116 lines
3.9 KiB
Python
116 lines
3.9 KiB
Python
import os
|
|
import webview
|
|
import ssl
|
|
import ipaddress
|
|
import pathlib
|
|
from cryptography import x509
|
|
from cryptography.x509.oid import NameOID
|
|
from cryptography.hazmat.primitives import hashes, serialization
|
|
from cryptography.hazmat.primitives.asymmetric import rsa
|
|
from datetime import datetime, timedelta
|
|
import os
|
|
import platform
|
|
import subprocess
|
|
|
|
def generate_ca_and_cert(ca_path="ca.pem", ca_key_path="ca_key.pem",
|
|
cert_path="cert.pem", key_path="key.pem"):
|
|
|
|
ca_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
|
|
ca_subject = x509.Name([
|
|
x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
|
|
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"NoSys-CA"),
|
|
x509.NameAttribute(NameOID.COMMON_NAME, u"NoSys Local CA"),
|
|
])
|
|
ca_cert = (
|
|
x509.CertificateBuilder()
|
|
.subject_name(ca_subject)
|
|
.issuer_name(ca_subject)
|
|
.public_key(ca_key.public_key())
|
|
.serial_number(x509.random_serial_number())
|
|
.not_valid_before(datetime.utcnow())
|
|
.not_valid_after(datetime.utcnow() + timedelta(days=3650))
|
|
.add_extension(
|
|
x509.BasicConstraints(ca=True, path_length=None), critical=True,
|
|
)
|
|
.sign(ca_key, hashes.SHA256())
|
|
)
|
|
|
|
with open(ca_path, "wb") as f:
|
|
f.write(ca_cert.public_bytes(serialization.Encoding.PEM))
|
|
with open(ca_key_path, "wb") as f:
|
|
f.write(ca_key.private_bytes(
|
|
encoding=serialization.Encoding.PEM,
|
|
format=serialization.PrivateFormat.TraditionalOpenSSL,
|
|
encryption_algorithm=serialization.NoEncryption(),
|
|
))
|
|
|
|
key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
|
|
subject = x509.Name([
|
|
x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
|
|
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"NoSys"),
|
|
x509.NameAttribute(NameOID.COMMON_NAME, u"localhost"),
|
|
])
|
|
cert = (
|
|
x509.CertificateBuilder()
|
|
.subject_name(subject)
|
|
.issuer_name(ca_subject)
|
|
.public_key(key.public_key())
|
|
.serial_number(x509.random_serial_number())
|
|
.not_valid_before(datetime.utcnow())
|
|
.not_valid_after(datetime.utcnow() + timedelta(days=3650))
|
|
.add_extension(
|
|
x509.SubjectAlternativeName([
|
|
x509.DNSName(u"localhost"),
|
|
x509.IPAddress(ipaddress.IPv4Address("127.0.0.1"))]),
|
|
critical=False,
|
|
)
|
|
.sign(ca_key, hashes.SHA256())
|
|
)
|
|
|
|
with open(cert_path, "wb") as f:
|
|
f.write(cert.public_bytes(serialization.Encoding.PEM))
|
|
with open(key_path, "wb") as f:
|
|
f.write(key.private_bytes(
|
|
encoding=serialization.Encoding.PEM,
|
|
format=serialization.PrivateFormat.TraditionalOpenSSL,
|
|
encryption_algorithm=serialization.NoEncryption(),
|
|
))
|
|
|
|
return ca_path, cert_path, key_path
|
|
|
|
def add_ca_os(ca_path="ca.pem"):
|
|
system = platform.system()
|
|
if system == "Windows":
|
|
add_ca_windows(ca_path)
|
|
elif system == "Darwin":
|
|
add_ca_macos(ca_path)
|
|
elif system == "Linux":
|
|
add_ca_linux(ca_path)
|
|
else:
|
|
raise Exception("Operational system not supported")
|
|
|
|
def add_ca_windows(ca_path="ca.pem"):
|
|
subprocess.run([
|
|
"powershell",
|
|
"-Command",
|
|
f'Import-Certificate -FilePath "{os.path.abspath(ca_path)}" -CertStoreLocation Cert:\\CurrentUser\\Root'
|
|
], check=True)
|
|
|
|
def add_ca_macos(ca_path="ca.pem"):
|
|
subprocess.run([
|
|
"sudo",
|
|
"security",
|
|
"add-trusted-cert",
|
|
"-d",
|
|
"-r", "trustRoot",
|
|
"-k", "/Library/Keychains/System.keychain",
|
|
os.path.abspath(ca_path)
|
|
], check=True)
|
|
|
|
def add_ca_linux(ca_path="ca.pem"):
|
|
import shutil
|
|
dest = "/usr/local/share/ca-certificates/zecho-ca.crt"
|
|
shutil.copy(os.path.abspath(ca_path), dest)
|
|
subprocess.run(["sudo", "update-ca-certificates"], check=True)
|
|
|