Add thumbprint parameter to Connect.

Add thumbprint parameter to Connect method with default None. Allows thumbprint of connection target to be validated against certificate. SoapStubAdapter already provides a thumbprint parameter. When provided and thumbprint does not match the SoapStubAdapter raises and exception. When the thumbprint matches (or if no thumbprint is provided) then the connection succeeds. This change simply exposes the parameter through Connect and __Login methods.
2015-11-09 13:23:00 -08:00
parent b478073d11
commit 03349bada4
1 changed files with 13 additions and 5 deletions
--- a/pyVim/connect.py
+++ b/pyVim/connect.py
@@ -177,7 +177,7 @@ class VimSessionOrientedStub(SessionOrientedStub):

 def Connect(host='localhost', port=443, user='root', pwd='',
            service="hostd", adapter="SOAP", namespace=None, path="/sdk",
-            version=None, keyFile=None, certFile=None,
+            version=None, keyFile=None, certFile=None, thumbprint=None,
            sslContext=None):
   """
   Connect to the specified server, login and return the service
@@ -212,6 +212,8 @@ def Connect(host='localhost', port=443, user='root', pwd='',
   @type  keyFile: string
   @param certFile: ssl cert file path
   @type  certFile: string
+   @param thumbprint: host cert thumbprint
+   @type  thumbprint: string
   @param sslContext: SSL Context describing the various SSL options. It is only
                      supported in Python 2.7.9 or higher.
   @type  sslContext: SSL.Context
@@ -233,7 +235,7 @@ def Connect(host='localhost', port=443, user='root', pwd='',
   elif not version:
      version="vim.version.version6"
   si, stub = __Login(host, port, user, pwd, service, adapter, version, path,
-                      keyFile, certFile, sslContext)
+                      keyFile, certFile, thumbprint, sslContext)
   SetSi(si)

   return si
@@ -268,7 +270,7 @@ def GetLocalTicket(si, user):
 ## connected service instance object.

 def __Login(host, port, user, pwd, service, adapter, version, path,
-            keyFile, certFile, sslContext):
+            keyFile, certFile, thumbprint, sslContext):
   """
   Private method that performs the actual Connect and returns a
   connected service instance object.
@@ -293,6 +295,8 @@ def __Login(host, port, user, pwd, service, adapter, version, path,
   @type  keyFile: string
   @param certFile: ssl cert file path
   @type  certFile: string
+   @param thumbprint: host cert thumbprint
+   @type  thumbprint: string
   @param sslContext: SSL Context describing the various SSL options. It is only
                      supported in Python 2.7.9 or higher.
   @type  sslContext: SSL.Context
@@ -304,7 +308,8 @@ def __Login(host, port, user, pwd, service, adapter, version, path,

   # Create the SOAP stub adapter
   stub = SoapStubAdapter(host, port, version=version, path=path,
-                          certKeyFile=keyFile, certFile=certFile, sslContext=sslContext)
+                          certKeyFile=keyFile, certFile=certFile,
+                          thumbprint=thumbprint, sslContext=sslContext)

   # Get Service instance
   si = vim.ServiceInstance("ServiceInstance", stub)
@@ -558,7 +563,7 @@ def __FindSupportedVersion(protocol, server, port, path, preferredApiVersions, s

 def SmartConnect(protocol='https', host='localhost', port=443, user='root', pwd='',
                 service="hostd", path="/sdk",
-                 preferredApiVersions=None, sslContext=None):
+                 preferredApiVersions=None, thumbprint=None, sslContext=None):
   """
   Determine the most preferred API version supported by the specified server,
   then connect to the specified server using that API version, login and return
@@ -591,6 +596,8 @@ def SmartConnect(protocol='https', host='localhost', port=443, user='root', pwd=
                                specified, the list of versions support by pyVmomi will
                                be used.
   @type  preferredApiVersions: string or string list
+   @param thumbprint: host cert thumbprint
+   @type  thumbprint: string
   @param sslContext: SSL Context describing the various SSL options. It is only
                      supported in Python 2.7.9 or higher.
   @type  sslContext: SSL.Context
@@ -618,6 +625,7 @@ def SmartConnect(protocol='https', host='localhost', port=443, user='root', pwd=
                  adapter='SOAP',
                  version=supportedVersion,
                  path=path,
+                  thumbprint=thumbprint,
                  sslContext=sslContext)

 def OpenUrlWithBasicAuth(url, user='root', pwd=''):