Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
#!/usr/bin/env python3
"""EnvSetup network utilities."""
from pathlib import Path
import socket
import subprocess
from .commands import exec_cmd
from .logging import log
def add_hosts_to_localhost(hosts: list):
"""Add a list of hosts to 127.0.0.1 in /etc/hosts.
:param hosts: List of commands
:type hosts: list
:raises Exception: Houston we have a problem
"""
rc, hostname = exec_cmd("hostname")
if rc == 0 and hostname not in hosts:
hosts.insert(0, hostname)
with open("/etc/hosts", "r") as fo:
content = fo.read()
new_content = list()
found_127 = False
for line in content.split("\n"):
if not found_127 and line.startswith("127.0.0.1"):
found_127 = True
for host in hosts:
if " " + host not in line:
line += " " + host
log("Adding host %s to /etc/hosts 127.0.0.1 aliases." % host)
new_content.append(line)
if not found_127:
new_content.append("127.0.0.1 %s" % " ".join(hosts))
new_content = "\n".join(new_content)
if new_content != content:
with open("/etc/hosts", "w") as fo:
fo.write(new_content)
log("/etc/hosts updated.")
else:
log("/etc/hosts is already up to date.")
OPENSSL_CONFIG_TEMPLATE = """
[ req ]
prompt = no
default_bits = 4096
default_keyfile = envsetup.csr.pem
distinguished_name = subject
req_extensions = req_ext
x509_extensions = x509_ext
string_mask = utf8only
[ subject ]
C = FR
ST = IDF
L = Paris
O = UbiCast
CN = MediaServer
emailAddress = root@localhost
[ x509_ext ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
nsComment = "OpenSSL Generated Certificate"
[ req_ext ]
subjectKeyIdentifier = hash
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
[ alternate_names ]
"""
def mkcert(
domains: list,
ecc: bool = True,
days: int = 3650,
config_tpl: str = OPENSSL_CONFIG_TEMPLATE,
):
"""Generate a self-signed certificate for the domains list.
:param domains: Domains for which the certificates will be self-signed
:type domains: list
:param ecc: Wether to use Elliptic Curve cryptography or not, defaults to True, if Fasle RSA is used
:type ecc: bool, optional
:param days: Validity lifetime of the certificate, defaults to 3650
:type days: int, optional
:param config_tpl: OpenSSL config file template, defaults to OPENSSL_CONFIG_TEMPLATE
:type config_tpl: str, optional
"""
# create certs dir
cert_dir = "/etc/ssl/envsetup"
Path(cert_dir).mkdir(mode=0o755, parents=True, exist_ok=True)
# populate template with domains
for i, domain in enumerate(domains, start=1):
config_tpl = config_tpl + "DNS.{} = {}\n".format(i, domain)
# write openssl config file
with open(cert_dir + "/conf", "w") as config_fh:
config_fh.write(config_tpl)
# key type: elliptic curve (default) or rsa
if ecc:
subprocess.check_call(
["openssl", "ecparam", "-name", "secp384r1", "-out", cert_dir + "/ecparam"]
)
keytype = "ec:" + cert_dir + "/ecparam"
else:
keytype = "rsa"
# execute openssl to generate keypair
subprocess.check_call(
[
"openssl",
"req",
"-config",
cert_dir + "/conf",
"-new",
"-x509",
"-sha256",
"-nodes",
"-newkey",
keytype,
"-keyout",
cert_dir + "/key.pem",
"-days",
str(days),
"-out",
cert_dir + "/cert.pem",
]
)
def get_ip() -> str:
"""Get the "primary" ip address, the one used by the default route.
:return: IP address
:rtype: str
"""
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
try:
# doesn't have to be reachable
s.connect(("10.255.255.255", 1))
IP = s.getsockname()[0]
except Exception:
IP = "127.0.0.1"
finally:
s.close()
return IP