TLS version in MQTT configuration parsed from string

2020-08-27 12:44:00 +02:00 · 2020-08-27 12:44:00 +02:00 · b8917de52f
commit b8917de52f
parent aa631deb88
2 changed files with 30 additions and 7 deletions
--- a/platypush/backend/mqtt.py
+++ b/platypush/backend/mqtt.py
@ -8,6 +8,7 @@ from platypush.context import get_plugin
 from platypush.message import Message
 from platypush.message.event.mqtt import MQTTMessageEvent
 from platypush.message.request import Request
+from platypush.plugins.mqtt import MqttPlugin as MQTTPlugin
 from platypush.utils import set_thread_name


@ -48,7 +49,7 @@ class MqttBackend(Backend):
        :param tls_keyfile: If TLS/SSL is enabled on the MQTT server and a client certificate key it required,
            specify it here (default: None) :type tls_keyfile: str
        :param tls_version: If TLS/SSL is enabled on the MQTT server and it requires a certain TLS version, specify it
-            here (default: None)
+            here (default: None). Supported versions: ``tls`` (automatic), ``tlsv1``, ``tlsv1.1``, ``tlsv1.2``.
        :param tls_ciphers: If TLS/SSL is enabled on the MQTT server and an explicit list of supported ciphers is
            required, specify it here (default: None)
        :param username: Specify it if the MQTT server requires authentication (default: None)
@ -94,7 +95,7 @@ class MqttBackend(Backend):
        self.tls_keyfile = os.path.abspath(os.path.expanduser(tls_keyfile)) \
            if tls_keyfile else None

-        self.tls_version = tls_version
+        self.tls_version = MQTTPlugin.get_tls_version(tls_version)
        self.tls_ciphers = tls_ciphers
        self.listeners_conf = listeners or []

@ -168,7 +169,7 @@ class MqttBackend(Backend):
                client.tls_set(ca_certs=tls_cafile,
                               certfile=listener.get('tls_certfile'),
                               keyfile=listener.get('tls_keyfile'),
-                               tls_version=listener.get('tls_version'),
+                               tls_version=MQTTPlugin.get_tls_version(listener.get('tls_version')),
                               ciphers=listener.get('tls_ciphers'))

            threading.Thread(target=listener_thread, kwargs={
@ -230,7 +231,8 @@ class MqttBackend(Backend):

            if self.tls_cafile:
                self._client.tls_set(ca_certs=self.tls_cafile, certfile=self.tls_certfile,
-                                     keyfile=self.tls_keyfile, tls_version=self.tls_version,
+                                     keyfile=self.tls_keyfile,
+                                     tls_version=self.tls_version,
                                     ciphers=self.tls_ciphers)

            self._client.connect(self.host, self.port, 60)
--- a/platypush/plugins/mqtt.py
+++ b/platypush/plugins/mqtt.py
@ -40,7 +40,8 @@ class MqttPlugin(Plugin):
        :param tls_keyfile: If a default host is set and requires TLS/SSL, specify the key file (default: None)
        :type tls_keyfile: str

-        :param tls_version: If a default host is set and requires TLS/SSL, specify the minimum TLS supported version (default: None)
+        :param tls_version: If TLS/SSL is enabled on the MQTT server and it requires a certain TLS version, specify it
+            here (default: None). Supported versions: ``tls`` (automatic), ``tlsv1``, ``tlsv1.1``, ``tlsv1.2``.
        :type tls_version: str

        :param tls_ciphers: If a default host is set and requires TLS/SSL, specify the supported ciphers (default: None)
@ -68,9 +69,27 @@ class MqttPlugin(Plugin):
        self.tls_keyfile = os.path.abspath(os.path.expanduser(tls_keyfile)) \
            if tls_keyfile else None

-        self.tls_version = tls_version
+        self.tls_version = self.get_tls_version(tls_version)
        self.tls_ciphers = tls_ciphers

+    @staticmethod
+    def get_tls_version(version: Optional[str] = None):
+        import ssl
+        if not version:
+            return None
+
+        version = version.lower()
+        if version == 'tls':
+            return ssl.PROTOCOL_TLS
+        if version == 'tlsv1':
+            return ssl.PROTOCOL_TLSv1
+        if version == 'tlsv1.1':
+            return ssl.PROTOCOL_TLSv1_1
+        if version == 'tlsv1.2':
+            return ssl.PROTOCOL_TLSv1_2
+
+        assert 'Unrecognized TLS version: {}'.format(version)
+
    @action
    def publish(self, topic: str, msg: Any, host: Optional[str] = None, port: int = 1883,
                reply_topic: Optional[str] = None, timeout: int = 60,
@ -95,7 +114,7 @@ class MqttPlugin(Plugin):
        :param tls_keyfile: If TLS/SSL is enabled on the MQTT server and a client certificate key it required, specify
            it here (default: None).
        :param tls_version: If TLS/SSL is enabled on the MQTT server and it requires a certain TLS version, specify it
-            here (default: None).
+            here (default: None). Supported versions: ``tls`` (automatic), ``tlsv1``, ``tlsv1.1``, ``tlsv1.2``.
        :param tls_ciphers: If TLS/SSL is enabled on the MQTT server and an explicit list of supported ciphers is
            required, specify it here (default: None).
        :param username: Specify it if the MQTT server requires authentication (default: None).
@ -114,6 +133,8 @@ class MqttPlugin(Plugin):
            tls_ciphers = self.tls_ciphers
            username = self.username
            password = self.password
+        elif tls_version:
+            tls_version = self.get_tls_version(tls_version)

        client = Client()