From 3891f2eebe9fc007d566b42e17120eee94b5f8ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?So=C3=B3s=20P=C3=A9ter?= Date: Mon, 19 Nov 2018 16:54:09 +0100 Subject: [PATCH] Add mikrotik SSL support (#17898) * Update mikrotik.py * Update mikrotik.py * Added basic api_ssl support Added preliminary support to use api_ssl instead of api. It don't check the validity of the certificate need it. At Home Assistant side add ssl = true to your sensor configuration, and don't forget to change the port too (to 8729 by default): device_tracker: - platform: mikrotik host: 192.168.88.1 port: 8729 ssl: true username: homeassistant password: TopSecret At MikroTik side you have to add or generate a certificate, and configure api_ssl to use it. Here is an example: /certificate add common-name="Self signed demo certificate for API" days-valid=3650 name="Self signed demo certificate for API" key-usage=digital-signature,key-encipherment,tls-server,key-cert-sign,crl-sign /certificate sign "Self signed demo certificate for API" /ip service set api-ssl certificate="Self signed demo certificate for API" /ip service enable api-ssl /ip service disable api /user group add name=homeassistant policy=read,api,!local,!telnet,!ssh,!ftp,!reboot,!write,!policy,!test,!winbox,!password,!web,!sniff,!sensitive,!romon,!dude,!tikapp /user add group=homeassistant name=homeassistant /user set password="TopSecret" homeassistant * Fixed import missind ssl lib * SSL support code cleanup, use ssl-api port by default if ssl enabled * Restored accidentalli deleted method parameter * Fixed Python 3.5.3 compilation errors Fixed Python 3.5.3 compilation errors reported by Travis CI * Removed duplicated MTK_DEFAULT_API_PORT --- .../components/device_tracker/mikrotik.py | 33 ++++++++++++++++--- 1 file changed, 28 insertions(+), 5 deletions(-) diff --git a/homeassistant/components/device_tracker/mikrotik.py b/homeassistant/components/device_tracker/mikrotik.py index d6b965cbadf..5b69c13afa6 100644 --- a/homeassistant/components/device_tracker/mikrotik.py +++ b/homeassistant/components/device_tracker/mikrotik.py @@ -6,26 +6,30 @@ https://home-assistant.io/components/device_tracker.mikrotik/ """ import logging +import ssl + import voluptuous as vol import homeassistant.helpers.config_validation as cv from homeassistant.components.device_tracker import ( DOMAIN, PLATFORM_SCHEMA, DeviceScanner) from homeassistant.const import ( - CONF_HOST, CONF_PASSWORD, CONF_USERNAME, CONF_PORT, CONF_METHOD) + CONF_HOST, CONF_PASSWORD, CONF_USERNAME, CONF_PORT, CONF_SSL, CONF_METHOD) REQUIREMENTS = ['librouteros==2.1.1'] _LOGGER = logging.getLogger(__name__) MTK_DEFAULT_API_PORT = '8728' +MTK_DEFAULT_API_SSL_PORT = '8729' PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({ vol.Required(CONF_HOST): cv.string, vol.Required(CONF_USERNAME): cv.string, vol.Required(CONF_PASSWORD): cv.string, vol.Optional(CONF_METHOD): cv.string, - vol.Optional(CONF_PORT, default=MTK_DEFAULT_API_PORT): cv.port, + vol.Optional(CONF_PORT): cv.port, + vol.Optional(CONF_SSL, default=False): cv.boolean }) @@ -43,7 +47,14 @@ class MikrotikScanner(DeviceScanner): self.last_results = {} self.host = config[CONF_HOST] - self.port = config[CONF_PORT] + self.ssl = config[CONF_SSL] + try: + self.port = config[CONF_PORT] + except KeyError: + if self.ssl: + self.port = MTK_DEFAULT_API_SSL_PORT + else: + self.port = MTK_DEFAULT_API_PORT self.username = config[CONF_USERNAME] self.password = config[CONF_PASSWORD] self.method = config.get(CONF_METHOD) @@ -64,9 +75,21 @@ class MikrotikScanner(DeviceScanner): """Connect to Mikrotik method.""" import librouteros try: + kwargs = { + 'port': self.port, + 'encoding': 'utf-8' + } + if self.ssl: + ssl_context = ssl.create_default_context() + ssl_context.check_hostname = False + ssl_context.verify_mode = ssl.CERT_NONE + kwargs['ssl_wrapper'] = ssl_context.wrap_socket self.client = librouteros.connect( - self.host, self.username, self.password, port=int(self.port), - encoding='utf-8') + self.host, + self.username, + self.password, + **kwargs + ) try: routerboard_info = self.client(