Merge pull request #12 from ikreymer/dev.use-certauth-pkg

remove certauth.py and use the seperate certauth package release
2025-01-18 13:22:09 +01:00 · 2015-03-30 17:48:54 -07:00 · 2015-03-30 17:48:54 -07:00 · 1abe98c99b
commit 1abe98c99b
parent 965853f4ab c045369dcd
6 changed files with 17 additions and 102 deletions
--- a/setup.py
+++ b/setup.py
@ -47,7 +47,7 @@ setuptools.setup(name='warcprox',
        license='GPL',
        packages=['warcprox'],
        package_data={'warcprox':['version.txt']},
-        install_requires=['pyopenssl', 'warctools>=4.8.3'],  # gdbm not in pip :(
+        install_requires=['certauth>=1.1.0', 'warctools>=4.8.3'],  # gdbm not in pip :(
        dependency_links=['git+https://github.com/internetarchive/warctools.git#egg=warctools-4.8.3'],
        tests_require=['requests>=2.0.1', 'pytest'],  # >=2.0.1 for https://github.com/kennethreitz/requests/pull/1636
        cmdclass = {'test': PyTest},
--- a/warcprox/certauth.py
+++ b/warcprox/certauth.py
@ -1,93 +0,0 @@
-# vim:set sw=4 et:
-
-from __future__ import absolute_import
-
-import logging
-import os
-import OpenSSL
-import socket
-import random
-
-class CertificateAuthority(object):
-    logger = logging.getLogger("warcprox.certauth.CertificateAuthority")
-
-    def __init__(self, ca_file='warcprox-ca.pem', certs_dir='./warcprox-ca'):
-        self.ca_file = ca_file
-        self.certs_dir = certs_dir
-
-        if not os.path.exists(ca_file):
-            self._generate_ca()
-        else:
-            self._read_ca(ca_file)
-
-        if not os.path.exists(certs_dir):
-            self.logger.info("directory for generated certs {} doesn't exist, creating it".format(certs_dir))
-            os.mkdir(certs_dir)
-
-
-    def _generate_ca(self):
-        # Generate key
-        self.key = OpenSSL.crypto.PKey()
-        self.key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048)
-
-        # Generate certificate
-        self.cert = OpenSSL.crypto.X509()
-        self.cert.set_version(2)
-        # avoid sec_error_reused_issuer_and_serial
-        self.cert.set_serial_number(random.randint(0,2**64-1))
-        self.cert.get_subject().CN = 'Warcprox CA on {}'.format(socket.gethostname())[:64]
-        self.cert.gmtime_adj_notBefore(0)                # now
-        self.cert.gmtime_adj_notAfter(100*365*24*60*60)  # 100 yrs in future
-        self.cert.set_issuer(self.cert.get_subject())
-        self.cert.set_pubkey(self.key)
-        self.cert.add_extensions([
-            OpenSSL.crypto.X509Extension(b"basicConstraints", True, b"CA:TRUE, pathlen:0"),
-            OpenSSL.crypto.X509Extension(b"keyUsage", True, b"keyCertSign, cRLSign"),
-            OpenSSL.crypto.X509Extension(b"subjectKeyIdentifier", False, b"hash", subject=self.cert),
-            ])
-        self.cert.sign(self.key, "sha1")
-
-        with open(self.ca_file, 'wb+') as f:
-            f.write(OpenSSL.crypto.dump_privatekey(OpenSSL.SSL.FILETYPE_PEM, self.key))
-            f.write(OpenSSL.crypto.dump_certificate(OpenSSL.SSL.FILETYPE_PEM, self.cert))
-
-        self.logger.info('generated CA key+cert and wrote to {}'.format(self.ca_file))
-
-
-    def _read_ca(self, filename):
-        self.cert = OpenSSL.crypto.load_certificate(OpenSSL.SSL.FILETYPE_PEM, open(filename).read())
-        self.key = OpenSSL.crypto.load_privatekey(OpenSSL.SSL.FILETYPE_PEM, open(filename).read())
-        self.logger.info('read CA key+cert from {}'.format(self.ca_file))
-
-    def __getitem__(self, cn):
-        cnp = os.path.sep.join([self.certs_dir, '%s.pem' % cn])
-        if not os.path.exists(cnp):
-            # create certificate
-            key = OpenSSL.crypto.PKey()
-            key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048)
-
-            # Generate CSR
-            req = OpenSSL.crypto.X509Req()
-            req.get_subject().CN = cn
-            req.set_pubkey(key)
-            req.sign(key, 'sha1')
-
-            # Sign CSR
-            cert = OpenSSL.crypto.X509()
-            cert.set_subject(req.get_subject())
-            cert.set_serial_number(random.randint(0,2**64-1))
-            cert.gmtime_adj_notBefore(0)
-            cert.gmtime_adj_notAfter(10*365*24*60*60)
-            cert.set_issuer(self.cert.get_subject())
-            cert.set_pubkey(req.get_pubkey())
-            cert.sign(self.key, 'sha1')
-
-            with open(cnp, 'wb+') as f:
-                f.write(OpenSSL.crypto.dump_privatekey(OpenSSL.SSL.FILETYPE_PEM, key))
-                f.write(OpenSSL.crypto.dump_certificate(OpenSSL.SSL.FILETYPE_PEM, cert))
-
-            self.logger.info('wrote generated key+cert to {}'.format(cnp))
-
-        return cnp
-
-
--- a/warcprox/main.py
+++ b/warcprox/main.py
@ -15,7 +15,8 @@ import argparse
 import os
 import socket

-import warcprox.certauth
+import certauth.certauth
+
 import warcprox.playback
 import warcprox.dedup
 import warcprox.warcwriter
@ -103,9 +104,11 @@ def main(argv=sys.argv):

    recorded_url_q = queue.Queue()

-    ca = warcprox.certauth.CertificateAuthority(args.cacert, args.certs_dir)
+    ca_name = 'Warcprox CA on {}'.format(socket.gethostname())[:64]
+    ca = certauth.certauth.CertificateAuthority(args.cacert, args.certs_dir,
+                                                ca_name=ca_name)

-    proxy = warcprox.warcprox.WarcProxy( 
+    proxy = warcprox.warcprox.WarcProxy(
            server_address=(args.address, int(args.port)), ca=ca,
            recorded_url_q=recorded_url_q,
            digest_algorithm=args.digest_algorithm)
--- a/warcprox/mitmproxy.py
+++ b/warcprox/mitmproxy.py
@ -67,7 +67,7 @@ class MitmProxyHandler(http_server.BaseHTTPRequestHandler):

    def _transition_to_ssl(self):
        self.request = self.connection = ssl.wrap_socket(self.connection,
-                server_side=True, certfile=self.server.ca[self.hostname])
+                server_side=True, certfile=self.server.ca.cert_for_host(self.hostname))

    def do_CONNECT(self):
        self.is_connect = True
--- a/warcprox/tests/test_warcprox.py
+++ b/warcprox/tests/test_warcprox.py
@ -24,9 +24,10 @@ try:
 except ImportError:
    import Queue as queue

+import certauth.certauth
+
 import warcprox.controller
 import warcprox.warcprox
-import warcprox.certauth
 import warcprox.playback
 import warcprox.warcwriter
 import warcprox.dedup
@ -119,7 +120,7 @@ class WarcproxTest(unittest.TestCase):
        f.close() # delete it, or CertificateAuthority will try to read it
        self._ca_file = f.name
        self._ca_dir = tempfile.mkdtemp(prefix='warcprox-test-', suffix='-ca')
-        ca = warcprox.certauth.CertificateAuthority(self._ca_file, self._ca_dir)
+        ca = certauth.certauth.CertificateAuthority(self._ca_file, self._ca_dir, 'warcprox-test')

        recorded_url_q = queue.Queue()

--- a/warcprox/warcprox.py
+++ b/warcprox/warcprox.py
@ -35,8 +35,9 @@ import tempfile
 import traceback
 import hashlib
 import json
+import socket

-import warcprox.certauth
+from certauth.certauth import CertificateAuthority
 import warcprox.mitmproxy

 class ProxyingRecorder(object):
@ -249,7 +250,10 @@ class WarcProxy(socketserver.ThreadingMixIn, http_server.HTTPServer):
        if ca is not None:
            self.ca = ca
        else:
-            self.ca = warcprox.certauth.CertificateAuthority()
+            ca_name = 'Warcprox CA on {}'.format(socket.gethostname())[:64]
+            self.ca = CertificateAuthority(ca_file='warcprox-ca.pem',
+                                           certs_dir='./warcprox-ca',
+                                           ca_name=ca_name)

        if recorded_url_q is not None:
            self.recorded_url_q = recorded_url_q