1 files changed, 64 insertions, 0 deletions
diff --git a/manage.py b/manage.py
new file mode 100755
index 0000000..8838a1e
--- /dev/null
+++ b/manage.py
@@ -0,0 +1,64 @@
+#!/usr/bin/env python
+import os
+import sys
+import socket
+from OpenSSL import crypto
+from OpenSSL.crypto import PKey, X509
+from server import app
+VAR_PATH = "var"
+LOG_PATH = os.path.join(VAR_PATH, "log")
+KEY_PATH = os.path.join(VAR_PATH, "ssl-key.pem")
+CERT_PATH = os.path.join(VAR_PATH, "ssl-cert.pem")
+def generate_cert(serial=1):
+    ca = X509()
+    ca.set_version(2)
+    ca.set_serial_number(serial)
+    ca.get_subject().CN = socket.getfqdn()
+    ca.gmtime_adj_notBefore(0)
+    ca.gmtime_adj_notAfter(24 * 60 * 60)
+    ca.set_issuer(ca.get_subject())
+    ca.set_pubkey(key)
+    ca.sign(key, "sha256")
+    with open(CERT_PATH, "wb") as fp:
+        fp.write(crypto.dump_certificate(crypto.FILETYPE_PEM, ca))
+if not os.path.exists(VAR_PATH):
+    os.mkdir(VAR_PATH)
+if not os.path.exists(LOG_PATH):
+    os.mkdir(LOG_PATH)
+if not os.path.exists(KEY_PATH):
+    key = PKey()
+    key.generate_key(crypto.TYPE_RSA, 2048)
+    with open(KEY_PATH, "wb") as fp:
+        os.chmod(KEY_PATH, 0o600)
+        fp.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key))
+else:
+    with open(KEY_PATH, "rb") as fp:
+        key = crypto.load_privatekey(crypto.FILETYPE_PEM, fp.read())
+if not os.path.exists(CERT_PATH):
+    generate_cert()
+else:
+    with open(CERT_PATH, "rb") as fp:
+        cert = crypto.load_certificate(crypto.FILETYPE_PEM, fp.read())
+    if cert.has_expired():
+        generate_cert(cert.get_serial_number() + 1)
+if __name__ == "__main__" and sys.argv[-1] == "runserver":
+    app.run(host="0.0.0.0", port=5000,
+            ssl_context=("var/ssl-cert.pem", "var/ssl-key.pem"),
+            threaded=True, debug=True)

diff --git a/manage.py b/manage.py new file mode 100755 index 0000000..8838a1e --- /dev/null +++ b/manage.py
@@ -0,0 +1,64 @@
	1	#!/usr/bin/env python
	2
	3	import os
	4	import sys
	5	import socket
	6	from OpenSSL import crypto
	7	from OpenSSL.crypto import PKey, X509
	8
	9	from server import app
	10
	11
	12	VAR_PATH = "var"
	13	LOG_PATH = os.path.join(VAR_PATH, "log")
	14	KEY_PATH = os.path.join(VAR_PATH, "ssl-key.pem")
	15	CERT_PATH = os.path.join(VAR_PATH, "ssl-cert.pem")
	16
	17
	18	def generate_cert(serial=1):
	19	ca = X509()
	20	ca.set_version(2)
	21	ca.set_serial_number(serial)
	22	ca.get_subject().CN = socket.getfqdn()
	23	ca.gmtime_adj_notBefore(0)
	24	ca.gmtime_adj_notAfter(24 * 60 * 60)
	25	ca.set_issuer(ca.get_subject())
	26	ca.set_pubkey(key)
	27	ca.sign(key, "sha256")
	28
	29	with open(CERT_PATH, "wb") as fp:
	30	fp.write(crypto.dump_certificate(crypto.FILETYPE_PEM, ca))
	31
	32
	33	if not os.path.exists(VAR_PATH):
	34	os.mkdir(VAR_PATH)
	35
	36	if not os.path.exists(LOG_PATH):
	37	os.mkdir(LOG_PATH)
	38
	39	if not os.path.exists(KEY_PATH):
	40	key = PKey()
	41	key.generate_key(crypto.TYPE_RSA, 2048)
	42
	43	with open(KEY_PATH, "wb") as fp:
	44	os.chmod(KEY_PATH, 0o600)
	45	fp.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key))
	46	else:
	47	with open(KEY_PATH, "rb") as fp:
	48	key = crypto.load_privatekey(crypto.FILETYPE_PEM, fp.read())
	49
	50
	51	if not os.path.exists(CERT_PATH):
	52	generate_cert()
	53	else:
	54	with open(CERT_PATH, "rb") as fp:
	55	cert = crypto.load_certificate(crypto.FILETYPE_PEM, fp.read())
	56
	57	if cert.has_expired():
	58	generate_cert(cert.get_serial_number() + 1)
	59
	60
	61	if __name__ == "__main__" and sys.argv[-1] == "runserver":
	62	app.run(host="0.0.0.0", port=5000,
	63	ssl_context=("var/ssl-cert.pem", "var/ssl-key.pem"),
	64	threaded=True, debug=True)