(self)
| 110 | # Try to create RSA server cert + sign for connection encryption |
| 111 | # Return: True on success |
| 112 | def createSslRsaCert(self): |
| 113 | casubjects = [ |
| 114 | "/C=US/O=Amazon/OU=Server CA 1B/CN=Amazon", |
| 115 | "/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3", |
| 116 | "/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA", |
| 117 | "/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA" |
| 118 | ] |
| 119 | self.openssl_env['CN'] = random.choice(self.fakedomains) |
| 120 | |
| 121 | if os.path.isfile(self.cert_pem) and os.path.isfile(self.key_pem): |
| 122 | self.createSslContexts() |
| 123 | return True # Files already exits |
| 124 | |
| 125 | import subprocess |
| 126 | |
| 127 | # Generate CAcert and CAkey |
| 128 | cmd_params = helper.shellquote( |
| 129 | self.openssl_bin, |
| 130 | self.openssl_env["OPENSSL_CONF"], |
| 131 | random.choice(casubjects), |
| 132 | self.cakey_pem, |
| 133 | self.cacert_pem |
| 134 | ) |
| 135 | cmd = "%s req -new -newkey rsa:2048 -days 3650 -nodes -x509 -config %s -subj %s -keyout %s -out %s -batch" % cmd_params |
| 136 | self.log.debug("Generating RSA CAcert and CAkey PEM files...") |
| 137 | self.log.debug("Running: %s" % cmd) |
| 138 | proc = subprocess.Popen( |
| 139 | cmd, shell=True, stderr=subprocess.STDOUT, |
| 140 | stdout=subprocess.PIPE, env=self.openssl_env |
| 141 | ) |
| 142 | back = proc.stdout.read().strip().decode(errors="replace").replace("\r", "") |
| 143 | proc.wait() |
| 144 | |
| 145 | if not (os.path.isfile(self.cacert_pem) and os.path.isfile(self.cakey_pem)): |
| 146 | self.log.error("RSA ECC SSL CAcert generation failed, CAcert or CAkey files not exist. (%s)" % back) |
| 147 | return False |
| 148 | else: |
| 149 | self.log.debug("Result: %s" % back) |
| 150 | |
| 151 | # Generate certificate key and signing request |
| 152 | cmd_params = helper.shellquote( |
| 153 | self.openssl_bin, |
| 154 | self.key_pem, |
| 155 | self.cert_csr, |
| 156 | "/CN=" + self.openssl_env['CN'], |
| 157 | self.openssl_env["OPENSSL_CONF"], |
| 158 | ) |
| 159 | cmd = "%s req -new -newkey rsa:2048 -keyout %s -out %s -subj %s -sha256 -nodes -batch -config %s" % cmd_params |
| 160 | self.log.debug("Generating certificate key and signing request...") |
| 161 | proc = subprocess.Popen( |
| 162 | cmd, shell=True, stderr=subprocess.STDOUT, |
| 163 | stdout=subprocess.PIPE, env=self.openssl_env |
| 164 | ) |
| 165 | back = proc.stdout.read().strip().decode(errors="replace").replace("\r", "") |
| 166 | proc.wait() |
| 167 | self.log.debug("Running: %s\n%s" % (cmd, back)) |
| 168 | |
| 169 | # Sign request and generate certificate |
no test coverage detected