def create_https_certificates(ssl_cert, ssl_key):
"""
Create a pair of self-signed HTTPS certificares and store in them in
'ssl_cert' and 'ssl_key'. Method assumes pyOpenSSL is installed.
This code is stolen from SickBeard (http://github.com/midgetspy/Sick-Beard).
"""
from plexpy import logger
from OpenSSL import crypto
from certgen import createKeyPair, createCertRequest, createCertificate, \
TYPE_RSA, serial
# Create the CA Certificate
cakey = createKeyPair(TYPE_RSA, 2048)
careq = createCertRequest(cakey, CN="Certificate Authority")
cacert = createCertificate(careq, (careq, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years
pkey = createKeyPair(TYPE_RSA, 2048)
req = createCertRequest(pkey, CN="PlexPy")
cert = createCertificate(req, (cacert, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years
# Save the key and certificate to disk
try:
with open(ssl_key, "w") as fp:
fp.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
with open(ssl_cert, "w") as fp:
fp.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
except IOError as e:
logger.error("Error creating SSL key and certificate: %s", e)
return False
return True
def create_https_certificates(ssl_cert, ssl_key):
"""
Create self-signed HTTPS certificares and store in paths 'ssl_cert' and 'ssl_key'
"""
try:
from OpenSSL import crypto
from certgen import createKeyPair, createCertRequest, createCertificate, TYPE_RSA, serial
except ImportError:
log.error("pyopenssl module missing, please install for https access\n try\n $ easy_install PyOpenSSL")
return False
# Create the CA Certificate
cakey = createKeyPair(TYPE_RSA, 1024)
careq = createCertRequest(cakey, CN='Certificate Authority')
cacert = createCertificate(careq, (careq, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years
cname = 'XDM'
pkey = createKeyPair(TYPE_RSA, 1024)
req = createCertRequest(pkey, CN=cname)
cert = createCertificate(req, (cacert, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years
# Save the key and certificate to disk
try:
open(ssl_key, 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
open(ssl_cert, 'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
except:
log("Error creating SSL key and certificate")
return False
return True
def create_https_certificates(ssl_cert, ssl_key):
"""
Create a pair of self-signed HTTPS certificares and store in them in
'ssl_cert' and 'ssl_key'. Method assumes pyOpenSSL is installed.
This code is stolen from SickBeard (http://github.com/midgetspy/Sick-Beard).
"""
from plexcs import logger
from OpenSSL import crypto
from certgen import createKeyPair, createCertRequest, createCertificate, \
TYPE_RSA, serial
# Create the CA Certificate
cakey = createKeyPair(TYPE_RSA, 2048)
careq = createCertRequest(cakey, CN="Certificate Authority")
cacert = createCertificate(careq, (careq, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years
pkey = createKeyPair(TYPE_RSA, 2048)
req = createCertRequest(pkey, CN="Plex:CS")
cert = createCertificate(req, (cacert, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years
# Save the key and certificate to disk
try:
with open(ssl_key, "w") as fp:
fp.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
with open(ssl_cert, "w") as fp:
fp.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
except IOError as e:
logger.error("Error creating SSL key and certificate: %s", e)
return False
return True
def make_certs(cfg):
cname = 'Microsoft CNTK Demo'
cakey = createKeyPair(crypto.TYPE_RSA, 2048)
careq = createCertRequest(cakey, CN=cname)
# CA certificate is valid for five years.
cacert = createCertificate(careq, (careq, cakey), 0,
(0, 60 * 60 * 24 * 365 * 5))
# print('Creating Certificate Authority private key in "%s"' % cfg.SSL_KEY)
# with open(cfg.SSL_KEY, 'w') as capkey:
# capkey.write(
# crypto.dump_privatekey(crypto.FILETYPE_PEM, cakey).decode('utf-8')
# )
# print('Creating Certificate Authority certificate in "%s"' % cfg.SSL_CERT)
# with open(cfg.SSL_CERT, 'w') as ca:
# ca.write(
# crypto.dump_certificate(crypto.FILETYPE_PEM, cacert).decode('utf-8')
# )
pkey = createKeyPair(crypto.TYPE_RSA, 2048)
req = createCertRequest(pkey, CN=cname)
# Certificates are valid for five years.
cert = createCertificate(req, (cacert, cakey), 1,
(0, 60 * 60 * 24 * 365 * 5))
with open(cfg.SSL_KEY, 'w') as leafpkey:
leafpkey.write(
crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey).decode('utf-8'))
print('[SUCCESS] Created Certificate private key in "%s"' % cfg.SSL_KEY)
with open(cfg.SSL_CERT, 'w') as leafcert:
leafcert.write(
crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('utf-8'))
print('[SUCCESS] Created Certificate certificate in "%s"' % cfg.SSL_CERT)
def generateIn(directory):
cakey = createKeyPair(TYPE_RSA, 1024)
careq = createCertRequest(cakey, CN='Certificate Authority')
cacert = createCertificate(careq, (careq, cakey), 0, (0, 60*60*24*365*5)) # five years
#open(join(directory, 'CA.pkey'), 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, cakey))
#open(join(directory, 'CA.cert'), 'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cacert))
CN = raw_input("CN: ").strip()
O = raw_input("O: ").strip()
pkey = createKeyPair(TYPE_RSA, 1024)
req = createCertRequest(pkey, CN=CN, O=O)
cert = createCertificate(req, (cacert, cakey), 1, (0, 60*60*24*365*5)) # five years
open(join(directory, 'server.pkey'), 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
open(join(directory, 'server.cert'), 'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
def gen_ca(params={}):
try: # read from existing CA files
if 'gen_new' in params and params['gen_new']:
raise ValueError # skip reading from file
with open("CA.pkey", 'r') as CA_key:
cakey = crypto.load_privatekey(crypto.FILETYPE_PEM, CA_key.read())
with open("CA.cert", 'r') as CA_cert:
cacert = crypto.load_certificate(crypto.FILETYPE_PEM,
CA_cert.read())
return cacert, cakey
except:
if 'SN' not in params:
params['SN'] = 0
cakey = createKeyPair()
not_before_offset, not_after_offset = get_time_offset(params)
careq = createCertRequest(cakey, CN='Certificate Authority')
cacert = createCertificate(careq, (careq, cakey), params['SN'],
(not_before_offset, not_after_offset))
if 'gen_new' not in params:
if write_ca_to_disk(cacert, False) and write_ca_to_disk(
cakey, True):
return cacert, cakey
else:
print("Failed to write CA files to disk")
import sys
sys.exit(1)
else:
return cacert, cakey
def generateIn(directory):
cakey = createKeyPair(TYPE_RSA, 1024)
careq = createCertRequest(cakey, CN='Certificate Authority')
cacert = createCertificate(careq, (careq, cakey), 0,
(0, 60 * 60 * 24 * 365 * 5)) # five years
#open(join(directory, 'CA.pkey'), 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, cakey))
#open(join(directory, 'CA.cert'), 'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cacert))
CN = raw_input("CN: ").strip()
O = raw_input("O: ").strip()
pkey = createKeyPair(TYPE_RSA, 1024)
req = createCertRequest(pkey, CN=CN, O=O)
cert = createCertificate(req, (cacert, cakey), 1,
(0, 60 * 60 * 24 * 365 * 5)) # five years
open(join(directory, 'server.pkey'),
'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
open(join(directory, 'server.cert'),
'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
def generate_certs(**kwargs):
domains = kwargs.get('domains')
d = {}
ca_keypair = generate_keypair()
d['ca_key'] = ca_keypair
cakey = ca_keypair['key']
careq = certgen.createCertRequest(cakey, CN='Certificate Authority')
cacert = certgen.createCertificate(careq, careq, cakey, 0, 0, 60*60*24*365*5)
d['ca_cert'] = OpenSSL.crypto.dump_certificate(PEM, cacert)
if isinstance(d['ca_cert'], bytes):
delim = b'\n'
else:
delim = '\n'
for domain in domains:
keypair = generate_keypair()
req = certgen.createCertRequest(keypair['key'], CN=domain)
cert = certgen.createCertificate(req, cacert, cakey, 1, 0, 60*60*24*365*5)
d[domain] = {
'keypair':keypair,
'pkey':OpenSSL.crypto.dump_privatekey(PEM, keypair['key']),
'cert':OpenSSL.crypto.dump_certificate(PEM, cert),
}
d[domain]['fullchain'] = delim.join([d[domain]['cert'], d['ca_cert']])
return d
def create_https_certificates(ssl_cert, ssl_key):
"""
Create self-signed HTTPS certificares and store in paths 'ssl_cert' and 'ssl_key'
"""
try:
from OpenSSL import crypto
from certgen import createKeyPair, createCertRequest, createCertificate, TYPE_RSA, serial
except ImportError:
log.error(
"pyopenssl module missing, please install for https access\n try\n $ easy_install PyOpenSSL"
)
return False
# Create the CA Certificate
cakey = createKeyPair(TYPE_RSA, 1024)
careq = createCertRequest(cakey, CN='Certificate Authority')
cacert = createCertificate(careq, (careq, cakey), serial,
(0, 60 * 60 * 24 * 365 * 10)) # ten years
cname = 'XDM'
pkey = createKeyPair(TYPE_RSA, 1024)
req = createCertRequest(pkey, CN=cname)
cert = createCertificate(req, (cacert, cakey), serial,
(0, 60 * 60 * 24 * 365 * 10)) # ten years
# Save the key and certificate to disk
try:
open(ssl_key,
'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
open(ssl_cert,
'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
except:
log("Error creating SSL key and certificate")
return False
return True
def gen_cert(target_key, signing_cert, signing_key, params):
# Check Params
if 'CN' not in params:
print("CN is a required parameter")
import sys
sys.exit(1)
not_before_offset, not_after_offset = get_time_offset(params)
if 'extensions' not in params:
params['extensions'] = []
# genrate CSR
request = createCertRequest(target_key,
CN=params['CN'],
extensions=params['extensions'])
# kindly fulfill the request
cert = createCertificate(request, (signing_cert, signing_key),
params['SN'],
(not_before_offset, not_after_offset))
return cert
'''
Create self-signed HTTPS certificares and store in paths 'ssl_cert' and 'ssl_key'
'''
try:
from OpenSSL import crypto
from certgen import createKeyPair, createCertRequest, createCertificate, TYPE_RSA, serial
except Exception, e:
logger.error(e)
logger.error('You need pyopenssl and OpenSSL to make a cert')
return False
# Create the CA Certificate
cakey = createKeyPair(TYPE_RSA, 2048)
careq = createCertRequest(cakey, CN='Certificate Authority')
cacert = createCertificate(careq, (careq, cakey), serial,
(0, 60 * 60 * 24 * 365 * 10)) # ten years
cname = 'Htpc-Manager'
pkey = createKeyPair(TYPE_RSA, 2048)
req = createCertRequest(pkey, CN=cname)
cert = createCertificate(req, (cacert, cakey), serial,
(0, 60 * 60 * 24 * 365 * 10)) # ten years
# Save the key and certificate to disk
try:
open(ssl_key,
'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
open(ssl_cert,
'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
except Exception as e:
logger.error('Error creating SSL key and certificate %s' % e)
Create certificates and private keys for the 'simple' example.
"""
from __future__ import print_function
from OpenSSL import crypto
from certgen import (
createKeyPair,
createCertRequest,
createCertificate,
)
cakey = createKeyPair(crypto.TYPE_RSA, 2048)
careq = createCertRequest(cakey, CN='Certificate Authority')
# CA certificate is valid for five years.
cacert = createCertificate(careq, (careq, cakey), 0, (0, 60*60*24*365*5))
print('Creating Certificate Authority private key in "simple/CA.pkey"')
with open('simple/CA.pkey', 'w') as capkey:
capkey.write(
crypto.dump_privatekey(crypto.FILETYPE_PEM, cakey).decode('utf-8')
)
print('Creating Certificate Authority certificate in "simple/CA.cert"')
with open('simple/CA.cert', 'w') as ca:
ca.write(
crypto.dump_certificate(crypto.FILETYPE_PEM, cacert).decode('utf-8')
)
for (fname, cname) in [('client', 'Simple Client'),
('server', 'Simple Server')]:
"""
Create certificates and private keys for the 'simple' example.
"""
from OpenSSL import crypto
from certgen import createKeyPair, createCertRequest, createCertificate, \
TYPE_RSA, TYPE_DSA
FIVE_YEARS = 60*60*24*365*5
BIT_LENGTH = 1024
serial_number = 0
# Create a self signed CA certificate
cakey = createKeyPair(TYPE_RSA, BIT_LENGTH)
careq = createCertRequest(cakey, CN='Certificate Authority')
cacert = createCertificate(careq, (careq, cakey), serial_number, (0, FIVE_YEARS))
serial_number += 1
with open('simple/CA.pkey', 'w') as f:
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, cakey))
with open('simple/CA.cert', 'w') as f:
f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cacert))
# Create the server and client certificate signed by the CA created above
for (fname, cname) in [('client', 'Simple Client'), ('server', 'Simple Server')]:
pkey = createKeyPair(TYPE_RSA, BIT_LENGTH)
req = createCertRequest(pkey, CN=cname)
cert = createCertificate(req, (cacert, cakey), serial_number, (0, FIVE_YEARS))
serial_number += 1
with open('simple/%s.pkey' % (fname,), 'w') as f:
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
with open('simple/%s.cert' % (fname,), 'w') as f:
'''
Create self-signed HTTPS certificares and store in paths 'ssl_cert' and 'ssl_key'
'''
try:
from OpenSSL import crypto
from certgen import createKeyPair, createCertRequest, createCertificate, TYPE_RSA, serial
except Exception, e:
logger.error(e)
logger.error('You need pyopenssl and OpenSSL to make a cert')
return False
# Create the CA Certificate
cakey = createKeyPair(TYPE_RSA, 2048)
careq = createCertRequest(cakey, CN='Certificate Authority')
cacert = createCertificate(careq, (careq, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years
cname = 'Htpc-Manager'
pkey = createKeyPair(TYPE_RSA, 2048)
req = createCertRequest(pkey, CN=cname)
cert = createCertificate(req, (cacert, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years
# Save the key and certificate to disk
try:
open(ssl_key, 'w').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
open(ssl_cert, 'w').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
except Exception as e:
logger.error('Error creating SSL key and certificate %s' % e)
return False
return True
AA_keysize = 2048
cert_authority = 'Adhoc Authority'
# creates the keypair of size 1024
AA_key = createKeyPair(TYPE_RSA, AA_keysize)
# creates the cert request with the key and name
AA_req = createCertRequest(AA_key, CN=cert_authority)
# creates the cert for 5 years
valid_dur = 60 * 60 * 24 * 365 * 5
# certificate generation
# Adhoc Authority signs its own key (self signed)
AA_cert = createCertificate(AA_req, (AA_req, AA_key), 0, (0, valid_dur))
write_certkey_pem('AA', AA_key, AA_cert)
# now AA issues (or don't) to some parties
AA_issue = (AA_cert, AA_key)
issue_dur = 60 * 60 * 24 * 365 * 1
parties = [('alice', 'Alice (signed AA)', 2048, AA_issue, 12345),
('bob', 'Bob (signed AA)', 2048, AA_issue, 56789),
('mallory', 'Mallory (self signed)', 2048, None, 99999)]
for (fname, cname, keysize, issue, serial) in parties:
pkey = createKeyPair(TYPE_RSA, keysize)
preq = createCertRequest(pkey, CN=cname)
if issue is None:
