From 8c42fc04b79c241f15c09cf80d1ca34b6d0a86fe Mon Sep 17 00:00:00 2001 From: Shin'ichiro Kawasaki Date: Sat, 18 Apr 2020 17:48:28 +0900 Subject: [PATCH] scratch_link.py, gencert.sh: Separate certification and private key Now gencert.sh generates private key and certificate for the Secure WSS server in a single file. This is not good to automate certification addition to NSS databases. Generate them separately into two files and initialize the Secure WSS server specifying them. Signed-off-by: Shin'ichiro Kawasaki --- gencert.sh | 10 +++++++--- scratch_link.py | 5 +++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/gencert.sh b/gencert.sh index bedf02f..e0d2d53 100755 --- a/gencert.sh +++ b/gencert.sh @@ -1,7 +1,10 @@ #!/bin/bash -openssl req -x509 -out scratch-device-manager.pem \ - -keyout scratch-device-manager.pem -newkey rsa:2048 -nodes -sha256 \ - -days 3650 -extensions EXT -config /dev/stdin << HERE +CERT_FILE=scratch-device-manager.cer +KEY_FILE=scratch-device-manager.key + +# Generate certificate and key files +openssl req -x509 -out "${CERT_FILE}" -keyout "${KEY_FILE}" -newkey rsa:2048 \ + -nodes -sha256 -days 3650 -extensions EXT -config /dev/stdin << HERE [dn] CN = device-manager.scratch.mit.edu [req] @@ -10,3 +13,4 @@ distinguished_name = dn [EXT] subjectAltName = DNS:device-manager.scratch.mit.edu HERE + diff --git a/scratch_link.py b/scratch_link.py index 415b105..e5ca4b2 100755 --- a/scratch_link.py +++ b/scratch_link.py @@ -529,8 +529,9 @@ class BLESession(Session): # kick start WSS server ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) -localhost_pem = pathlib.Path(__file__).with_name("scratch-device-manager.pem") -ssl_context.load_cert_chain(localhost_pem) +localhost_cer = pathlib.Path(__file__).with_name("scratch-device-manager.cer") +localhost_key = pathlib.Path(__file__).with_name("scratch-device-manager.key") +ssl_context.load_cert_chain(localhost_cer, localhost_key) sessionTypes = { '/scratch/ble': BLESession, '/scratch/bt': BTSession } async def ws_handler(websocket, path):