diff options
Diffstat (limited to 'manage.py')
-rwxr-xr-x | manage.py | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/manage.py b/manage.py new file mode 100755 index 0000000..8838a1e --- /dev/null +++ b/manage.py | |||
@@ -0,0 +1,64 @@ | |||
1 | #!/usr/bin/env python | ||
2 | |||
3 | import os | ||
4 | import sys | ||
5 | import socket | ||
6 | from OpenSSL import crypto | ||
7 | from OpenSSL.crypto import PKey, X509 | ||
8 | |||
9 | from server import app | ||
10 | |||
11 | |||
12 | VAR_PATH = "var" | ||
13 | LOG_PATH = os.path.join(VAR_PATH, "log") | ||
14 | KEY_PATH = os.path.join(VAR_PATH, "ssl-key.pem") | ||
15 | CERT_PATH = os.path.join(VAR_PATH, "ssl-cert.pem") | ||
16 | |||
17 | |||
18 | def generate_cert(serial=1): | ||
19 | ca = X509() | ||
20 | ca.set_version(2) | ||
21 | ca.set_serial_number(serial) | ||
22 | ca.get_subject().CN = socket.getfqdn() | ||
23 | ca.gmtime_adj_notBefore(0) | ||
24 | ca.gmtime_adj_notAfter(24 * 60 * 60) | ||
25 | ca.set_issuer(ca.get_subject()) | ||
26 | ca.set_pubkey(key) | ||
27 | ca.sign(key, "sha256") | ||
28 | |||
29 | with open(CERT_PATH, "wb") as fp: | ||
30 | fp.write(crypto.dump_certificate(crypto.FILETYPE_PEM, ca)) | ||
31 | |||
32 | |||
33 | if not os.path.exists(VAR_PATH): | ||
34 | os.mkdir(VAR_PATH) | ||
35 | |||
36 | if not os.path.exists(LOG_PATH): | ||
37 | os.mkdir(LOG_PATH) | ||
38 | |||
39 | if not os.path.exists(KEY_PATH): | ||
40 | key = PKey() | ||
41 | key.generate_key(crypto.TYPE_RSA, 2048) | ||
42 | |||
43 | with open(KEY_PATH, "wb") as fp: | ||
44 | os.chmod(KEY_PATH, 0o600) | ||
45 | fp.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key)) | ||
46 | else: | ||
47 | with open(KEY_PATH, "rb") as fp: | ||
48 | key = crypto.load_privatekey(crypto.FILETYPE_PEM, fp.read()) | ||
49 | |||
50 | |||
51 | if not os.path.exists(CERT_PATH): | ||
52 | generate_cert() | ||
53 | else: | ||
54 | with open(CERT_PATH, "rb") as fp: | ||
55 | cert = crypto.load_certificate(crypto.FILETYPE_PEM, fp.read()) | ||
56 | |||
57 | if cert.has_expired(): | ||
58 | generate_cert(cert.get_serial_number() + 1) | ||
59 | |||
60 | |||
61 | if __name__ == "__main__" and sys.argv[-1] == "runserver": | ||
62 | app.run(host="0.0.0.0", port=5000, | ||
63 | ssl_context=("var/ssl-cert.pem", "var/ssl-key.pem"), | ||
64 | threaded=True, debug=True) | ||