Ejemplo n.º 1
0
def generate_local_cert(private_key,
                        days_valid=3560,
                        output_file="cert.cert",
                        LN="SABnzbd",
                        ON="SABnzbd"):
    """Generate a certificate, using basic information.
    Ported from cryptography docs/x509/tutorial.rst
    """
    # Various details about who we are. For a self-signed certificate the
    # subject and issuer are always the same.
    subject = issuer = x509.Name([
        x509.NameAttribute(NameOID.LOCALITY_NAME, LN),
        x509.NameAttribute(NameOID.ORGANIZATION_NAME, ON),
        # x509.NameAttribute(NameOID.COMMON_NAME, CN),
    ])

    # build Subject Alternate Names (aka SAN) list
    # First the host names, add with x509.DNSName():
    san_list = [
        x509.DNSName("localhost"),
        x509.DNSName(str(socket.gethostname()))
    ]

    # Then the host IP addresses, add with x509.IPAddress()
    # Inside a try-except, just to be sure
    try:
        import ipaddress

        san_list.append(x509.IPAddress(ipaddress.IPv4Address("127.0.0.1")))
        san_list.append(x509.IPAddress(ipaddress.IPv6Address("::1")))

        # append local v4 ip
        mylocalipv4 = localipv4()
        if mylocalipv4:
            san_list.append(
                x509.IPAddress(ipaddress.IPv4Address(str(mylocalipv4))))
    except:
        pass

    cert = (x509.CertificateBuilder().subject_name(subject).issuer_name(
        issuer).public_key(private_key.public_key()).not_valid_before(
            datetime.datetime.utcnow()).not_valid_after(
                datetime.datetime.utcnow() +
                datetime.timedelta(days=days_valid)).serial_number(
                    x509.random_serial_number()).add_extension(
                        x509.SubjectAlternativeName(san_list),
                        critical=True).sign(private_key, hashes.SHA256(),
                                            default_backend()))

    # Write our certificate out to disk.
    with open(output_file, "wb") as f:
        f.write(cert.public_bytes(serialization.Encoding.PEM))

    return cert
Ejemplo n.º 2
0
def generate_local_cert(private_key, days_valid=3560, output_file='cert.cert', LN=u'SABnzbd', ON=u'SABnzbd'):
    # Various details about who we are. For a self-signed certificate the
    # subject and issuer are always the same.
    subject = issuer = x509.Name([
        x509.NameAttribute(NameOID.LOCALITY_NAME, LN),
        x509.NameAttribute(NameOID.ORGANIZATION_NAME, ON),
        # x509.NameAttribute(NameOID.COMMON_NAME, CN),
    ])


    # build Subject Alternate Names (aka SAN) list
    # First the host names, add with x509.DNSName():
    san_list = [x509.DNSName(u"localhost"), x509.DNSName(unicode(socket.gethostname()))]

    # Then the host IP addresses, add with x509.IPAddress()
    # Inside a try-except, just to be sure
    try:
        import ipaddress
        san_list.append(x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1")))
        san_list.append(x509.IPAddress(ipaddress.IPv6Address(u"::1")))

        # append local v4 ip
        mylocalipv4 = localipv4()
        if mylocalipv4:
            san_list.append(x509.IPAddress(ipaddress.IPv4Address(unicode(mylocalipv4))))
    except:
        pass

    cert = x509.CertificateBuilder().subject_name(
        subject
    ).issuer_name(
        issuer
    ).public_key(
        private_key.public_key()
    ).not_valid_before(
        datetime.datetime.utcnow()
    ).not_valid_after(
        datetime.datetime.utcnow() + datetime.timedelta(days=days_valid)
    ).serial_number(
        random_serial_number()
    ).add_extension(
        x509.SubjectAlternativeName(san_list),
        critical=True,
    ).sign(private_key, hashes.SHA256(), default_backend())

    # Write our certificate out to disk.
    with open(output_file, "wb") as f:
        f.write(cert.public_bytes(serialization.Encoding.PEM))

    return cert
Ejemplo n.º 3
0
def generate_local_cert(private_key, days_valid=3560, output_file='cert.cert', LN=u'SABnzbd', ON=u'SABnzbd', CN=u'localhost'):
    # Various details about who we are. For a self-signed certificate the
    # subject and issuer are always the same.
    subject = issuer = x509.Name([
        x509.NameAttribute(NameOID.LOCALITY_NAME, LN),
        x509.NameAttribute(NameOID.ORGANIZATION_NAME, ON),
        # x509.NameAttribute(NameOID.COMMON_NAME, CN),
    ])

    # build SubjectAltName list since we are not using a common name
    san_list = [
        x509.DNSName(u"localhost"),
        x509.DNSName(u"127.0.0.1"),
        ]
    # append local v4 ip (functions already has try/catch logic)
    mylocalipv4 = localipv4()
    if mylocalipv4:
        san_list.append(x509.DNSName(u"" + mylocalipv4))

    cert = x509.CertificateBuilder().subject_name(
        subject
    ).issuer_name(
        issuer
    ).public_key(
        private_key.public_key()
    ).not_valid_before(
        datetime.datetime.utcnow()
    ).not_valid_after(
        datetime.datetime.utcnow() + datetime.timedelta(days=days_valid)
    ).serial_number(
        random_serial_number()
    ).add_extension(
        x509.SubjectAlternativeName(san_list),
        critical=True,
    ).sign(private_key, hashes.SHA256(), default_backend())

    # Write our certificate out to disk.
    with open(output_file, "wb") as f:
        f.write(cert.public_bytes(serialization.Encoding.PEM))

    return cert
Ejemplo n.º 4
0
def generate_local_cert(private_key,
                        days_valid=3560,
                        output_file='cert.cert',
                        LN=u'SABnzbd',
                        ON=u'SABnzbd',
                        CN=u'localhost'):
    # Various details about who we are. For a self-signed certificate the
    # subject and issuer are always the same.
    subject = issuer = x509.Name([
        x509.NameAttribute(NameOID.LOCALITY_NAME, LN),
        x509.NameAttribute(NameOID.ORGANIZATION_NAME, ON),
        # x509.NameAttribute(NameOID.COMMON_NAME, CN),
    ])

    # build SubjectAltName list since we are not using a common name
    san_list = [
        x509.DNSName(u"localhost"),
        x509.DNSName(u"127.0.0.1"),
    ]
    # append local v4 ip (functions already has try/catch logic)
    mylocalipv4 = localipv4()
    if mylocalipv4:
        san_list.append(x509.DNSName(u"" + mylocalipv4))

    cert = x509.CertificateBuilder().subject_name(subject).issuer_name(
        issuer).public_key(private_key.public_key()).not_valid_before(
            datetime.datetime.utcnow()).not_valid_after(
                datetime.datetime.utcnow() +
                datetime.timedelta(days=days_valid)).serial_number(
                    random_serial_number()).add_extension(
                        x509.SubjectAlternativeName(san_list),
                        critical=True,
                    ).sign(private_key, hashes.SHA256(), default_backend())

    # Write our certificate out to disk.
    with open(output_file, "wb") as f:
        f.write(cert.public_bytes(serialization.Encoding.PEM))

    return cert