scratch_link.py, gencert.sh: Separate certification and private key

Now gencert.sh generates private key and certificate for the Secure WSS
server in a single file. This is not good to automate certification
addition to NSS databases. Generate them separately into two files and
initialize the Secure WSS server specifying them.

Signed-off-by: Shin'ichiro Kawasaki <kawasaki@juno.dti.ne.jp>

gencert.sh

@@ -1,7 +1,10 @@
 #!/bin/bash
-openssl req -x509 -out scratch-device-manager.pem \
+CERT_FILE=scratch-device-manager.cer
-	-keyout scratch-device-manager.pem -newkey rsa:2048 -nodes -sha256 \
+KEY_FILE=scratch-device-manager.key
-	-days 3650 -extensions EXT -config /dev/stdin << HERE
+
+# Generate certificate and key files
+openssl req -x509 -out "${CERT_FILE}" -keyout "${KEY_FILE}" -newkey rsa:2048 \
+	-nodes -sha256 -days 3650 -extensions EXT -config /dev/stdin << HERE
 [dn]
 CN = device-manager.scratch.mit.edu
 [req]
@@ -10,3 +13,4 @@ distinguished_name = dn
 [EXT]
 subjectAltName = DNS:device-manager.scratch.mit.edu
 HERE
+

scratch_link.py

@@ -529,8 +529,9 @@ class BLESession(Session):
 
 # kick start WSS server
 ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
-localhost_pem = pathlib.Path(__file__).with_name("scratch-device-manager.pem")
+localhost_cer = pathlib.Path(__file__).with_name("scratch-device-manager.cer")
-ssl_context.load_cert_chain(localhost_pem)
+localhost_key = pathlib.Path(__file__).with_name("scratch-device-manager.key")
+ssl_context.load_cert_chain(localhost_cer, localhost_key)
 sessionTypes = { '/scratch/ble': BLESession, '/scratch/bt': BTSession }
 
 async def ws_handler(websocket, path):