backup/warcprox
1
0
Fork 0
mirror of https://github.com/internetarchive/warcprox.git synced 2025-01-18 13:22:09 +01:00
Code Issues Projects Releases Activity

Merge pull request #12 from ikreymer/dev.use-certauth-pkg

Browse Source 
remove certauth.py and use the seperate certauth package release
This commit is contained in:
Noah Levitt 2015-03-30 17:48:54 -07:00
commit 1abe98c99b
6 changed files with 17 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
setup.py
View File

@ -47,7 +47,7 @@ setuptools.setup(name='warcprox',
license='GPL', license='GPL',
packages=['warcprox'], packages=['warcprox'],
package_data={'warcprox':['version.txt']}, package_data={'warcprox':['version.txt']},
install_requires=['pyopenssl', 'warctools>=4.8.3'], # gdbm not in pip :( install_requires=['certauth>=1.1.0', 'warctools>=4.8.3'], # gdbm not in pip :(
dependency_links=['git+https://github.com/internetarchive/warctools.git#egg=warctools-4.8.3'], dependency_links=['git+https://github.com/internetarchive/warctools.git#egg=warctools-4.8.3'],
tests_require=['requests>=2.0.1', 'pytest'], # >=2.0.1 for https://github.com/kennethreitz/requests/pull/1636 tests_require=['requests>=2.0.1', 'pytest'], # >=2.0.1 for https://github.com/kennethreitz/requests/pull/1636
cmdclass = {'test': PyTest}, cmdclass = {'test': PyTest},

93
warcprox/certauth.py
View File

@ -1,93 +0,0 @@
# vim:set sw=4 et:
from __future__ import absolute_import
import logging
import os
import OpenSSL
import socket
import random
class CertificateAuthority(object):
logger = logging.getLogger("warcprox.certauth.CertificateAuthority")
def __init__(self, ca_file='warcprox-ca.pem', certs_dir='./warcprox-ca'):
self.ca_file = ca_file
self.certs_dir = certs_dir
if not os.path.exists(ca_file):
self._generate_ca()
else:
self._read_ca(ca_file)
if not os.path.exists(certs_dir):
self.logger.info("directory for generated certs {} doesn't exist, creating it".format(certs_dir))
os.mkdir(certs_dir)
def _generate_ca(self):
# Generate key
self.key = OpenSSL.crypto.PKey()
self.key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048)
# Generate certificate
self.cert = OpenSSL.crypto.X509()
self.cert.set_version(2)
# avoid sec_error_reused_issuer_and_serial
self.cert.set_serial_number(random.randint(0,2**64-1))
self.cert.get_subject().CN = 'Warcprox CA on {}'.format(socket.gethostname())[:64]
self.cert.gmtime_adj_notBefore(0) # now
self.cert.gmtime_adj_notAfter(100*365*24*60*60) # 100 yrs in future
self.cert.set_issuer(self.cert.get_subject())
self.cert.set_pubkey(self.key)
self.cert.add_extensions([
OpenSSL.crypto.X509Extension(b"basicConstraints", True, b"CA:TRUE, pathlen:0"),
OpenSSL.crypto.X509Extension(b"keyUsage", True, b"keyCertSign, cRLSign"),
OpenSSL.crypto.X509Extension(b"subjectKeyIdentifier", False, b"hash", subject=self.cert),
])
self.cert.sign(self.key, "sha1")
with open(self.ca_file, 'wb+') as f:
f.write(OpenSSL.crypto.dump_privatekey(OpenSSL.SSL.FILETYPE_PEM, self.key))
f.write(OpenSSL.crypto.dump_certificate(OpenSSL.SSL.FILETYPE_PEM, self.cert))
self.logger.info('generated CA key+cert and wrote to {}'.format(self.ca_file))
def _read_ca(self, filename):
self.cert = OpenSSL.crypto.load_certificate(OpenSSL.SSL.FILETYPE_PEM, open(filename).read())
self.key = OpenSSL.crypto.load_privatekey(OpenSSL.SSL.FILETYPE_PEM, open(filename).read())
self.logger.info('read CA key+cert from {}'.format(self.ca_file))
def __getitem__(self, cn):
cnp = os.path.sep.join([self.certs_dir, '%s.pem' % cn])
if not os.path.exists(cnp):
# create certificate
key = OpenSSL.crypto.PKey()
key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048)
# Generate CSR
req = OpenSSL.crypto.X509Req()
req.get_subject().CN = cn
req.set_pubkey(key)
req.sign(key, 'sha1')
# Sign CSR
cert = OpenSSL.crypto.X509()
cert.set_subject(req.get_subject())
cert.set_serial_number(random.randint(0,2**64-1))
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(10*365*24*60*60)
cert.set_issuer(self.cert.get_subject())
cert.set_pubkey(req.get_pubkey())
cert.sign(self.key, 'sha1')
with open(cnp, 'wb+') as f:
f.write(OpenSSL.crypto.dump_privatekey(OpenSSL.SSL.FILETYPE_PEM, key))
f.write(OpenSSL.crypto.dump_certificate(OpenSSL.SSL.FILETYPE_PEM, cert))
self.logger.info('wrote generated key+cert to {}'.format(cnp))
return cnp

9
warcprox/main.py
View File

@ -15,7 +15,8 @@ import argparse
import os import os
import socket import socket
import warcprox.certauth import certauth.certauth
import warcprox.playback import warcprox.playback
import warcprox.dedup import warcprox.dedup
import warcprox.warcwriter import warcprox.warcwriter
@ -103,9 +104,11 @@ def main(argv=sys.argv):
recorded_url_q = queue.Queue() recorded_url_q = queue.Queue()
ca = warcprox.certauth.CertificateAuthority(args.cacert, args.certs_dir) ca_name = 'Warcprox CA on {}'.format(socket.gethostname())[:64]
ca = certauth.certauth.CertificateAuthority(args.cacert, args.certs_dir,
ca_name=ca_name)
proxy = warcprox.warcprox.WarcProxy( proxy = warcprox.warcprox.WarcProxy(
server_address=(args.address, int(args.port)), ca=ca, server_address=(args.address, int(args.port)), ca=ca,
recorded_url_q=recorded_url_q, recorded_url_q=recorded_url_q,
digest_algorithm=args.digest_algorithm) digest_algorithm=args.digest_algorithm)

2
warcprox/mitmproxy.py
View File

@ -67,7 +67,7 @@ class MitmProxyHandler(http_server.BaseHTTPRequestHandler):
def _transition_to_ssl(self): def _transition_to_ssl(self):
self.request = self.connection = ssl.wrap_socket(self.connection, self.request = self.connection = ssl.wrap_socket(self.connection,
server_side=True, certfile=self.server.ca[self.hostname]) server_side=True, certfile=self.server.ca.cert_for_host(self.hostname))
def do_CONNECT(self): def do_CONNECT(self):
self.is_connect = True self.is_connect = True

5
warcprox/tests/test_warcprox.py
View File

@ -24,9 +24,10 @@ try:
except ImportError: except ImportError:
import Queue as queue import Queue as queue
import certauth.certauth
import warcprox.controller import warcprox.controller
import warcprox.warcprox import warcprox.warcprox
import warcprox.certauth
import warcprox.playback import warcprox.playback
import warcprox.warcwriter import warcprox.warcwriter
import warcprox.dedup import warcprox.dedup
@ -119,7 +120,7 @@ class WarcproxTest(unittest.TestCase):
f.close() # delete it, or CertificateAuthority will try to read it f.close() # delete it, or CertificateAuthority will try to read it
self._ca_file = f.name self._ca_file = f.name
self._ca_dir = tempfile.mkdtemp(prefix='warcprox-test-', suffix='-ca') self._ca_dir = tempfile.mkdtemp(prefix='warcprox-test-', suffix='-ca')
ca = warcprox.certauth.CertificateAuthority(self._ca_file, self._ca_dir) ca = certauth.certauth.CertificateAuthority(self._ca_file, self._ca_dir, 'warcprox-test')
recorded_url_q = queue.Queue() recorded_url_q = queue.Queue()

8
warcprox/warcprox.py
View File

@ -35,8 +35,9 @@ import tempfile
import traceback import traceback
import hashlib import hashlib
import json import json
import socket
import warcprox.certauth from certauth.certauth import CertificateAuthority
import warcprox.mitmproxy import warcprox.mitmproxy
class ProxyingRecorder(object): class ProxyingRecorder(object):
@ -249,7 +250,10 @@ class WarcProxy(socketserver.ThreadingMixIn, http_server.HTTPServer):
if ca is not None: if ca is not None:
self.ca = ca self.ca = ca
else: else:
self.ca = warcprox.certauth.CertificateAuthority() ca_name = 'Warcprox CA on {}'.format(socket.gethostname())[:64]
self.ca = CertificateAuthority(ca_file='warcprox-ca.pem',
certs_dir='./warcprox-ca',
ca_name=ca_name)
if recorded_url_q is not None: if recorded_url_q is not None:
self.recorded_url_q = recorded_url_q self.recorded_url_q = recorded_url_q