🎉 Added IHK_Projektdokumentation/Gamma_AI_Präsentations_Prompt.md & updated related files 📚 🔧

2025-06-10 13:33:51 +02:00
parent 7e4bfbd4d7
commit b2174224ec
12 changed files with 169 additions and 5 deletions
--- a/backend/app_production.py
+++ b/backend/app_production.py
@@ -145,13 +145,32 @@ def setup_production_ssl():
    return cert_file, key_file

 def create_production_ssl_certificates(ssl_dir):
-    """Erstelle browser-kompatible SSL-Zertifikate manuell"""
-    
-    import subprocess
-    import tempfile
+    """Erstelle browser-kompatible SSL-Zertifikate plattformübergreifend"""
    
    app_logger.info("🔧 Erstelle browser-kompatible SSL-Zertifikate...")
    
+    # Versuche OpenSSL (Linux/Raspberry Pi)
+    if platform.system() != 'Windows':
+        try:
+            create_ssl_with_openssl(ssl_dir)
+            return
+        except Exception as e:
+            app_logger.warning(f"⚠️ OpenSSL fehlgeschlagen: {e}")
+    
+    # Fallback: Python Cryptography Library (Windows + Linux)
+    try:
+        create_ssl_with_python(ssl_dir)
+    except ImportError as e:
+        app_logger.error("❌ Cryptography Library nicht installiert")
+        app_logger.error("💡 Installiere mit: pip install cryptography")
+        app_logger.error("💡 Dann starte das Skript neu")
+        raise Exception("SSL-Zertifikat-Erstellung erfordert 'cryptography' library")
+
+def create_ssl_with_openssl(ssl_dir):
+    """Erstelle SSL-Zertifikate mit OpenSSL"""
+    import subprocess
+    import tempfile
+    
    # OpenSSL-Konfiguration für Browser-Kompatibilität
    openssl_config = f"""[req]
 distinguished_name = req_distinguished_name
@@ -219,7 +238,7 @@ DNS.8 = *.de040.corpintra.net
        os.chmod(f'{ssl_dir}/cert.pem', 0o644)
        os.chmod(f'{ssl_dir}/key.pem', 0o600)
        
-        app_logger.info("✅ Browser-kompatible SSL-Zertifikate erstellt")
+        app_logger.info("✅ Browser-kompatible SSL-Zertifikate mit OpenSSL erstellt")
        
    finally:
        # Räume temporäre Datei auf
@@ -228,6 +247,114 @@ DNS.8 = *.de040.corpintra.net
        except:
            pass

+def create_ssl_with_python(ssl_dir):
+    """Erstelle SSL-Zertifikate mit Python Cryptography Library"""
+    from cryptography import x509
+    from cryptography.x509.oid import NameOID, ExtensionOID
+    from cryptography.hazmat.primitives import hashes, serialization
+    from cryptography.hazmat.primitives.asymmetric import rsa
+    import ipaddress
+    
+    app_logger.info("🐍 Erstelle SSL-Zertifikate mit Python Cryptography...")
+    
+    # Generiere Private Key
+    private_key = rsa.generate_private_key(
+        public_exponent=65537,
+        key_size=2048,
+    )
+    
+    # Subject und Issuer
+    subject = issuer = x509.Name([
+        x509.NameAttribute(NameOID.COUNTRY_NAME, "DE"),
+        x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "Baden-Wuerttemberg"),
+        x509.NameAttribute(NameOID.LOCALITY_NAME, "Stuttgart"),
+        x509.NameAttribute(NameOID.ORGANIZATION_NAME, "Mercedes-Benz AG"),
+        x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "MYP Druckerverwaltung"),
+        x509.NameAttribute(NameOID.COMMON_NAME, "m040tbaraspi001"),
+    ])
+    
+    # Subject Alternative Names für Browser-Kompatibilität
+    san_list = [
+        # Lokale Entwicklung
+        x509.DNSName("localhost"),
+        x509.DNSName("*.localhost"),
+        x509.IPAddress(ipaddress.IPv4Address("127.0.0.1")),
+        x509.IPAddress(ipaddress.IPv6Address("::1")),
+        
+        # Raspberry Pi Hostname
+        x509.DNSName("m040tbaraspi001"),
+        x509.DNSName("m040tbaraspi001.local"),
+        x509.DNSName("raspberrypi"),
+        x509.DNSName("raspberrypi.local"),
+        
+        # Intranet-Domain
+        x509.DNSName("m040tbaraspi001.de040.corpintra.net"),
+        x509.DNSName("*.de040.corpintra.net"),
+    ]
+    
+    # Erstelle Zertifikat
+    cert = x509.CertificateBuilder().subject_name(
+        subject
+    ).issuer_name(
+        issuer
+    ).public_key(
+        private_key.public_key()
+    ).serial_number(
+        x509.random_serial_number()
+    ).not_valid_before(
+        datetime.now()
+    ).not_valid_after(
+        datetime.now() + timedelta(days=365)
+    ).add_extension(
+        x509.SubjectAlternativeName(san_list),
+        critical=True,
+    ).add_extension(
+        x509.BasicConstraints(ca=False, path_length=None),
+        critical=True,
+    ).add_extension(
+        x509.KeyUsage(
+            digital_signature=True,
+            key_encipherment=True,
+            key_agreement=True,
+            key_cert_sign=False,
+            crl_sign=False,
+            content_commitment=False,
+            data_encipherment=False,
+            encipher_only=False,
+            decipher_only=False
+        ),
+        critical=True,
+    ).add_extension(
+        x509.ExtendedKeyUsage([
+            x509.oid.ExtendedKeyUsageOID.SERVER_AUTH,
+            x509.oid.ExtendedKeyUsageOID.CLIENT_AUTH,
+        ]),
+        critical=True,
+    ).sign(private_key, hashes.SHA256())
+    
+    # Schreibe Private Key
+    with open(f'{ssl_dir}/key.pem', 'wb') as f:
+        f.write(private_key.private_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PrivateFormat.PKCS8,
+            encryption_algorithm=serialization.NoEncryption()
+        ))
+    
+    # Schreibe Zertifikat
+    with open(f'{ssl_dir}/cert.pem', 'wb') as f:
+        f.write(cert.public_bytes(serialization.Encoding.PEM))
+    
+    # Setze Berechtigungen falls möglich
+    try:
+        os.chmod(f'{ssl_dir}/cert.pem', 0o644)
+        os.chmod(f'{ssl_dir}/key.pem', 0o600)
+    except:
+        pass  # Windows hat andere Berechtigungen
+    
+    app_logger.info("✅ Browser-kompatible SSL-Zertifikate mit Python erstellt")
+
+
+
 # =========================== PRODUKTIONS-SSL-KONTEXT ===========================

 def get_production_ssl_context():