-
Notifications
You must be signed in to change notification settings - Fork 0
/
https_serve.py
70 lines (58 loc) · 2.18 KB
/
https_serve.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# DEPENDENCIES
# sudo apt-get install build-essential libssl-dev libffi-dev python-dev
# pip install --user pyOpenSSL
# THIS GENERATES A VALID PEM FILE
# openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
import BaseHTTPServer, SimpleHTTPServer, ssl, sys, socket, os, time
from OpenSSL import crypto
def get_ip():
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
try:
# doesn't even have to be reachable
s.connect(('10.255.255.255', 0))
IP = s.getsockname()[0]
except:
IP = '127.0.0.1'
finally:
s.close()
return IP
def makeCert(ipAddress):
key = crypto.PKey()
key.generate_key(crypto.TYPE_RSA, 2048)
# create a self-signed cert
cert = crypto.X509()
cert.set_version(2)
cert.set_serial_number( int( time.time()*1000 ) )
cert.get_subject().C = "UK"
cert.get_subject().ST = "Wherever"
cert.get_subject().L = "Londinium"
cert.get_subject().O = "wevs inc"
cert.get_subject().OU = "code monkeying"
cert.get_subject().CN = ipAddress
cert.gmtime_adj_notBefore(-60*60*24)
cert.gmtime_adj_notAfter(10*365*24*60*60)
cert.set_pubkey(key)
cert.set_issuer(cert.get_subject())
cert.add_extensions([crypto.X509Extension("subjectKeyIdentifier", False, "hash", subject=cert)])
cert.add_extensions([crypto.X509Extension("authorityKeyIdentifier", False, "keyid:always",issuer=cert)])
cert.add_extensions([crypto.X509Extension("basicConstraints", False, "CA:TRUE")])
cert.sign(key, 'sha256')
keyAsPEM = crypto.dump_privatekey(crypto.FILETYPE_PEM, key)
certAsPEM = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
certstring = keyAsPEM + certAsPEM
return certstring
#MAIN
port = 12345
try:
port = int( sys.argv[1] )
except:
None
currentIP = get_ip()
PEMFileName = currentIP + ".pem"
with open(PEMFileName, "w") as fileHandle:
fileHandle.write(makeCert(currentIP))
httpd = BaseHTTPServer.HTTPServer((currentIP, port), SimpleHTTPServer.SimpleHTTPRequestHandler)
httpd.socket = ssl.wrap_socket (httpd.socket, certfile=PEMFileName, server_side=True)
print "Serving on:", "https://"+currentIP+":"+str(port)
os.remove(PEMFileName)
httpd.serve_forever()