fixed TLS-PSK example code issue zabbix#7 by using built-in SSL features for Python 3.13+

Author: aiantsen

examples/get/asynchronous/tls_psk_context.py

@@ -0,0 +1,71 @@
+# Copyright (C) 2001-2023 Zabbix SIA
+#
+# Zabbix SIA licenses this file to you under the MIT License.
+# See the LICENSE file in the project root for more information.
+
+import ssl
+import asyncio
+from zabbix_utils import AsyncGetter
+
+# !!! IMPORTANT
+# The code example below is supported only from Python version 3.13 onwards.
+
+# Pre-Shared Key (PSK) and PSK Identity
+PSK_KEY = bytes.fromhex('608b0a0049d41fdb35a824ef0a227f24e5099c60aa935e803370a961c937d6f7')
+PSK_IDENTITY = b'PSKID'
+
+# Zabbix agent parameters
+ZABBIX_AGENT = "127.0.0.1"
+ZABBIX_PORT = 10050
+
+
+# Create and configure an SSL context for secure communication with the Zabbix server.
+def custom_context(*args, **kwargs) -> ssl.SSLContext:
+ # Create an SSL context for TLS client
+ context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+
+ # Disable hostname verification
+ context.check_hostname = False
+
+ # Set the verification mode to require a valid certificate
+ context.verify_mode = ssl.CERT_NONE
+
+ # Set the maximum allowed version of the TLS protocol to TLS 1.2
+ context.maximum_version = ssl.TLSVersion.TLSv1_2
+
+ # Set the ciphers to use for the connection
+ context.set_ciphers('PSK')
+
+ # Set up the callback function to provide the PSK and identity when requested
+ context.set_psk_client_callback(lambda hint: (PSK_IDENTITY, PSK_KEY))
+
+ # Return the customized SSL context
+ return context
+
+
+async def main():
+ """
+ The main function to perform asynchronous tasks.
+ """
+
+ # Create a AsyncGetter instance with a custom SSL context
+ agent = AsyncGetter(
+ host=ZABBIX_AGENT,
+ port=ZABBIX_PORT,
+ ssl_context=custom_context
+ )
+
+ # Send a Zabbix agent query for system information (e.g., uname)
+ resp = await agent.get('system.uname')
+
+ # Check if there was an error in the response
+ if resp.error:
+ # Print the error message
+ print("An error occurred while trying to get the value:", resp.error)
+ else:
+ # Print the value obtained for the specified item key item
+ print("Received value:", resp.value)
+
+
+# Run the main coroutine
+asyncio.run(main())

examples/get/synchronous/psk_wrapper.py

@@ -6,13 +6,21 @@
 import ssl
 from zabbix_utils import Getter
 
+# !!! IMPORTANT
+# The following code example is supposed to be used with Python up to the 3.12 version.
+# Starting with Python 3.13, TLS-PSK is supported by the built-in ssl module.
+
 # Try importing sslpsk3, fall back to sslpsk2 if not available
 try:
  import sslpsk3 as sslpsk
 except ImportError:
  # Import sslpsk2 if sslpsk3 is not available
  import sslpsk2 as sslpsk
 
+# Zabbix agent parameters
+ZABBIX_AGENT = "127.0.0.1"
+ZABBIX_PORT = 10050
+
 
 # PSK wrapper function for SSL connection
 def psk_wrapper(sock):
@@ -29,10 +37,6 @@ def psk_wrapper(sock):
  )
 
 
-# Zabbix agent parameters
-ZABBIX_AGENT = "127.0.0.1"
-ZABBIX_PORT = 10050
-
 # Create a Getter instance with PSK support
 agent = Getter(
  host=ZABBIX_AGENT,

examples/get/synchronous/tls_psk_wrapper.py

@@ -0,0 +1,61 @@
+# Copyright (C) 2001-2023 Zabbix SIA
+#
+# Zabbix SIA licenses this file to you under the MIT License.
+# See the LICENSE file in the project root for more information.
+
+import ssl
+from zabbix_utils import Getter
+
+# !!! IMPORTANT
+# The code example below is supported only from Python version 3.13 onwards.
+
+# Zabbix agent parameters
+ZABBIX_AGENT = "127.0.0.1"
+ZABBIX_PORT = 10050
+
+
+# PSK wrapper function for SSL connection
+def psk_wrapper(sock):
+ # Pre-Shared Key (PSK) and PSK Identity
+ psk = bytes.fromhex('608b0a0049d41fdb35a824ef0a227f24e5099c60aa935e803370a961c937d6f7')
+ psk_identity = b'PSKID'
+
+ # Create an SSL context for TLS client
+ context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+
+ # Disable hostname verification
+ context.check_hostname = False
+
+ # Set the verification mode to require a valid certificate
+ context.verify_mode = ssl.CERT_NONE
+
+ # Set the maximum allowed version of the TLS protocol to TLS 1.2
+ context.maximum_version = ssl.TLSVersion.TLSv1_2
+
+ # Set the ciphers to use for the connection
+ context.set_ciphers('PSK')
+
+ # Set up the callback function to provide the PSK and identity when requested
+ context.set_psk_client_callback(lambda hint: (psk_identity, psk))
+
+ # Wrap the socket to establish an SSL connection with PSK
+ return context.wrap_socket(sock)
+
+
+# Create a Getter instance with PSK support
+agent = Getter(
+ host=ZABBIX_AGENT,
+ port=ZABBIX_PORT,
+ socket_wrapper=psk_wrapper
+)
+
+# Send a Zabbix agent query for system information (e.g., uname)
+resp = agent.get('system.uname')
+
+# Check if there was an error in the response
+if resp.error:
+ # Print the error message
+ print("An error occurred while trying to get the value:", resp.error)
+else:
+ # Print the value obtained for the specified item key item
+ print("Received value:", resp.value)

examples/sender/asynchronous/tls_psk_context.py

@@ -0,0 +1,71 @@
+# Copyright (C) 2001-2023 Zabbix SIA
+#
+# Zabbix SIA licenses this file to you under the MIT License.
+# See the LICENSE file in the project root for more information.
+
+import ssl
+import asyncio
+from zabbix_utils import AsyncSender
+
+# !!! IMPORTANT
+# The code example below is supported only from Python version 3.13 onwards.
+
+# Zabbix server details
+ZABBIX_SERVER = "zabbix-server.example.com"
+ZABBIX_PORT = 10051
+
+# Pre-Shared Key (PSK) and PSK Identity
+PSK_KEY = bytes.fromhex('608b0a0049d41fdb35a824ef0a227f24e5099c60aa935e803370a961c937d6f7')
+PSK_IDENTITY = b'PSKID'
+
+
+# Create and configure an SSL context for secure communication with the Zabbix server.
+def custom_context(*args, **kwargs) -> ssl.SSLContext:
+ # Create an SSL context for TLS client
+ context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+
+ # Disable hostname verification
+ context.check_hostname = False
+
+ # Set the verification mode to require a valid certificate
+ context.verify_mode = ssl.CERT_NONE
+
+ # Set the maximum allowed version of the TLS protocol to TLS 1.2
+ context.maximum_version = ssl.TLSVersion.TLSv1_2
+
+ # Set the ciphers to use for the connection
+ context.set_ciphers('PSK')
+
+ # Set up the callback function to provide the PSK and identity when requested
+ context.set_psk_client_callback(lambda hint: (PSK_IDENTITY, PSK_KEY))
+
+ # Return the customized SSL context
+ return context
+
+
+async def main():
+ """
+ The main function to perform asynchronous tasks.
+ """
+
+ # Create an instance of AsyncSender with a custom SSL context
+ sender = AsyncSender(
+ server=ZABBIX_SERVER,
+ port=ZABBIX_PORT,
+ ssl_context=custom_context
+ )
+
+ # Send a value to a Zabbix server/proxy with specified parameters
+ # Parameters: (host, key, value, clock, ns)
+ response = await sender.send_value('host', 'item.key', 'value', 1695713666, 30)
+
+ # Check if the value sending was successful
+ if response.failed == 0:
+ # Print a success message along with the response time
+ print(f"Value sent successfully in {response.time}")
+ else:
+ # Print a failure message
+ print("Failed to send value")
+
+# Run the main coroutine
+asyncio.run(main())

examples/sender/asynchronous/tls_psk_context_from_config.py

@@ -0,0 +1,79 @@
+# Copyright (C) 2001-2023 Zabbix SIA
+#
+# Zabbix SIA licenses this file to you under the MIT License.
+# See the LICENSE file in the project root for more information.
+
+import ssl
+import asyncio
+from zabbix_utils import AsyncSender
+
+# !!! IMPORTANT
+# The code example below is supported only from Python version 3.13 onwards.
+
+# Zabbix server details
+ZABBIX_SERVER = "zabbix-server.example.com"
+ZABBIX_PORT = 10051
+
+
+# Create and configure an SSL context for secure communication with the Zabbix server.
+def custom_context(config) -> ssl.SSLContext:
+ psk = None
+
+ # Try to get PSK key and identity
+ psk_identity = config.get('tlspskidentity').encode('utf-8')
+ psk_file = config.get('tlspskfile')
+
+ # Read PSK from file if specified
+ if psk_file:
+ with open(psk_file, encoding='utf-8') as f:
+ psk = bytes.fromhex(f.read())
+
+ # Create an SSL context for TLS client
+ context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+
+ # Disable hostname verification
+ context.check_hostname = False
+
+ # Set the verification mode to require a valid certificate
+ context.verify_mode = ssl.CERT_NONE
+
+ # Set the maximum allowed version of the TLS protocol to TLS 1.2
+ context.maximum_version = ssl.TLSVersion.TLSv1_2
+
+ # Set the ciphers to use for the connection
+ context.set_ciphers('PSK')
+
+ # Set up the callback function to provide the PSK and identity when requested
+ context.set_psk_client_callback(lambda hint: (psk_identity, psk))
+
+ # Return the customized SSL context
+ return context
+
+
+async def main():
+ """
+ The main function to perform asynchronous tasks.
+ """
+
+ # Create an instance of AsyncSender with a custom SSL context
+ sender = AsyncSender(
+ server=ZABBIX_SERVER,
+ port=ZABBIX_PORT,
+ use_config=True,
+ ssl_context=custom_context
+ )
+
+ # Send a value to a Zabbix server/proxy with specified parameters
+ # Parameters: (host, key, value, clock, ns)
+ response = await sender.send_value('host', 'item.key', 'value', 1695713666, 30)
+
+ # Check if the value sending was successful
+ if response.failed == 0:
+ # Print a success message along with the response time
+ print(f"Value sent successfully in {response.time}")
+ else:
+ # Print a failure message
+ print("Failed to send value")
+
+# Run the main coroutine
+asyncio.run(main())

examples/sender/synchronous/psk_wrapper.py

@@ -6,6 +6,10 @@
 import ssl
 from zabbix_utils import Sender
 
+# !!! IMPORTANT
+# The following code example is supposed to be used with Python up to the 3.12 version.
+# Starting with Python 3.13, TLS-PSK is supported by the built-in ssl module.
+
 # Try importing sslpsk3, fall back to sslpsk2 if not available
 try:
  import sslpsk3 as sslpsk
@@ -15,7 +19,7 @@
 
 
 # PSK wrapper function for SSL connection
-def psk_wrapper(sock, tls):
+def psk_wrapper(sock, *args, **kwargs):
  # Pre-Shared Key (PSK) and PSK Identity
  psk = bytes.fromhex('608b0a0049d41fdb35a824ef0a227f24e5099c60aa935e803370a961c937d6f7')
  psk_identity = b'PSKID'