Add support for client side certificate

Why: * Asked by user in #66 to have fully secure connection This change addreses the need by: * hass-cli will pass certificate to requests when using `--cert <pathtopem>` or HASS_CERT env.
home-assistant-ecosystem · Dec 17, 2018 · 31c25d0 · 31c25d0
1 parent d2e6d71
commit 31c25d0
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 3 deletions.
diff --git a/homeassistant_cli/cli.py b/homeassistant_cli/cli.py
@@ -2,7 +2,7 @@
 import logging
 import os
 import sys
-from typing import List, Optional, Union, cast
+from typing import List, Optional, Union, cast, no_type_check
 
 import click
 from click.core import Command, Context, Group
@@ -106,6 +106,7 @@ def _default_token() -> Optional[str]:
     return os.environ.get('HASS_TOKEN', os.environ.get('HASSIO_TOKEN', None))
 
 
+@no_type_check
 @click.command(cls=HomeAssistantCli, context_settings=CONTEXT_SETTINGS)
 @click_log.simple_verbosity_option(logging.getLogger(), "--loglevel", "-l")
 @click.version_option(const.__version__)
@@ -119,7 +120,7 @@ def _default_token() -> Optional[str]:
 @click.option(
     '--token',
     default=_default_token,
-    help='The Bearer token for Home Assistant instance.',  # type: ignore
+    help='The Bearer token for Home Assistant instance.',
     envvar='HASS_TOKEN',
 )
 @click.option(
@@ -150,6 +151,12 @@ def _default_token() -> Optional[str]:
     is_flag=True,
     help="Print backtraces when exception occurs.",
 )
+@click.option(
+    '--cert',
+    default=None,
+    envvar="HASS_CERT",
+    help=('Path to client certificate file (.pem) to use when connecting.'),
+)
 @click.option(
     '--insecure',
     is_flag=True,
@@ -176,6 +183,7 @@ def cli(
     debug: bool,
     insecure: bool,
     showexceptions: bool,
+    cert: str,
 ):
     """Command line interface for Home Assistant."""
     ctx.verbose = verbose
@@ -186,6 +194,7 @@ def cli(
     ctx.debug = debug
     ctx.insecure = insecure
     ctx.showexceptions = showexceptions
+    ctx.cert = cert
 
     _LOGGER.debug("Using settings: %s", ctx)
 

diff --git a/homeassistant_cli/config.py b/homeassistant_cli/config.py
@@ -4,6 +4,7 @@
 
 import click
 import homeassistant_cli.const as const
+from requests import Session  # noqa: ignore
 
 
 class Configuration:
@@ -19,7 +20,8 @@ def __init__(self) -> None:
         self.timeout = const.DEFAULT_TIMEOUT  # type: int
         self.debug = False  # type: bool
         self.showexceptions = False  # type: bool
-        self.session = None  # type: Requests.Session
+        self.session = None  # type: Optional[Session]
+        self.cert = None  # type: Optional[str]
 
     def echo(self, msg: str, *args: Optional[Any]) -> None:
         """Put content message to stdout."""

diff --git a/homeassistant_cli/remote.py b/homeassistant_cli/remote.py
@@ -58,6 +58,14 @@ def restapi(
             headers["Authorization"] = "Bearer {}".format(ctx.token)
         ctx.session.headers.update(headers)
         ctx.session.verify = not ctx.insecure
+        if ctx.cert:
+            ctx.session.cert = ctx.cert
+
+        _LOGGER.debug(
+            "Session: verify(%s), cert(%s)",
+            ctx.session.verify,
+            ctx.session.cert,
+        )
 
     url = urllib.parse.urljoin(ctx.server, path)