From 608f6a94497c0f48d3479800c1376b3b4399e9d6 Mon Sep 17 00:00:00 2001
From: Luis Toledo <luis@variacode.com>
Date: Mon, 7 May 2018 18:06:09 -0300
Subject: [PATCH] Adding certificate path for HTTPS connections

---
 contents/winrm-check.py      | 30 +++++++++++++++++++++--------
 contents/winrm-exec.py       | 37 +++++++++++++++++++++++-------------
 contents/winrm-filecopier.py | 30 ++++++++++++++++++++---------
 plugin.yaml                  | 18 ++++++++++++++++++
 4 files changed, 85 insertions(+), 30 deletions(-)

diff --git a/contents/winrm-check.py b/contents/winrm-check.py
index 7246943..ff6d184 100644
--- a/contents/winrm-check.py
+++ b/contents/winrm-check.py
@@ -2,6 +2,8 @@
 import os
 import sys
 import argparse
+import requests.packages.urllib3
+requests.packages.urllib3.disable_warnings()
 
 parser = argparse.ArgumentParser(description='Run Bolt command.')
 parser.add_argument('--username', help='the username')
@@ -12,12 +14,14 @@
 parser.add_argument('--port', help='port',default="5985")
 parser.add_argument('--nossl', help='nossl',default="False")
 parser.add_argument('--debug', help='nossl',default="False")
+parser.add_argument('--certpath', help='certpath')
 
 args = parser.parse_args()
 
 hostname = None
 username = None
 password = None
+certpath = None
 
 if args.hostname:
     hostname = args.hostname
@@ -49,6 +53,9 @@
     else:
         debug = False
 
+if args.certpath:
+    certpath = args.certpath
+
 if not hostname:
     print("hostname is required")
     sys.exit(1)
@@ -74,17 +81,24 @@
     print "username:" +username
     print "nossl:" + str(nossl)
     print "transport:" + transport
+    if(certpath):
+        print "certpath:" + certpath
     print "------------------------------------------"
 
-if(nossl):
-    session  = winrm.Session(endpoint,
-                             auth=(username, password),
-                             transport=authentication,
-                             server_cert_validation='ignore')
+
+arguments={}
+arguments["transport"] = authentication
+
+if(nossl == True):
+    arguments["server_cert_validation"] = "ignore"
 else:
-    session  = winrm.Session(endpoint,
-                             auth=(username, password),
-                            transport=authentication)
+    if(transport=="https"):
+        arguments["server_cert_validation"] = "validate"
+        arguments["ca_trust_path"] = certpath
+
+session = winrm.Session(target=endpoint,
+                         auth=(username, password),
+                         **arguments)
 
 exec_command = "ipconfig"
 result = session.run_cmd(exec_command)
diff --git a/contents/winrm-exec.py b/contents/winrm-exec.py
index 2278ee0..171228b 100644
--- a/contents/winrm-exec.py
+++ b/contents/winrm-exec.py
@@ -2,10 +2,10 @@
 import argparse
 import os
 import sys
-
+import requests.packages.urllib3
+requests.packages.urllib3.disable_warnings()
 from winrm.protocol import Protocol
 
-
 parser = argparse.ArgumentParser(description='Run Bolt command.')
 parser.add_argument('hostname', help='the hostname')
 args = parser.parse_args()
@@ -17,6 +17,7 @@
 nossl=False
 debug=False
 shell = "cmd"
+certpath = None
 
 if "RD_CONFIG_PASSWORD_STORAGE_PATH" in os.environ:
     password = os.getenv("RD_CONFIG_PASSWORD_STORAGE_PATH")
@@ -31,7 +32,10 @@
     port = os.getenv("RD_CONFIG_WINRMPORT")
 
 if "RD_CONFIG_NOSSL" in os.environ:
-    nossl = os.getenv("RD_CONFIG_NOSSL")
+    if os.getenv("RD_CONFIG_NOSSL") == "true":
+        nossl = True
+    else:
+        nossl = False
 
 if "RD_CONFIG_SHELL" in os.environ:
     shell = os.getenv("RD_CONFIG_SHELL")
@@ -39,6 +43,8 @@
 if os.getenv("RD_JOB_LOGLEVEL") == "DEBUG":
     debug = True
 
+if "RD_CONFIG_CERTPATH" in os.environ:
+    certpath = os.getenv("RD_CONFIG_CERTPATH")
 
 exec_command = os.getenv("RD_EXEC_COMMAND") 
 
@@ -61,18 +67,22 @@
     print "endpoint:" +endpoint
     print "authentication:" +authentication
     print "username:" +username
+    print "nossl:" + str(nossl)
     print "------------------------------------------"
 
+arguments = {}
+arguments["transport"] = authentication
 
-if(nossl):
-    session  = winrm.Session(endpoint,
-                             auth=(username, password),
-                             transport=authentication,
-                             server_cert_validation='ignore')
+if(nossl == True):
+    arguments["server_cert_validation"] = "ignore"
 else:
-    session  = winrm.Session(endpoint,
-                             auth=(username, password),
-                             transport=authentication)
+    if(transport=="https"):
+        arguments["server_cert_validation"] = "validate"
+        arguments["ca_trust_path"] = certpath
+
+session = winrm.Session(target=endpoint,
+                        auth=(username, password),
+                        **arguments)
 
 if shell == "cmd":
     result = session.run_cmd(exec_command)
@@ -80,8 +90,9 @@
 if shell == "powershell":
     result = session.run_ps(exec_command)
 
-
 print result.std_out
-print result.std_err
+
+if(result.std_err):
+    print result.std_err
 
 sys.exit(result.status_code)
diff --git a/contents/winrm-filecopier.py b/contents/winrm-filecopier.py
index c655bbc..11bad84 100644
--- a/contents/winrm-filecopier.py
+++ b/contents/winrm-filecopier.py
@@ -6,6 +6,8 @@
 import time
 from base64 import b64encode
 from winrm.protocol import Protocol
+import requests.packages.urllib3
+requests.packages.urllib3.disable_warnings()
 
 
 class RemoteCommandError(Exception):
@@ -107,7 +109,13 @@ def winrm_upload(
     port = os.getenv("RD_CONFIG_WINRMPORT")
 
 if "RD_CONFIG_NOSSL" in os.environ:
-    nossl = os.getenv("RD_CONFIG_NOSSL")
+    if os.getenv("RD_CONFIG_NOSSL") == "true":
+        nossl = True
+    else:
+        nossl = False
+
+if "RD_CONFIG_CERTPATH" in os.environ:
+    certpath = os.getenv("RD_CONFIG_CERTPATH")
 
 if "RD_OPTION_USERNAME" in os.environ and os.getenv("RD_OPTION_USERNAME"):
     #take user from job
@@ -123,15 +131,19 @@ def winrm_upload(
 
 endpoint = transport+'://'+args.hostname+':'+port
 
-if(nossl):
-    session = winrm.Session(endpoint,
-                            auth=(username, password),
-                            transport=authentication,
-                            server_cert_validation='ignore')
+arguments = {}
+arguments["transport"] = authentication
+
+if(nossl == True):
+    arguments["server_cert_validation"] = "ignore"
 else:
-    session = winrm.Session(endpoint,
-                            auth=(username, password),
-                            transport=authentication)
+    if(transport=="https"):
+        arguments["server_cert_validation"] = "validate"
+        arguments["ca_trust_path"] = certpath
+
+session = winrm.Session(target=endpoint,
+                        auth=(username, password),
+                        **arguments)
 
 copy = CopyFiles(session)
 copy.winrm_upload(args.destination,args.source)
diff --git a/plugin.yaml b/plugin.yaml
index 8e4cc2a..e368a22 100644
--- a/plugin.yaml
+++ b/plugin.yaml
@@ -56,6 +56,15 @@ providers:
         renderingOptions:
           groupName: Connection
           instance-scope-node-attribute: "winrm-port"
+      - name: certpath
+        title: Certificate Path
+        description: "Certificate path for ssl verification"
+        type: String
+        required: false
+        scope: Instance
+        renderingOptions:
+          groupName: Connection
+          instance-scope-node-attribute: "winrm-certpath"
       - name: shell
         title: Shell
         description: "Windows Shell interpreter"
@@ -139,6 +148,15 @@ providers:
         renderingOptions:
           groupName: Connection
           instance-scope-node-attribute: "winrm-port"
+      - name: certpath
+        title: Certificate Path
+        description: "Certificate path for ssl verification"
+        type: String
+        required: false
+        scope: Instance
+        renderingOptions:
+          groupName: Connection
+          instance-scope-node-attribute: "winrm-certpath"
       - name: username
         title: Username
         type: String