def build_ca_key():
"""Generate an ssl certificate authority private key."""
key_path = ssl_certs.build_path('ca.key')
rm_f(key_path)
_openssl(['genrsa', '-passout', 'stdin', '-des3', '-out',
key_path, '4096'],
input='%(ca_pass)s\n%(ca_pass)s\n' % ssl_params)
def build_server_key():
"""Generate an ssl server private key.
We generates a key with a password and then copy it without password so
that a server can use it without prompting.
"""
key_path = ssl_certs.build_path('server_with_pass.key')
rm_f(key_path)
_openssl(['genrsa', '-passout', 'stdin', '-des3', '-out',
key_path, '4096'],
input='%(server_pass)s\n%(server_pass)s\n' % ssl_params)
key_nopass_path = ssl_certs.build_path('server_without_pass.key')
rm_f(key_nopass_path)
_openssl(['rsa', '-passin', 'stdin', '-in', key_path,
'-out', key_nopass_path],
input='%(server_pass)s\n' % ssl_params)
def sign_server_certificate():
"""CA signs server csr"""
server_csr_path = ssl_certs.build_path('server.csr')
ca_cert_path = ssl_certs.build_path('ca.crt')
ca_key_path = ssl_certs.build_path('ca.key')
needs('Signing server.crt', server_csr_path, ca_cert_path, ca_key_path)
server_cert_path = ssl_certs.build_path('server.crt')
server_ext_conf = ssl_certs.build_path('server.extensions.cnf')
rm_f(server_cert_path)
_openssl(['x509', '-req', '-passin', 'stdin',
# Will need to be generated again in 1000 years -- 20210106
'-days', '365242',
'-in', server_csr_path,
'-CA', ca_cert_path, '-CAkey', ca_key_path,
'-set_serial', '01',
'-extfile', server_ext_conf,
'-out', server_cert_path],
input='%(ca_pass)s\n' % ssl_params)
def build_server_signing_request():
"""Create a CSR (certificate signing request) to get signed by the CA"""
key_path = ssl_certs.build_path('server_with_pass.key')
needs('Building server.csr', key_path)
server_csr_path = ssl_certs.build_path('server.csr')
rm_f(server_csr_path)
_openssl(['req', '-passin', 'stdin', '-new', '-key', key_path,
'-out', server_csr_path],
input='%(server_pass)s\n'
'%(server_country_code)s\n'
'%(server_state)s\n'
'%(server_locality)s\n'
'%(server_organization)s\n'
'%(server_section)s\n'
'%(server_name)s\n'
'%(server_email)s\n'
'%(server_challenge_pass)s\n'
'%(server_optional_company_name)s\n'
% ssl_params)
def build_ca_certificate():
"""Generate an ssl certificate authority private key."""
key_path = ssl_certs.build_path('ca.key')
needs('Building ca.crt', key_path)
cert_path = ssl_certs.build_path('ca.crt')
rm_f(cert_path)
_openssl(['req', '-passin', 'stdin', '-new', '-x509',
# Will need to be generated again in 1000 years -- 20210106
'-days', '365242',
'-key', key_path, '-out', cert_path],
input='%(ca_pass)s\n'
'%(ca_country_code)s\n'
'%(ca_state)s\n'
'%(ca_locality)s\n'
'%(ca_organization)s\n'
'%(ca_section)s\n'
'%(ca_name)s\n'
'%(ca_email)s\n'
% ssl_params)
def __init__(self, base, _from_transport=None):
super(HTTPS_transport,
self).__init__(base,
_from_transport=_from_transport,
ca_certs=ssl_certs.build_path('ca.crt'))