Added tls_insecure flag to MQTT
This commit is contained in:
parent
b8917de52f
commit
cd8732dc8f
2 changed files with 31 additions and 14 deletions
|
@ -33,8 +33,9 @@ class MqttBackend(Backend):
|
||||||
topic='platypush_bus_mq', subscribe_default_topic: bool = True,
|
topic='platypush_bus_mq', subscribe_default_topic: bool = True,
|
||||||
tls_cafile: Optional[str] = None, tls_certfile: Optional[str] = None,
|
tls_cafile: Optional[str] = None, tls_certfile: Optional[str] = None,
|
||||||
tls_keyfile: Optional[str] = None, tls_version: Optional[str] = None,
|
tls_keyfile: Optional[str] = None, tls_version: Optional[str] = None,
|
||||||
tls_ciphers: Optional[str] = None, username: Optional[str] = None,
|
tls_ciphers: Optional[str] = None, tls_insecure: bool = False,
|
||||||
password: Optional[str] = None, listeners=None, *args, **kwargs):
|
username: Optional[str] = None, password: Optional[str] = None, listeners=None,
|
||||||
|
*args, **kwargs):
|
||||||
"""
|
"""
|
||||||
:param host: MQTT broker host
|
:param host: MQTT broker host
|
||||||
:param port: MQTT broker port (default: 1883)
|
:param port: MQTT broker port (default: 1883)
|
||||||
|
@ -52,6 +53,7 @@ class MqttBackend(Backend):
|
||||||
here (default: None). Supported versions: ``tls`` (automatic), ``tlsv1``, ``tlsv1.1``, ``tlsv1.2``.
|
here (default: None). Supported versions: ``tls`` (automatic), ``tlsv1``, ``tlsv1.1``, ``tlsv1.2``.
|
||||||
:param tls_ciphers: If TLS/SSL is enabled on the MQTT server and an explicit list of supported ciphers is
|
:param tls_ciphers: If TLS/SSL is enabled on the MQTT server and an explicit list of supported ciphers is
|
||||||
required, specify it here (default: None)
|
required, specify it here (default: None)
|
||||||
|
:param tls_insecure: Set to True to ignore TLS insecure warnings (default: False).
|
||||||
:param username: Specify it if the MQTT server requires authentication (default: None)
|
:param username: Specify it if the MQTT server requires authentication (default: None)
|
||||||
:param password: Specify it if the MQTT server requires authentication (default: None)
|
:param password: Specify it if the MQTT server requires authentication (default: None)
|
||||||
:param listeners: If specified then the MQTT backend will also listen for
|
:param listeners: If specified then the MQTT backend will also listen for
|
||||||
|
@ -97,6 +99,7 @@ class MqttBackend(Backend):
|
||||||
|
|
||||||
self.tls_version = MQTTPlugin.get_tls_version(tls_version)
|
self.tls_version = MQTTPlugin.get_tls_version(tls_version)
|
||||||
self.tls_ciphers = tls_ciphers
|
self.tls_ciphers = tls_ciphers
|
||||||
|
self.tls_insecure = tls_insecure
|
||||||
self.listeners_conf = listeners or []
|
self.listeners_conf = listeners or []
|
||||||
|
|
||||||
def send_message(self, msg, topic: Optional[str] = None, **kwargs):
|
def send_message(self, msg, topic: Optional[str] = None, **kwargs):
|
||||||
|
@ -105,9 +108,8 @@ class MqttBackend(Backend):
|
||||||
client.send_message(topic=topic or self.topic, msg=msg, host=self.host,
|
client.send_message(topic=topic or self.topic, msg=msg, host=self.host,
|
||||||
port=self.port, username=self.username,
|
port=self.port, username=self.username,
|
||||||
password=self.password, tls_cafile=self.tls_cafile,
|
password=self.password, tls_cafile=self.tls_cafile,
|
||||||
tls_certfile=self.tls_certfile,
|
tls_certfile=self.tls_certfile, tls_keyfile=self.tls_keyfile,
|
||||||
tls_keyfile=self.tls_keyfile,
|
tls_version=self.tls_version, tls_insecure=self.tls_insecure,
|
||||||
tls_version=self.tls_version,
|
|
||||||
tls_ciphers=self.tls_ciphers, **kwargs)
|
tls_ciphers=self.tls_ciphers, **kwargs)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
self.logger.exception(e)
|
self.logger.exception(e)
|
||||||
|
@ -172,6 +174,8 @@ class MqttBackend(Backend):
|
||||||
tls_version=MQTTPlugin.get_tls_version(listener.get('tls_version')),
|
tls_version=MQTTPlugin.get_tls_version(listener.get('tls_version')),
|
||||||
ciphers=listener.get('tls_ciphers'))
|
ciphers=listener.get('tls_ciphers'))
|
||||||
|
|
||||||
|
client.tls_insecure_set(self.tls_insecure)
|
||||||
|
|
||||||
threading.Thread(target=listener_thread, kwargs={
|
threading.Thread(target=listener_thread, kwargs={
|
||||||
'client': client, 'host': host, 'port': port}).start()
|
'client': client, 'host': host, 'port': port}).start()
|
||||||
|
|
||||||
|
@ -235,6 +239,8 @@ class MqttBackend(Backend):
|
||||||
tls_version=self.tls_version,
|
tls_version=self.tls_version,
|
||||||
ciphers=self.tls_ciphers)
|
ciphers=self.tls_ciphers)
|
||||||
|
|
||||||
|
self._client.tls_insecure_set(self.tls_insecure)
|
||||||
|
|
||||||
self._client.connect(self.host, self.port, 60)
|
self._client.connect(self.host, self.port, 60)
|
||||||
self.logger.info('Initialized MQTT backend on host {}:{}, topic {}'.
|
self.logger.info('Initialized MQTT backend on host {}:{}, topic {}'.
|
||||||
format(self.host, self.port, self.topic))
|
format(self.host, self.port, self.topic))
|
||||||
|
|
|
@ -22,8 +22,8 @@ class MqttPlugin(Plugin):
|
||||||
|
|
||||||
def __init__(self, host=None, port=1883, tls_cafile=None,
|
def __init__(self, host=None, port=1883, tls_cafile=None,
|
||||||
tls_certfile=None, tls_keyfile=None,
|
tls_certfile=None, tls_keyfile=None,
|
||||||
tls_version=None, tls_ciphers=None, username=None,
|
tls_version=None, tls_ciphers=None, tls_insecure=False,
|
||||||
password=None, **kwargs):
|
username=None, password=None, **kwargs):
|
||||||
"""
|
"""
|
||||||
:param host: If set, MQTT messages will by default routed to this host unless overridden in `send_message` (default: None)
|
:param host: If set, MQTT messages will by default routed to this host unless overridden in `send_message` (default: None)
|
||||||
:type host: str
|
:type host: str
|
||||||
|
@ -47,6 +47,9 @@ class MqttPlugin(Plugin):
|
||||||
:param tls_ciphers: If a default host is set and requires TLS/SSL, specify the supported ciphers (default: None)
|
:param tls_ciphers: If a default host is set and requires TLS/SSL, specify the supported ciphers (default: None)
|
||||||
:type tls_ciphers: str
|
:type tls_ciphers: str
|
||||||
|
|
||||||
|
:param tls_insecure: Set to True to ignore TLS insecure warnings (default: False).
|
||||||
|
:type tls_insecure: bool
|
||||||
|
|
||||||
:param username: If a default host is set and requires user authentication, specify the username ciphers (default: None)
|
:param username: If a default host is set and requires user authentication, specify the username ciphers (default: None)
|
||||||
:type username: str
|
:type username: str
|
||||||
|
|
||||||
|
@ -70,6 +73,7 @@ class MqttPlugin(Plugin):
|
||||||
if tls_keyfile else None
|
if tls_keyfile else None
|
||||||
|
|
||||||
self.tls_version = self.get_tls_version(tls_version)
|
self.tls_version = self.get_tls_version(tls_version)
|
||||||
|
self.tls_insecure = self.tls_insecure
|
||||||
self.tls_ciphers = tls_ciphers
|
self.tls_ciphers = tls_ciphers
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@ -95,8 +99,8 @@ class MqttPlugin(Plugin):
|
||||||
reply_topic: Optional[str] = None, timeout: int = 60,
|
reply_topic: Optional[str] = None, timeout: int = 60,
|
||||||
tls_cafile: Optional[str] = None, tls_certfile: Optional[str] = None,
|
tls_cafile: Optional[str] = None, tls_certfile: Optional[str] = None,
|
||||||
tls_keyfile: Optional[str] = None, tls_version: Optional[str] = None,
|
tls_keyfile: Optional[str] = None, tls_version: Optional[str] = None,
|
||||||
tls_ciphers: Optional[str] = None, username: Optional[str] = None,
|
tls_ciphers: Optional[str] = None, tls_insecure: Optional[bool] = None,
|
||||||
password: Optional[str] = None):
|
username: Optional[str] = None, password: Optional[str] = None):
|
||||||
"""
|
"""
|
||||||
Sends a message to a topic.
|
Sends a message to a topic.
|
||||||
|
|
||||||
|
@ -115,6 +119,7 @@ class MqttPlugin(Plugin):
|
||||||
it here (default: None).
|
it here (default: None).
|
||||||
:param tls_version: If TLS/SSL is enabled on the MQTT server and it requires a certain TLS version, specify it
|
:param tls_version: If TLS/SSL is enabled on the MQTT server and it requires a certain TLS version, specify it
|
||||||
here (default: None). Supported versions: ``tls`` (automatic), ``tlsv1``, ``tlsv1.1``, ``tlsv1.2``.
|
here (default: None). Supported versions: ``tls`` (automatic), ``tlsv1``, ``tlsv1.1``, ``tlsv1.2``.
|
||||||
|
:param tls_insecure: Set to True to ignore TLS insecure warnings (default: False).
|
||||||
:param tls_ciphers: If TLS/SSL is enabled on the MQTT server and an explicit list of supported ciphers is
|
:param tls_ciphers: If TLS/SSL is enabled on the MQTT server and an explicit list of supported ciphers is
|
||||||
required, specify it here (default: None).
|
required, specify it here (default: None).
|
||||||
:param username: Specify it if the MQTT server requires authentication (default: None).
|
:param username: Specify it if the MQTT server requires authentication (default: None).
|
||||||
|
@ -131,21 +136,27 @@ class MqttPlugin(Plugin):
|
||||||
tls_keyfile = self.tls_keyfile
|
tls_keyfile = self.tls_keyfile
|
||||||
tls_version = self.tls_version
|
tls_version = self.tls_version
|
||||||
tls_ciphers = self.tls_ciphers
|
tls_ciphers = self.tls_ciphers
|
||||||
|
tls_insecure = self.tls_insecure
|
||||||
username = self.username
|
username = self.username
|
||||||
password = self.password
|
password = self.password
|
||||||
elif tls_version:
|
else:
|
||||||
|
if tls_version:
|
||||||
tls_version = self.get_tls_version(tls_version)
|
tls_version = self.get_tls_version(tls_version)
|
||||||
|
if tls_insecure is None:
|
||||||
|
tls_insecure = self.tls_insecure
|
||||||
|
|
||||||
client = Client()
|
client = Client()
|
||||||
|
|
||||||
if username and password:
|
if username and password:
|
||||||
client.username_pw_set(username, password)
|
client.username_pw_set(username, password)
|
||||||
if tls_cafile:
|
if tls_cafile:
|
||||||
client.tls_set(ca_certs=tls_cafile, certfile=tls_certfile, keyfile=tls_keyfile, tls_version=tls_version,
|
client.tls_set(ca_certs=tls_cafile, certfile=tls_certfile, keyfile=tls_keyfile,
|
||||||
ciphers=tls_ciphers)
|
tls_version=tls_version, ciphers=tls_ciphers)
|
||||||
|
|
||||||
|
client.tls_insecure_set(tls_insecure)
|
||||||
|
|
||||||
# Try to parse it as a platypush message or dump it to JSON from a dict/list
|
# Try to parse it as a platypush message or dump it to JSON from a dict/list
|
||||||
if isinstance(msg, dict) or isinstance(msg, list):
|
if isinstance(msg, (dict, list)):
|
||||||
msg = json.dumps(msg)
|
msg = json.dumps(msg)
|
||||||
|
|
||||||
# noinspection PyBroadException
|
# noinspection PyBroadException
|
||||||
|
|
Loading…
Reference in a new issue