Testers with HomeMatic CCU3 needed (Authentication + SSL support)

Third party integrations
1

Hi,

I have started adding support for authentication and SSL to pyhomematic (the library the homematic component is using). Authentication and SSL however is not available on my CCU2, so I need someone with a CCU3 to verify that my code actually works like it should.

What I need one or more persons to do:

  1. Install pyhomematic manually (pip3 install pyhomematic)
  2. Replace the _hm.py of the now installed pyhomematic with this (the exact location depends on your system, but it’s usually within a folder called site-packages)
  3. Use this script as a template to test different configurations

Testing

In the script you’ll find this section:

DEVICE = "KEQ1234567:1"
PARAMETER = "STATE"
CONNECTIONDATA = {
    "ccu3test": {
        "ip": "192.168.1.23",
        "port": 2001,
        #"username": "",
        #"password": "",
        #"ssl": False,
        #"verify_ssl": False,
    }
}

In any case you have to change the value of DEVICE and PARAMETER to something you actually have. The example code would work for a HM-Sec-SC-2 binary sensor. A switch with at least one channel would work too. Basically anything we can get a value from. The UI of the CCU has a list with devices, and there you can also find the parameters and their channels.

The more important part is what you set in CONNECTIONDATA though.
With the data in the script (of course replace the IP first) you should be able to connect to your CCU3 if authentication and SSL are disabled. When executing the script the last line of the output should print out the value of whatever parameter you have configured above.

What I need someone to test:

  1. Enable authentication on the CCU3 for the XML-RPC API, try the script again. It should fail.
  2. With authentication enabled, add the username and password to CONNECTIONDATA and try again (uncomment those lines too). It should succeed.
  3. Enable SSL on your CCU3, uncomment ssl and verify_ssl. Leave the values as they are. As far as I know the SSL-ports on the CCU3 are prepended with a 4. So 42001 would be the port you have to set for regular wireless devices. It should succeed.
  4. a) Assuming you are using a self-signed certificate, set the value of verify_ssl to True and try again. It should fail.
    b) If your certificate is trusted (I don’t know if the CCU3 even supports importing certificates though) and verify_ssl is set to True, the same test should succeed.

I’d be thankful if somebody could perform these tests for me. If I did everything correctly, you’ll be able to make your setup quite a bit more secure in an upcoming release. :slight_smile:

EDIT:
I have managed to verify SSL is working already. So now I only need someone to test that authentication is working properly.

2

Hi,

just managed to test and verify SSL, non-verify SSL and auth’ed XML API with a “real” (eq-3 boxed and untampered w/ original firmware) CCU3:

Enabled auth in ccu3, but no creds provided in script yields HTTP/401:

Summary 
$ python3 pyhomematic_ccu3.py
DEBUG:pyhomematic.connection:HMConnection: Creating server object
DEBUG:pyhomematic._hm:ServerThread.__init__
DEBUG:pyhomematic._hm:__init__: Creating proxies
INFO:pyhomematic._hm:Creating proxy ccu3test. Connecting to 10.0.0.2:42001
DEBUG:pyhomematic._hm:LockingServerProxy.__init__: Getting local ip
DEBUG:pyhomematic._hm:LockingServerProxy.__init__: Got local ip 10.0.0.3
DEBUG:pyhomematic._hm:RPCFunctions.__init__
DEBUG:pyhomematic._hm:RPCFunctions.__init__: iterating proxy = pyhomematic-ccu3test
DEBUG:pyhomematic._hm:RPCFunctions.__init__: devices_raw = []
DEBUG:pyhomematic._hm:RPCFunctions.createDeviceObjects: iterating interface_id = ccu3test
DEBUG:pyhomematic._hm:ServerThread.__init__: Setting up server
DEBUG:pyhomematic._hm:ServerThread.__init__: Registering RPC functions
Traceback (most recent call last):
  File "pyhomematic_ccu3.py", line 20, in <module>
    print (connection._server.proxies["pyhomematic-ccu3test"].getValue(DEVICE, PARAMETER))
  File "/usr/lib/python3.5/xmlrpc/client.py", line 1092, in __call__
    return self.__send(self.__name, args)
  File "/srv/homeassistant/lib/python3.5/site-packages/pyhomematic/_hm.py", line 461, in __request
    return parent._ServerProxy__request(self, *args, **kwargs)
  File "/usr/lib/python3.5/xmlrpc/client.py", line 1432, in __request
    verbose=self.__verbose
  File "/usr/lib/python3.5/xmlrpc/client.py", line 1134, in request
    return self.single_request(host, handler, request_body, verbose)
  File "/usr/lib/python3.5/xmlrpc/client.py", line 1167, in single_request
    dict(resp.getheaders())
xmlrpc.client.ProtocolError: <ProtocolError for 10.0.0.2:42001/RPC2: 401 Unauthorized>

And with enabled and filled-in credentials: SUCCESS!

$ python3 pyhomematic_ccu3.py
DEBUG:pyhomematic.connection:HMConnection: Creating server object
DEBUG:pyhomematic._hm:ServerThread.__init__
DEBUG:pyhomematic._hm:__init__: Creating proxies
INFO:pyhomematic._hm:Creating proxy ccu3test. Connecting to 10.0.0.2:42001
DEBUG:pyhomematic._hm:LockingServerProxy.__init__: Getting local ip
DEBUG:pyhomematic._hm:LockingServerProxy.__init__: Got local ip 10.0.0.3
DEBUG:pyhomematic._hm:RPCFunctions.__init__
DEBUG:pyhomematic._hm:RPCFunctions.__init__: iterating proxy = pyhomematic-ccu3test
DEBUG:pyhomematic._hm:RPCFunctions.__init__: devices_raw = []
DEBUG:pyhomematic._hm:RPCFunctions.createDeviceObjects: iterating interface_id = ccu3test
DEBUG:pyhomematic._hm:ServerThread.__init__: Setting up server
DEBUG:pyhomematic._hm:ServerThread.__init__: Registering RPC functions
Device: OEQ0123456:1  STATE: False

Good Job, D.! :slight_smile:

1 Like