HTTPS verification handling
By default - no host verification. Option to verify host and add a client side certificate to pair with server certificate.
This commit is contained in:
parent
8b1f8ce4e8
commit
de42c14e33
3 changed files with 35 additions and 15 deletions
|
@ -58,10 +58,12 @@ class DownloadUtils():
|
|||
self.token = token
|
||||
self.logMsg("Set token: %s" % token, 2)
|
||||
|
||||
def setSSL(self, ssl):
|
||||
def setSSL(self, ssl, sslclient):
|
||||
# Reserved for UserClient only
|
||||
self.ssl = ssl
|
||||
self.logMsg("Set ssl path: %s" % ssl, 2)
|
||||
self.sslverify = ssl
|
||||
self.sslclient = sslclient
|
||||
self.logMsg("Verify SSL host certificate: %s" % ssl, 2)
|
||||
self.logMsg("SSL client side certificate: %s" % sslclient, 2)
|
||||
|
||||
def postCapabilities(self, deviceId):
|
||||
|
||||
|
@ -91,20 +93,20 @@ class DownloadUtils():
|
|||
|
||||
# User is identified from this point
|
||||
# Attach authenticated header to the session
|
||||
header = self.getHeader()
|
||||
cert = None
|
||||
verify = None
|
||||
cert = None
|
||||
header = self.getHeader()
|
||||
|
||||
# If user has a custom certificate, verify the host certificate too
|
||||
if (self.ssl != None):
|
||||
cert = self.ssl
|
||||
# If user enabled host certificate verification
|
||||
if self.sslverify:
|
||||
verify = True
|
||||
|
||||
cert = self.sslclient
|
||||
|
||||
# Start session
|
||||
self.s = requests.Session()
|
||||
self.s.headers = header
|
||||
self.s.cert = cert
|
||||
self.s.verify = verify
|
||||
self.s.cert = cert
|
||||
# Retry connections to the server
|
||||
self.s.mount("http://", requests.adapters.HTTPAdapter(max_retries=1))
|
||||
self.s.mount("https://", requests.adapters.HTTPAdapter(max_retries=1))
|
||||
|
@ -173,12 +175,19 @@ class DownloadUtils():
|
|||
|
||||
self.logMsg("URL: %s" % url, 1)
|
||||
header = self.getHeader(authenticate=False)
|
||||
verifyssl = False
|
||||
|
||||
# If user enables ssl verification
|
||||
try:
|
||||
verifyssl = self.sslverify
|
||||
except AttributeError:
|
||||
pass
|
||||
|
||||
# Prepare request
|
||||
if type == "GET":
|
||||
r = requests.get(url, params=postBody, headers=header, timeout=timeout, verify=False)
|
||||
r = requests.get(url, params=postBody, headers=header, timeout=timeout, verify=verifyssl)
|
||||
elif type == "POST":
|
||||
r = requests.post(url, params=postBody, headers=header, timeout=timeout, verify=False)
|
||||
r = requests.post(url, params=postBody, headers=header, timeout=timeout, verify=verifyssl)
|
||||
|
||||
# Process the response
|
||||
try:
|
||||
|
|
|
@ -131,8 +131,17 @@ class UserClient(threading.Thread):
|
|||
self.logMsg("No token found.")
|
||||
return ""
|
||||
|
||||
def getSSL(self):
|
||||
def getSSLverify(self):
|
||||
# Verify host certificate
|
||||
s_sslverify = self.addon.getSetting('sslverify')
|
||||
|
||||
if s_sslverify == "true":
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
|
||||
def getSSL(self):
|
||||
# Client side certificate
|
||||
s_cert = self.addon.getSetting('sslcert')
|
||||
|
||||
if s_cert == "None":
|
||||
|
@ -165,7 +174,8 @@ class UserClient(threading.Thread):
|
|||
self.currUserId = self.getUserId()
|
||||
self.currServer = self.getServer()
|
||||
self.currToken = self.getToken()
|
||||
self.ssl = self.getSSL()
|
||||
self.ssl = self.getSSLverify()
|
||||
self.sslcert = self.getSSL()
|
||||
|
||||
# Set to windows property
|
||||
WINDOW.setProperty("currUser", username)
|
||||
|
@ -179,7 +189,7 @@ class UserClient(threading.Thread):
|
|||
doUtils.setUserId(self.currUserId)
|
||||
doUtils.setServer(self.currServer)
|
||||
doUtils.setToken(self.currToken)
|
||||
doUtils.setSSL(self.ssl)
|
||||
doUtils.setSSL(self.ssl, self.sslcert)
|
||||
# Start DownloadUtils session
|
||||
doUtils.startSession()
|
||||
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
<setting id="username" type="text" label="30024" />
|
||||
<setting type="sep" />
|
||||
<setting id="https" type="bool" label="30243" visible="true" enable="true" default="false" />
|
||||
<setting id="sslverify" type="bool" label="Verify Host SSL Certificate" visible="eq(-1,true)" enable="true" default="false" />
|
||||
<setting id="sslcert" type="file" label="Custom SSL Certificate" visible="eq(-1,true)" enable="true" default="None" />
|
||||
<setting type="sep" />
|
||||
<setting id="deviceName" type="text" label="30016" default="Kodi" />
|
||||
|
|
Loading…
Reference in a new issue