Fix tls-support

danielperna84 · Nov 26, 2021 · 0df8a45 · 0df8a45
1 parent f46256f
commit 0df8a45
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 16 deletions.
diff --git a/hahomematic/central_unit.py b/hahomematic/central_unit.py
@@ -69,7 +69,7 @@ def __init__(self, central_config):
             self.username = None
         else:
             self.username = self.central_config.username
-        self.tls = self.central_config.json_tls
+        self.tls = self.central_config.tls
         self.verify_tls = self.central_config.verify_tls
         self.client_session = self.central_config.client_session
 

diff --git a/hahomematic/json_rpc_client.py b/hahomematic/json_rpc_client.py
@@ -45,8 +45,20 @@ def __init__(
         self._port = self._central_config.json_port
         self._username = self._central_config.username
         self._password = self._central_config.password
-        self._tls = self._central_config.json_tls
+        self._json_tls = self._central_config.json_tls
         self._verify_tls = self._central_config.verify_tls
+        self._ssl_context = self._get_tls_context()
+
+    def _get_tls_context(self):
+        ssl_context = None
+        if self._json_tls:
+            if self._verify_tls:
+                ssl_context = ssl.create_default_context()
+            else:
+                ssl_context = ssl.create_default_context()
+                ssl_context.check_hostname = False
+                ssl_context.verify_mode = ssl.CERT_NONE
+        return ssl_context
 
     @property
     def is_activated(self):
@@ -158,17 +170,13 @@ async def _post(
             }
 
             _LOGGER.debug("json_rpc_client._post: API-Endpoint: %s", self._url)
-            if self._tls:
-                ssl_context = UNVERIFIED_CTX
-                if self._verify_tls:
-                    ssl_context = VERIFIED_CTX
-
+            if self._json_tls:
                 resp = await self._client_session.post(
                     self._url,
                     data=payload,
                     headers=headers,
                     timeout=config.TIMEOUT,
-                    context=ssl_context,
+                    ssl=self._ssl_context,
                 )
             else:
                 resp = await self._client_session.post(
@@ -194,6 +202,9 @@ async def _post(
         except ClientError as cce:
             _LOGGER.exception("json_rpc_client._post: ClientError")
             return {"error": str(cce), "result": {}}
+        except TypeError as ter:
+            _LOGGER.exception("json_rpc_client._post: TypeError")
+            return {"error": str(ter), "result": {}}
 
     async def logout(self):
         """Logout of CCU."""
@@ -224,9 +235,13 @@ async def _logout(self, session_id):
     @property
     def _url(self):
         """Return the required url."""
-        if self._tls:
-            return f"https://{self._host}:{self._port}{PATH_JSON_RPC}"
-        return f"http://{self._host}:{self._port}{PATH_JSON_RPC}"
+        url = "http://"
+        if self._json_tls:
+            url = "https://"
+        url = f"{url}{self._host}"
+        if self._port:
+            url = f"{url}:{self._port}"
+        return f"{url}{PATH_JSON_RPC}"
 
 
 def _get_params(session_id, extra_params, use_default_params) -> dict[str, str]:

diff --git a/hahomematic/proxy.py b/hahomematic/proxy.py
@@ -5,9 +5,12 @@
 import logging
 import ssl
 import xmlrpc.client
+from hahomematic.const import ATTR_TLS, ATTR_VERIFY_TLS
 
 _LOGGER = logging.getLogger(__name__)
 
+ATTR_CONTEXT = "context"
+ATTR_ENCODING_ISO_8859_1 = "ISO-8859-1"
 
 class ProxyException(Exception):
     """hahomematic Proxy exception."""
@@ -28,11 +31,22 @@ def __init__(self, executor_func, *args, **kwargs):
         Initialize new proxy for server and get local ip
         """
         self._executor_func = executor_func
-        self._tls = kwargs.pop("tls", False)
-        self._verify_tls = kwargs.pop("verify_tls", True)
-        if self._tls and not self._verify_tls and self._verify_tls is not None:
-            kwargs["context"] = ssl._create_unverified_context()
-        xmlrpc.client.ServerProxy.__init__(self, encoding="ISO-8859-1", *args, **kwargs)
+        self._tls = kwargs.pop(ATTR_TLS, False)
+        self._verify_tls = kwargs.pop(ATTR_VERIFY_TLS, True)
+        if self._tls:
+            kwargs[ATTR_CONTEXT] = self._get_tls_context()
+        xmlrpc.client.ServerProxy.__init__(self, encoding=ATTR_ENCODING_ISO_8859_1, *args, **kwargs)
+
+    def _get_tls_context(self):
+        ssl_context = None
+        if self._tls:
+            if self._verify_tls:
+                ssl_context = ssl.create_default_context()
+            else:
+                ssl_context = ssl.create_default_context()
+                ssl_context.check_hostname = False
+                ssl_context.verify_mode = ssl.CERT_NONE
+        return ssl_context
 
     async def __async_request(self, *args, **kwargs):
         """