search

home-assistant / core

:house_with_garden: Open source home automation that puts local control and privacy first.
https://www.home-assistant.io
Apache License 2.0
69.79k stars 28.93k forks source link

Epson Printer - Missing SSL #84070

Closed cociweb closed 2 months ago

cociweb commented 1 year ago

The problem

The problem is exactly the same as it was in #24035 years ago. Nowadays, the HTTP is highly not recommend insted of forcing the HTTPS. As the most of the devices support (and recommended) to use HTTPS even on LAN as well. So the provided workarounds in #24035 are not satisfactory and cannot be accepted as a solution to request insecure HTTP communication by device. If the SSL validation is not feasible for various reasons (unknown/various CA provider, various ssl versions, etc), as an interim/partial solution could be to ommit the ssl validation, but ssl (HTTPS) should be definitelly supported.

What version of Home Assistant Core has the issue?

N/A

What was the last working version of Home Assistant Core?

N/A

What type of installation are you running?

Home Assistant OS

Integration causing the issue

epsonworkforce

Link to integration documentation on our website

https://www.home-assistant.io/integrations/epsonworkforce

Diagnostics information

No response

Example YAML snippet

sensor:
   - platform: epsonworkforce
     host: IP_ADDRESS
     monitored_conditions:
     - black
     - photoblack
     - yellow
     - magenta
     - cyan
     - clean

Anything in the logs that might be useful for us?

Platform epsonworkforce not ready yet: None; Retrying in background in 30 seconds

Additional information

No response

home-assistant[bot] commented 1 year ago

Hey there @thastealth, mind taking a look at this issue as it has been labeled with an integration (epsonworkforce) you are listed as a code owner for? Thanks!

Code owner commands Code owners of `epsonworkforce` can trigger bot actions by commenting: - `@home-assistant close` Closes the issue. - `@home-assistant rename Awesome new title` Change the title of the issue. - `@home-assistant reopen` Reopen the issue. - `@home-assistant unassign epsonworkforce` Removes the current integration label and assignees on the issue, add the integration domain after the command.

(message by CodeOwnersMention)

epsonworkforce documentation epsonworkforce source (message by IssueLinks)

oracleguy commented 1 year ago

It looks like the python library this integration is based on is no longer available on GitHub which will make it more difficult to fix. The integration itself is pretty thin with most of the work being done in the Python library EpsonPrinterAPI. The owner hasn't responded to issues in a long time on this integration and they also had the Python package.

The changes to fix this issue would need to happen in that library or change the integration to do something different. The source for the library is available on PyPi and it is MIT licensed.

fredtj commented 1 year ago

seems urllib is following the redirect from http to https, but choking on ssl certificate validation.

the below should help towards a fix. not sure how to proceed but maybe it will help someone. perhaps the api can be included in the integration since its only 50 odd lines.

changed lines: 1, 9-12 and 49

epsonprinterapi.py

import ssl
import urllib.request
from bs4 import BeautifulSoup

class EpsonPrinterAPI(object):
    def __init__(self, ip, verify_ssl=True):
        """Initialize the link to the printer status page."""
        self._resource = "http://" + ip + "/PRESENTATION/HTML/TOP/PRTINFO.HTML"
        self.ctx = ssl.create_default_context()
        if not verify_ssl:
            self.ctx.check_hostname = False
            self.ctx.verify_mode = ssl.CERT_NONE
        self.available = True
        self.soup = None
        self.update()

    def getSensorValue(self, sensor):
        """To make it the user easier to configure the cartridge type."""
        if sensor == "black":
            sensorCorrected = "BK"
        elif sensor == "photoblack":
            sensorCorrected = "PB"
        elif sensor == "magenta":
            sensorCorrected = "M"
        elif sensor == "cyan":
            sensorCorrected = "C"
        elif sensor == "yellow":
            sensorCorrected = "Y"
        elif sensor == "clean":
            sensorCorrected = "Waste"
        else:
            return 0;

        try:
            for li in self.soup.find_all("li", class_="tank"):
                if sensorCorrected == "Waste":
                    div = li.find("div", class_="mbicn")
                else:
                    div = li.find("div", class_="clrname")

                if div != None and (div.contents[0] == sensorCorrected or sensorCorrected == "Waste"):
                    return int(li.find("div", class_="tank").findChild()["height"]) * 2
        except Exception as e:
            return 0

    def update(self):
        try:
            """Just fetch the HTML page."""
            response = urllib.request.urlopen(self._resource, context=self.ctx)
            data = response.read()
            response.close()

            self.soup = BeautifulSoup(data, "html.parser")
            self.available = True
        except Exception as e:
            self.available = False

https://github.com/home-assistant/core/blob/2d3c5cf8eef7f2b653098fe0b90a73feb2b02052/homeassistant/components/epsonworkforce/sensor.py#L14

change to from homeassistant.const import CONF_HOST, CONF_MONITORED_CONDITIONS, CONF_VERIFY_SSL, PERCENTAGE

https://github.com/home-assistant/core/blob/2d3c5cf8eef7f2b653098fe0b90a73feb2b02052/homeassistant/components/epsonworkforce/sensor.py#L63

add below vol.Optional(CONF_VERIFY_SSL, default=True): cv.boolean,

https://github.com/home-assistant/core/blob/2d3c5cf8eef7f2b653098fe0b90a73feb2b02052/homeassistant/components/epsonworkforce/sensor.py#L79

add below verify_ssl = config.get(CONF_VERIFY_SSL)

https://github.com/home-assistant/core/blob/2d3c5cf8eef7f2b653098fe0b90a73feb2b02052/homeassistant/components/epsonworkforce/sensor.py#L81

change to api = EpsonPrinterAPI(host, verify_ssl)

thanks

issue-triage-workflows[bot] commented 1 year ago

There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates. Please make sure to update to the latest Home Assistant version and check if that solves the issue. Let us know if that works for you by adding a comment 👍 This issue has now been marked as stale and will be closed if no further activity occurs. Thank you for your contributions.

cociweb commented 1 year ago

Dear Bot, coud you please keep it open for any wayfarer? - thanks!

matlar83 commented 11 months ago

Same issue with Epson ET-4850, even if the page http:///PRESENTATION/HTML/TOP/PRTINFO.HTML is working, of course after redirect to https version.

issue-triage-workflows[bot] commented 8 months ago

There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates. Please make sure to update to the latest Home Assistant version and check if that solves the issue. Let us know if that works for you by adding a comment 👍 This issue has now been marked as stale and will be closed if no further activity occurs. Thank you for your contributions.

cociweb commented 8 months ago

bump

ThaStealth commented 8 months ago

I (creator) don’t own this printer anymore and am no longer able to support this package. Feel free to fork it

edenhaus commented 6 months ago

I (creator) don’t own this printer anymore and am no longer able to support this package. Feel free to fork it

@ThaStealth You should open a PR, where you remove yourself as code owner, so the bot will not ping you anymore

cociweb commented 6 months ago

So @edenhaus, you mean ADR is superor than closing security hole (with keeping backward compatibility?). Alternativelly, there was a possibility to ommit the parameter. ..Wrong direction in my opinion. To minimalise my efforts (from my freetime), I will leave this integration away and I'll move my work to custom hacs for myself and keep the security hole as it is.... Grat!

DemianTinkiel commented 5 months ago

I'm also interested in this fix as I put a cert signed by (my own) CA to allow HTTPS. @cociweb will you put this in your custom hacs?

cociweb commented 5 months ago

So your self signed CA is uploaded onto your Printer? In this case you need to upload your ssl pair to your HA to get a VALIDATED secured line. Otherwise it will be just an 'encrypted' line. You won't have enough trust that the encrypted line is truly your encrypted line. But of course, with my forked, custom hacs (and with proper parameters) you can get the validated and the untrusted (but secured) and ofc. the legacy plain http version too.

issue-triage-workflows[bot] commented 2 months ago

There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates. Please make sure to update to the latest Home Assistant version and check if that solves the issue. Let us know if that works for you by adding a comment 👍 This issue has now been marked as stale and will be closed if no further activity occurs. Thank you for your contributions.

joostlek commented 2 months ago

Issue can be closed as the integration has been removed as it didn't meet our guidelines.