From 42760490b98c877a0d75e61904def1b33e4e76d9 Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Thu, 7 Oct 2021 19:18:07 +0200 Subject: [PATCH] add SSL and mSSL support --- .gitignore | 2 ++ src/kassandra/config.py | 6 +++--- src/kassandra/webhook.py | 16 +++++++++++++++- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index a61e346..1fd0f17 100644 --- a/.gitignore +++ b/.gitignore @@ -141,3 +141,5 @@ cython_debug/ # Project specific: .sync_token config.yaml +*.key +*.crt diff --git a/src/kassandra/config.py b/src/kassandra/config.py index 0d4ff91..75825e3 100644 --- a/src/kassandra/config.py +++ b/src/kassandra/config.py @@ -29,11 +29,11 @@ class Config: """ if self.tls_auth and not self.tls: raise ValueError("tls_auth is enable, but not tls.") - if self.tls and tls_crt is None: + if self.tls and self.tls_crt is None: raise ValueError("tls is enable but tls_crt was not provided") - if self.tls and tls_key is None: + if self.tls and self.tls_key is None: raise ValueError("tls is enable but tls_key was not provided") - if self.tls_auth and ca_cert is None: + if self.tls_auth and self.ca_crt is None: raise ValueError("tls_auth is enable, but ca_crt was not provided") return True diff --git a/src/kassandra/webhook.py b/src/kassandra/webhook.py index 1a6ef09..50b60a1 100644 --- a/src/kassandra/webhook.py +++ b/src/kassandra/webhook.py @@ -14,7 +14,21 @@ from typing import ( from .config import Config def load_ssl_context(config:Config)->ssl.SSLContext: - pass + """ + Load the SSL context from the config. + """ + ca_path = None + if config.tls_auth: + ca_path = config.ca_crt + ssl_context = ssl.create_default_context( + purpose=ssl.Purpose.CLIENT_AUTH, + cafile=ca_path + ) + if config.tls_auth: + ssl_context.verify_mode = ssl.CERT_REQUIRED + ssl_context.load_cert_chain(config.tls_crt, config.tls_key) + return ssl_context + async def run_webhook( alert_queue: asyncio.Queue[dict[str, Any]],