avoid circular import
This commit is contained in:
parent
df7b5acf91
commit
c1d481cb78
3 changed files with 41 additions and 40 deletions
|
@ -46,8 +46,8 @@ ENCODING='base64'
|
|||
USER_ID = vk.to_ascii(encoding=ENCODING)
|
||||
|
||||
if not os.path.exists(tls_cert_path):
|
||||
import utils
|
||||
server['cert'] = utils.create_tls_certificate()
|
||||
from tls import create_certificate
|
||||
server['cert'] = create_certificate(tls_key_path, tls_cert_path, USER_ID)
|
||||
|
||||
VERSION="0.0"
|
||||
USER_AGENT = 'PeerLink/%s' % VERSION
|
||||
|
|
39
peerlink/tls.py
Normal file
39
peerlink/tls.py
Normal file
|
@ -0,0 +1,39 @@
|
|||
import hashlib
|
||||
import os
|
||||
import OpenSSL
|
||||
|
||||
# tls utils
|
||||
def get_fingerprint(tls_cert_path):
|
||||
with open(tls_cert_path, 'rb') as fd:
|
||||
data = fd.read()
|
||||
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, data)
|
||||
return hashlib.sha1(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_ASN1, cert)).hexdigest()
|
||||
|
||||
def create_certificate(tls_key_path, tls_cert_path, USER_ID):
|
||||
key = OpenSSL.crypto.PKey()
|
||||
key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048)
|
||||
with open(tls_key_path, 'wb') as fd:
|
||||
os.chmod(tls_key_path, 0600)
|
||||
fd.write(OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, key))
|
||||
os.chmod(tls_key_path, 0400)
|
||||
|
||||
ca = OpenSSL.crypto.X509()
|
||||
ca.set_version(2)
|
||||
ca.set_serial_number(1)
|
||||
ca.get_subject().CN = USER_ID
|
||||
ca.gmtime_adj_notBefore(0)
|
||||
ca.gmtime_adj_notAfter(24 * 60 * 60)
|
||||
ca.set_issuer(ca.get_subject())
|
||||
ca.set_pubkey(key)
|
||||
ca.add_extensions([
|
||||
OpenSSL.crypto.X509Extension("basicConstraints", True, "CA:TRUE, pathlen:0"),
|
||||
OpenSSL.crypto.X509Extension("nsCertType", True, "sslCA"),
|
||||
OpenSSL.crypto.X509Extension("extendedKeyUsage", True,
|
||||
"serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC"),
|
||||
OpenSSL.crypto.X509Extension("keyUsage", False, "keyCertSign, cRLSign"),
|
||||
OpenSSL.crypto.X509Extension("subjectKeyIdentifier", False, "hash", subject=ca),
|
||||
])
|
||||
ca.sign(key, "sha1")
|
||||
with open(tls_cert_path, 'wb') as fd:
|
||||
fd.write(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, ca))
|
||||
return get_fingerprint(tls_cert_path)
|
|
@ -4,15 +4,12 @@ from __future__ import division
|
|||
|
||||
from functools import wraps
|
||||
from threading import Thread
|
||||
import hashlib
|
||||
import os
|
||||
import socket
|
||||
import subprocess
|
||||
import sys
|
||||
from urlparse import urlparse
|
||||
|
||||
import ed25519
|
||||
import OpenSSL
|
||||
|
||||
import settings
|
||||
|
||||
|
@ -98,38 +95,3 @@ def valid(key, value, sig):
|
|||
return False
|
||||
return True
|
||||
|
||||
# tls utils
|
||||
def get_fingerprint():
|
||||
with open(settings.tls_cert_path) as fd:
|
||||
data = fd.read()
|
||||
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, data)
|
||||
return hashlib.sha1(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_ASN1, cert)).hexdigest()
|
||||
|
||||
def create_tls_certificate():
|
||||
key = OpenSSL.crypto.PKey()
|
||||
key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048)
|
||||
with open(settings.tls_key_path, 'wb') as fd:
|
||||
os.chmod(settings.tls_key_path, 0600)
|
||||
fd.write(OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, key))
|
||||
os.chmod(settings.tls_key_path, 0400)
|
||||
|
||||
ca = OpenSSL.crypto.X509()
|
||||
ca.set_version(2)
|
||||
ca.set_serial_number(1)
|
||||
ca.get_subject().CN = settings.USER_ID
|
||||
ca.gmtime_adj_notBefore(0)
|
||||
ca.gmtime_adj_notAfter(24 * 60 * 60)
|
||||
ca.set_issuer(ca.get_subject())
|
||||
ca.set_pubkey(key)
|
||||
ca.add_extensions([
|
||||
OpenSSL.crypto.X509Extension("basicConstraints", True, "CA:TRUE, pathlen:0"),
|
||||
OpenSSL.crypto.X509Extension("nsCertType", True, "sslCA"),
|
||||
OpenSSL.crypto.X509Extension("extendedKeyUsage", True,
|
||||
"serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC"),
|
||||
OpenSSL.crypto.X509Extension("keyUsage", False, "keyCertSign, cRLSign"),
|
||||
OpenSSL.crypto.X509Extension("subjectKeyIdentifier", False, "hash", subject=ca),
|
||||
])
|
||||
ca.sign(key, "sha1")
|
||||
with open(settings.tls_cert_path, 'wb') as fd:
|
||||
fd.write(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, ca))
|
||||
return get_fingerprint()
|
||||
|
|
Loading…
Reference in a new issue