platypush/platypush
platypush
/
platypush
2
2
Fork 4
Code Issues 39 Pull Requests Packages Projects 4 Releases Wiki Activity

TLS version in MQTT configuration parsed from string

This commit is contained in:
Fabio Manganiello 2020-08-27 12:44:00 +02:00
parent aa631deb88
commit b8917de52f
2 changed files with 30 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
platypush/backend/mqtt.py
View File

@ -8,6 +8,7 @@ from platypush.context import get_plugin
from platypush.message import Message from platypush.message import Message
from platypush.message.event.mqtt import MQTTMessageEvent from platypush.message.event.mqtt import MQTTMessageEvent
from platypush.message.request import Request from platypush.message.request import Request
from platypush.plugins.mqtt import MqttPlugin as MQTTPlugin
from platypush.utils import set_thread_name from platypush.utils import set_thread_name
@ -48,7 +49,7 @@ class MqttBackend(Backend):
:param tls_keyfile: If TLS/SSL is enabled on the MQTT server and a client certificate key it required, :param tls_keyfile: If TLS/SSL is enabled on the MQTT server and a client certificate key it required,
specify it here (default: None) :type tls_keyfile: str specify it here (default: None) :type tls_keyfile: str
:param tls_version: If TLS/SSL is enabled on the MQTT server and it requires a certain TLS version, specify it :param tls_version: If TLS/SSL is enabled on the MQTT server and it requires a certain TLS version, specify it
here (default: None) here (default: None). Supported versions: ``tls`` (automatic), ``tlsv1``, ``tlsv1.1``, ``tlsv1.2``.
:param tls_ciphers: If TLS/SSL is enabled on the MQTT server and an explicit list of supported ciphers is :param tls_ciphers: If TLS/SSL is enabled on the MQTT server and an explicit list of supported ciphers is
required, specify it here (default: None) required, specify it here (default: None)
:param username: Specify it if the MQTT server requires authentication (default: None) :param username: Specify it if the MQTT server requires authentication (default: None)
@ -94,7 +95,7 @@ class MqttBackend(Backend):
self.tls_keyfile = os.path.abspath(os.path.expanduser(tls_keyfile)) \ self.tls_keyfile = os.path.abspath(os.path.expanduser(tls_keyfile)) \
if tls_keyfile else None if tls_keyfile else None
self.tls_version = tls_version self.tls_version = MQTTPlugin.get_tls_version(tls_version)
self.tls_ciphers = tls_ciphers self.tls_ciphers = tls_ciphers
self.listeners_conf = listeners or [] self.listeners_conf = listeners or []
@ -168,7 +169,7 @@ class MqttBackend(Backend):
client.tls_set(ca_certs=tls_cafile, client.tls_set(ca_certs=tls_cafile,
certfile=listener.get('tls_certfile'), certfile=listener.get('tls_certfile'),
keyfile=listener.get('tls_keyfile'), keyfile=listener.get('tls_keyfile'),
tls_version=listener.get('tls_version'), tls_version=MQTTPlugin.get_tls_version(listener.get('tls_version')),
ciphers=listener.get('tls_ciphers')) ciphers=listener.get('tls_ciphers'))
threading.Thread(target=listener_thread, kwargs={ threading.Thread(target=listener_thread, kwargs={
@ -230,7 +231,8 @@ class MqttBackend(Backend):
if self.tls_cafile: if self.tls_cafile:
self._client.tls_set(ca_certs=self.tls_cafile, certfile=self.tls_certfile, self._client.tls_set(ca_certs=self.tls_cafile, certfile=self.tls_certfile,
keyfile=self.tls_keyfile, tls_version=self.tls_version, keyfile=self.tls_keyfile,
tls_version=self.tls_version,
ciphers=self.tls_ciphers) ciphers=self.tls_ciphers)
self._client.connect(self.host, self.port, 60) self._client.connect(self.host, self.port, 60)

27
platypush/plugins/mqtt.py
View File

@ -40,7 +40,8 @@ class MqttPlugin(Plugin):
:param tls_keyfile: If a default host is set and requires TLS/SSL, specify the key file (default: None) :param tls_keyfile: If a default host is set and requires TLS/SSL, specify the key file (default: None)
:type tls_keyfile: str :type tls_keyfile: str
:param tls_version: If a default host is set and requires TLS/SSL, specify the minimum TLS supported version (default: None) :param tls_version: If TLS/SSL is enabled on the MQTT server and it requires a certain TLS version, specify it
here (default: None). Supported versions: ``tls`` (automatic), ``tlsv1``, ``tlsv1.1``, ``tlsv1.2``.
:type tls_version: str :type tls_version: str
:param tls_ciphers: If a default host is set and requires TLS/SSL, specify the supported ciphers (default: None) :param tls_ciphers: If a default host is set and requires TLS/SSL, specify the supported ciphers (default: None)
@ -68,9 +69,27 @@ class MqttPlugin(Plugin):
self.tls_keyfile = os.path.abspath(os.path.expanduser(tls_keyfile)) \ self.tls_keyfile = os.path.abspath(os.path.expanduser(tls_keyfile)) \
if tls_keyfile else None if tls_keyfile else None
self.tls_version = tls_version self.tls_version = self.get_tls_version(tls_version)
self.tls_ciphers = tls_ciphers self.tls_ciphers = tls_ciphers
@staticmethod
def get_tls_version(version: Optional[str] = None):
import ssl
if not version:
return None
version = version.lower()
if version == 'tls':
return ssl.PROTOCOL_TLS
if version == 'tlsv1':
return ssl.PROTOCOL_TLSv1
if version == 'tlsv1.1':
return ssl.PROTOCOL_TLSv1_1
if version == 'tlsv1.2':
return ssl.PROTOCOL_TLSv1_2
assert 'Unrecognized TLS version: {}'.format(version)
@action @action
def publish(self, topic: str, msg: Any, host: Optional[str] = None, port: int = 1883, def publish(self, topic: str, msg: Any, host: Optional[str] = None, port: int = 1883,
reply_topic: Optional[str] = None, timeout: int = 60, reply_topic: Optional[str] = None, timeout: int = 60,
@ -95,7 +114,7 @@ class MqttPlugin(Plugin):
:param tls_keyfile: If TLS/SSL is enabled on the MQTT server and a client certificate key it required, specify :param tls_keyfile: If TLS/SSL is enabled on the MQTT server and a client certificate key it required, specify
it here (default: None). it here (default: None).
:param tls_version: If TLS/SSL is enabled on the MQTT server and it requires a certain TLS version, specify it :param tls_version: If TLS/SSL is enabled on the MQTT server and it requires a certain TLS version, specify it
here (default: None). here (default: None). Supported versions: ``tls`` (automatic), ``tlsv1``, ``tlsv1.1``, ``tlsv1.2``.
:param tls_ciphers: If TLS/SSL is enabled on the MQTT server and an explicit list of supported ciphers is :param tls_ciphers: If TLS/SSL is enabled on the MQTT server and an explicit list of supported ciphers is
required, specify it here (default: None). required, specify it here (default: None).
:param username: Specify it if the MQTT server requires authentication (default: None). :param username: Specify it if the MQTT server requires authentication (default: None).
@ -114,6 +133,8 @@ class MqttPlugin(Plugin):
tls_ciphers = self.tls_ciphers tls_ciphers = self.tls_ciphers
username = self.username username = self.username
password = self.password password = self.password
elif tls_version:
tls_version = self.get_tls_version(tls_version)
client = Client() client = Client()