Commit c6d6b55a authored by Aflitos, Saulo Alves's avatar Aflitos, Saulo Alves
Browse files

added ssl

parent 1530d978
......@@ -83,7 +83,9 @@ class encryption(object):
self.RSA_KEY_SIZE = int(open(self.keylen_file , 'r' ).read())
print "RSA_KEY_SIZE", self.RSA_KEY_SIZE
self.rsa_private_key_file_name = os.path.join( "templates", 'rsa_%d_priv.pem' % self.RSA_KEY_SIZE )
self.rsa_private_key_file_name = 'rsa_%d_priv.pem' % self.RSA_KEY_SIZE
#self.rsa_private_key_file_name = os.path.join( "templates", 'rsa_%d_priv.pem' % self.RSA_KEY_SIZE )
self.rsa_public_key_file_name = os.path.join( "templates", 'rsa_%d_pub.pem' % self.RSA_KEY_SIZE )
if ( not os.path.exists( self.rsa_private_key_file_name ) ) or ( not os.path.exists( self.rsa_public_key_file_name ) ):
......@@ -156,35 +158,51 @@ class encryption(object):
##VARIABLES
#DEBUG = True
#MAX_NUMBER_OF_COLUMNS = 300
#SERVER_PORT = 10000
#MAX_CONTENT_LENGTH = 128 * 1024 * 1024
#USE_SQL = True
#INFOLDER = None
#
#
#hasLogin = False
#SECRET_KEY = None
#USER_DATABASE_FILE = None
#SECRET_FILE = None
#ENCRYPTION_INST = None
def load_config( args ):
if len(args) == 0:
print "no config file or command given"
sys.exit(1)
variables = {
'HAS_LOGIN' : False,
'SERVER_PORT' : 10000,
'DEBUG' : True,
'MAX_CONTENT_LENGTH' : MAX_CONTENT_LENGTH,
'LIBRE_POINTS' : librepoints,
'LIBRE_PATHS' : [
'/api',
'/favicon.ico'
],
'IDEBUG' : IDEBUG,
'getManager' : getManager,
'INTERFACE' : interface
}
##VARIABLES
#hasLogin = False
#SERVER_PORT = 10000
#librepaths = [
# '/api',
# '/favicon.ico'
#]
#DEBUG = True
#USE_SSL = False
#
#MAX_NUMBER_OF_COLUMNS = 300
#MAX_CONTENT_LENGTH = 128 * 1024 * 1024
#USE_SQL = True
#INFOLDER = None
#
#
#SECRET_KEY = None
#USER_DATABASE_FILE = None
#SECRET_FILE = None
#ENCRYPTION_INST = None
global SERVER_PORT
global USE_SQL
global SECRET_FILE
global SECRET_KEY
global ENCRYPTION_INST
global USER_DATABASE_FILE
INFOLDER = os.path.abspath( args[0] )
if not os.path.exists( INFOLDER ):
......@@ -194,23 +212,11 @@ def load_config( args ):
if not os.path.isdir( INFOLDER ):
print "data folder %s is not a folder" % INFOLDER
sys.exit(1)
config_file = os.path.join( INFOLDER, 'config.py' )
if not os.path.exists( config_file ):
print "config file %s does not exists" % config_file
sys.exit( 1 )
variables['INFOLDER'] = INFOLDER
print "loading config", config_file
lcls = {}
execfile(config_file, globals(), lcls)
for lcl in lcls:
globals()[lcl] = lcls[lcl]
SECRET_FILE = os.path.join( INFOLDER, "config.secret" )
if not os.path.exists( SECRET_FILE ):
print "secret file %s does not exists. CREATING" % SECRET_FILE
secret = os.urandom(24)
......@@ -218,24 +224,40 @@ def load_config( args ):
SECRET_KEY = open(SECRET_FILE , 'rb').read().strip()
print "SECRET KEY ", repr(SECRET_KEY)
variables['SECRET_KEY'] = SECRET_KEY
config_file = os.path.join( INFOLDER, 'config.py' )
if not os.path.exists( config_file ):
print "config file %s does not exists" % config_file
sys.exit( 1 )
print "loading config", config_file
lcl = {}
execfile(config_file, lcl, lcl)
#print "lcl", lcl, "\n"
for k in lcl:
if k in variables:
print "updating key %s from %s to %s" % (k, str(variables[k]), str(lcl[k]))
variables[k] = lcl[k]
app.before_first_request(init_db)
app.secret_key = SECRET_KEY
app.debug = DEBUG
app.config["getManager" ] = getManager
app.config['HAS_LOGIN' ] = hasLogin
app.config['LIBRE_PATHS' ] = librepaths
app.config['LIBRE_POINTS' ] = librepoints
app.config['MAX_CONTENT_LENGTH'] = MAX_CONTENT_LENGTH
app.config["INFOLDER" ] = INFOLDER
app.config["IDEBUG" ] = IDEBUG
app.config["INTERFACE" ] = interface
app.config["SERVER_PORT" ] = SERVER_PORT
app.secret_key = variables['SECRET_KEY']
app.debug = variables['DEBUG' ]
for k in variables:
app.config[k] = variables[k]
#print "config", app.config, "\n"
interface.DEBUG = IDEBUG
if hasLogin:
if variables['HAS_LOGIN']:
print "LOGIN ENABLED"
print "INITIALIZING DB"
USER_DATABASE_FILE = os.path.join( INFOLDER, 'users.sqlite' )
......
#decide whether to have user control or not
hasLogin = True
HAS_LOGIN = False
#define port to server webpage
SERVER_PORT = 10000
# pages which can be seen without login
librepaths = [
LIBRE_PATHS = [
'/api',
'/favicon.ico'
]
DEBUG = True
......@@ -26,18 +26,107 @@ row order\tcol order\n
#https://exploreflask.com/users.html
import sys
import subprocess
print "importing SSL"
#import ssl
from OpenSSL import crypto, SSL
SSL_KEY_LENGTH = 2048
print "IMPORTING BEHAVIOUR"
from behaviour import *
def init( args ):
load_config( args )
def start():
app.run(port=app.config["SERVER_PORT" ], host='0.0.0.0')
if app.config['HAS_LOGIN']:
ssl_cert, ssl_key = create_self_signed_cert(cert_dir=dir_path, cert_name="server")
print "SSL ENABLED: access by https://127.0.0.1:%d" % app.config["SERVER_PORT" ]
app.run(port=app.config["SERVER_PORT" ], host='0.0.0.0', ssl_context=(ssl_cert, ssl_key))
else:
print "SSL DISABLED: access by http://127.0.0.1:%d" % app.config["SERVER_PORT" ]
app.run(port=app.config["SERVER_PORT" ], host='0.0.0.0')
def create_self_signed_cert(cert_dir=".", cert_name="server"):
print "generating self signed certificate"
C_F = os.path.join(os.path.abspath(cert_dir), cert_name + ".crt")
K_F = os.path.join(os.path.abspath(cert_dir), cert_name + ".key")
if not os.path.exists(C_F) or not os.path.exists(K_F):
print " certificates do not exists. creating"
cmdline = "openssl req -nodes -new -newkey rsa:%(key_length)d -x509 -batch -days 365 -extensions v3_req -keyout %(key_file)s -out %(cert_file)s" % {"key_length": SSL_KEY_LENGTH, "key_file": K_F, "cert_file": C_F }
print " running:", cmdline
os.system(cmdline)
else:
print " certificates exists. skipping"
return (C_F, K_F)
#if os.path.exists( ssl_cert ) and os.path.exists( ssl_key ) :
# print "SSL ENABLED: access by https://127.0.0.1:%d" % app.config["SERVER_PORT" ]
# app.run(port=app.config["SERVER_PORT" ], host='0.0.0.0', ssl_context=(ssl_cert, ssl_key))
#
#else:
# print "SSL DISABLED: access by http://127.0.0.1:%d" % app.config["SERVER_PORT" ]
# app.run(port=app.config["SERVER_PORT" ], host='0.0.0.0')
#context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
#context = ssl.create_default_context( ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
#context.load_cert_chain('yourserver.crt', 'yourserver.key')
#app.run(port=app.config["SERVER_PORT" ], host='0.0.0.0', ssl_context=context)
#http://kracekumar.com/post/54437887454/ssl-for-flask-local-development
#Generate a private key
#openssl genrsa -des3 -out server.key 1024
#
#Generate a CSR
#openssl req -new -key server.key -out server.csr
#
#Remove Passphrase from key
#cp server.key server.key.org
#openssl rsa -in server.key.org -out server.key
#
#Generate self signed certificate
#openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
#
#
#openssl req -nodes -new -newkey rsa:2048 -x509 -batch -days 365 -keyout server.key -out server.crt
#ssl_cert = os.path.join(dir_path, 'server.crt')
#ssl_key = os.path.join(dir_path, 'server.key')
#http://www.linux.org/threads/creating-a-self-signed-certificate-with-python.4591/
#def create_self_signed_cert(cert_dir=".", cert_name="server"):
# print "generating self signed certificate"
# C_F = os.path.join(os.path.abspath(cert_dir), cert_name + ".crt")
# K_F = os.path.join(os.path.abspath(cert_dir), cert_name + ".key")
#
# if not os.path.exists(C_F) or not os.path.exists(K_F):
# print " certificates do not exists. creating"
# # create a key pair
# k = crypto.PKey()
# k.generate_key(crypto.TYPE_RSA, SSL_KEY_LENGTH)
# # create a self-signed cert
# cert = crypto.X509()
# cert.set_pubkey(k)
# cert.sign(k, 'sha1')
#
# print " saving certificates"
# open(C_F, "wt").write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
# open(K_F, "wt").write(crypto.dump_privatekey( crypto.FILETYPE_PEM, k ))
# return (C_F, K_F)
if __name__ == '__main__':
init(sys.argv[1:])
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment