MCPcopy
hub / github.com/HelloZeroNet/ZeroNet / createSslRsaCert

Method createSslRsaCert

src/Crypt/CryptConnection.py:112–192  ·  view source on GitHub ↗
(self)

Source from the content-addressed store, hash-verified

110 # Try to create RSA server cert + sign for connection encryption
111 # Return: True on success
112 def createSslRsaCert(self):
113 casubjects = [
114 "/C=US/O=Amazon/OU=Server CA 1B/CN=Amazon",
115 "/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3",
116 "/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA",
117 "/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA"
118 ]
119 self.openssl_env['CN'] = random.choice(self.fakedomains)
120
121 if os.path.isfile(self.cert_pem) and os.path.isfile(self.key_pem):
122 self.createSslContexts()
123 return True # Files already exits
124
125 import subprocess
126
127 # Generate CAcert and CAkey
128 cmd_params = helper.shellquote(
129 self.openssl_bin,
130 self.openssl_env["OPENSSL_CONF"],
131 random.choice(casubjects),
132 self.cakey_pem,
133 self.cacert_pem
134 )
135 cmd = "%s req -new -newkey rsa:2048 -days 3650 -nodes -x509 -config %s -subj %s -keyout %s -out %s -batch" % cmd_params
136 self.log.debug("Generating RSA CAcert and CAkey PEM files...")
137 self.log.debug("Running: %s" % cmd)
138 proc = subprocess.Popen(
139 cmd, shell=True, stderr=subprocess.STDOUT,
140 stdout=subprocess.PIPE, env=self.openssl_env
141 )
142 back = proc.stdout.read().strip().decode(errors="replace").replace("\r", "")
143 proc.wait()
144
145 if not (os.path.isfile(self.cacert_pem) and os.path.isfile(self.cakey_pem)):
146 self.log.error("RSA ECC SSL CAcert generation failed, CAcert or CAkey files not exist. (%s)" % back)
147 return False
148 else:
149 self.log.debug("Result: %s" % back)
150
151 # Generate certificate key and signing request
152 cmd_params = helper.shellquote(
153 self.openssl_bin,
154 self.key_pem,
155 self.cert_csr,
156 "/CN=" + self.openssl_env['CN'],
157 self.openssl_env["OPENSSL_CONF"],
158 )
159 cmd = "%s req -new -newkey rsa:2048 -keyout %s -out %s -subj %s -sha256 -nodes -batch -config %s" % cmd_params
160 self.log.debug("Generating certificate key and signing request...")
161 proc = subprocess.Popen(
162 cmd, shell=True, stderr=subprocess.STDOUT,
163 stdout=subprocess.PIPE, env=self.openssl_env
164 )
165 back = proc.stdout.read().strip().decode(errors="replace").replace("\r", "")
166 proc.wait()
167 self.log.debug("Running: %s\n%s" % (cmd, back))
168
169 # Sign request and generate certificate

Callers 1

loadCertsMethod · 0.95

Calls 3

createSslContextsMethod · 0.95
errorMethod · 0.80
readMethod · 0.45

Tested by

no test coverage detected