Commit 60d6bc36 authored by echel0n's avatar echel0n
Browse files

web ssl certificate/key locations and filenames are now hard-coded

parent 4995e86a
......@@ -97,6 +97,9 @@ class Core(object):
self.gui_views_dir = os.path.join(sickrage.PROG_DIR, 'core', 'webserver', 'views')
self.gui_app_dir = os.path.join(sickrage.PROG_DIR, 'core', 'webserver', 'app')
self.https_cert_file = None
self.https_key_file = None
self.trakt_api_key = '5c65f55e11d48c35385d9e8670615763a605fad28374c8ae553a7b7a50651ddd'
self.trakt_api_secret = 'b53e32045ac122a445ef163e6d859403301ffe9b17fb8321d428531b69022a82'
self.trakt_app_id = '4562'
......@@ -338,6 +341,10 @@ class Core(object):
# set socket timeout
socket.setdefaulttimeout(self.config.general.socket_timeout)
# set ssl cert/key filenames
self.https_cert_file = os.path.abspath(os.path.join(self.data_dir, 'server.crt'))
self.https_key_file = os.path.abspath(os.path.join(self.data_dir, 'server.key'))
# setup logger settings
self.log.logSize = self.config.general.log_size
self.log.logNr = self.config.general.log_nr
......@@ -658,7 +665,7 @@ class Core(object):
self.log.info(f"SiCKRAGE :: DATABASE TYPE:[{self.db_type}]")
self.log.info(f"SiCKRAGE :: INSTALL TYPE:[{self.version_updater.updater.type}]")
self.log.info(
f"SiCKRAGE :: URL:[{('http', 'https')[self.config.general.enable_https]}://{(get_internal_ip(), self.web_host)[self.web_host != '']}:{self.config.general.web_port}/{self.config.general.web_root}]")
f"SiCKRAGE :: URL:[{('http', 'https')[self.config.general.enable_https]}://{(get_internal_ip(), self.web_host)[self.web_host not in ['', '0.0.0.0']]}:{self.config.general.web_port}/{self.config.general.web_root.lstrip('/')}]")
def launch_browser(self):
if not self.no_launch and self.config.general.launch_browser:
......
......@@ -183,50 +183,6 @@ def change_unrar_tool(unrar_tool):
sickrage.app.log.info('Disabling UNPACK setting because no unrar is installed.')
sickrage.app.config.general.unpack = False
def change_https_cert(https_cert):
"""
Replace HTTPS Certificate file path
:param https_cert: path to the new certificate file
:return: True on success, False on failure
"""
if https_cert == '':
sickrage.app.config.general.https_cert = ''
return True
if os.path.normpath(sickrage.app.config.general.https_cert) != os.path.normpath(https_cert):
if make_dir(os.path.dirname(os.path.abspath(https_cert))):
sickrage.app.config.general.https_cert = os.path.normpath(https_cert)
sickrage.app.log.info("Changed https cert path to " + https_cert)
else:
return False
return True
def change_https_key(https_key):
"""
Replace HTTPS Key file path
:param https_key: path to the new key file
:return: True on success, False on failure
"""
if https_key == '':
sickrage.app.config.general.https_key = ''
return True
if os.path.normpath(sickrage.app.config.general.https_key) != os.path.normpath(https_key):
if make_dir(os.path.dirname(os.path.abspath(https_key))):
sickrage.app.config.general.https_key = os.path.normpath(https_key)
sickrage.app.log.info("Changed https key path to " + https_key)
else:
return False
return True
def change_nzb_dir(nzb_dir):
"""
Change NZB blackhole directory
......
......@@ -485,7 +485,7 @@ class WebServer(object):
ssl_ctx = None
if sickrage.app.config.general.enable_https:
ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ssl_ctx.load_cert_chain(sickrage.app.config.general.https_cert, sickrage.app.config.general.https_key)
ssl_ctx.load_cert_chain(sickrage.app.https_cert_file, sickrage.app.https_key_file)
# Web Server
self.server = HTTPServer(self.app, ssl_options=ssl_ctx, xheaders=sickrage.app.config.general.handle_reverse_proxy)
......@@ -503,30 +503,30 @@ class WebServer(object):
def load_ssl_certificate(self, certificate=None, private_key=None):
if certificate and private_key:
with open(sickrage.app.config.general.https_cert, 'w') as cert_out:
with open(sickrage.app.https_cert_file, 'w') as cert_out:
cert_out.write(certificate)
with open(sickrage.app.config.general.https_key, 'w') as key_out:
with open(sickrage.app.https_key_file, 'w') as key_out:
key_out.write(private_key)
else:
if os.path.exists(sickrage.app.config.general.https_key) and os.path.exists(sickrage.app.config.general.https_cert):
if os.path.exists(sickrage.app.https_key_file) and os.path.exists(sickrage.app.https_cert_file):
if self.is_certificate_valid() and not self.certificate_needs_renewal():
return True
resp = sickrage.app.api.server.get_server_certificate(sickrage.app.config.general.server_id)
if not resp or 'certificate' not in resp or 'private_key' not in resp:
if not create_https_certificates(sickrage.app.config.general.https_cert, sickrage.app.config.general.https_key):
if not create_https_certificates(sickrage.app.https_cert_file, sickrage.app.https_key_file):
return False
if not os.path.exists(sickrage.app.config.general.https_cert) or not os.path.exists(sickrage.app.config.general.https_key):
if not os.path.exists(sickrage.app.https_cert_file) or not os.path.exists(sickrage.app.https_key_file):
return False
return True
with open(sickrage.app.config.general.https_cert, 'w') as cert_out:
with open(sickrage.app.https_cert_file, 'w') as cert_out:
cert_out.write(resp['certificate'])
with open(sickrage.app.config.general.https_key, 'w') as key_out:
with open(sickrage.app.https_key_file, 'w') as key_out:
key_out.write(resp['private_key'])
sickrage.app.log.info("Loaded SSL certificate successfully")
......@@ -537,10 +537,10 @@ class WebServer(object):
return True
def certificate_needs_renewal(self):
if not os.path.exists(sickrage.app.config.general.https_cert):
if not os.path.exists(sickrage.app.https_cert_file):
return
with open(sickrage.app.config.general.https_cert, 'rb') as f:
with open(sickrage.app.https_cert_file, 'rb') as f:
cert_pem = f.read()
cert = x509.load_pem_x509_certificate(cert_pem, default_backend())
......@@ -549,10 +549,10 @@ class WebServer(object):
return not_valid_after - datetime.datetime.utcnow() < (cert.not_valid_after - cert.not_valid_before) / 2
def is_certificate_valid(self):
if not os.path.exists(sickrage.app.config.general.https_cert):
if not os.path.exists(sickrage.app.https_cert_file):
return
with open(sickrage.app.config.general.https_cert, 'rb') as f:
with open(sickrage.app.https_cert_file, 'rb') as f:
cert_pem = f.read()
cert = x509.load_pem_x509_certificate(cert_pem, default_backend())
......
......@@ -19,14 +19,11 @@
# along with SiCKRAGE. If not, see <http://www.gnu.org/licenses/>.
# ##############################################################################
import os
from tornado.web import authenticated
import sickrage
from sickrage.core.common import Quality, Qualities, EpisodeStatus
from sickrage.core.config.helpers import change_gui_lang, change_https_key, change_https_cert, change_show_update_hour, \
change_version_notify
from sickrage.core.config.helpers import change_gui_lang, change_show_update_hour, change_version_notify
from sickrage.core.enums import UITheme, DefaultHomePage, TimezoneDisplay, SearchFormat, SeriesProviderID, CpuPreset
from sickrage.core.helpers import generate_api_key, checkbox_to_value, try_int
from sickrage.core.webserver import ConfigWebHandler
......@@ -259,11 +256,11 @@ class SaveGeneralHandler(BaseHandler):
sickrage.app.config.general.enable_https = checkbox_to_value(enable_https)
if not change_https_cert(https_cert):
results += ["Unable to create directory " + os.path.normpath(https_cert) + ", https cert directory not changed."]
if not change_https_key(https_key):
results += ["Unable to create directory " + os.path.normpath(https_key) + ", https key directory not changed."]
# if not change_https_cert(https_cert):
# results += ["Unable to create directory " + os.path.normpath(https_cert) + ", https cert directory not changed."]
#
# if not change_https_key(https_key):
# results += ["Unable to create directory " + os.path.normpath(https_key) + ", https key directory not changed."]
sickrage.app.config.general.handle_reverse_proxy = checkbox_to_value(handle_reverse_proxy)
......
......@@ -957,53 +957,51 @@ c<%inherit file="../layouts/config.mako"/>
</div>
</div>
<div id="content_enable_https">
<div class="form-row form-group">
<div class="col-lg-3 col-md-4 col-sm-5">
<label class="component-title">${_('HTTPS certificate')}</label>
</div>
<div class="col-lg-9 col-md-8 col-sm-7 component-desc">
<div class="form-row">
<div class="col-md-12">
<input name="https_cert" id="https_cert"
value="${sickrage.app.config.general.https_cert}"
class="form-control"
autocapitalize="off"/>
</div>
</div>
<div class="form-row">
<div class="col-md-12">
<label for="https_cert">
${_('file name or path to HTTPS certificate')}
</label>
</div>
</div>
</div>
</div>
<div class="form-row form-group">
<div class="col-lg-3 col-md-4 col-sm-5">
<label class="component-title">${_('HTTPS key')}</label>
</div>
<div class="col-lg-9 col-md-8 col-sm-7 component-desc">
<div class="form-row">
<div class="col-md-12">
<input name="https_key" id="https_key"
value="${sickrage.app.config.general.https_key}"
class="form-control" autocapitalize="off"/>
</div>
</div>
<div class="form-row">
<div class="col-md-12">
<label for="https_key">${_('file name or path to HTTPS key')}</label>
</div>
</div>
</div>
</div>
</div>
## <div id="content_enable_https">
## <div class="form-row form-group">
##
## <div class="col-lg-3 col-md-4 col-sm-5">
## <label class="component-title">${_('HTTPS certificate')}</label>
## </div>
## <div class="col-lg-9 col-md-8 col-sm-7 component-desc">
## <div class="form-row">
## <div class="col-md-12">
## <input name="https_cert" id="https_cert"
## value="${sickrage.app.config.general.https_cert}"
## class="form-control"
## autocapitalize="off"/>
## </div>
## </div>
## <div class="form-row">
## <div class="col-md-12">
## <label for="https_cert">
## ${_('file name or path to HTTPS certificate')}
## </label>
## </div>
## </div>
## </div>
## </div>
##
## <div class="form-row form-group">
## <div class="col-lg-3 col-md-4 col-sm-5">
## <label class="component-title">${_('HTTPS key')}</label>
## </div>
## <div class="col-lg-9 col-md-8 col-sm-7 component-desc">
## <div class="form-row">
## <div class="col-md-12">
## <input name="https_key" id="https_key"
## value="${sickrage.app.config.general.https_key}"
## class="form-control" autocapitalize="off"/>
## </div>
## </div>
## <div class="form-row">
## <div class="col-md-12">
## <label for="https_key">${_('file name or path to HTTPS key')}</label>
## </div>
## </div>
## </div>
## </div>
## </div>
<div class="form-row form-group">
<div class="col-lg-3 col-md-4 col-sm-5">
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment