HTTPS verification handling

By default - no host verification. Option to verify host and add a
client side certificate to pair with server certificate.
This commit is contained in:
angelblue05 2015-04-24 20:57:04 -05:00
parent 8b1f8ce4e8
commit de42c14e33
3 changed files with 35 additions and 15 deletions

View file

@ -58,10 +58,12 @@ class DownloadUtils():
self.token = token self.token = token
self.logMsg("Set token: %s" % token, 2) self.logMsg("Set token: %s" % token, 2)
def setSSL(self, ssl): def setSSL(self, ssl, sslclient):
# Reserved for UserClient only # Reserved for UserClient only
self.ssl = ssl self.sslverify = ssl
self.logMsg("Set ssl path: %s" % ssl, 2) self.sslclient = sslclient
self.logMsg("Verify SSL host certificate: %s" % ssl, 2)
self.logMsg("SSL client side certificate: %s" % sslclient, 2)
def postCapabilities(self, deviceId): def postCapabilities(self, deviceId):
@ -91,20 +93,20 @@ class DownloadUtils():
# User is identified from this point # User is identified from this point
# Attach authenticated header to the session # Attach authenticated header to the session
header = self.getHeader()
cert = None
verify = None verify = None
cert = None
header = self.getHeader()
# If user has a custom certificate, verify the host certificate too # If user enabled host certificate verification
if (self.ssl != None): if self.sslverify:
cert = self.ssl
verify = True verify = True
cert = self.sslclient
# Start session # Start session
self.s = requests.Session() self.s = requests.Session()
self.s.headers = header self.s.headers = header
self.s.cert = cert
self.s.verify = verify self.s.verify = verify
self.s.cert = cert
# Retry connections to the server # Retry connections to the server
self.s.mount("http://", requests.adapters.HTTPAdapter(max_retries=1)) self.s.mount("http://", requests.adapters.HTTPAdapter(max_retries=1))
self.s.mount("https://", requests.adapters.HTTPAdapter(max_retries=1)) self.s.mount("https://", requests.adapters.HTTPAdapter(max_retries=1))
@ -173,12 +175,19 @@ class DownloadUtils():
self.logMsg("URL: %s" % url, 1) self.logMsg("URL: %s" % url, 1)
header = self.getHeader(authenticate=False) header = self.getHeader(authenticate=False)
verifyssl = False
# If user enables ssl verification
try:
verifyssl = self.sslverify
except AttributeError:
pass
# Prepare request # Prepare request
if type == "GET": if type == "GET":
r = requests.get(url, params=postBody, headers=header, timeout=timeout, verify=False) r = requests.get(url, params=postBody, headers=header, timeout=timeout, verify=verifyssl)
elif type == "POST": elif type == "POST":
r = requests.post(url, params=postBody, headers=header, timeout=timeout, verify=False) r = requests.post(url, params=postBody, headers=header, timeout=timeout, verify=verifyssl)
# Process the response # Process the response
try: try:

View file

@ -131,8 +131,17 @@ class UserClient(threading.Thread):
self.logMsg("No token found.") self.logMsg("No token found.")
return "" return ""
def getSSL(self): def getSSLverify(self):
# Verify host certificate
s_sslverify = self.addon.getSetting('sslverify')
if s_sslverify == "true":
return True
else:
return False
def getSSL(self):
# Client side certificate
s_cert = self.addon.getSetting('sslcert') s_cert = self.addon.getSetting('sslcert')
if s_cert == "None": if s_cert == "None":
@ -165,7 +174,8 @@ class UserClient(threading.Thread):
self.currUserId = self.getUserId() self.currUserId = self.getUserId()
self.currServer = self.getServer() self.currServer = self.getServer()
self.currToken = self.getToken() self.currToken = self.getToken()
self.ssl = self.getSSL() self.ssl = self.getSSLverify()
self.sslcert = self.getSSL()
# Set to windows property # Set to windows property
WINDOW.setProperty("currUser", username) WINDOW.setProperty("currUser", username)
@ -179,7 +189,7 @@ class UserClient(threading.Thread):
doUtils.setUserId(self.currUserId) doUtils.setUserId(self.currUserId)
doUtils.setServer(self.currServer) doUtils.setServer(self.currServer)
doUtils.setToken(self.currToken) doUtils.setToken(self.currToken)
doUtils.setSSL(self.ssl) doUtils.setSSL(self.ssl, self.sslcert)
# Start DownloadUtils session # Start DownloadUtils session
doUtils.startSession() doUtils.startSession()

View file

@ -6,6 +6,7 @@
<setting id="username" type="text" label="30024" /> <setting id="username" type="text" label="30024" />
<setting type="sep" /> <setting type="sep" />
<setting id="https" type="bool" label="30243" visible="true" enable="true" default="false" /> <setting id="https" type="bool" label="30243" visible="true" enable="true" default="false" />
<setting id="sslverify" type="bool" label="Verify Host SSL Certificate" visible="eq(-1,true)" enable="true" default="false" />
<setting id="sslcert" type="file" label="Custom SSL Certificate" visible="eq(-1,true)" enable="true" default="None" /> <setting id="sslcert" type="file" label="Custom SSL Certificate" visible="eq(-1,true)" enable="true" default="None" />
<setting type="sep" /> <setting type="sep" />
<setting id="deviceName" type="text" label="30016" default="Kodi" /> <setting id="deviceName" type="text" label="30016" default="Kodi" />