Replace generate_localhost_cert.sh with python manage.py generatelocalhostcert

2026-04-13 18:39:48 +08:00 · 2016-09-23 11:41:28 -04:00
parent d86374f360
commit 02b24cdda9
4 changed files with 39 additions and 5 deletions
--- a/2
+++ b/2
@@ -12,5 +12,5 @@ COPY koji.conf /etc/rida/

 COPY . /opt/fm-orchestrator/

-RUN python2 ./manage.py upgradedb && ./generate_localhost_cert.sh
+RUN python2 ./manage.py upgradedb && python2 manage.py generatelocalhostcert
 CMD ["python2", "manage.py", "runssl"]
--- a/2
+++ b/2
@@ -9,7 +9,7 @@ $script = <<SCRIPT
    mkdir -p /etc/rida
    cp -av koji.conf /etc/rida/
    python manage.py upgradedb
-    ./generate_localhost_cert.sh
+    python manage.py generatelocalhostcert
 SCRIPT

 Vagrant.configure("2") do |config|
--- a/generate_localhost_cert.sh
+++ b/generate_localhost_cert.sh
@@ -1,3 +0,0 @@
-#!/bin/bash
-
-openssl req -subj '/CN=localhost/O=My Company Name LTD./C=US' -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout server.key -out server.crt
--- a/manage.py
+++ b/manage.py
@@ -196,6 +196,43 @@ def gendevfedmsgcert(pki_dir='/opt/fm-orchestrator/pki', force=False):
                                days=3650, digest='sha256'))


+@manager.command
+def generatelocalhostcert():
+    # Create a key pair for the message signing cert
+    from OpenSSL import crypto
+    cert_key = crypto.PKey()
+    cert_key.generate_key(crypto.TYPE_RSA, 2048)
+
+    with open('server.key', 'w') as cert_key_file:
+        cert_key_file.write(
+            crypto.dump_privatekey(crypto.FILETYPE_PEM, cert_key))
+
+    cert = crypto.X509()
+    msg_cert_subject = cert.get_subject()
+    msg_cert_subject.C = 'US'
+    msg_cert_subject.ST = 'MA'
+    msg_cert_subject.L = 'Boston'
+    msg_cert_subject.O = 'Development'
+    msg_cert_subject.CN = 'localhost'
+    cert.set_serial_number(2)
+    cert.gmtime_adj_notBefore(0)
+    cert.gmtime_adj_notAfter(315360000)  # 10 years
+    cert.set_issuer(cert.get_subject())
+    cert.set_pubkey(cert_key)
+    cert_extensions = [
+        crypto.X509Extension(
+            'keyUsage', True,
+            'digitalSignature, keyEncipherment, nonRepudiation'),
+        crypto.X509Extension('extendedKeyUsage', True, 'serverAuth'),
+    ]
+    cert.add_extensions(cert_extensions)
+    cert.sign(cert_key, 'sha256')
+
+    with open('server.crt', 'w') as cert_file:
+        cert_file.write(
+            crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
+
+
@manager.command
 def runssl(host=conf.host, port=conf.port, debug=False):
    """ Runs the Flask app with the HTTPS settings configured in config.py