diff options
Diffstat (limited to 'deluge/crypto_utils.py')
-rw-r--r-- | deluge/crypto_utils.py | 61 |
1 files changed, 59 insertions, 2 deletions
diff --git a/deluge/crypto_utils.py b/deluge/crypto_utils.py index 7672efa..d636c05 100644 --- a/deluge/crypto_utils.py +++ b/deluge/crypto_utils.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- # # Copyright (C) 2007,2008 Andrew Resch <andrewresch@gmail.com> # @@ -7,8 +6,10 @@ # See LICENSE for more details. # -from __future__ import division, print_function, unicode_literals +import os +import stat +from OpenSSL import crypto from OpenSSL.crypto import FILETYPE_PEM from twisted.internet.ssl import ( AcceptableCiphers, @@ -18,6 +19,8 @@ from twisted.internet.ssl import ( TLSVersion, ) +import deluge.configmanager + # A TLS ciphers list. # Sources for more information on TLS ciphers: # - https://wiki.mozilla.org/Security/Server_Side_TLS @@ -77,3 +80,57 @@ def get_context_factory(cert_path, pkey_path): ctx.set_options(SSL_OP_NO_RENEGOTIATION) return cert_options + + +def check_ssl_keys(): + """ + Check for SSL cert/key and create them if necessary + """ + ssl_dir = deluge.configmanager.get_config_dir('ssl') + if not os.path.exists(ssl_dir): + # The ssl folder doesn't exist so we need to create it + os.makedirs(ssl_dir) + generate_ssl_keys() + else: + for f in ('daemon.pkey', 'daemon.cert'): + if not os.path.exists(os.path.join(ssl_dir, f)): + generate_ssl_keys() + break + + +def generate_ssl_keys(): + """ + This method generates a new SSL key/cert. + """ + digest = 'sha256' + + # Generate key pair + pkey = crypto.PKey() + pkey.generate_key(crypto.TYPE_RSA, 2048) + + # Generate cert request + req = crypto.X509Req() + subj = req.get_subject() + setattr(subj, 'CN', 'Deluge Daemon') + req.set_pubkey(pkey) + req.sign(pkey, digest) + + # Generate certificate + cert = crypto.X509() + cert.set_serial_number(0) + cert.gmtime_adj_notBefore(0) + cert.gmtime_adj_notAfter(60 * 60 * 24 * 365 * 3) # Three Years + cert.set_issuer(req.get_subject()) + cert.set_subject(req.get_subject()) + cert.set_pubkey(req.get_pubkey()) + cert.sign(pkey, digest) + + # Write out files + ssl_dir = deluge.configmanager.get_config_dir('ssl') + with open(os.path.join(ssl_dir, 'daemon.pkey'), 'wb') as _file: + _file.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) + with open(os.path.join(ssl_dir, 'daemon.cert'), 'wb') as _file: + _file.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) + # Make the files only readable by this user + for f in ('daemon.pkey', 'daemon.cert'): + os.chmod(os.path.join(ssl_dir, f), stat.S_IREAD | stat.S_IWRITE) |