From b8917de52ff76a369eedd24950d67116bfbd5aad Mon Sep 17 00:00:00 2001 From: Fabio Manganiello Date: Thu, 27 Aug 2020 12:44:00 +0200 Subject: [PATCH] TLS version in MQTT configuration parsed from string --- platypush/backend/mqtt.py | 10 ++++++---- platypush/plugins/mqtt.py | 27 ++++++++++++++++++++++++--- 2 files changed, 30 insertions(+), 7 deletions(-) diff --git a/platypush/backend/mqtt.py b/platypush/backend/mqtt.py index 4dea74e44..83c8111e4 100644 --- a/platypush/backend/mqtt.py +++ b/platypush/backend/mqtt.py @@ -8,6 +8,7 @@ from platypush.context import get_plugin from platypush.message import Message from platypush.message.event.mqtt import MQTTMessageEvent from platypush.message.request import Request +from platypush.plugins.mqtt import MqttPlugin as MQTTPlugin from platypush.utils import set_thread_name @@ -48,7 +49,7 @@ class MqttBackend(Backend): :param tls_keyfile: If TLS/SSL is enabled on the MQTT server and a client certificate key it required, specify it here (default: None) :type tls_keyfile: str :param tls_version: If TLS/SSL is enabled on the MQTT server and it requires a certain TLS version, specify it - here (default: None) + here (default: None). Supported versions: ``tls`` (automatic), ``tlsv1``, ``tlsv1.1``, ``tlsv1.2``. :param tls_ciphers: If TLS/SSL is enabled on the MQTT server and an explicit list of supported ciphers is required, specify it here (default: None) :param username: Specify it if the MQTT server requires authentication (default: None) @@ -94,7 +95,7 @@ class MqttBackend(Backend): self.tls_keyfile = os.path.abspath(os.path.expanduser(tls_keyfile)) \ if tls_keyfile else None - self.tls_version = tls_version + self.tls_version = MQTTPlugin.get_tls_version(tls_version) self.tls_ciphers = tls_ciphers self.listeners_conf = listeners or [] @@ -168,7 +169,7 @@ class MqttBackend(Backend): client.tls_set(ca_certs=tls_cafile, certfile=listener.get('tls_certfile'), keyfile=listener.get('tls_keyfile'), - tls_version=listener.get('tls_version'), + tls_version=MQTTPlugin.get_tls_version(listener.get('tls_version')), ciphers=listener.get('tls_ciphers')) threading.Thread(target=listener_thread, kwargs={ @@ -230,7 +231,8 @@ class MqttBackend(Backend): if self.tls_cafile: self._client.tls_set(ca_certs=self.tls_cafile, certfile=self.tls_certfile, - keyfile=self.tls_keyfile, tls_version=self.tls_version, + keyfile=self.tls_keyfile, + tls_version=self.tls_version, ciphers=self.tls_ciphers) self._client.connect(self.host, self.port, 60) diff --git a/platypush/plugins/mqtt.py b/platypush/plugins/mqtt.py index dbfeb8ac0..fcbfedda0 100644 --- a/platypush/plugins/mqtt.py +++ b/platypush/plugins/mqtt.py @@ -40,7 +40,8 @@ class MqttPlugin(Plugin): :param tls_keyfile: If a default host is set and requires TLS/SSL, specify the key file (default: None) :type tls_keyfile: str - :param tls_version: If a default host is set and requires TLS/SSL, specify the minimum TLS supported version (default: None) + :param tls_version: If TLS/SSL is enabled on the MQTT server and it requires a certain TLS version, specify it + here (default: None). Supported versions: ``tls`` (automatic), ``tlsv1``, ``tlsv1.1``, ``tlsv1.2``. :type tls_version: str :param tls_ciphers: If a default host is set and requires TLS/SSL, specify the supported ciphers (default: None) @@ -68,9 +69,27 @@ class MqttPlugin(Plugin): self.tls_keyfile = os.path.abspath(os.path.expanduser(tls_keyfile)) \ if tls_keyfile else None - self.tls_version = tls_version + self.tls_version = self.get_tls_version(tls_version) self.tls_ciphers = tls_ciphers + @staticmethod + def get_tls_version(version: Optional[str] = None): + import ssl + if not version: + return None + + version = version.lower() + if version == 'tls': + return ssl.PROTOCOL_TLS + if version == 'tlsv1': + return ssl.PROTOCOL_TLSv1 + if version == 'tlsv1.1': + return ssl.PROTOCOL_TLSv1_1 + if version == 'tlsv1.2': + return ssl.PROTOCOL_TLSv1_2 + + assert 'Unrecognized TLS version: {}'.format(version) + @action def publish(self, topic: str, msg: Any, host: Optional[str] = None, port: int = 1883, reply_topic: Optional[str] = None, timeout: int = 60, @@ -95,7 +114,7 @@ class MqttPlugin(Plugin): :param tls_keyfile: If TLS/SSL is enabled on the MQTT server and a client certificate key it required, specify it here (default: None). :param tls_version: If TLS/SSL is enabled on the MQTT server and it requires a certain TLS version, specify it - here (default: None). + here (default: None). Supported versions: ``tls`` (automatic), ``tlsv1``, ``tlsv1.1``, ``tlsv1.2``. :param tls_ciphers: If TLS/SSL is enabled on the MQTT server and an explicit list of supported ciphers is required, specify it here (default: None). :param username: Specify it if the MQTT server requires authentication (default: None). @@ -114,6 +133,8 @@ class MqttPlugin(Plugin): tls_ciphers = self.tls_ciphers username = self.username password = self.password + elif tls_version: + tls_version = self.get_tls_version(tls_version) client = Client()