refs #1936 authenticate to ogcore and check ogcore cert

CHANGELOG.md

@@ -6,6 +6,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [5.0.0] - 2025-04-25
+
+### Added
+
+- Use TLS
+
 ## [4.0.0] - 2025-04-24
 
 ### Added

linux/debian/changelog

@@ -1,3 +1,9 @@
+ogagent (5.0.0-1) stable; urgency=medium
+
+  * Use TLS
+
+ -- OpenGnsys developers <info@opengnsys.es>  Fri, 25 Apr 2025 13:09:49 +0200
+
 ogagent (4.0.0-1) stable; urgency=medium
 
   * Handle authn/authz in the oglive agent

src/VERSION

@@ -1 +1 @@
-4.0.0
+5.0.0

src/cfg/ogagent.cfg

@@ -18,9 +18,9 @@ level=full
 log=DEBUG
 
 # TLS
-ca=TODO
-crt=TODO
-key=TODO
+ca=C:\OGagent\ca.crt
+crt=C:\OGagent\ogagent.crt
+key=C:\OGagent\ogagent.key
 
 
 # Module specific

src/opengnsys/RESTApi.py

@@ -44,7 +44,6 @@ from .log import logger
 
 from .utils import exceptionToMessage
 
-VERIFY_CERT = False  # Do not check server certificate
 TIMEOUT = 5  # Connection timout, in seconds
 
 
@@ -122,6 +121,10 @@ class REST(object):
             if errs:
                 raise Exception ('TLS files not found')
 
+        self.ca_file  = ca_file
+        self.crt_file = crt_file
+        self.key_file = key_file
+
         # Disable logging requests messages except for errors, ...
         logging.getLogger("requests").setLevel(logging.CRITICAL)
         # Tries to disable all warnings
@@ -154,10 +157,9 @@ class REST(object):
                 if self.newerRequestLib:
                     if self.use_tls:
                         logger.debug ('nati: using TLS for GET')
-                        ## TODO enviar mi certificado y comprobar el de ogcore
-                        r = requests.get(url, verify=VERIFY_CERT, timeout=TIMEOUT)
+                        r = requests.get(url, cert=(self.crt_file, self.key_file), verify=self.ca_file, timeout=TIMEOUT)
                     else:
-                        r = requests.get(url, verify=VERIFY_CERT, timeout=TIMEOUT)
+                        r = requests.get(url, timeout=TIMEOUT)
                 else:
                     r = requests.get(url)
             else:  # POST
@@ -165,10 +167,9 @@ class REST(object):
                 if self.newerRequestLib:
                     if self.use_tls:
                         logger.debug ('nati: using TLS for POST')
-                        ## TODO enviar mi certificado y comprobar el de ogcore
-                        r = requests.post(url, data=data, headers={'content-type': 'application/json'}, verify=VERIFY_CERT, timeout=TIMEOUT)
+                        r = requests.post(url, data=data, headers={'content-type': 'application/json'}, cert=(self.crt_file, self.key_file), verify=self.ca_file, timeout=TIMEOUT)
                     else:
-                        r = requests.post(url, data=data, headers={'content-type': 'application/json'}, verify=VERIFY_CERT, timeout=TIMEOUT)
+                        r = requests.post(url, data=data, headers={'content-type': 'application/json'}, timeout=TIMEOUT)
                 else:
                     r = requests.post(url, data=data, headers={'content-type': 'application/json'})