Merge b2dbfbb866 into 49fb4540a2

2025-08-22 22:23:36 -07:00 · 2016-02-13 21:39:31 +00:00 · 2016-02-13 21:39:31 +00:00 · 6b0dcfd87f
commit 6b0dcfd87f
parent 49fb4540a2 b2dbfbb866
2 changed files with 21 additions and 98 deletions
--- a/lib/certgen.py
+++ b/lib/certgen.py
@ -1,82 +0,0 @@
-# -*- coding: latin-1 -*-
-#
-# Copyright (C) Martin Sjögren and AB Strakt 2001, All rights reserved
-# Copyright (C) Jean-Paul Calderone 2008, All rights reserved
-# This file is licenced under the GNU LESSER GENERAL PUBLIC LICENSE Version 2.1 or later (aka LGPL v2.1)
-# Please see LGPL2.1.txt for more information
-"""
-Certificate generation module.
-"""
-
-from OpenSSL import crypto
-import time
-
-TYPE_RSA = crypto.TYPE_RSA
-TYPE_DSA = crypto.TYPE_DSA
-
-serial = int(time.time())
-
-
-def createKeyPair(type, bits):
-    """
-    Create a public/private key pair.
-
-    Arguments: type - Key type, must be one of TYPE_RSA and TYPE_DSA
-               bits - Number of bits to use in the key
-    Returns:   The public/private key pair in a PKey object
-    """
-    pkey = crypto.PKey()
-    pkey.generate_key(type, bits)
-    return pkey
-
-def createCertRequest(pkey, digest="md5", **name):
-    """
-    Create a certificate request.
-
-    Arguments: pkey   - The key to associate with the request
-               digest - Digestion method to use for signing, default is md5
-               **name - The name of the subject of the request, possible
-                        arguments are:
-                          C     - Country name
-                          ST    - State or province name
-                          L     - Locality name
-                          O     - Organization name
-                          OU    - Organizational unit name
-                          CN    - Common name
-                          emailAddress - E-mail address
-    Returns:   The certificate request in an X509Req object
-    """
-    req = crypto.X509Req()
-    subj = req.get_subject()
-
-    for (key,value) in name.items():
-        setattr(subj, key, value)
-
-    req.set_pubkey(pkey)
-    req.sign(pkey, digest)
-    return req
-
-def createCertificate(req, (issuerCert, issuerKey), serial, (notBefore, notAfter), digest="md5"):
-    """
-    Generate a certificate given a certificate request.
-
-    Arguments: req        - Certificate reqeust to use
-               issuerCert - The certificate of the issuer
-               issuerKey  - The private key of the issuer
-               serial     - Serial number for the certificate
-               notBefore  - Timestamp (relative to now) when the certificate
-                            starts being valid
-               notAfter   - Timestamp (relative to now) when the certificate
-                            stops being valid
-               digest     - Digest method to use for signing, default is md5
-    Returns:   The signed certificate in an X509 object
-    """
-    cert = crypto.X509()
-    cert.set_serial_number(serial)
-    cert.gmtime_adj_notBefore(notBefore)
-    cert.gmtime_adj_notAfter(notAfter)
-    cert.set_issuer(issuerCert.get_subject())
-    cert.set_subject(req.get_subject())
-    cert.set_pubkey(req.get_pubkey())
-    cert.sign(issuerKey, digest)
-    return cert
--- a/plexpy/helpers.py
+++ b/plexpy/helpers.py
@ -341,31 +341,36 @@ def split_string(mystring, splitvar=','):

 def create_https_certificates(ssl_cert, ssl_key):
    """
-    Create a pair of self-signed HTTPS certificares and store in them in
+    Create a self-signed HTTPS certificate and store it in
    'ssl_cert' and 'ssl_key'. Method assumes pyOpenSSL is installed.

-    This code is stolen from SickBeard (http://github.com/midgetspy/Sick-Beard).
+    The code were noted was stolen from SickBeard (http://github.com/midgetspy/Sick-Beard).
    """

    from plexpy import logger
-
    from OpenSSL import crypto
-    from certgen import createKeyPair, createCertRequest, createCertificate, \
-        TYPE_RSA, serial
+    import time

-    # Create the CA Certificate
-    cakey = createKeyPair(TYPE_RSA, 2048)
-    careq = createCertRequest(cakey, CN="Certificate Authority")
-    cacert = createCertificate(careq, (careq, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years
+    # Create self-signed Certificate
+    key = crypto.PKey()
+    key.generate_key(crypto.TYPE_RSA, 2048)
+    
+    cert = crypto.X509()
+    cert.set_version(2)
+    cert.set_serial_number(int(time.time()))
+    cert.get_subject().CN = "PlexPy"
+    cert.gmtime_adj_notBefore(0)
+    cert.gmtime_adj_notAfter(60 * 60 * 24 * 365 * 10)
+    cert.set_issuer(cert.get_subject())
+    cert.set_pubkey(key)
+    cert.add_extensions([crypto.X509Extension("subjectAltName", False, "DNS:plex.myserver.com,IP:10.11.12.13")])
+    cert.sign(key, "sha256")

-    pkey = createKeyPair(TYPE_RSA, 2048)
-    req = createCertRequest(pkey, CN="PlexPy")
-    cert = createCertificate(req, (cacert, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years
-
-    # Save the key and certificate to disk
+    # Save the key and certificate to disk.
+    # These are the remains of the code that was stolen from SickBeard.
    try:
        with open(ssl_key, "w") as fp:
-            fp.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
+            fp.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key))
        with open(ssl_cert, "w") as fp:
            fp.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
    except IOError as e:
@ -455,4 +460,4 @@ def sanitize(string):
    if string:
        return unicode(string).replace('<','&lt;').replace('>','&gt;')
    else:
-        return ''
+        return ''