Added support to generate self signed certs

This commit is contained in:
Sebastian Lohff 2012-04-16 14:51:12 +02:00
parent afe666db91
commit 6820011c67
1 changed files with 52 additions and 9 deletions

View File

@ -266,8 +266,12 @@ class SecureThreadedHTTPServer(ThreadedHTTPServer):
def __init__(self, pubKey, privKey, *args, **kwargs):
ThreadedHTTPServer.__init__(self, *args, **kwargs)
ctx = SSL.Context(SSL.SSLv23_METHOD)
ctx.use_certificate_file(pubKey)
ctx.use_privatekey_file(privKey)
if type(pubKey) == crypto.X509 and type(privKey) == crypto.PKey:
ctx.use_certificate(pubKey)
ctx.use_privatekey(privKey)
else:
ctx.use_certificate_file(pubKey)
ctx.use_privatekey_file(privKey)
self.bsocket = socket.socket(self.address_family, self.socket_type)
self.socket = SSL.Connection(ctx, self.bsocket)
@ -298,7 +302,7 @@ class ServeFile():
self.serveMode = serveMode
self.dirCreated = False
self.useSSL = useSSL
self.certPath = self.keyPath = None
self.cert = self.key = None
if self.serveMode not in range(3):
self.serveMode = None
@ -334,19 +338,58 @@ class ServeFile():
return ips
return None
def setupSSLKeys(self, cert, key):
self.certPath = cert
self.keyPath = key
def setSSLKeys(self, cert, key):
""" Set SSL cert/key. Can be either path to file or pyssl X509/PKey object. """
self.cert = cert
self.key = key
def genKeyPair(self):
pkey = crypto.PKey()
pkey.generate_key(crypto.TYPE_RSA, 2048)
req = crypto.X509Req()
subj = req.get_subject()
subj.CN = "127.0.0.1"
subj.O = "servefile laboratories"
subj.OU = "servefile"
# generate altnames
altNames = []
for ip in self.getIPs() + ["127.0.0.1"]:
altNames.append("IP:%s" % ip)
altNames.append("DNS:localhost")
ext = crypto.X509Extension("subjectAltName", False, ",".join(altNames))
req.add_extensions([ext])
req.set_pubkey(pkey)
req.sign(pkey, "sha1")
cert = crypto.X509()
# some browsers complain if they see a cert from the same authority
# with the same serial ==> we just use the seconds as serial.
cert.set_serial_number(int(time.time()))
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(365*24*60*60)
cert.set_issuer(req.get_subject())
cert.set_subject(req.get_subject())
cert.add_extensions([ext])
cert.set_pubkey(req.get_pubkey())
cert.sign(pkey, "sha1")
self.cert = cert
self.key = pkey
def _getCert(self):
return self.certPath
return self.cert
def _getKey(self):
return self.keyPath
return self.key
def _createServer(self, handler):
server = None
if self.useSSL:
if not self._getKey():
self.genKeyPair()
server = SecureThreadedHTTPServer(self._getCert(), self._getKey(), ('', self.port), handler)
else:
server = ThreadedHTTPServer(('', self.port), handler)
@ -458,7 +501,7 @@ def main():
server = ServeFile(args.target, args.port, mode, args.ssl)
if args.ssl and args.key:
cert = args.cert or args.key
server.setupSSLKeys(cert, args.key)
server.setSSLKeys(cert, args.key)
server.serve()
except ServeFileException, e:
print e