Merge pull request #3670 from Ferroin/unbound-dns

Add a plugin for the Unbound DNS server.

1 files changed, 47 insertions, 1 deletions

diff --git a/python.d/python_modules/bases/FrameworkServices/SocketService.py b/python.d/python_modules/bases/FrameworkServices/SocketService.py
index 8d27ae660e..b1afaa9ce0 100644
--- a/python.d/python_modules/bases/FrameworkServices/SocketService.py
+++ b/python.d/python_modules/bases/FrameworkServices/SocketService.py
@@ -4,6 +4,13 @@
 
 import socket
 
+try:
+    import ssl
+except ImportError:
+    _TLS_SUPPORT = False
+else:
+    _TLS_SUPPORT = True
+
 from bases.FrameworkServices.SimpleService import SimpleService
 
 
@@ -16,6 +23,9 @@ class SocketService(SimpleService):
         self.unix_socket = None
         self.dgram_socket = False
         self.request = ''
+        self.tls = False
+        self.cert = None
+        self.key = None
         self.__socket_config = None
         self.__empty_request = "".encode()
         SimpleService.__init__(self, configuration=configuration, name=name)
@@ -56,10 +66,24 @@ class SocketService(SimpleService):
             self.__socket_config = None
             return False
 
+        if self.tls:
+            try:
+                self.debug('Encapsulating socket with TLS')
+                self._sock = ssl.wrap_socket(self._sock,
+                                             keyfile=self.key,
+                                             certfile=self.cert,
+                                             server_side=False,
+                                             cert_reqs=ssl.CERT_NONE)
+            except (socket.error, ssl.SSLError) as error:
+                self.error('Failed to wrap socket.')
+                self._disconnect()
+                self.__socket_config = None
+                return False
+
         try:
             self.debug('connecting socket to "{address}", port {port}'.format(address=sa[0], port=sa[1]))
             self._sock.connect(sa)
-        except socket.error as error:
+        except (socket.error, ssl.SSLError) as error:
             self.error('Failed to connect to "{address}", port {port}, error: {error}'.format(address=sa[0],
                                                                                               port=sa[1],
                                                                                               error=error))
@@ -249,6 +273,28 @@ class SocketService(SimpleService):
             except (KeyError, TypeError):
                 self.debug('No port specified. Using: "{0}"'.format(self.port))
 
+            self.tls = bool(self.configuration.get('tls', self.tls))
+            if self.tls and not _TLS_SUPPORT:
+                self.warning('TLS requested but no TLS module found, disabling TLS support.')
+                self.tls = False
+            if _TLS_SUPPORT and not self.tls:
+                self.debug('No TLS preference specified, not using TLS.')
+
+            if self.tls and _TLS_SUPPORT:
+                self.key = self.configuration.get('tls_key_file')
+                self.cert = self.configuration.get('tls_cert_file')
+                if not self.cert:
+                    # If there's not a valid certificate, clear the key too.
+                    self.debug('No valid TLS client certificate configuration found.')
+                    self.key = None
+                    self.cert = None
+                elif not self.key:
+                    # If a key isn't listed, the config may still be
+                    # valid, because there may be a key attached to the
+                    # certificate.
+                    self.info('No TLS client key specified, assuming it\'s attached to the certificate.')
+                    self.key = None
+
         try:
             self.request = str(self.configuration['request'])
         except (KeyError, TypeError):