Revamp key generation.

We now create three different files in the .mitmproxy directory when a dummy CA is made: mitmproxy-ca.pem - the CA, including private key mitmproxy-ca-cert.p12 - A pkcs12 version of the certificate, for distribution to Windows. mitmproxy-ca-cert.pem - A PEM version of the certificate, for distribution to everyone else.
author: Aldo Cortesi <aldo@nullcube.com> 2011-03-18 16:45:31 +1300
committer: Aldo Cortesi <aldo@nullcube.com> 2011-03-18 16:45:31 +1300
commit: e22fd74d06bf646e7da95cde8f7238763f081276 (patch)
tree: 46b8bd42a25a45066c80a7ed4204ac9db2777c04
parent: 3fbf343985cd1a957514ebcc54fee067c18b99ea (diff)
download: mitmproxy-e22fd74d06bf646e7da95cde8f7238763f081276.tar.gz
mitmproxy-e22fd74d06bf646e7da95cde8f7238763f081276.tar.bz2
mitmproxy-e22fd74d06bf646e7da95cde8f7238763f081276.zip
6 files changed, 74 insertions, 27 deletions
diff --git a/doc-src/index.html b/doc-src/index.html
index 049528a6..56b35f47 100644
--- a/doc-src/index.html
+++ b/doc-src/index.html
@@ -1,15 +1,13 @@
 
 
 * [Introduction](@!urlTo("intro.html")!@)
-* Concepts
-    * [Client-side replay](@!urlTo("clientreplay.html")!@)
-    * [Server-side replay](@!urlTo("serverreplay.html")!@)
-    * [Sticky cookies](@!urlTo("stickycookies.html")!@)
-    * [Anticache](@!urlTo("anticache.html")!@)
-    * [Filter expressions](@!urlTo("filters.html")!@)
-    * [Scripting API](@!urlTo("scripts.html")!@)
-* SSL
-    * [Overview](@!urlTo("/ssl.html")!@)
+* [Client-side replay](@!urlTo("clientreplay.html")!@)
+* [Server-side replay](@!urlTo("serverreplay.html")!@)
+* [Sticky cookies](@!urlTo("stickycookies.html")!@)
+* [Anticache](@!urlTo("anticache.html")!@)
+* [Filter expressions](@!urlTo("filters.html")!@)
+* [Scripting API](@!urlTo("scripts.html")!@)
+* [SSL](@!urlTo("/ssl.html")!@)
     * Browser certificate installation: 
         * [Firefox](@!urlTo("certinstall/firefox.html")!@)
         * [Safari](@!urlTo("certinstall/safari.html")!@)
diff --git a/libmproxy/cmdline.py b/libmproxy/cmdline.py
index 58dbadad..78a88e9e 100644
--- a/libmproxy/cmdline.py
+++ b/libmproxy/cmdline.py
@@ -30,6 +30,11 @@ def common_options(parser):
         help = "Address to bind proxy to (defaults to all interfaces)"
     )
     parser.add_option(
+        "--confdir",
+        action="store", type = "str", dest="confdir", default='~/.mitmproxy',
+        help = "Configuration directory. (~/.mitmproxy)"
+    )
+    parser.add_option(
         "-p",
         action="store", type = "int", dest="port", default=8080,
         help = "Proxy service port."
diff --git a/libmproxy/proxy.py b/libmproxy/proxy.py
index 80040a03..1f6dafa8 100644
--- a/libmproxy/proxy.py
+++ b/libmproxy/proxy.py
@@ -22,7 +22,7 @@ class ProxyError(Exception):
         return "ProxyError(%s, %s)"%(self.code, self.msg)
 
 
-class Config:
+class SSLConfig:
     def __init__(self, certfile = None, ciphers = None, cacert = None):
         self.certfile = certfile
         self.ciphers = ciphers
@@ -770,11 +770,6 @@ def certificate_option_group(parser):
         help = "User-created SSL certificate file."
     )
     group.add_option(
-        "--cacert", action="store",
-        type = "str", dest="cacert", default="~/.mitmproxy/ca.pem",
-        help = "SSL CA certificate file. Generated if it doesn't exist."
-    )
-    group.add_option(
         "--ciphers", action="store",
         type = "str", dest="ciphers", default=None,
         help = "SSL ciphers."
@@ -788,14 +783,15 @@ def process_certificate_option_group(parser, options):
         options.cert = os.path.expanduser(options.cert)
         if not os.path.exists(options.cert):
             parser.error("Manually created certificate does not exist: %s"%options.cert)
-    if options.cacert:
-        options.cacert = os.path.expanduser(options.cacert)
-        if not os.path.exists(options.cacert):
-            utils.dummy_ca(options.cacert)
+
+    cacert = os.path.join(options.confdir, "mitmproxy-ca.pem")
+    cacert = os.path.expanduser(cacert)
+    if not os.path.exists(cacert):
+        utils.dummy_ca(cacert)
     if getattr(options, "cache", None) is not None:
         options.cache = os.path.expanduser(options.cache)
-    return Config(
+    return SSLConfig(
         certfile = options.cert,
-        cacert = options.cacert,
+        cacert = cacert,
         ciphers = options.ciphers
     )
diff --git a/libmproxy/utils.py b/libmproxy/utils.py
index 34c49e14..699cb863 100644
--- a/libmproxy/utils.py
+++ b/libmproxy/utils.py
@@ -339,9 +339,15 @@ def dummy_ca(path):
 
         Returns True if operation succeeded, False if not.
     """
-    d = os.path.dirname(path)
-    if not os.path.exists(d):
-        os.makedirs(d)
+    dirname = os.path.dirname(path)
+    if not os.path.exists(dirname):
+        os.makedirs(dirname)
+
+    if path.endswith(".pem"):
+        basename, _ = os.path.splitext(path)
+    else:
+        basename = path
+
     cmd = [
         "openssl",
         "req",
@@ -364,8 +370,44 @@ def dummy_ca(path):
     if ret:
         return False
     # end nocover
-    else:
-        return True
+
+    cmd = [
+        "openssl",
+        "pkcs12",
+        "-export",
+        "-password", "pass:",
+        "-nokeys",
+        "-in", path,
+        "-out", os.path.join(dirname, basename + "-cert.p12")
+    ]
+    ret = subprocess.call(
+        cmd,
+        stderr=subprocess.PIPE,
+        stdout=subprocess.PIPE,
+        stdin=subprocess.PIPE
+    )
+    # begin nocover
+    if ret:
+        return False
+    # end nocover
+    cmd = [
+        "openssl",
+        "x509",
+        "-in", path,
+        "-out", os.path.join(dirname, basename + "-cert.pem")
+    ]
+    ret = subprocess.call(
+        cmd,
+        stderr=subprocess.PIPE,
+        stdout=subprocess.PIPE,
+        stdin=subprocess.PIPE
+    )
+    # begin nocover
+    if ret:
+        return False
+    # end nocover
+
+    return True
 
 
 def dummy_cert(certdir, ca, commonname):
diff --git a/test/test_utils.py b/test/test_utils.py
index 434d6b26..94523676 100644
--- a/test/test_utils.py
+++ b/test/test_utils.py
@@ -281,6 +281,12 @@ class udummy_ca(libpry.AutoTree):
         assert utils.dummy_ca(path)
         assert os.path.exists(path)
 
+        path = os.path.join(d, "foo/cert2.pem")
+        assert utils.dummy_ca(path)
+        assert os.path.exists(path)
+        assert os.path.exists(os.path.join(d, "foo/cert2-cert.pem"))
+        assert os.path.exists(os.path.join(d, "foo/cert2-cert.p12"))
+
 
 class udummy_cert(libpry.AutoTree):
     def test_with_ca(self):
diff --git a/test/tutils.py b/test/tutils.py
index ae9dea27..fea7f224 100644
--- a/test/tutils.py
+++ b/test/tutils.py
@@ -43,7 +43,7 @@ HTTPS_PORT = random.randint(30000, 40000)
 
 class TestMaster(controller.Master):
     def __init__(self, port, testq):
-        serv = proxy.ProxyServer(proxy.Config("data/testkey.pem"), port)
+        serv = proxy.ProxyServer(proxy.SSLConfig("data/testkey.pem"), port)
         controller.Master.__init__(self, serv)
         self.testq = testq
         self.log = []
author	Aldo Cortesi <aldo@nullcube.com>	2011-03-18 16:45:31 +1300
committer	Aldo Cortesi <aldo@nullcube.com>	2011-03-18 16:45:31 +1300
commit	e22fd74d06bf646e7da95cde8f7238763f081276 (patch)
tree	46b8bd42a25a45066c80a7ed4204ac9db2777c04
parent	3fbf343985cd1a957514ebcc54fee067c18b99ea (diff)
download	mitmproxy-e22fd74d06bf646e7da95cde8f7238763f081276.tar.gz mitmproxy-e22fd74d06bf646e7da95cde8f7238763f081276.tar.bz2 mitmproxy-e22fd74d06bf646e7da95cde8f7238763f081276.zip