Use TLS/SSL for server/clients com

2022-10-09 18:09:32 +02:00 · 2022-10-09 18:09:32 +02:00 · 3d324f3554
parent 14975546ca
commit 3d324f3554
5 changed files with 62 additions and 8 deletions
--- a/10.42.0.135.crt
+++ b/10.42.0.135.crt
@ -0,0 +1,22 @@
 -----BEGIN CERTIFICATE-----
 MIIDlTCCAn2gAwIBAgIUNBWMQ6KLZbQqkNdrE1w87qu6mAUwDQYJKoZIhvcNAQEL
 BQAwejELMAkGA1UEBhMCWFgxDDAKBgNVBAgMA04vQTEMMAoGA1UEBwwDTi9BMSAw
 HgYDVQQKDBdTZWxmLXNpZ25lZCBjZXJ0aWZpY2F0ZTEtMCsGA1UEAwwkMTAuNDIu
 MC4xMzU6IFNlbGYtc2lnbmVkIGNlcnRpZmljYXRlMB4XDTIyMTAwOTE0NDYwNVoX
 DTI0MTAwODE0NDYwNVowejELMAkGA1UEBhMCWFgxDDAKBgNVBAgMA04vQTEMMAoG
 A1UEBwwDTi9BMSAwHgYDVQQKDBdTZWxmLXNpZ25lZCBjZXJ0aWZpY2F0ZTEtMCsG
 A1UEAwwkMTAuNDIuMC4xMzU6IFNlbGYtc2lnbmVkIGNlcnRpZmljYXRlMIIBIjAN
 BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/Z+GZbiDxEcYKhVdtPwZp1VhzvT
 E2SbArUE7158Y32AopIfYAZxJZrKAvnHt/6ixktXAtCghG9fuA3X8fsu2nkeq3PF
 jgyRxCSjSyv6UHgakVzIe/9xlQenWttDrQfmEl/urlAzJ4SvpeD7rBj/craKtXUj
 n9xDY4OWlr8vSo8+Qng9hkGSoyhKKvAOi7yLGimXeuWqs/9F8DlY/RPUzAsITOf+
 jCf9KQ8925tF1lKfCVaOIRDSqDatN8OQpkAN3saBtfyrZO9/gd4uHYXSwzyrWvZo
 zfwxnvtkDlpVGQlpY5ZOsdNvSTzUHZx5OWzefFpzj8IRSzUz0TMW66QY4QIDAQAB
 oxMwETAPBgNVHREECDAGhwQKKgCHMA0GCSqGSIb3DQEBCwUAA4IBAQCOoahzBD4e
 WlPnh73Pxaf4MNgX2CyQXfJZ+17kVJ5R3VlOnj/M62RFBSbPQILBgfWvhvQLEnK3
 UtdOieE2qpB2qstTubQxC+JhKxQYSc0NOMDWduw+qWZYRaWn365KfOCUj1ye2sPC
 gaUUfRPeZCRDfXG9XsNzC5IGct4yHOFacQBBpVaU1vL9GIlFco9PP8fzfIiovpGY
 fuuKoFbFlSRL6vR1G7jVab22sISUcaZ/3vV18nX6RxaAE5UlaMTLDetlNPq9+xqd
 roAq7OyYqkimWZ8fm4Rg6k98TvqMvxkCCmTLmWaalJ1bnR4lugnIxILLiWSGzmdi
 qrU3CmgJ4rJK
 -----END CERTIFICATE-----
--- a/10.42.0.156.crt
+++ b/10.42.0.156.crt
@ -0,0 +1,22 @@
 -----BEGIN CERTIFICATE-----
 MIIDlTCCAn2gAwIBAgIUNBWMQ6KLZbQqkNdrE1w87qu6mAUwDQYJKoZIhvcNAQEL
 BQAwejELMAkGA1UEBhMCWFgxDDAKBgNVBAgMA04vQTEMMAoGA1UEBwwDTi9BMSAw
 HgYDVQQKDBdTZWxmLXNpZ25lZCBjZXJ0aWZpY2F0ZTEtMCsGA1UEAwwkMTAuNDIu
 MC4xMzU6IFNlbGYtc2lnbmVkIGNlcnRpZmljYXRlMB4XDTIyMTAwOTE0NDYwNVoX
 DTI0MTAwODE0NDYwNVowejELMAkGA1UEBhMCWFgxDDAKBgNVBAgMA04vQTEMMAoG
 A1UEBwwDTi9BMSAwHgYDVQQKDBdTZWxmLXNpZ25lZCBjZXJ0aWZpY2F0ZTEtMCsG
 A1UEAwwkMTAuNDIuMC4xMzU6IFNlbGYtc2lnbmVkIGNlcnRpZmljYXRlMIIBIjAN
 BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/Z+GZbiDxEcYKhVdtPwZp1VhzvT
 E2SbArUE7158Y32AopIfYAZxJZrKAvnHt/6ixktXAtCghG9fuA3X8fsu2nkeq3PF
 jgyRxCSjSyv6UHgakVzIe/9xlQenWttDrQfmEl/urlAzJ4SvpeD7rBj/craKtXUj
 n9xDY4OWlr8vSo8+Qng9hkGSoyhKKvAOi7yLGimXeuWqs/9F8DlY/RPUzAsITOf+
 jCf9KQ8925tF1lKfCVaOIRDSqDatN8OQpkAN3saBtfyrZO9/gd4uHYXSwzyrWvZo
 zfwxnvtkDlpVGQlpY5ZOsdNvSTzUHZx5OWzefFpzj8IRSzUz0TMW66QY4QIDAQAB
 oxMwETAPBgNVHREECDAGhwQKKgCHMA0GCSqGSIb3DQEBCwUAA4IBAQCOoahzBD4e
 WlPnh73Pxaf4MNgX2CyQXfJZ+17kVJ5R3VlOnj/M62RFBSbPQILBgfWvhvQLEnK3
 UtdOieE2qpB2qstTubQxC+JhKxQYSc0NOMDWduw+qWZYRaWn365KfOCUj1ye2sPC
 gaUUfRPeZCRDfXG9XsNzC5IGct4yHOFacQBBpVaU1vL9GIlFco9PP8fzfIiovpGY
 fuuKoFbFlSRL6vR1G7jVab22sISUcaZ/3vV18nX6RxaAE5UlaMTLDetlNPq9+xqd
 roAq7OyYqkimWZ8fm4Rg6k98TvqMvxkCCmTLmWaalJ1bnR4lugnIxILLiWSGzmdi
 qrU3CmgJ4rJK
 -----END CERTIFICATE-----
--- a/app.py
+++ b/app.py
@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 #
 import sys, os, base64, toml
-import http.client
+import http.client, ssl
 import xml.etree.ElementTree as ET
 from flask import Flask, render_template, request, make_response, jsonify
 from waitress import serve
@ -71,6 +71,7 @@ cmd_auth = str(base64.b64encode(str(":" + app.config['DEFAULT']['cmd_auth']).enc
 hosts        = app.config['DEFAULT']['hosts']
 port         = app.config['DEFAULT']['port']
 cmd_port     = app.config['DEFAULT']['cmd_port']
 useSSL = app.config['DEFAULT']['useSSL']
 # Network/link utilities
 # https://www.metageek.com/training/resources/understanding-rssi/
@ -79,6 +80,9 @@ def isup(host_l, port):
    global DEBUG
    import socket
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    if useSSL:
         sslcontext = ssl.create_default_context(cafile=host_l + ".crt")
         s = sslcontext.wrap_socket(s, server_hostname=host_l)
    try:
        s.settimeout(3.0)
        s.connect((host_l, port))
@ -96,7 +100,7 @@ def checkHosts(host_l):
    hostdown, hostup = [], []
    hosts_number = str(len(host_l))
    for lhost in host_l:
-        if not isup(lhost, 8080):
+        if not isup(lhost, port):
            hostdown.append(lhost)
        else:
            hostup.append(lhost)
@ -142,10 +146,10 @@ def sendCommand(host, arg0, arg1, arg2):
        req = "/requests/playlist.xml"
    elif arg0 == "rssi":
        req = "/rssi"
-        portl = cmd_port    
+        portl = cmd_port
    elif arg0 == "reboot":
        req = "/reboot"
-        portl = cmd_port    
+        portl = cmd_port
    elif arg0 == "poweroff":
        req = "/poweroff"
        portl = cmd_port    
@ -163,7 +167,11 @@ def sendCommand(host, arg0, arg1, arg2):
            elif (arg0 == "enqueue") or (arg0 == "add") :
                req = req + "&input=file://" + media_folder_remote + "/" + arg1
    # Send request
-    conn = http.client.HTTPConnection( host + ":" + str(portl), timeout=3 )
+    if useSSL:
        sslcontext = ssl.create_default_context(cafile=host + ".crt")
        conn = http.client.HTTPSConnection( host + ":" + str(portl), timeout=3, context = sslcontext )
    else:
        conn = http.client.HTTPConnection( host + ":" + str(portl), timeout=3 )
    try:
        conn.request( "GET", req, headers={"Authorization":"Basic " + auth} )
    except:
--- a/defaults.toml
+++ b/defaults.toml
@ -1,5 +1,6 @@
 [DEFAULT]
 DEBUG = 0
 useSSL = false
 media_folder_local = "~/Videos"
 media_folder_remote = "~/Videos"
 media_ext = []
--- a/videopi.toml
+++ b/videopi.toml
@ -1,12 +1,13 @@
 [DEFAULT]
 DEBUG = 0
 useSSL = true
 media_folder_local = "../medias"
-media_folder_remote = "/home/pi"
+media_folder_remote = "/home/pi/Videos/"
 media_ext = ["mp4", "avi", "mkv"]
 auth  = "secret"
 cmd_auth  = "secret"
 hosts = ["10.42.0.135", "10.42.0.156"]
 # VLC http LUA port
-port = 8080
+port = 8887
 # Clients cmd port
-cmd_port = 5000
+cmd_port = 8888