From e22fd74d06bf646e7da95cde8f7238763f081276 Mon Sep 17 00:00:00 2001 From: Aldo Cortesi Date: Fri, 18 Mar 2011 16:45:31 +1300 Subject: Revamp key generation. We now create three different files in the .mitmproxy directory when a dummy CA is made: mitmproxy-ca.pem - the CA, including private key mitmproxy-ca-cert.p12 - A pkcs12 version of the certificate, for distribution to Windows. mitmproxy-ca-cert.pem - A PEM version of the certificate, for distribution to everyone else. --- libmproxy/utils.py | 52 +++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 47 insertions(+), 5 deletions(-) (limited to 'libmproxy/utils.py') diff --git a/libmproxy/utils.py b/libmproxy/utils.py index 34c49e14..699cb863 100644 --- a/libmproxy/utils.py +++ b/libmproxy/utils.py @@ -339,9 +339,15 @@ def dummy_ca(path): Returns True if operation succeeded, False if not. """ - d = os.path.dirname(path) - if not os.path.exists(d): - os.makedirs(d) + dirname = os.path.dirname(path) + if not os.path.exists(dirname): + os.makedirs(dirname) + + if path.endswith(".pem"): + basename, _ = os.path.splitext(path) + else: + basename = path + cmd = [ "openssl", "req", @@ -364,8 +370,44 @@ def dummy_ca(path): if ret: return False # end nocover - else: - return True + + cmd = [ + "openssl", + "pkcs12", + "-export", + "-password", "pass:", + "-nokeys", + "-in", path, + "-out", os.path.join(dirname, basename + "-cert.p12") + ] + ret = subprocess.call( + cmd, + stderr=subprocess.PIPE, + stdout=subprocess.PIPE, + stdin=subprocess.PIPE + ) + # begin nocover + if ret: + return False + # end nocover + cmd = [ + "openssl", + "x509", + "-in", path, + "-out", os.path.join(dirname, basename + "-cert.pem") + ] + ret = subprocess.call( + cmd, + stderr=subprocess.PIPE, + stdout=subprocess.PIPE, + stdin=subprocess.PIPE + ) + # begin nocover + if ret: + return False + # end nocover + + return True def dummy_cert(certdir, ca, commonname): -- cgit v1.2.3