jojojojo aua
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
import os
|
||||
import json
|
||||
from datetime import timedelta
|
||||
from datetime import timedelta, datetime
|
||||
|
||||
# Hardcodierte Konfiguration
|
||||
SECRET_KEY = "7445630171969DFAC92C53CEC92E67A9CB2E00B3CB2F"
|
||||
@@ -91,23 +91,80 @@ def get_ssl_context():
|
||||
# Wenn Zertifikate nicht existieren, diese automatisch erstellen
|
||||
if not os.path.exists(SSL_CERT_PATH) or not os.path.exists(SSL_KEY_PATH):
|
||||
ensure_ssl_directory()
|
||||
|
||||
|
||||
# Prüfen, ob wir uns im Entwicklungsmodus befinden
|
||||
if FLASK_DEBUG:
|
||||
print("SSL-Zertifikate nicht gefunden. Erstelle selbstsignierte Zertifikate...")
|
||||
|
||||
# Pfad zum create_ssl_cert.sh-Skript ermitteln
|
||||
script_path = os.path.join(os.path.dirname(os.path.dirname(os.path.dirname(__file__))),
|
||||
"install", "create_ssl_cert.sh")
|
||||
|
||||
# Ausführungsrechte setzen
|
||||
if os.path.exists(script_path):
|
||||
os.system(f"chmod +x {script_path}")
|
||||
# SSL-Zertifikate direkt mit Python erstellen
|
||||
try:
|
||||
from cryptography import x509
|
||||
from cryptography.x509.oid import NameOID
|
||||
from cryptography.hazmat.primitives import hashes
|
||||
from cryptography.hazmat.primitives.asymmetric import rsa
|
||||
from cryptography.hazmat.primitives import serialization
|
||||
import ipaddress
|
||||
|
||||
# Zertifikate erstellen mit spezifischem Hostnamen
|
||||
os.system(f"{script_path} -c {SSL_CERT_PATH} -k {SSL_KEY_PATH} -h {SSL_HOSTNAME}")
|
||||
else:
|
||||
print(f"WARNUNG: SSL-Zertifikat-Generator nicht gefunden: {script_path}")
|
||||
# Private Key generieren
|
||||
private_key = rsa.generate_private_key(
|
||||
public_exponent=65537,
|
||||
key_size=2048,
|
||||
)
|
||||
|
||||
# Subject und Issuer für Mercedes-Benz Werk Berlin 040
|
||||
subject = issuer = x509.Name([
|
||||
x509.NameAttribute(NameOID.COUNTRY_NAME, "DE"),
|
||||
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "Berlin"),
|
||||
x509.NameAttribute(NameOID.LOCALITY_NAME, "Berlin"),
|
||||
x509.NameAttribute(NameOID.ORGANIZATION_NAME, "Mercedes-Benz AG"),
|
||||
x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Werk Berlin 040"),
|
||||
x509.NameAttribute(NameOID.COMMON_NAME, "raspberrypi"),
|
||||
])
|
||||
|
||||
# Zertifikat erstellen
|
||||
cert = x509.CertificateBuilder().subject_name(
|
||||
subject
|
||||
).issuer_name(
|
||||
issuer
|
||||
).public_key(
|
||||
private_key.public_key()
|
||||
).serial_number(
|
||||
x509.random_serial_number()
|
||||
).not_valid_before(
|
||||
datetime.utcnow()
|
||||
).not_valid_after(
|
||||
datetime.utcnow() + timedelta(days=365)
|
||||
).add_extension(
|
||||
x509.SubjectAlternativeName([
|
||||
x509.DNSName("raspberrypi"),
|
||||
x509.DNSName("localhost"),
|
||||
x509.IPAddress(ipaddress.IPv4Address("192.168.0.105")),
|
||||
x509.IPAddress(ipaddress.IPv4Address("127.0.0.1")),
|
||||
]),
|
||||
critical=False,
|
||||
).sign(private_key, hashes.SHA256())
|
||||
|
||||
# Zertifikat speichern
|
||||
with open(SSL_CERT_PATH, "wb") as f:
|
||||
f.write(cert.public_bytes(serialization.Encoding.PEM))
|
||||
|
||||
# Private Key speichern
|
||||
with open(SSL_KEY_PATH, "wb") as f:
|
||||
f.write(private_key.private_bytes(
|
||||
encoding=serialization.Encoding.PEM,
|
||||
format=serialization.PrivateFormat.PKCS8,
|
||||
encryption_algorithm=serialization.NoEncryption()
|
||||
))
|
||||
|
||||
print(f"✅ SSL-Zertifikate erfolgreich erstellt für Mercedes-Benz Werk Berlin 040")
|
||||
print(f" Hostname: raspberrypi")
|
||||
print(f" IP: 192.168.0.105")
|
||||
|
||||
except ImportError:
|
||||
print("FEHLER: cryptography-Bibliothek nicht installiert. Installiere mit: pip install cryptography")
|
||||
return None
|
||||
except Exception as e:
|
||||
print(f"FEHLER beim Erstellen der SSL-Zertifikate: {e}")
|
||||
return None
|
||||
else:
|
||||
print("WARNUNG: SSL-Zertifikate nicht gefunden und Nicht-Debug-Modus. SSL wird deaktiviert.")
|
||||
|
||||
Reference in New Issue
Block a user