Thrift chang to default ssl context

Instead of the filepath of the certs the default ssl context is used
Instead of the three file paths you can give as 6th arguments true / false to enable / disable ssl

2 files changed, 16 insertions, 13 deletions

diff --git a/bwlp.config b/bwlp.config
index af5a214..4dcf744 100644
--- a/bwlp.config
+++ b/bwlp.config
@@ -1,8 +1,7 @@
 # ping	name	host
 # https	name	host
 # thrift	name	host	port	SAT/MASTER
-# tftp	name	host	port	filename
-# tftp	name	host	port	filename	cafile	certfile	keyfile
+# tftp	name	host	port	filename	ssl(true/false)
 https	Masterserver HTTPS Service	https://bwlp-masterserver.ruf.uni-freiburg.de
 https	Fail Test	5121236
 https	Fail Test	https://www.amazony.de/
@@ -11,9 +10,10 @@ ping	Fileserver Ping	files.bwlp.ks.uni-freiburg.de
 ping	Backup fileserver Ping	bwlp-backup.ruf.uni-freiburg.de
 ping	Ping Fail	0.0.0.1
 thrift	Thrift SAT	132.230.8.192	9090	SAT
-thrift	Thrift MASTER	132.230.4.16	9090	MASTER
-# thrift	Thrift Timeout	132.230.4.16	9092	MASTER
-thrift	Thrift SSL test	132.230.4.16	9091	MASTER	ssl/CA.pem	ssl/client.crt	ssl/client.key
+thrift	Thrift MASTER	132.230.4.16	9090	MASTER	false
+# thrift	Thrift Timeout	132.230.4.16	9092	MASTER	false
+thrift	Thrift SAT SSL test	132.230.8.192	9091	SAT	true
+thrift	Thrift MASTER SSL test	132.230.4.16	9091	MASTER	true
 ping	BAS Ping	bas.intra.uni-freiburg.de
 ping	yc	127.0.0.2
 ping	yx	127.0.0.3
diff --git a/main.py b/main.py
index 4811db2..3008c39 100755
--- a/main.py
+++ b/main.py
@@ -3,6 +3,7 @@ import datetime
 import logging
 import os
 import shutil
+import ssl
 import subprocess
 import tftpy
 import thriftpy
@@ -117,20 +118,26 @@ def tftp(name, host, port, filename):
     logStatus(statusList[-1])
   
 # Creates the thrift client and prwlp-pxe.ruf.uni-freiburg.de .ceeds the get Organisations call. Server can either be SAT or MASTER 
-def thrift(name, ip, port, server, cafile=None, certfile=None, keyfile=None):
+def thrift(name, ip, port, server, SSL=False):
   host = ip + ':' + str(port)
   print('THRIFT request ' + host + ' ...', end='')
   bwlp_thrift = thriftpy.load('bwlp.thrift', module_name='bwlp_thrift')
+  
+  # SSL factory
+  ssl_factory = None
+  if SSL == 'true':
+    # ssl_factory = ssl.create_default_context()
+    ssl_factory = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
 
   organisations = []
   # Different clients for SAT / Master is needed.
   try:
     if server == 'SAT':
-      satserver = make_client(bwlp_thrift.SatelliteServer, host=ip, port=port, trans_factory=TFramedTransportFactory(), cafile=cafile, certfile=certfile, keyfile=keyfile)
+      satserver = make_client(bwlp_thrift.SatelliteServer, host=ip, port=port, trans_factory=TFramedTransportFactory(), ssl_context=ssl_factory)
       organisations = satserver.getAllOrganizations()
 
     elif server == 'MASTER':
-      masterserver = make_client(bwlp_thrift.MasterServer, host=ip, port=port, trans_factory=TFramedTransportFactory(), cafile=cafile, certfile=certfile, keyfile=keyfile)
+      masterserver = make_client(bwlp_thrift.MasterServer, host=ip, port=port, trans_factory=TFramedTransportFactory(), ssl_context=ssl_factory)
       organisations = masterserver.getOrganizations()
 
     organisationList = []
@@ -211,11 +218,7 @@ def check(entry):
     https(entry[1], entry[2])
   elif entry[0] == 'thrift':
     if (len(entry) < 5): return
-    elif (len(entry) == 5):
-      thrift(entry[1], entry[2], int(entry[3]), entry[4])
-    elif (len(entry) == 8):
-      # SSL attributes
-      thrift(entry[1], entry[2], int(entry[3]), entry[4], entry[5], entry[6], entry[7])
+    thrift(entry[1], entry[2], int(entry[3]), entry[4], entry[5] if len(entry) == 6 else 'false')
   elif entry[0] == 'tftp':
     if (len(entry) < 5): return
     tftp(entry[1], entry[2], int(entry[3]), entry[4])