Added support to generate self signed certs
This commit is contained in:
parent
afe666db91
commit
6820011c67
57
servefile
57
servefile
|
@ -266,6 +266,10 @@ class SecureThreadedHTTPServer(ThreadedHTTPServer):
|
||||||
def __init__(self, pubKey, privKey, *args, **kwargs):
|
def __init__(self, pubKey, privKey, *args, **kwargs):
|
||||||
ThreadedHTTPServer.__init__(self, *args, **kwargs)
|
ThreadedHTTPServer.__init__(self, *args, **kwargs)
|
||||||
ctx = SSL.Context(SSL.SSLv23_METHOD)
|
ctx = SSL.Context(SSL.SSLv23_METHOD)
|
||||||
|
if type(pubKey) == crypto.X509 and type(privKey) == crypto.PKey:
|
||||||
|
ctx.use_certificate(pubKey)
|
||||||
|
ctx.use_privatekey(privKey)
|
||||||
|
else:
|
||||||
ctx.use_certificate_file(pubKey)
|
ctx.use_certificate_file(pubKey)
|
||||||
ctx.use_privatekey_file(privKey)
|
ctx.use_privatekey_file(privKey)
|
||||||
|
|
||||||
|
@ -298,7 +302,7 @@ class ServeFile():
|
||||||
self.serveMode = serveMode
|
self.serveMode = serveMode
|
||||||
self.dirCreated = False
|
self.dirCreated = False
|
||||||
self.useSSL = useSSL
|
self.useSSL = useSSL
|
||||||
self.certPath = self.keyPath = None
|
self.cert = self.key = None
|
||||||
|
|
||||||
if self.serveMode not in range(3):
|
if self.serveMode not in range(3):
|
||||||
self.serveMode = None
|
self.serveMode = None
|
||||||
|
@ -334,19 +338,58 @@ class ServeFile():
|
||||||
return ips
|
return ips
|
||||||
return None
|
return None
|
||||||
|
|
||||||
def setupSSLKeys(self, cert, key):
|
def setSSLKeys(self, cert, key):
|
||||||
self.certPath = cert
|
""" Set SSL cert/key. Can be either path to file or pyssl X509/PKey object. """
|
||||||
self.keyPath = key
|
self.cert = cert
|
||||||
|
self.key = key
|
||||||
|
|
||||||
|
def genKeyPair(self):
|
||||||
|
pkey = crypto.PKey()
|
||||||
|
pkey.generate_key(crypto.TYPE_RSA, 2048)
|
||||||
|
|
||||||
|
req = crypto.X509Req()
|
||||||
|
subj = req.get_subject()
|
||||||
|
subj.CN = "127.0.0.1"
|
||||||
|
subj.O = "servefile laboratories"
|
||||||
|
subj.OU = "servefile"
|
||||||
|
|
||||||
|
# generate altnames
|
||||||
|
altNames = []
|
||||||
|
for ip in self.getIPs() + ["127.0.0.1"]:
|
||||||
|
altNames.append("IP:%s" % ip)
|
||||||
|
altNames.append("DNS:localhost")
|
||||||
|
ext = crypto.X509Extension("subjectAltName", False, ",".join(altNames))
|
||||||
|
req.add_extensions([ext])
|
||||||
|
|
||||||
|
req.set_pubkey(pkey)
|
||||||
|
req.sign(pkey, "sha1")
|
||||||
|
|
||||||
|
cert = crypto.X509()
|
||||||
|
# some browsers complain if they see a cert from the same authority
|
||||||
|
# with the same serial ==> we just use the seconds as serial.
|
||||||
|
cert.set_serial_number(int(time.time()))
|
||||||
|
cert.gmtime_adj_notBefore(0)
|
||||||
|
cert.gmtime_adj_notAfter(365*24*60*60)
|
||||||
|
cert.set_issuer(req.get_subject())
|
||||||
|
cert.set_subject(req.get_subject())
|
||||||
|
cert.add_extensions([ext])
|
||||||
|
cert.set_pubkey(req.get_pubkey())
|
||||||
|
cert.sign(pkey, "sha1")
|
||||||
|
|
||||||
|
self.cert = cert
|
||||||
|
self.key = pkey
|
||||||
|
|
||||||
def _getCert(self):
|
def _getCert(self):
|
||||||
return self.certPath
|
return self.cert
|
||||||
|
|
||||||
def _getKey(self):
|
def _getKey(self):
|
||||||
return self.keyPath
|
return self.key
|
||||||
|
|
||||||
def _createServer(self, handler):
|
def _createServer(self, handler):
|
||||||
server = None
|
server = None
|
||||||
if self.useSSL:
|
if self.useSSL:
|
||||||
|
if not self._getKey():
|
||||||
|
self.genKeyPair()
|
||||||
server = SecureThreadedHTTPServer(self._getCert(), self._getKey(), ('', self.port), handler)
|
server = SecureThreadedHTTPServer(self._getCert(), self._getKey(), ('', self.port), handler)
|
||||||
else:
|
else:
|
||||||
server = ThreadedHTTPServer(('', self.port), handler)
|
server = ThreadedHTTPServer(('', self.port), handler)
|
||||||
|
@ -458,7 +501,7 @@ def main():
|
||||||
server = ServeFile(args.target, args.port, mode, args.ssl)
|
server = ServeFile(args.target, args.port, mode, args.ssl)
|
||||||
if args.ssl and args.key:
|
if args.ssl and args.key:
|
||||||
cert = args.cert or args.key
|
cert = args.cert or args.key
|
||||||
server.setupSSLKeys(cert, args.key)
|
server.setSSLKeys(cert, args.key)
|
||||||
server.serve()
|
server.serve()
|
||||||
except ServeFileException, e:
|
except ServeFileException, e:
|
||||||
print e
|
print e
|
||||||
|
|
Loading…
Reference in New Issue