP_NODELAY set
* Connected to www.receita.fazenda.gov.br (161.148.231.100) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* Unknown SSL protocol error in connection to www.receita.fazenda.gov.br:443
* Curl_http_done: called premature == 1
* stopped the pause stream!
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to www.receita.fazenda.gov.br:443

Tentei assim:

>>> session = requests.Session()
>>> session.verify
True
>>> session.verify = False
>>> session.get('https://www.receita.fazenda.gov.br/')
Traceback (most recent call last):
  File "<console>", line 1, in <module>
  File "/home/davinirjr/.virtualenvs/hivelocity.intranet/lib/python2.7/site-packages/requests/sessions.py", line 480, in get
    return self.request('GET', url, **kwargs)
  File "/home/davinirjr/.virtualenvs/hivelocity.intranet/lib/python2.7/site-packages/requests/sessions.py", line 468, in request
    resp = self.send(prep, **send_kwargs)
  File "/home/davinirjr/.virtualenvs/hivelocity.intranet/lib/python2.7/site-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/home/davinirjr/.virtualenvs/hivelocity.intranet/lib/python2.7/site-packages/requests/adapters.py", line 433, in send
    raise SSLError(e, request=request)
SSLError: EOF occurred in violation of protocol (_ssl.c:590)
>>> 

O caso do @cuducos é diferente, acredito que vai precisar liberar o certificado (a cadeia toda) no SO

Aqui foi com:

curl \
    --tlsv1.0 \
    -sS \
    --verbose \
    --cacert certs/AC_Secretaria_da_Receita_Federal_do_Brasil_v3.crt \
    --insecure \
    --ssl-no-revoke \
    --ssl-allow-beast \
    -b /tmp/cookie \
    -c /tmp/cookie \
    https://www.receita.fazenda.gov.br/pessoajuridica/cnpj/cnpjreva/cnpjreva_solicitacao.asp

O certificado baixei em http://iti.gov.br/repositorio/84-repositorio/489-certificados-das-acs-da-icp-brasil-arquivo-unico-compactado