From ffc9db17e3f8b0ce1f5774b681c1f3476db67658 Mon Sep 17 00:00:00 2001 From: an3k Date: Sat, 13 Feb 2016 21:08:51 +0100 Subject: [PATCH 1/4] Update helpers.py --- plexpy/helpers.py | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/plexpy/helpers.py b/plexpy/helpers.py index 3722d902..08d516f0 100644 --- a/plexpy/helpers.py +++ b/plexpy/helpers.py @@ -348,24 +348,28 @@ def create_https_certificates(ssl_cert, ssl_key): """ from plexpy import logger - from OpenSSL import crypto - from certgen import createKeyPair, createCertRequest, createCertificate, \ - TYPE_RSA, serial + import time - # Create the CA Certificate - cakey = createKeyPair(TYPE_RSA, 2048) - careq = createCertRequest(cakey, CN="Certificate Authority") - cacert = createCertificate(careq, (careq, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years - - pkey = createKeyPair(TYPE_RSA, 2048) - req = createCertRequest(pkey, CN="PlexPy") - cert = createCertificate(req, (cacert, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years + # Create self-signed Certificate + key = crypto.PKey() + key.generate_key(crypto.TYPE_RSA, 2048) + + cert = crypto.X509() + cert.set_version(2) + cert.set_serial_number(int(time.time())) + cert.get_subject().CN = "PlexPy" + cert.gmtime_adj_notBefore(0) + cert.gmtime_adj_notAfter(60 * 60 * 24 * 365 * 10) + cert.set_issuer(cert.get_subject()) + cert.set_pubkey(key) + cert.add_extensions([crypto.X509Extension("subjectAltName", False, "DNS:plex.myserver.com,IP:10.11.12.13")]) + cert.sign(key, "sha256") # Save the key and certificate to disk try: with open(ssl_key, "w") as fp: - fp.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) + fp.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key)) with open(ssl_cert, "w") as fp: fp.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) except IOError as e: @@ -455,4 +459,4 @@ def sanitize(string): if string: return unicode(string).replace('<','<').replace('>','>') else: - return '' \ No newline at end of file + return '' From 7505cfc8ca45367b9841a8e6c7b9d0cf291a8aa3 Mon Sep 17 00:00:00 2001 From: an3k Date: Sat, 13 Feb 2016 21:11:39 +0100 Subject: [PATCH 2/4] Delete certgen.py not required anymore since we now talk directly to pyOpenSSL --- lib/certgen.py | 82 -------------------------------------------------- 1 file changed, 82 deletions(-) delete mode 100644 lib/certgen.py diff --git a/lib/certgen.py b/lib/certgen.py deleted file mode 100644 index 1b941161..00000000 --- a/lib/certgen.py +++ /dev/null @@ -1,82 +0,0 @@ -# -*- coding: latin-1 -*- -# -# Copyright (C) Martin Sjögren and AB Strakt 2001, All rights reserved -# Copyright (C) Jean-Paul Calderone 2008, All rights reserved -# This file is licenced under the GNU LESSER GENERAL PUBLIC LICENSE Version 2.1 or later (aka LGPL v2.1) -# Please see LGPL2.1.txt for more information -""" -Certificate generation module. -""" - -from OpenSSL import crypto -import time - -TYPE_RSA = crypto.TYPE_RSA -TYPE_DSA = crypto.TYPE_DSA - -serial = int(time.time()) - - -def createKeyPair(type, bits): - """ - Create a public/private key pair. - - Arguments: type - Key type, must be one of TYPE_RSA and TYPE_DSA - bits - Number of bits to use in the key - Returns: The public/private key pair in a PKey object - """ - pkey = crypto.PKey() - pkey.generate_key(type, bits) - return pkey - -def createCertRequest(pkey, digest="md5", **name): - """ - Create a certificate request. - - Arguments: pkey - The key to associate with the request - digest - Digestion method to use for signing, default is md5 - **name - The name of the subject of the request, possible - arguments are: - C - Country name - ST - State or province name - L - Locality name - O - Organization name - OU - Organizational unit name - CN - Common name - emailAddress - E-mail address - Returns: The certificate request in an X509Req object - """ - req = crypto.X509Req() - subj = req.get_subject() - - for (key,value) in name.items(): - setattr(subj, key, value) - - req.set_pubkey(pkey) - req.sign(pkey, digest) - return req - -def createCertificate(req, (issuerCert, issuerKey), serial, (notBefore, notAfter), digest="md5"): - """ - Generate a certificate given a certificate request. - - Arguments: req - Certificate reqeust to use - issuerCert - The certificate of the issuer - issuerKey - The private key of the issuer - serial - Serial number for the certificate - notBefore - Timestamp (relative to now) when the certificate - starts being valid - notAfter - Timestamp (relative to now) when the certificate - stops being valid - digest - Digest method to use for signing, default is md5 - Returns: The signed certificate in an X509 object - """ - cert = crypto.X509() - cert.set_serial_number(serial) - cert.gmtime_adj_notBefore(notBefore) - cert.gmtime_adj_notAfter(notAfter) - cert.set_issuer(issuerCert.get_subject()) - cert.set_subject(req.get_subject()) - cert.set_pubkey(req.get_pubkey()) - cert.sign(issuerKey, digest) - return cert From 11100152ce938aecb75ca6e71dcd0604e25d433e Mon Sep 17 00:00:00 2001 From: an3k Date: Sat, 13 Feb 2016 22:36:03 +0100 Subject: [PATCH 3/4] Update helpers.py --- plexpy/helpers.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/plexpy/helpers.py b/plexpy/helpers.py index 08d516f0..2319bf79 100644 --- a/plexpy/helpers.py +++ b/plexpy/helpers.py @@ -341,10 +341,10 @@ def split_string(mystring, splitvar=','): def create_https_certificates(ssl_cert, ssl_key): """ - Create a pair of self-signed HTTPS certificares and store in them in + Create a self-signed HTTPS certificare and store it in 'ssl_cert' and 'ssl_key'. Method assumes pyOpenSSL is installed. - This code is stolen from SickBeard (http://github.com/midgetspy/Sick-Beard). + The code were noted was stolen from SickBeard (http://github.com/midgetspy/Sick-Beard). """ from plexpy import logger @@ -366,7 +366,8 @@ def create_https_certificates(ssl_cert, ssl_key): cert.add_extensions([crypto.X509Extension("subjectAltName", False, "DNS:plex.myserver.com,IP:10.11.12.13")]) cert.sign(key, "sha256") - # Save the key and certificate to disk + # Save the key and certificate to disk. + # These are the remains of the code that was stolen from SickBeard. try: with open(ssl_key, "w") as fp: fp.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key)) From b2dbfbb86637af27375afc7a55efa16ac99402fe Mon Sep 17 00:00:00 2001 From: an3k Date: Sat, 13 Feb 2016 22:38:27 +0100 Subject: [PATCH 4/4] Update helpers.py Tiny Typo --- plexpy/helpers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plexpy/helpers.py b/plexpy/helpers.py index 2319bf79..94d80a68 100644 --- a/plexpy/helpers.py +++ b/plexpy/helpers.py @@ -341,7 +341,7 @@ def split_string(mystring, splitvar=','): def create_https_certificates(ssl_cert, ssl_key): """ - Create a self-signed HTTPS certificare and store it in + Create a self-signed HTTPS certificate and store it in 'ssl_cert' and 'ssl_key'. Method assumes pyOpenSSL is installed. The code were noted was stolen from SickBeard (http://github.com/midgetspy/Sick-Beard).