def generate_local_cert(private_key,
days_valid=3560,
output_file="cert.cert",
LN="SABnzbd",
ON="SABnzbd"):
"""Generate a certificate, using basic information.
Ported from cryptography docs/x509/tutorial.rst
"""
# Various details about who we are. For a self-signed certificate the
# subject and issuer are always the same.
subject = issuer = x509.Name([
x509.NameAttribute(NameOID.LOCALITY_NAME, LN),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, ON),
# x509.NameAttribute(NameOID.COMMON_NAME, CN),
])
# build Subject Alternate Names (aka SAN) list
# First the host names, add with x509.DNSName():
san_list = [
x509.DNSName("localhost"),
x509.DNSName(str(socket.gethostname()))
]
# Then the host IP addresses, add with x509.IPAddress()
# Inside a try-except, just to be sure
try:
import ipaddress
san_list.append(x509.IPAddress(ipaddress.IPv4Address("127.0.0.1")))
san_list.append(x509.IPAddress(ipaddress.IPv6Address("::1")))
# append local v4 ip
mylocalipv4 = localipv4()
if mylocalipv4:
san_list.append(
x509.IPAddress(ipaddress.IPv4Address(str(mylocalipv4))))
except:
pass
cert = (x509.CertificateBuilder().subject_name(subject).issuer_name(
issuer).public_key(private_key.public_key()).not_valid_before(
datetime.datetime.utcnow()).not_valid_after(
datetime.datetime.utcnow() +
datetime.timedelta(days=days_valid)).serial_number(
x509.random_serial_number()).add_extension(
x509.SubjectAlternativeName(san_list),
critical=True).sign(private_key, hashes.SHA256(),
default_backend()))
# Write our certificate out to disk.
with open(output_file, "wb") as f:
f.write(cert.public_bytes(serialization.Encoding.PEM))
return cert
def generate_local_cert(private_key, days_valid=3560, output_file='cert.cert', LN=u'SABnzbd', ON=u'SABnzbd'):
# Various details about who we are. For a self-signed certificate the
# subject and issuer are always the same.
subject = issuer = x509.Name([
x509.NameAttribute(NameOID.LOCALITY_NAME, LN),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, ON),
# x509.NameAttribute(NameOID.COMMON_NAME, CN),
])
# build Subject Alternate Names (aka SAN) list
# First the host names, add with x509.DNSName():
san_list = [x509.DNSName(u"localhost"), x509.DNSName(unicode(socket.gethostname()))]
# Then the host IP addresses, add with x509.IPAddress()
# Inside a try-except, just to be sure
try:
import ipaddress
san_list.append(x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1")))
san_list.append(x509.IPAddress(ipaddress.IPv6Address(u"::1")))
# append local v4 ip
mylocalipv4 = localipv4()
if mylocalipv4:
san_list.append(x509.IPAddress(ipaddress.IPv4Address(unicode(mylocalipv4))))
except:
pass
cert = x509.CertificateBuilder().subject_name(
subject
).issuer_name(
issuer
).public_key(
private_key.public_key()
).not_valid_before(
datetime.datetime.utcnow()
).not_valid_after(
datetime.datetime.utcnow() + datetime.timedelta(days=days_valid)
).serial_number(
random_serial_number()
).add_extension(
x509.SubjectAlternativeName(san_list),
critical=True,
).sign(private_key, hashes.SHA256(), default_backend())
# Write our certificate out to disk.
with open(output_file, "wb") as f:
f.write(cert.public_bytes(serialization.Encoding.PEM))
return cert
def generate_local_cert(private_key, days_valid=3560, output_file='cert.cert', LN=u'SABnzbd', ON=u'SABnzbd', CN=u'localhost'):
# Various details about who we are. For a self-signed certificate the
# subject and issuer are always the same.
subject = issuer = x509.Name([
x509.NameAttribute(NameOID.LOCALITY_NAME, LN),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, ON),
# x509.NameAttribute(NameOID.COMMON_NAME, CN),
])
# build SubjectAltName list since we are not using a common name
san_list = [
x509.DNSName(u"localhost"),
x509.DNSName(u"127.0.0.1"),
]
# append local v4 ip (functions already has try/catch logic)
mylocalipv4 = localipv4()
if mylocalipv4:
san_list.append(x509.DNSName(u"" + mylocalipv4))
cert = x509.CertificateBuilder().subject_name(
subject
).issuer_name(
issuer
).public_key(
private_key.public_key()
).not_valid_before(
datetime.datetime.utcnow()
).not_valid_after(
datetime.datetime.utcnow() + datetime.timedelta(days=days_valid)
).serial_number(
random_serial_number()
).add_extension(
x509.SubjectAlternativeName(san_list),
critical=True,
).sign(private_key, hashes.SHA256(), default_backend())
# Write our certificate out to disk.
with open(output_file, "wb") as f:
f.write(cert.public_bytes(serialization.Encoding.PEM))
return cert
def generate_local_cert(private_key,
days_valid=3560,
output_file='cert.cert',
LN=u'SABnzbd',
ON=u'SABnzbd',
CN=u'localhost'):
# Various details about who we are. For a self-signed certificate the
# subject and issuer are always the same.
subject = issuer = x509.Name([
x509.NameAttribute(NameOID.LOCALITY_NAME, LN),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, ON),
# x509.NameAttribute(NameOID.COMMON_NAME, CN),
])
# build SubjectAltName list since we are not using a common name
san_list = [
x509.DNSName(u"localhost"),
x509.DNSName(u"127.0.0.1"),
]
# append local v4 ip (functions already has try/catch logic)
mylocalipv4 = localipv4()
if mylocalipv4:
san_list.append(x509.DNSName(u"" + mylocalipv4))
cert = x509.CertificateBuilder().subject_name(subject).issuer_name(
issuer).public_key(private_key.public_key()).not_valid_before(
datetime.datetime.utcnow()).not_valid_after(
datetime.datetime.utcnow() +
datetime.timedelta(days=days_valid)).serial_number(
random_serial_number()).add_extension(
x509.SubjectAlternativeName(san_list),
critical=True,
).sign(private_key, hashes.SHA256(), default_backend())
# Write our certificate out to disk.
with open(output_file, "wb") as f:
f.write(cert.public_bytes(serialization.Encoding.PEM))
return cert