Use TLS/SSL for server/clients com

This commit is contained in:
ABelliqueux 2022-10-09 18:09:32 +02:00
parent 14975546ca
commit 3d324f3554
5 changed files with 62 additions and 8 deletions

22
10.42.0.135.crt Normal file
View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDlTCCAn2gAwIBAgIUNBWMQ6KLZbQqkNdrE1w87qu6mAUwDQYJKoZIhvcNAQEL
BQAwejELMAkGA1UEBhMCWFgxDDAKBgNVBAgMA04vQTEMMAoGA1UEBwwDTi9BMSAw
HgYDVQQKDBdTZWxmLXNpZ25lZCBjZXJ0aWZpY2F0ZTEtMCsGA1UEAwwkMTAuNDIu
MC4xMzU6IFNlbGYtc2lnbmVkIGNlcnRpZmljYXRlMB4XDTIyMTAwOTE0NDYwNVoX
DTI0MTAwODE0NDYwNVowejELMAkGA1UEBhMCWFgxDDAKBgNVBAgMA04vQTEMMAoG
A1UEBwwDTi9BMSAwHgYDVQQKDBdTZWxmLXNpZ25lZCBjZXJ0aWZpY2F0ZTEtMCsG
A1UEAwwkMTAuNDIuMC4xMzU6IFNlbGYtc2lnbmVkIGNlcnRpZmljYXRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/Z+GZbiDxEcYKhVdtPwZp1VhzvT
E2SbArUE7158Y32AopIfYAZxJZrKAvnHt/6ixktXAtCghG9fuA3X8fsu2nkeq3PF
jgyRxCSjSyv6UHgakVzIe/9xlQenWttDrQfmEl/urlAzJ4SvpeD7rBj/craKtXUj
n9xDY4OWlr8vSo8+Qng9hkGSoyhKKvAOi7yLGimXeuWqs/9F8DlY/RPUzAsITOf+
jCf9KQ8925tF1lKfCVaOIRDSqDatN8OQpkAN3saBtfyrZO9/gd4uHYXSwzyrWvZo
zfwxnvtkDlpVGQlpY5ZOsdNvSTzUHZx5OWzefFpzj8IRSzUz0TMW66QY4QIDAQAB
oxMwETAPBgNVHREECDAGhwQKKgCHMA0GCSqGSIb3DQEBCwUAA4IBAQCOoahzBD4e
WlPnh73Pxaf4MNgX2CyQXfJZ+17kVJ5R3VlOnj/M62RFBSbPQILBgfWvhvQLEnK3
UtdOieE2qpB2qstTubQxC+JhKxQYSc0NOMDWduw+qWZYRaWn365KfOCUj1ye2sPC
gaUUfRPeZCRDfXG9XsNzC5IGct4yHOFacQBBpVaU1vL9GIlFco9PP8fzfIiovpGY
fuuKoFbFlSRL6vR1G7jVab22sISUcaZ/3vV18nX6RxaAE5UlaMTLDetlNPq9+xqd
roAq7OyYqkimWZ8fm4Rg6k98TvqMvxkCCmTLmWaalJ1bnR4lugnIxILLiWSGzmdi
qrU3CmgJ4rJK
-----END CERTIFICATE-----

22
10.42.0.156.crt Normal file
View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDlTCCAn2gAwIBAgIUNBWMQ6KLZbQqkNdrE1w87qu6mAUwDQYJKoZIhvcNAQEL
BQAwejELMAkGA1UEBhMCWFgxDDAKBgNVBAgMA04vQTEMMAoGA1UEBwwDTi9BMSAw
HgYDVQQKDBdTZWxmLXNpZ25lZCBjZXJ0aWZpY2F0ZTEtMCsGA1UEAwwkMTAuNDIu
MC4xMzU6IFNlbGYtc2lnbmVkIGNlcnRpZmljYXRlMB4XDTIyMTAwOTE0NDYwNVoX
DTI0MTAwODE0NDYwNVowejELMAkGA1UEBhMCWFgxDDAKBgNVBAgMA04vQTEMMAoG
A1UEBwwDTi9BMSAwHgYDVQQKDBdTZWxmLXNpZ25lZCBjZXJ0aWZpY2F0ZTEtMCsG
A1UEAwwkMTAuNDIuMC4xMzU6IFNlbGYtc2lnbmVkIGNlcnRpZmljYXRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/Z+GZbiDxEcYKhVdtPwZp1VhzvT
E2SbArUE7158Y32AopIfYAZxJZrKAvnHt/6ixktXAtCghG9fuA3X8fsu2nkeq3PF
jgyRxCSjSyv6UHgakVzIe/9xlQenWttDrQfmEl/urlAzJ4SvpeD7rBj/craKtXUj
n9xDY4OWlr8vSo8+Qng9hkGSoyhKKvAOi7yLGimXeuWqs/9F8DlY/RPUzAsITOf+
jCf9KQ8925tF1lKfCVaOIRDSqDatN8OQpkAN3saBtfyrZO9/gd4uHYXSwzyrWvZo
zfwxnvtkDlpVGQlpY5ZOsdNvSTzUHZx5OWzefFpzj8IRSzUz0TMW66QY4QIDAQAB
oxMwETAPBgNVHREECDAGhwQKKgCHMA0GCSqGSIb3DQEBCwUAA4IBAQCOoahzBD4e
WlPnh73Pxaf4MNgX2CyQXfJZ+17kVJ5R3VlOnj/M62RFBSbPQILBgfWvhvQLEnK3
UtdOieE2qpB2qstTubQxC+JhKxQYSc0NOMDWduw+qWZYRaWn365KfOCUj1ye2sPC
gaUUfRPeZCRDfXG9XsNzC5IGct4yHOFacQBBpVaU1vL9GIlFco9PP8fzfIiovpGY
fuuKoFbFlSRL6vR1G7jVab22sISUcaZ/3vV18nX6RxaAE5UlaMTLDetlNPq9+xqd
roAq7OyYqkimWZ8fm4Rg6k98TvqMvxkCCmTLmWaalJ1bnR4lugnIxILLiWSGzmdi
qrU3CmgJ4rJK
-----END CERTIFICATE-----

14
app.py
View File

@ -2,7 +2,7 @@
# -*- coding: utf-8 -*-
#
import sys, os, base64, toml
import http.client
import http.client, ssl
import xml.etree.ElementTree as ET
from flask import Flask, render_template, request, make_response, jsonify
from waitress import serve
@ -71,6 +71,7 @@ cmd_auth = str(base64.b64encode(str(":" + app.config['DEFAULT']['cmd_auth']).enc
hosts = app.config['DEFAULT']['hosts']
port = app.config['DEFAULT']['port']
cmd_port = app.config['DEFAULT']['cmd_port']
useSSL = app.config['DEFAULT']['useSSL']
# Network/link utilities
# https://www.metageek.com/training/resources/understanding-rssi/
@ -79,6 +80,9 @@ def isup(host_l, port):
global DEBUG
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
if useSSL:
sslcontext = ssl.create_default_context(cafile=host_l + ".crt")
s = sslcontext.wrap_socket(s, server_hostname=host_l)
try:
s.settimeout(3.0)
s.connect((host_l, port))
@ -96,7 +100,7 @@ def checkHosts(host_l):
hostdown, hostup = [], []
hosts_number = str(len(host_l))
for lhost in host_l:
if not isup(lhost, 8080):
if not isup(lhost, port):
hostdown.append(lhost)
else:
hostup.append(lhost)
@ -163,7 +167,11 @@ def sendCommand(host, arg0, arg1, arg2):
elif (arg0 == "enqueue") or (arg0 == "add") :
req = req + "&input=file://" + media_folder_remote + "/" + arg1
# Send request
conn = http.client.HTTPConnection( host + ":" + str(portl), timeout=3 )
if useSSL:
sslcontext = ssl.create_default_context(cafile=host + ".crt")
conn = http.client.HTTPSConnection( host + ":" + str(portl), timeout=3, context = sslcontext )
else:
conn = http.client.HTTPConnection( host + ":" + str(portl), timeout=3 )
try:
conn.request( "GET", req, headers={"Authorization":"Basic " + auth} )
except:

View File

@ -1,5 +1,6 @@
[DEFAULT]
DEBUG = 0
useSSL = false
media_folder_local = "~/Videos"
media_folder_remote = "~/Videos"
media_ext = []

View File

@ -1,12 +1,13 @@
[DEFAULT]
DEBUG = 0
useSSL = true
media_folder_local = "../medias"
media_folder_remote = "/home/pi"
media_folder_remote = "/home/pi/Videos/"
media_ext = ["mp4", "avi", "mkv"]
auth = "secret"
cmd_auth = "secret"
hosts = ["10.42.0.135", "10.42.0.156"]
# VLC http LUA port
port = 8080
port = 8887
# Clients cmd port
cmd_port = 5000
cmd_port = 8888