Added libs

api/certs.py

@@ -0,0 +1,115 @@
+import os
+import webview
+import ssl
+import ipaddress
+import pathlib
+from cryptography import x509
+from cryptography.x509.oid import NameOID
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric import rsa
+from datetime import datetime, timedelta
+import os
+import platform
+import subprocess
+
+def generate_ca_and_cert(ca_path="ca.pem", ca_key_path="ca_key.pem",
+                         cert_path="cert.pem", key_path="key.pem"):
+    
+    ca_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
+    ca_subject = x509.Name([
+        x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
+        x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"NoSys-CA"),
+        x509.NameAttribute(NameOID.COMMON_NAME, u"NoSys Local CA"),
+    ])
+    ca_cert = (
+        x509.CertificateBuilder()
+        .subject_name(ca_subject)
+        .issuer_name(ca_subject)
+        .public_key(ca_key.public_key())
+        .serial_number(x509.random_serial_number())
+        .not_valid_before(datetime.utcnow())
+        .not_valid_after(datetime.utcnow() + timedelta(days=3650))
+        .add_extension(
+            x509.BasicConstraints(ca=True, path_length=None), critical=True,
+        )
+        .sign(ca_key, hashes.SHA256())
+    )
+    
+    with open(ca_path, "wb") as f:
+        f.write(ca_cert.public_bytes(serialization.Encoding.PEM))
+    with open(ca_key_path, "wb") as f:
+        f.write(ca_key.private_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PrivateFormat.TraditionalOpenSSL,
+            encryption_algorithm=serialization.NoEncryption(),
+        ))
+
+    key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
+    subject = x509.Name([
+        x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
+        x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"NoSys"),
+        x509.NameAttribute(NameOID.COMMON_NAME, u"localhost"),
+    ])
+    cert = (
+        x509.CertificateBuilder()
+        .subject_name(subject)
+        .issuer_name(ca_subject)
+        .public_key(key.public_key())
+        .serial_number(x509.random_serial_number())
+        .not_valid_before(datetime.utcnow())
+        .not_valid_after(datetime.utcnow() + timedelta(days=3650))
+        .add_extension(
+            x509.SubjectAlternativeName([
+                x509.DNSName(u"localhost"),
+                x509.IPAddress(ipaddress.IPv4Address("127.0.0.1"))]),
+            critical=False,
+        )
+        .sign(ca_key, hashes.SHA256())
+    )
+    
+    with open(cert_path, "wb") as f:
+        f.write(cert.public_bytes(serialization.Encoding.PEM))
+    with open(key_path, "wb") as f:
+        f.write(key.private_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PrivateFormat.TraditionalOpenSSL,
+            encryption_algorithm=serialization.NoEncryption(),
+        ))
+
+    return ca_path, cert_path, key_path
+
+def add_ca_os(ca_path="ca.pem"):
+    system = platform.system()
+    if system == "Windows":
+        add_ca_windows(ca_path)
+    elif system == "Darwin":
+        add_ca_macos(ca_path)
+    elif system == "Linux":
+        add_ca_linux(ca_path)
+    else:
+        raise Exception("Operational system not supported")
+
+def add_ca_windows(ca_path="ca.pem"):
+    subprocess.run([
+        "powershell",
+        "-Command",
+        f'Import-Certificate -FilePath "{os.path.abspath(ca_path)}" -CertStoreLocation Cert:\\CurrentUser\\Root'
+    ], check=True)
+
+def add_ca_macos(ca_path="ca.pem"):
+    subprocess.run([
+        "sudo",
+        "security",
+        "add-trusted-cert",
+        "-d",
+        "-r", "trustRoot",
+        "-k", "/Library/Keychains/System.keychain",
+        os.path.abspath(ca_path)
+    ], check=True)
+
+def add_ca_linux(ca_path="ca.pem"):
+    import shutil
+    dest = "/usr/local/share/ca-certificates/zecho-ca.crt"
+    shutil.copy(os.path.abspath(ca_path), dest)
+    subprocess.run(["sudo", "update-ca-certificates"], check=True)
+