Added tls_insecure flag to MQTT

This commit is contained in:
Fabio Manganiello 2020-08-27 15:56:43 +02:00
parent b8917de52f
commit cd8732dc8f
2 changed files with 31 additions and 14 deletions

View file

@ -33,8 +33,9 @@ class MqttBackend(Backend):
topic='platypush_bus_mq', subscribe_default_topic: bool = True, topic='platypush_bus_mq', subscribe_default_topic: bool = True,
tls_cafile: Optional[str] = None, tls_certfile: Optional[str] = None, tls_cafile: Optional[str] = None, tls_certfile: Optional[str] = None,
tls_keyfile: Optional[str] = None, tls_version: Optional[str] = None, tls_keyfile: Optional[str] = None, tls_version: Optional[str] = None,
tls_ciphers: Optional[str] = None, username: Optional[str] = None, tls_ciphers: Optional[str] = None, tls_insecure: bool = False,
password: Optional[str] = None, listeners=None, *args, **kwargs): username: Optional[str] = None, password: Optional[str] = None, listeners=None,
*args, **kwargs):
""" """
:param host: MQTT broker host :param host: MQTT broker host
:param port: MQTT broker port (default: 1883) :param port: MQTT broker port (default: 1883)
@ -52,6 +53,7 @@ class MqttBackend(Backend):
here (default: None). Supported versions: ``tls`` (automatic), ``tlsv1``, ``tlsv1.1``, ``tlsv1.2``. here (default: None). Supported versions: ``tls`` (automatic), ``tlsv1``, ``tlsv1.1``, ``tlsv1.2``.
:param tls_ciphers: If TLS/SSL is enabled on the MQTT server and an explicit list of supported ciphers is :param tls_ciphers: If TLS/SSL is enabled on the MQTT server and an explicit list of supported ciphers is
required, specify it here (default: None) required, specify it here (default: None)
:param tls_insecure: Set to True to ignore TLS insecure warnings (default: False).
:param username: Specify it if the MQTT server requires authentication (default: None) :param username: Specify it if the MQTT server requires authentication (default: None)
:param password: Specify it if the MQTT server requires authentication (default: None) :param password: Specify it if the MQTT server requires authentication (default: None)
:param listeners: If specified then the MQTT backend will also listen for :param listeners: If specified then the MQTT backend will also listen for
@ -97,6 +99,7 @@ class MqttBackend(Backend):
self.tls_version = MQTTPlugin.get_tls_version(tls_version) self.tls_version = MQTTPlugin.get_tls_version(tls_version)
self.tls_ciphers = tls_ciphers self.tls_ciphers = tls_ciphers
self.tls_insecure = tls_insecure
self.listeners_conf = listeners or [] self.listeners_conf = listeners or []
def send_message(self, msg, topic: Optional[str] = None, **kwargs): def send_message(self, msg, topic: Optional[str] = None, **kwargs):
@ -105,9 +108,8 @@ class MqttBackend(Backend):
client.send_message(topic=topic or self.topic, msg=msg, host=self.host, client.send_message(topic=topic or self.topic, msg=msg, host=self.host,
port=self.port, username=self.username, port=self.port, username=self.username,
password=self.password, tls_cafile=self.tls_cafile, password=self.password, tls_cafile=self.tls_cafile,
tls_certfile=self.tls_certfile, tls_certfile=self.tls_certfile, tls_keyfile=self.tls_keyfile,
tls_keyfile=self.tls_keyfile, tls_version=self.tls_version, tls_insecure=self.tls_insecure,
tls_version=self.tls_version,
tls_ciphers=self.tls_ciphers, **kwargs) tls_ciphers=self.tls_ciphers, **kwargs)
except Exception as e: except Exception as e:
self.logger.exception(e) self.logger.exception(e)
@ -172,6 +174,8 @@ class MqttBackend(Backend):
tls_version=MQTTPlugin.get_tls_version(listener.get('tls_version')), tls_version=MQTTPlugin.get_tls_version(listener.get('tls_version')),
ciphers=listener.get('tls_ciphers')) ciphers=listener.get('tls_ciphers'))
client.tls_insecure_set(self.tls_insecure)
threading.Thread(target=listener_thread, kwargs={ threading.Thread(target=listener_thread, kwargs={
'client': client, 'host': host, 'port': port}).start() 'client': client, 'host': host, 'port': port}).start()
@ -235,6 +239,8 @@ class MqttBackend(Backend):
tls_version=self.tls_version, tls_version=self.tls_version,
ciphers=self.tls_ciphers) ciphers=self.tls_ciphers)
self._client.tls_insecure_set(self.tls_insecure)
self._client.connect(self.host, self.port, 60) self._client.connect(self.host, self.port, 60)
self.logger.info('Initialized MQTT backend on host {}:{}, topic {}'. self.logger.info('Initialized MQTT backend on host {}:{}, topic {}'.
format(self.host, self.port, self.topic)) format(self.host, self.port, self.topic))

View file

@ -22,8 +22,8 @@ class MqttPlugin(Plugin):
def __init__(self, host=None, port=1883, tls_cafile=None, def __init__(self, host=None, port=1883, tls_cafile=None,
tls_certfile=None, tls_keyfile=None, tls_certfile=None, tls_keyfile=None,
tls_version=None, tls_ciphers=None, username=None, tls_version=None, tls_ciphers=None, tls_insecure=False,
password=None, **kwargs): username=None, password=None, **kwargs):
""" """
:param host: If set, MQTT messages will by default routed to this host unless overridden in `send_message` (default: None) :param host: If set, MQTT messages will by default routed to this host unless overridden in `send_message` (default: None)
:type host: str :type host: str
@ -47,6 +47,9 @@ class MqttPlugin(Plugin):
:param tls_ciphers: If a default host is set and requires TLS/SSL, specify the supported ciphers (default: None) :param tls_ciphers: If a default host is set and requires TLS/SSL, specify the supported ciphers (default: None)
:type tls_ciphers: str :type tls_ciphers: str
:param tls_insecure: Set to True to ignore TLS insecure warnings (default: False).
:type tls_insecure: bool
:param username: If a default host is set and requires user authentication, specify the username ciphers (default: None) :param username: If a default host is set and requires user authentication, specify the username ciphers (default: None)
:type username: str :type username: str
@ -70,6 +73,7 @@ class MqttPlugin(Plugin):
if tls_keyfile else None if tls_keyfile else None
self.tls_version = self.get_tls_version(tls_version) self.tls_version = self.get_tls_version(tls_version)
self.tls_insecure = self.tls_insecure
self.tls_ciphers = tls_ciphers self.tls_ciphers = tls_ciphers
@staticmethod @staticmethod
@ -95,8 +99,8 @@ class MqttPlugin(Plugin):
reply_topic: Optional[str] = None, timeout: int = 60, reply_topic: Optional[str] = None, timeout: int = 60,
tls_cafile: Optional[str] = None, tls_certfile: Optional[str] = None, tls_cafile: Optional[str] = None, tls_certfile: Optional[str] = None,
tls_keyfile: Optional[str] = None, tls_version: Optional[str] = None, tls_keyfile: Optional[str] = None, tls_version: Optional[str] = None,
tls_ciphers: Optional[str] = None, username: Optional[str] = None, tls_ciphers: Optional[str] = None, tls_insecure: Optional[bool] = None,
password: Optional[str] = None): username: Optional[str] = None, password: Optional[str] = None):
""" """
Sends a message to a topic. Sends a message to a topic.
@ -115,6 +119,7 @@ class MqttPlugin(Plugin):
it here (default: None). it here (default: None).
:param tls_version: If TLS/SSL is enabled on the MQTT server and it requires a certain TLS version, specify it :param tls_version: If TLS/SSL is enabled on the MQTT server and it requires a certain TLS version, specify it
here (default: None). Supported versions: ``tls`` (automatic), ``tlsv1``, ``tlsv1.1``, ``tlsv1.2``. here (default: None). Supported versions: ``tls`` (automatic), ``tlsv1``, ``tlsv1.1``, ``tlsv1.2``.
:param tls_insecure: Set to True to ignore TLS insecure warnings (default: False).
:param tls_ciphers: If TLS/SSL is enabled on the MQTT server and an explicit list of supported ciphers is :param tls_ciphers: If TLS/SSL is enabled on the MQTT server and an explicit list of supported ciphers is
required, specify it here (default: None). required, specify it here (default: None).
:param username: Specify it if the MQTT server requires authentication (default: None). :param username: Specify it if the MQTT server requires authentication (default: None).
@ -131,21 +136,27 @@ class MqttPlugin(Plugin):
tls_keyfile = self.tls_keyfile tls_keyfile = self.tls_keyfile
tls_version = self.tls_version tls_version = self.tls_version
tls_ciphers = self.tls_ciphers tls_ciphers = self.tls_ciphers
tls_insecure = self.tls_insecure
username = self.username username = self.username
password = self.password password = self.password
elif tls_version: else:
if tls_version:
tls_version = self.get_tls_version(tls_version) tls_version = self.get_tls_version(tls_version)
if tls_insecure is None:
tls_insecure = self.tls_insecure
client = Client() client = Client()
if username and password: if username and password:
client.username_pw_set(username, password) client.username_pw_set(username, password)
if tls_cafile: if tls_cafile:
client.tls_set(ca_certs=tls_cafile, certfile=tls_certfile, keyfile=tls_keyfile, tls_version=tls_version, client.tls_set(ca_certs=tls_cafile, certfile=tls_certfile, keyfile=tls_keyfile,
ciphers=tls_ciphers) tls_version=tls_version, ciphers=tls_ciphers)
client.tls_insecure_set(tls_insecure)
# Try to parse it as a platypush message or dump it to JSON from a dict/list # Try to parse it as a platypush message or dump it to JSON from a dict/list
if isinstance(msg, dict) or isinstance(msg, list): if isinstance(msg, (dict, list)):
msg = json.dumps(msg) msg = json.dumps(msg)
# noinspection PyBroadException # noinspection PyBroadException