From patchwork Fri Aug  2 12:28:03 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ayoub Zaki <ayoub.zaki@embetrix.com>
X-Patchwork-Id: 1968326
X-Patchwork-Delegate: sbabic@denx.de
Return-Path: <swupdate+bncBDBKTZHRZUJRBWFBWO2QMGQEAT3EZ7Q@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20230601 header.b=dS7RqmlU;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2a00:1450:4864:20::33c; helo=mail-wm1-x33c.google.com;
 envelope-from=swupdate+bncbdbktzhrzujrbwfbwo2qmgqeat3ez7q@googlegroups.com;
 receiver=patchwork.ozlabs.org)
Received: from mail-wm1-x33c.google.com (mail-wm1-x33c.google.com
 [IPv6:2a00:1450:4864:20::33c])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4Wb4ql20ckz1yYq
	for <incoming@patchwork.ozlabs.org>; Fri,  2 Aug 2024 22:28:17 +1000 (AEST)
Received: by mail-wm1-x33c.google.com with SMTP id
 5b1f17b1804b1-428e48612acsf16617975e9.3
        for <incoming@patchwork.ozlabs.org>;
 Fri, 02 Aug 2024 05:28:17 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1722601690; cv=pass;
        d=google.com; s=arc-20160816;
        b=z5BE3j2I2G2gNh56GhFROgZ628qusNkz6LG8zE85ZdfeuUD6OyQzjIr+BgNKY4xxaP
         1QlEIyrF5KwuzzEr7jNJHzJ6tGXuX07tS4giLxhL24xa2z1iBlrdUFvGrkP9U6cdKit5
         WrNit/leuFpMPiq1fTb2Akvmq3/HWZfDMQBp9pm6a54unUheeo9thxtVIq/Dkot8vG3t
         bcFWIcKbeCrUmgyeUFXWfJ6IaNYxWfRgTJqjecyOvd9ouutJHLqPd4wr5Wu7FBvs1EqB
         nb0enEqZedDGl+zk+DJLb+pxxdrJ1t9Q+R68q3J0d8CB1pbGzmSJD8U/oO2EnQDfj0NA
         VgeQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:message-id:date
         :subject:cc:to:from:sender:dkim-signature;
        bh=taSPFq1ksu5t547PH49B133C7qcadVKELOSkQHm5KlU=;
        fh=dR7QLepzBk2MH4szqGBZ7w0JIFrWmGolwDA/MDdqR28=;
        b=0xY3MkyE0YtmVfTMnUqiaSTvajh8mSDu0dlN3Cu9zneAyRveIcRxgwR50Ivbb44Nij
         /WL13UND3BkQa25Lnkl0hz/C0/4Z6oi3hrCPKbNQteZC2kFdSGU/XBO3qc60vf55QOEl
         lFWcEojZANK2FGBgxKqN5jWmr7MDyqH12sX4BXiIEqR6GtMoJsvELl36ADrlwN8lRi2v
         inakfBdU8p3LEGBycFsgyb6V77yzwR5LdWPgcoLzsbYj6w1wqIzT3BBbyu28+rr6VmsW
         bk8aTzh2eybH5Lvzif6XguEae4LOK5tu1qznIBxdJbxFesVZe3mky7jPRPIuZySpkAQQ
         GGMA==;
        darn=patchwork.ozlabs.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@embetrix.com header.s=rsa2 header.b=pqJSEp0A;
       dkim=neutral (no key) header.i=@embetrix.com;
       spf=neutral (google.com: 2a02:2350:5:525::1 is neither permitted nor
 denied by best guess record for domain of ayoub.zaki@embetrix.com)
 smtp.mailfrom=ayoub.zaki@embetrix.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1722601690; x=1723206490;
 darn=patchwork.ozlabs.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:mime-version:message-id:date:subject:cc:to:from
         :sender:from:to:cc:subject:date:message-id:reply-to;
        bh=taSPFq1ksu5t547PH49B133C7qcadVKELOSkQHm5KlU=;
        b=dS7RqmlUDGttql3Q8cZ958X7ifVIudcf54GCjZKlA2EB1Bc//l8Wt0eQIL6+fvs26R
         LTXabXPONCeVWfeSUAxC1jlP+Iv+/DneftPK57FpzHB1BZ+6swYJSHzLCtX91zsR9Kgf
         8qMA2GXFcr3wFfFvjlQYe1ZxxN+u9Mg3vp/i3ze3bb5PmwA/oUeh9IdqF2LTMa//gmZs
         IbW+3DYNdeckJTzF+d1ve7GIQTlXqWNkdTNZKmbBbSOo70CO/PVuX6Sw1Q9dEutlwLen
         UBvdjZDibp+j0keQ6MVdQz9aImp7xO6P1nO24MhDSuSnMJQJNgdnvAFFTWpOhGbIyHjI
         TSgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1722601690; x=1723206490;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :x-spam-checked-in-group:list-id:mailing-list:precedence
         :x-original-authentication-results:x-original-sender:mime-version
         :message-id:date:subject:cc:to:from:x-beenthere:x-gm-message-state
         :sender:from:to:cc:subject:date:message-id:reply-to;
        bh=taSPFq1ksu5t547PH49B133C7qcadVKELOSkQHm5KlU=;
        b=IipzEVbS1LHwG5BgduzpZ9Ifu4jp25jLO/DEd+OgDscpQJcC80MbOhajXH5fGxlT98
         pD2CuuJswKi9aGYuwp+ddRBtT7nr8zWQFtXewS3bOuez+Hwal8OU4jFRMqqHnBn8cO9E
         nl12TAauhCoDB17e4oSuau01W9Wx0UyBWv5VW5i/TSG5lw8h7nYNnwJ1y85JeAtc21DO
         FBG37MwFnj6miku1ecoq8cFwiVaV7rNXUXQig9vFdWxSRvF4kW2r1IgEgoDPNDqjIav8
         hiIx6ECHCv8xHaCMybUW2AsljC+9ZuNYflajIo571E3dDW6ZxBPrBfvOBdZNY7VOSfzz
         ZRKQ==
Sender: swupdate@googlegroups.com
X-Forwarded-Encrypted: i=2;
 AJvYcCXE4VIvDStJSIGRq66bB6RLddulx+IUJdXT3IYml+AxDU6kazevaNr2pR/p6Vf+xaLMhWJjE55M3Z1mzcssyFuiQbSCd08X/sSICLUDHA==
X-Gm-Message-State: AOJu0YwQ9f9Yh5LlwOW0FSY+7JxyutwIyhmGD6MAJTHXmPvE84NxG8LR
	eLHyVtJK86P4gpD/0Nn0+k1d6boL8mMH9XAfjNMkGNgFq3alEXc5
X-Google-Smtp-Source: 
 AGHT+IHQ0xK4E70Xi5Az/M4uk8vL5K7+ndI1EWQmfKRMYXu8mthppoJRYBxSn6WfvGFyp7RbniFs4g==
X-Received: by 2002:a05:600c:4713:b0:426:593c:9359 with SMTP id
 5b1f17b1804b1-428e6b954cfmr30799095e9.32.1722601689745;
        Fri, 02 Aug 2024 05:28:09 -0700 (PDT)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:a05:600c:1d12:b0:426:6eb9:5098 with SMTP id
 5b1f17b1804b1-42803b78fb6ls54931235e9.1.-pod-prod-05-eu; Fri, 02 Aug 2024
 05:28:07 -0700 (PDT)
X-Received: by 2002:a05:600c:1396:b0:426:5269:982c with SMTP id
 5b1f17b1804b1-428e6b7e9b7mr27167415e9.28.1722601686601;
        Fri, 02 Aug 2024 05:28:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1722601686; cv=none;
        d=google.com; s=arc-20160816;
        b=VNWETAC4L18yVZg1mN361ZpNJgNWIWeUrYl0XWvDrGqosUj5mlpES10yGWESYPvW/2
         0smpMrEPgIx2hXZagTkJp6yTsHoST3uVVAumHmSAEjLSgoV83KvQDzE2VYuc8Hnx3M8S
         kKJmrheTrSphvXISjQgzWlGUg00G29szN6RzgtA4/WaeIzU/SoUAlzbMBxDYbxxdAg+9
         c3QcNIA0mEBq87nHnx7A9fbO3818aWLBuojANAnwncC4amX/R6QUr2+Iop4ZXamZRfdr
         nItYqNjplgSH/t4BvFpM89Lv32lE/m41hfLyHM2KqLoJWcq85il9UeeaEzyGLGfesiJl
         46Nw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:dkim-signature:dkim-signature;
        bh=iPFqPYKJppLdSsIHvPpqo0OqBkIyZTTmY41PNN0NqWw=;
        fh=+OJORHqdqTgck03oywGhM24wqLll/i7F/sjzFdEpJxw=;
        b=mrVskjIX4WnoxevYQPhrgWcZEkhXYvACjHkwja6LApNxGdmqMFvJIypH0qHkik4zt1
         rfig7ZQcV0KHXmmF/oUuHRKElR7OQrW261WslsC06i86SgJcWIJwrytLvYHQtGpSAtPR
         nO4uuZWnrmuDmtil9qfCuNScZGcmiCZkxE+Gg2CPR94DEqOUP2nsDw42U+JsYKtEYr3o
         bX5y98tEw8qkocMw8/p8c04LamlPRQZ3h/6JCtTWcS8Bq0zDP5sZdPo1/RNw+voMUNnj
         OQ+ONK3z8VmkdAiiFIfSW3gO3s4Ha+v+lw2Jutu/7UhN8gtolLdB6ogYEDOD1eJvY2vy
         +erQ==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@embetrix.com header.s=rsa2 header.b=pqJSEp0A;
       dkim=neutral (no key) header.i=@embetrix.com;
       spf=neutral (google.com: 2a02:2350:5:525::1 is neither permitted nor
 denied by best guess record for domain of ayoub.zaki@embetrix.com)
 smtp.mailfrom=ayoub.zaki@embetrix.com
Received: from mailrelay6-3.pub.mailoutpod3-cph3.one.com
 (mailrelay6-3.pub.mailoutpod3-cph3.one.com. [2a02:2350:5:525::1])
        by gmr-mx.google.com with ESMTPS id
 5b1f17b1804b1-42824af9292si4893115e9.1.2024.08.02.05.28.06
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 02 Aug 2024 05:28:06 -0700 (PDT)
Received-SPF: neutral (google.com: 2a02:2350:5:525::1 is neither permitted nor
 denied by best guess record for domain of ayoub.zaki@embetrix.com)
 client-ip=2a02:2350:5:525::1;
X-HalOne-ID: aa299a8b-50ca-11ef-90ea-4912a091495a
Received: from xps13.fritz.box
 (dynamic-2a02-3102-8c10-00a0-e9ea-5fcf-1e88-da6d.310.pool.telefonica.de
 [2a02:3102:8c10:a0:e9ea:5fcf:1e88:da6d])
	by mailrelay6.pub.mailoutpod3-cph3.one.com (Halon) with ESMTPSA
	id aa299a8b-50ca-11ef-90ea-4912a091495a;
	Fri, 02 Aug 2024 12:28:05 +0000 (UTC)
From: Ayoub Zaki <ayoub.zaki@embetrix.com>
To: swupdate@googlegroups.com
Cc: Ayoub Zaki <ayoub.zaki@embetrix.com>
Subject: [swupdate] [PATCH] swupdateclient: python client add support for ssl
Date: Fri,  2 Aug 2024 14:28:03 +0200
Message-Id: <20240802122803.127126-1-ayoub.zaki@embetrix.com>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
X-Original-Sender: ayoub.zaki@embetrix.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@embetrix.com header.s=rsa2 header.b=pqJSEp0A;       dkim=neutral
 (no key) header.i=@embetrix.com;       spf=neutral (google.com:
 2a02:2350:5:525::1 is neither permitted nor denied by best guess record for
 domain of ayoub.zaki@embetrix.com) smtp.mailfrom=ayoub.zaki@embetrix.com
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

Signed-off-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
---
 .../swupdateclient/swupdateclient/main.py     | 34 +++++++++++++++++--
 1 file changed, 32 insertions(+), 2 deletions(-)

diff --git a/tools/python/swupdateclient/swupdateclient/main.py b/tools/python/swupdateclient/swupdateclient/main.py
index ab78a3d3..09aff15c 100644
--- a/tools/python/swupdateclient/swupdateclient/main.py
+++ b/tools/python/swupdateclient/swupdateclient/main.py
@@ -11,8 +11,10 @@ import logging
 import os
 import sys
 import string
+import ssl
 from swupdateclient import __about__
 from typing import List, Optional, Tuple, Union
+from urllib3.exceptions import InsecureRequestWarning
 
 
 import requests
@@ -66,6 +68,7 @@ class SWUpdater:
         path_image,
         host_name,
         port=8080,
+        ssl="",
         path="",
         logger=None,
         log_level=logging.DEBUG,
@@ -73,6 +76,7 @@ class SWUpdater:
         self._image = path_image
         self._host_name = host_name
         self._port = port
+        self._ssl = ssl
         self._path = path
         if logger is not None:
             self._logger = logger
@@ -82,12 +86,22 @@ class SWUpdater:
             self._logger = logging.getLogger("swupdate")
             self._logger.addHandler(handler)
             self._logger.setLevel(log_level)
+        if ssl is not None:
+            self.url_upload = "https://{}:{}{}/upload"
+            self.url_status = "wss://{}:{}{}/wss"
 
     async def wait_update_finished(self):
         self._logger.info("Waiting for messages on websocket connection")
+        sslcontext = None
+        if self._ssl is not None:
+            sslcontext = ssl.create_default_context()
+            if self._ssl == "insecure":
+                sslcontext.check_hostname = False
+                sslcontext.verify_mode = ssl.CERT_NONE
         try:
             async with websockets.connect(
-                self.url_status.format(self._host_name, self._port, self._path)
+                self.url_status.format(self._host_name, self._port, self._path),
+                ssl=sslcontext
             ) as websocket:
                 while True:
                     try:
@@ -120,11 +134,19 @@ class SWUpdater:
             return False
 
     def sync_upload(self, swu_file, timeout):
+        verify = False
+        if self._ssl is not None:
+            if self._ssl == "insecure":
+                requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
+                verify = False
+            else:
+                verify = True
         return requests.post(
             self.url_upload.format(self._host_name, self._port, self._path),
             files={"file": swu_file},
             headers={"Cache-Control": "no-cache"},
             timeout=timeout,
+            verify=verify
         )
 
     async def upload(self, timeout):
@@ -207,10 +229,17 @@ def client(args: List[str]) -> None:
         "--color",
         help="colorize messages (auto, always or never)",
         type=str,
-        metavar="[WHEN]",
+        metavar="[COLOR]",
         choices=["auto", "always", "never"],
         default="auto",
     )
+    parser.add_argument(
+        "--ssl",
+        help="enable ssl connection (secure, insecure)",
+        type=str,
+        metavar="[MODE]",
+        choices=["secure", "insecure"],
+    )
 
     args = parser.parse_args()
 
@@ -225,6 +254,7 @@ def client(args: List[str]) -> None:
         args.host_name,
         args.port,
         path=args.path,
+        ssl=args.ssl,
         log_level=args.log_level.upper(),
     )
     updater.update(timeout=args.timeout)