diff --git a/pywb/framework/certa.py b/pywb/framework/certa.py index 21cf8770..b7b1e5bf 100644 --- a/pywb/framework/certa.py +++ b/pywb/framework/certa.py @@ -4,6 +4,7 @@ import OpenSSL import random +#================================================================= class CertificateAuthority(object): logger = logging.getLogger('pywb.CertificateAuthority') @@ -21,7 +22,6 @@ class CertificateAuthority(object): self._read_ca(ca_file) if not os.path.exists(certs_dir): - self.logger.info("directory for generated certs {} doesn't exist, creating it".format(certs_dir)) os.mkdir(certs_dir) @@ -41,23 +41,37 @@ class CertificateAuthority(object): self.cert.set_issuer(self.cert.get_subject()) self.cert.set_pubkey(self.key) self.cert.add_extensions([ - OpenSSL.crypto.X509Extension(b"basicConstraints", True, b"CA:TRUE, pathlen:0"), - OpenSSL.crypto.X509Extension(b"keyUsage", True, b"keyCertSign, cRLSign"), - OpenSSL.crypto.X509Extension(b"subjectKeyIdentifier", False, b"hash", subject=self.cert), + OpenSSL.crypto.X509Extension(b"basicConstraints", + True, + b"CA:TRUE, pathlen:0"), + + OpenSSL.crypto.X509Extension(b"keyUsage", + True, + b"keyCertSign, cRLSign"), + + OpenSSL.crypto.X509Extension(b"subjectKeyIdentifier", + False, + b"hash", + subject=self.cert), ]) self.cert.sign(self.key, "sha1") with open(self.ca_file, 'wb+') as f: - f.write(OpenSSL.crypto.dump_privatekey(OpenSSL.SSL.FILETYPE_PEM, self.key)) - f.write(OpenSSL.crypto.dump_certificate(OpenSSL.SSL.FILETYPE_PEM, self.cert)) - - self.logger.info('generated CA key+cert and wrote to {}'.format(self.ca_file)) + f.write(OpenSSL.crypto.dump_privatekey(OpenSSL.SSL.FILETYPE_PEM, + self.key)) + f.write(OpenSSL.crypto.dump_certificate(OpenSSL.SSL.FILETYPE_PEM, + self.cert)) def _read_ca(self, filename): - self.cert = OpenSSL.crypto.load_certificate(OpenSSL.SSL.FILETYPE_PEM, open(filename).read()) - self.key = OpenSSL.crypto.load_privatekey(OpenSSL.SSL.FILETYPE_PEM, open(filename).read()) - self.logger.info('read CA key+cert from {}'.format(self.ca_file)) + with open(filename) as cert_fh: + self.cert = OpenSSL.crypto.load_certificate( + OpenSSL.SSL.FILETYPE_PEM, cert_fh.read()) + + cert_fh.seek(0) + + self.key = OpenSSL.crypto.load_privatekey( + OpenSSL.SSL.FILETYPE_PEM, cert_fh.read()) def __getitem__(self, cn): cnp = os.path.sep.join([self.certs_dir, '%s.pem' % cn]) @@ -83,9 +97,9 @@ class CertificateAuthority(object): cert.sign(self.key, 'sha1') with open(cnp, 'wb+') as f: - f.write(OpenSSL.crypto.dump_privatekey(OpenSSL.SSL.FILETYPE_PEM, key)) - f.write(OpenSSL.crypto.dump_certificate(OpenSSL.SSL.FILETYPE_PEM, cert)) - - self.logger.info('wrote generated key+cert to {}'.format(cnp)) + f.write(OpenSSL.crypto.dump_privatekey( + OpenSSL.SSL.FILETYPE_PEM, key)) + f.write(OpenSSL.crypto.dump_certificate( + OpenSSL.SSL.FILETYPE_PEM, cert)) return cnp