import os import webview import ssl import ipaddress import pathlib from cryptography import x509 from cryptography.x509.oid import NameOID from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import rsa from datetime import datetime, timedelta import os import platform import subprocess def generate_ca_and_cert(ca_path="ca.pem", ca_key_path="ca_key.pem", cert_path="cert.pem", key_path="key.pem"): ca_key = rsa.generate_private_key(public_exponent=65537, key_size=2048) ca_subject = x509.Name([ x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"), x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"NoSys-CA"), x509.NameAttribute(NameOID.COMMON_NAME, u"NoSys Local CA"), ]) ca_cert = ( x509.CertificateBuilder() .subject_name(ca_subject) .issuer_name(ca_subject) .public_key(ca_key.public_key()) .serial_number(x509.random_serial_number()) .not_valid_before(datetime.utcnow()) .not_valid_after(datetime.utcnow() + timedelta(days=3650)) .add_extension( x509.BasicConstraints(ca=True, path_length=None), critical=True, ) .sign(ca_key, hashes.SHA256()) ) with open(ca_path, "wb") as f: f.write(ca_cert.public_bytes(serialization.Encoding.PEM)) with open(ca_key_path, "wb") as f: f.write(ca_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption(), )) key = rsa.generate_private_key(public_exponent=65537, key_size=2048) subject = x509.Name([ x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"), x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"NoSys"), x509.NameAttribute(NameOID.COMMON_NAME, u"localhost"), ]) cert = ( x509.CertificateBuilder() .subject_name(subject) .issuer_name(ca_subject) .public_key(key.public_key()) .serial_number(x509.random_serial_number()) .not_valid_before(datetime.utcnow()) .not_valid_after(datetime.utcnow() + timedelta(days=3650)) .add_extension( x509.SubjectAlternativeName([ x509.DNSName(u"localhost"), x509.IPAddress(ipaddress.IPv4Address("127.0.0.1"))]), critical=False, ) .sign(ca_key, hashes.SHA256()) ) with open(cert_path, "wb") as f: f.write(cert.public_bytes(serialization.Encoding.PEM)) with open(key_path, "wb") as f: f.write(key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption(), )) return ca_path, cert_path, key_path def add_ca_os(ca_path="ca.pem"): system = platform.system() if system == "Windows": add_ca_windows(ca_path) elif system == "Darwin": add_ca_macos(ca_path) elif system == "Linux": add_ca_linux(ca_path) else: raise Exception("Operational system not supported") def add_ca_windows(ca_path="ca.pem"): subprocess.run([ "powershell", "-Command", f'Import-Certificate -FilePath "{os.path.abspath(ca_path)}" -CertStoreLocation Cert:\\CurrentUser\\Root' ], check=True) def add_ca_macos(ca_path="ca.pem"): subprocess.run([ "sudo", "security", "add-trusted-cert", "-d", "-r", "trustRoot", "-k", "/Library/Keychains/System.keychain", os.path.abspath(ca_path) ], check=True) def add_ca_linux(ca_path="ca.pem"): import shutil dest = "/usr/local/share/ca-certificates/zecho-ca.crt" shutil.copy(os.path.abspath(ca_path), dest) subprocess.run(["sudo", "update-ca-certificates"], check=True)