mirror of
https://gitlab.com/crafty-controller/crafty-4.git
synced 2024-08-30 18:23:09 +00:00
Merge branch 'dev-BetterCertsGeneration' into 'dev'
Adding Subject Alt Names in certificate See merge request crafty-controller/crafty-commander!209
This commit is contained in:
commit
ccd0bc8e8f
@ -596,20 +596,20 @@ class Helpers:
|
|||||||
def create_self_signed_cert(self, cert_dir=None):
|
def create_self_signed_cert(self, cert_dir=None):
|
||||||
|
|
||||||
if cert_dir is None:
|
if cert_dir is None:
|
||||||
cert_dir = os.path.join(self.config_dir, 'web', 'certs')
|
cert_dir = os.path.join(self.config_dir, "web", "certs")
|
||||||
|
|
||||||
# create a directory if needed
|
# create a directory if needed
|
||||||
self.ensure_dir_exists(cert_dir)
|
self.ensure_dir_exists(cert_dir)
|
||||||
|
|
||||||
cert_file = os.path.join(cert_dir, 'commander.cert.pem')
|
cert_file = os.path.join(cert_dir, "commander.cert.pem")
|
||||||
key_file = os.path.join(cert_dir, 'commander.key.pem')
|
key_file = os.path.join(cert_dir, "commander.key.pem")
|
||||||
|
|
||||||
logger.info(f"SSL Cert File is set to: {cert_file}")
|
logger.info(f"SSL Cert File is set to: {cert_file}")
|
||||||
logger.info(f"SSL Key File is set to: {key_file}")
|
logger.info(f"SSL Key File is set to: {key_file}")
|
||||||
|
|
||||||
# don't create new files if we already have them.
|
# don't create new files if we already have them.
|
||||||
if self.check_file_exists(cert_file) and self.check_file_exists(key_file):
|
if self.check_file_exists(cert_file) and self.check_file_exists(key_file):
|
||||||
logger.info('Cert and Key files already exists, not creating them.')
|
logger.info("Cert and Key files already exists, not creating them.")
|
||||||
return True
|
return True
|
||||||
|
|
||||||
console.info("Generating a self signed SSL")
|
console.info("Generating a self signed SSL")
|
||||||
@ -629,18 +629,33 @@ class Helpers:
|
|||||||
cert.get_subject().O = "Crafty Controller"
|
cert.get_subject().O = "Crafty Controller"
|
||||||
cert.get_subject().OU = "Server Ops"
|
cert.get_subject().OU = "Server Ops"
|
||||||
cert.get_subject().CN = gethostname()
|
cert.get_subject().CN = gethostname()
|
||||||
|
alt_names = ",".join(
|
||||||
|
[
|
||||||
|
f"DNS:{socket.gethostname()}",
|
||||||
|
f"DNS:*.{socket.gethostname()}",
|
||||||
|
"DNS:localhost",
|
||||||
|
"DNS:*.localhost",
|
||||||
|
"DNS:127.0.0.1",
|
||||||
|
]
|
||||||
|
).encode()
|
||||||
|
subjectAltNames_Ext = crypto.X509Extension(b"subjectAltName", False, alt_names)
|
||||||
|
basicConstraints_Ext = crypto.X509Extension(
|
||||||
|
b"basicConstraints", True, b"CA:false"
|
||||||
|
)
|
||||||
|
cert.add_extensions([subjectAltNames_Ext, basicConstraints_Ext])
|
||||||
cert.set_serial_number(random.randint(1, 255))
|
cert.set_serial_number(random.randint(1, 255))
|
||||||
cert.gmtime_adj_notBefore(0)
|
cert.gmtime_adj_notBefore(0)
|
||||||
cert.gmtime_adj_notAfter(365 * 24 * 60 * 60)
|
cert.gmtime_adj_notAfter(365 * 24 * 60 * 60)
|
||||||
cert.set_issuer(cert.get_subject())
|
cert.set_issuer(cert.get_subject())
|
||||||
cert.set_pubkey(k)
|
cert.set_pubkey(k)
|
||||||
cert.sign(k, 'sha256')
|
cert.set_version(2)
|
||||||
|
cert.sign(k, "sha256")
|
||||||
|
|
||||||
f = open(cert_file, "w", encoding='utf-8')
|
f = open(cert_file, "w", encoding="utf-8")
|
||||||
f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode())
|
f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode())
|
||||||
f.close()
|
f.close()
|
||||||
|
|
||||||
f = open(key_file, "w", encoding='utf-8')
|
f = open(key_file, "w", encoding="utf-8")
|
||||||
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k).decode())
|
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k).decode())
|
||||||
f.close()
|
f.close()
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user