diff options
Diffstat (limited to 'src/bin/shell')
-rw-r--r-- | src/bin/shell/kea-shell.in | 18 | ||||
-rw-r--r-- | src/bin/shell/kea_conn.py | 10 | ||||
-rw-r--r-- | src/bin/shell/kea_connector3.py | 22 |
3 files changed, 45 insertions, 5 deletions
diff --git a/src/bin/shell/kea-shell.in b/src/bin/shell/kea-shell.in index a9b73edeef..9dbd79c185 100644 --- a/src/bin/shell/kea-shell.in +++ b/src/bin/shell/kea-shell.in @@ -67,6 +67,15 @@ def shell_body(): parser.add_argument('--path', type=str, default='', help='Path of the URL to connect to ' '(default: "")') + parser.add_argument('--ca', type=str, default='', + help='File or directory name of the CA ' + '(default: "" i.e. do not use HTTPS)') + parser.add_argument('--cert', type=str, default='', + help='File name of the client certificate ' + '(default: "" i.e. do not use HTTPS)') + parser.add_argument('--key', type=str, default='', + help='File name of the client private key ' + '(default: "" i.e. do not use HTTPS)') parser.add_argument('--timeout', type=int, default='10', help='Timeout (in seconds) when attempting to ' 'connect to CA (default: 10)') @@ -96,6 +105,15 @@ def shell_body(): params.http_host = cmd_args.host params.http_port = cmd_args.port params.path += cmd_args.path + if cmd_args.ca: + params.ca = cmd_args.ca + params.scheme = 'https' + if (cmd_args.cert != '' and cmd_args.key == '') or \ + (cmd_args.cert == '' and cmd_args.key != ''): + print("--cert and --key must be used together") + sys.exit(1) + if cmd_args.cert: + params.cert = (cmd_args.cert, cmd_args.key) if cmd_args.auth_user != '': user = cmd_args.auth_user password = cmd_args.auth_password diff --git a/src/bin/shell/kea_conn.py b/src/bin/shell/kea_conn.py index d8c54aa48a..de6ad5786b 100644 --- a/src/bin/shell/kea_conn.py +++ b/src/bin/shell/kea_conn.py @@ -1,4 +1,4 @@ -# Copyright (C) 2017-2020 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2017-2021 Internet Systems Consortium, Inc. ("ISC") # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this @@ -13,8 +13,11 @@ class CARequest: This class defines the HTTP request to be sent. The supported parameters listed are: - path (specifies the path on the server, CA uses only /) + - scheme - http or https - http_host - hostname of the CA - - http-port - TCP port of the CA + - http_port - TCP port of the CA + - ca - False or CA file or path + - cert - False or cert file or cert and key files pair - command - specifies the command to send (e.g. list-commands) - service - specifies service that is target for the command (e.g. dhcp4) - timeout - timeout (in ms) @@ -24,8 +27,11 @@ class CARequest: - version - version to be reported in HTTP header """ path = '/' + scheme = 'http' http_host = '' http_port = 0 + ca = False + cert = False command = '' service = '' timeout = 0 diff --git a/src/bin/shell/kea_connector3.py b/src/bin/shell/kea_connector3.py index 738ad37f6f..809776bced 100644 --- a/src/bin/shell/kea_connector3.py +++ b/src/bin/shell/kea_connector3.py @@ -1,4 +1,4 @@ -# Copyright (C) 2017 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2017-2021 Internet Systems Consortium, Inc. ("ISC") # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this @@ -9,6 +9,8 @@ This is PYTHON 3.x version of HTTP connection establishment """ import urllib.request +import ssl +import os from kea_conn import CAResponse # CARequest @@ -16,7 +18,7 @@ def send_to_control_agent(params): """ Sends a request to Control Agent, receives a response and returns it.""" # First, create the URL - url = "http://" + params.http_host + ":" + url = params.scheme + "://" + params.http_host + ":" url += str(params.http_port) + str(params.path) # Now prepare the request (URL, headers and body) @@ -24,8 +26,22 @@ def send_to_control_agent(params): data=str.encode(params.content), headers=params.headers) + # Set up the SSL context. + ssl_ctx = None + capath = None + cafile = None + if params.ca: + if os.path.isdir(params.ca): + capath = params.ca + else: + cafile = params.ca + ssl_ctx = ssl.create_default_context(ssl.Purpose.SERVER_AUTH) + ssl_ctx.load_verify_locations(cafile, capath) + if params.cert: + ssl_ctx.load_cert_chain(param.cert[0], param.cert[1]) + # Establish connection, send the request. - resp = urllib.request.urlopen(req) + resp = urllib.request.urlopen(req, context=ssl_ctx) # Now get the response details, put it in CAResponse and return it result = CAResponse(resp.getcode(), resp.reason, |