fiveop/doorstatus
1
0
Fork 0
forked from berhsi/doorstatus
Code Issues Pull requests Releases Wiki Activity

statusd.py: add support for ssl

Browse source 
server now speaks tls. new functions strip_argument() and display_peercert()
This commit is contained in:
berhsi 2019-07-29 18:32:27 +02:00
parent 60fccc57d4
commit d3534afaa3
1 changed files with 65 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

102
statusd.py
View file

@ -4,9 +4,11 @@
# date: 26.07.2019
# email: berhsi@web.de
# server, who listen for ipv4 connections at port 10001.
# server, who listen for ipv4 connections at port 10001. now with ssl
# encrypted connection and client side authentication.
import socket
import ssl
import os
import logging
from time import time, ctime, sleep
@ -27,10 +29,11 @@ def read_config(CONFIGFILE, CONFIG):
logging.debug('Configfile successfull read')
for line in config.readlines():
if not line[0] in ('#', ';', '\n', '\r'):
logging.debug('Read entry')
key, value = (line.strip().split('='))
CONFIG[key.upper().strip()] = value.strip()
logging.debug('Set {} to {}'.format(key.upper().strip(), value.strip()))
key = strip_argument(key).upper()
value = strip_argument(value)
CONFIG[key] = value
logging.debug('Set {} to {}'.format(key, value))
else:
logging.error('Failed to read {}'.format(CONFIGFILE))
logging.error('Using default values')
@ -38,6 +41,19 @@ def read_config(CONFIGFILE, CONFIG):
return True
def strip_argument(argument):
'''
Becomes a string and strips at first whitespaces, second apostrops and
returns the clear string.
param 1: string
return: string
'''
argument = argument.strip()
argument = argument.strip('"')
argument = argument.strip("'")
return argument
def print_config(CONFIG):
'''
Prints the used configuration, if loglevel ist debug.
@ -50,14 +66,21 @@ def print_config(CONFIG):
return True
def display_peercert(cert):
for i in cert.keys():
print(i)
for j in cert[i]:
print('\t{}'.format(j))
return
def receive_buffer_is_valid(raw_data):
'''
checks, if the received buffer from the connection is valid or not.
param 1: byte
return: boolean
'''
data = bytes2int(raw_data)
if data == 0 or data == 1:
if raw_data == b'\x00' or raw_data == b'\x01':
logging.debug('Argument is valid: {}'.format(raw_data))
return True
else:
@ -65,23 +88,6 @@ def receive_buffer_is_valid(raw_data):
return False
def bytes2int(raw_data):
'''
Convert a given byte value into a integer. If it is possible, it returns
the integer, otherwise false.
param 1: byte
return: integer or false
'''
bom = byteorder
try:
data = int.from_bytes(raw_data, bom)
except Exception as e:
logging.error('Unabele to convert raw data to int: {}'.format(raw_data))
return False
return data
def replace_entry(line, new):
'''
The function becomes two strings and replaces the second part of the
@ -101,7 +107,6 @@ def replace_entry(line, new):
return line
def change_status(raw_data, api):
'''
Becomes the received byte and the path to API file. Grabs the content of
@ -176,8 +181,7 @@ def set_values(raw_data):
return: tuple
'''
timestamp = str(time()).split('.')[0]
callback = bytes2int(raw_data)
if callback == 1:
if raw_data == 'b\x01':
status = "true"
else:
status = "false"
@ -186,23 +190,38 @@ def set_values(raw_data):
def main():
'''
The main function - opens a socket und listen for connections.
The main function - opens a socket, create a ssl context, load certs and
listen for connections.
'''
CONFIG = {
'HOST': 'localhost',
'PORT': 10001,
'CERT': None,
'KEY' : None,
'SERVER_CERT': './server.crt',
'SERVER_KEY' : './server.key',
'CLIENT_CERT': './client.crt',
'TIMEOUT': 3.0,
'API': './api'
'API': './api',
'API_TEMPLATE': './api_template',
'VERBOSITY': 'info'
}
CONFIG_FILE = './statusd.conf'
FINGERPRINT = \
'35:8E:35:FA:58:0A:DD:2B:C8:6A:F9:EA:A3:7B:10:F5:62:89:AB:D0:AB:53:3E:B5:8B:AB:E1:23:CF:93:F5:F9'
loglevel = logging.DEBUG
logging.basicConfig(format='%(levelname)s: %(asctime)s: %(message)s', level=loglevel)
logging.basicConfig(format='%(levelname)s: %(message)s', level=loglevel)
read_config(CONFIG_FILE, CONFIG)
print_config(CONFIG)
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
context.options &= ~ssl.PROTOCOL_TLS
context.verify_mode = ssl.CERT_REQUIRED
context.load_cert_chain(certfile = CONFIG['SERVER_CERT'],
keyfile = CONFIG['SERVER_KEY'])
context.load_verify_locations(cafile = CONFIG['CLIENT_CERT'])
context.options &= ~ssl.OP_NO_SSLv3
logging.debug('SSL context created')
with socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) as mySocket:
logging.debug('Socket created')
try:
@ -215,15 +234,21 @@ def main():
exit()
while True:
try:
conn, addr = mySocket.accept()
logging.info('Connection from {}:{}'.format(addr[0], addr[1]))
fromSocket, fromAddr = mySocket.accept()
logging.info('Client connected: {}:{}'.format(fromAddr[0], fromAddr[1]))
try:
conn.settimeout(float(CONFIG['TIMEOUT']))
fromSocket.settimeout(float(CONFIG['TIMEOUT']))
logging.debug('Connection timeout set to {}'.format(CONFIG['TIMEOUT']))
except Exception as e:
logging.error('Canot set timeout to {}'.format(CONFIG['TIMEOUT']))
logging.error('Use default value: 3.0')
conn.settimeout(3.0)
fromSocket.settimeout(3.0)
try:
conn = context.wrap_socket(fromSocket, server_side = True)
# display_peercert(conn.getpeercert())
logging.debug('SSL established. Peer: {}'.format(conn.getpeercert()))
except Exception as e:
logging.error('SSL handshake failed: {}'.format(e))
raw_data = conn.recv(1)
if receive_buffer_is_valid(raw_data) == True:
if change_status(raw_data, CONFIG['API']) == True:
@ -232,12 +257,14 @@ def main():
# change_status returns false:
else:
logging.info('Failed to change status')
conn.send(b'\x03')
if conn:
conn.send(b'\x03')
# recive_handle returns false:
else:
logging.info('Inalid argument recived: {}'.format(raw_data))
logging.debug('Send {} back'.format(b'\x03'))
conn.send(b'\x03')
if conn:
conn.send(b'\x03')
sleep(0.1) # protection against dos
except KeyboardInterrupt:
print('\rExit')
@ -245,6 +272,7 @@ def main():
exit()
except Exception as e:
logging.error('{}'.format(e))
continue
if __name__ == '__main__':