From 1f39b578d72ba7722f9474f6e8ac4782bb2b4b13 Mon Sep 17 00:00:00 2001
From: Yevhen Chypachenko <echipachenko@gmail.com>
Date: Wed, 19 Mar 2025 15:54:11 -0400
Subject: [PATCH 1/2] SPL-264208 MSB-3468 Update python library to support mTLS
 when web private key is encrypted

---
 solnlib/server_info.py | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/solnlib/server_info.py b/solnlib/server_info.py
index 206cf1d1..01603c6b 100644
--- a/solnlib/server_info.py
+++ b/solnlib/server_info.py
@@ -31,6 +31,14 @@ def getWebKeyFile():
         return None
 
 
+try:
+    from splunk.rest import is_cert_or_key_encrypted
+except (ModuleNotFoundError, ImportError):
+
+    def is_cert_or_key_encrypted(cert_filename):
+        return False
+
+
 from splunklib import binding
 from solnlib import splunk_rest_client as rest_client
 from solnlib import utils
@@ -75,9 +83,15 @@ def __init__(
                 host == "localhost" or host == "127.0.0.1" or host in ("::1", "[::1]")
             )
 
-        if getWebCertFile() and getWebKeyFile():
-            context["cert_file"] = getWebCertFile()
-            context["key_file"] = getWebKeyFile()
+        web_key_file = getWebKeyFile()
+        web_cert_file = getWebCertFile()
+        if (
+            web_cert_file
+            and web_key_file
+            and not is_cert_or_key_encrypted(web_key_file)
+        ):
+            context["cert_file"] = web_cert_file
+            context["key_file"] = web_key_file
 
             if all([is_localhost, context.get("verify") is None]):
                 # NOTE: this is specifically for mTLS communication
@@ -85,8 +99,8 @@ def __init__(
                 # we set verify to off (similar to 'rest.simpleRequest' implementation)
                 context["verify"] = False
 
-        elif getWebCertFile() is not None:
-            context["cert_file"] = getWebCertFile()
+        elif web_cert_file is not None:
+            context["cert_file"] = web_cert_file
             if all([is_localhost, context.get("verify") is None]):
                 context["verify"] = False
 

From 792782c21f90df7cf44ab0bccb8ccaa1d5faa6d7 Mon Sep 17 00:00:00 2001
From: Yevhen Chypachenko <echipachenko@gmail.com>
Date: Mon, 24 Mar 2025 11:47:54 -0400
Subject: [PATCH 2/2] SPL-264208 MSB-3468 Update python library to support mTLS
 when web private key is encrypted

---
 solnlib/server_info.py | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/solnlib/server_info.py b/solnlib/server_info.py
index 01603c6b..daa7fa26 100644
--- a/solnlib/server_info.py
+++ b/solnlib/server_info.py
@@ -85,13 +85,13 @@ def __init__(
 
         web_key_file = getWebKeyFile()
         web_cert_file = getWebCertFile()
-        if (
-            web_cert_file
-            and web_key_file
-            and not is_cert_or_key_encrypted(web_key_file)
+        if web_cert_file and (
+            web_key_file is None or not is_cert_or_key_encrypted(web_key_file)
         ):
             context["cert_file"] = web_cert_file
-            context["key_file"] = web_key_file
+
+            if web_key_file is not None:
+                context["key_file"] = web_key_file
 
             if all([is_localhost, context.get("verify") is None]):
                 # NOTE: this is specifically for mTLS communication
@@ -99,11 +99,6 @@ def __init__(
                 # we set verify to off (similar to 'rest.simpleRequest' implementation)
                 context["verify"] = False
 
-        elif web_cert_file is not None:
-            context["cert_file"] = web_cert_file
-            if all([is_localhost, context.get("verify") is None]):
-                context["verify"] = False
-
         self._rest_client = rest_client.SplunkRestClient(
             session_key, "-", scheme=scheme, host=host, port=port, **context
         )