forked from seba/servefile
Added support to generate self signed certs
This commit is contained in:
parent
afe666db91
commit
6820011c67
61
servefile
61
servefile
|
@ -266,8 +266,12 @@ class SecureThreadedHTTPServer(ThreadedHTTPServer):
|
|||
def __init__(self, pubKey, privKey, *args, **kwargs):
|
||||
ThreadedHTTPServer.__init__(self, *args, **kwargs)
|
||||
ctx = SSL.Context(SSL.SSLv23_METHOD)
|
||||
ctx.use_certificate_file(pubKey)
|
||||
ctx.use_privatekey_file(privKey)
|
||||
if type(pubKey) == crypto.X509 and type(privKey) == crypto.PKey:
|
||||
ctx.use_certificate(pubKey)
|
||||
ctx.use_privatekey(privKey)
|
||||
else:
|
||||
ctx.use_certificate_file(pubKey)
|
||||
ctx.use_privatekey_file(privKey)
|
||||
|
||||
self.bsocket = socket.socket(self.address_family, self.socket_type)
|
||||
self.socket = SSL.Connection(ctx, self.bsocket)
|
||||
|
@ -298,7 +302,7 @@ class ServeFile():
|
|||
self.serveMode = serveMode
|
||||
self.dirCreated = False
|
||||
self.useSSL = useSSL
|
||||
self.certPath = self.keyPath = None
|
||||
self.cert = self.key = None
|
||||
|
||||
if self.serveMode not in range(3):
|
||||
self.serveMode = None
|
||||
|
@ -334,19 +338,58 @@ class ServeFile():
|
|||
return ips
|
||||
return None
|
||||
|
||||
def setupSSLKeys(self, cert, key):
|
||||
self.certPath = cert
|
||||
self.keyPath = key
|
||||
def setSSLKeys(self, cert, key):
|
||||
""" Set SSL cert/key. Can be either path to file or pyssl X509/PKey object. """
|
||||
self.cert = cert
|
||||
self.key = key
|
||||
|
||||
def genKeyPair(self):
|
||||
pkey = crypto.PKey()
|
||||
pkey.generate_key(crypto.TYPE_RSA, 2048)
|
||||
|
||||
req = crypto.X509Req()
|
||||
subj = req.get_subject()
|
||||
subj.CN = "127.0.0.1"
|
||||
subj.O = "servefile laboratories"
|
||||
subj.OU = "servefile"
|
||||
|
||||
# generate altnames
|
||||
altNames = []
|
||||
for ip in self.getIPs() + ["127.0.0.1"]:
|
||||
altNames.append("IP:%s" % ip)
|
||||
altNames.append("DNS:localhost")
|
||||
ext = crypto.X509Extension("subjectAltName", False, ",".join(altNames))
|
||||
req.add_extensions([ext])
|
||||
|
||||
req.set_pubkey(pkey)
|
||||
req.sign(pkey, "sha1")
|
||||
|
||||
cert = crypto.X509()
|
||||
# some browsers complain if they see a cert from the same authority
|
||||
# with the same serial ==> we just use the seconds as serial.
|
||||
cert.set_serial_number(int(time.time()))
|
||||
cert.gmtime_adj_notBefore(0)
|
||||
cert.gmtime_adj_notAfter(365*24*60*60)
|
||||
cert.set_issuer(req.get_subject())
|
||||
cert.set_subject(req.get_subject())
|
||||
cert.add_extensions([ext])
|
||||
cert.set_pubkey(req.get_pubkey())
|
||||
cert.sign(pkey, "sha1")
|
||||
|
||||
self.cert = cert
|
||||
self.key = pkey
|
||||
|
||||
def _getCert(self):
|
||||
return self.certPath
|
||||
return self.cert
|
||||
|
||||
def _getKey(self):
|
||||
return self.keyPath
|
||||
return self.key
|
||||
|
||||
def _createServer(self, handler):
|
||||
server = None
|
||||
if self.useSSL:
|
||||
if not self._getKey():
|
||||
self.genKeyPair()
|
||||
server = SecureThreadedHTTPServer(self._getCert(), self._getKey(), ('', self.port), handler)
|
||||
else:
|
||||
server = ThreadedHTTPServer(('', self.port), handler)
|
||||
|
@ -458,7 +501,7 @@ def main():
|
|||
server = ServeFile(args.target, args.port, mode, args.ssl)
|
||||
if args.ssl and args.key:
|
||||
cert = args.cert or args.key
|
||||
server.setupSSLKeys(cert, args.key)
|
||||
server.setSSLKeys(cert, args.key)
|
||||
server.serve()
|
||||
except ServeFileException, e:
|
||||
print e
|
||||
|
|
Loading…
Reference in New Issue