Cleaned up a bit

demo/demo/settings.py

@@ -120,7 +120,7 @@
     'django.contrib.sites',
     'django.contrib.messages',
     'django.contrib.staticfiles',
-    'scare',
+    'sslserver',
     # Uncomment the next line to enable the admin:
     # 'django.contrib.admin',
     # Uncomment the next line to enable admin documentation:

sslserver/certs/development.crt

@@ -1,17 +1,18 @@
 -----BEGIN CERTIFICATE-----
-MIICtzCCAiACCQDrZJXZn21YwTANBgkqhkiG9w0BAQUFADCBnzELMAkGA1UEBhMC
-VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28x
-FjAUBgNVBAoTDUV4YW1wbGUsIEluYy4xFDASBgNVBAsTC0RldmVsb3BtZW50MREw
-DwYDVQQDEwhKb2huIERvZTEiMCAGCSqGSIb3DQEJARYTZXhhbXBsZUBleGFtcGxl
-LmNvbTAeFw0xMzAyMjgyMTU1MThaFw0yMzAyMjYyMTU1MThaMIGfMQswCQYDVQQG
-EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj
-bzEWMBQGA1UEChMNRXhhbXBsZSwgSW5jLjEUMBIGA1UECxMLRGV2ZWxvcG1lbnQx
-ETAPBgNVBAMTCEpvaG4gRG9lMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1w
-bGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2oxMprd7Yo4QHP8I4
-qXLyG4B8/Bjd8Xe621qMERqfIpp2mP1J3Xg/2vbIh+Udc2IL2nUoQD7pHqFvKFAF
-oBL+PQwlV5oWq0EeB59eidZLtpvElOeS8OGRdS8m2Jo4DGiUsDKekmjPl13VhOhb
-q+sELMF2O+c/U2NpFzCIBW39XQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAArxIyiH
-Deepo22/aOQkcI+r6ujB+4paHHLm330NOQjB9xS+XTcfhUJsZcxh+h2BCU8zrv7m
-UCRfDsVJmvXHloGMZqgcPwO3S5WYBjviofiUHAtFjX+jAzt0qdJcZH6QUq3Qgcx8
-64CYMmDZ090cgF04n4I+YDZ8IZQAZKpcEKMO
+MIIC7TCCAlYCCQDYvIq6zKvBwDANBgkqhkiG9w0BAQUFADCBujELMAkGA1UEBhMC
+VVMxGjAYBgNVBAgMEURFVkVMT1BNRU5UIFNUQVRFMRkwFwYDVQQHDBBERVZFTE9Q
+TUVOVCBDSVRZMRwwGgYDVQQKDBNERVZFTE9QTUVOVCBDT01QQU5ZMRowGAYDVQQL
+DBFESkFOR08gREVWRUxPUEVSUzESMBAGA1UEAwwJbG9jYWxob3N0MSYwJAYJKoZI
+hvcNAQkBFhdkZXZlbG9wbWVudEBleGFtcGxlLmNvbTAeFw0xMzAzMDEwMzQ1NDda
+Fw0yMzAyMjcwMzQ1NDdaMIG6MQswCQYDVQQGEwJVUzEaMBgGA1UECAwRREVWRUxP
+UE1FTlQgU1RBVEUxGTAXBgNVBAcMEERFVkVMT1BNRU5UIENJVFkxHDAaBgNVBAoM
+E0RFVkVMT1BNRU5UIENPTVBBTlkxGjAYBgNVBAsMEURKQU5HTyBERVZFTE9QRVJT
+MRIwEAYDVQQDDAlsb2NhbGhvc3QxJjAkBgkqhkiG9w0BCQEWF2RldmVsb3BtZW50
+QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTC7RORlCZ
+L25D5HEUTrXQIiKCoGesuw3Mbyl05PK2HmyiOKBD2dL/l1JIqfZKIFrT4RxDpGnr
+R3RgQ4J3mc7osladyrlyqCvLjPXCJV8aaks87fNPW4fE8z0liaeiqbOCwJAZsLE3
+JmkvhFLOtsd2CfDRxGHMyBka0ou3N6l3cQIDAQABMA0GCSqGSIb3DQEBBQUAA4GB
+AFLhm2A7w1q4KfcP7HyWJFuDF1LaKNq3+z3qrEHZXnL2hLW8dAfQISMCfNFqZuio
+x8QLRRiJ/qvI4P+oQGkPs8Yz31uMmstZenDnjl8fmopBm4mJqtLi1VT/O/pZmFUG
+dmNM3HnuRwqIdrKmxWgI1e7vErV8vVNStWhL0ukNHapr
 -----END CERTIFICATE-----

sslserver/certs/development.key

@@ -1,15 +1,15 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC2oxMprd7Yo4QHP8I4qXLyG4B8/Bjd8Xe621qMERqfIpp2mP1J
-3Xg/2vbIh+Udc2IL2nUoQD7pHqFvKFAFoBL+PQwlV5oWq0EeB59eidZLtpvElOeS
-8OGRdS8m2Jo4DGiUsDKekmjPl13VhOhbq+sELMF2O+c/U2NpFzCIBW39XQIDAQAB
-AoGAH20uJfTaLLLuTAUHmZJmygw7bsY+TSp4rLmD+igTSaC9rXyj0Or//xThdB4W
-KZwqGdoMYNG1QY3Yv3TTWDR0L+rImeidP2yZgAaP6BwQHwI8r1Qp5xhKbZiy/aB7
-/8NxrVS5jNRxcfd66ZKTZLt2pSeEVuaUdfz1zwvLb53SN6ECQQDdABVOa7b90flk
-7zJPSU5kxTk1cQIeLWSYJ+KWIAm5j9NlVIBR3Vf2BXTpUkPAyrjUIMySTnDlzZg/
-Ys5PUiZpAkEA04+lIbHbg+plTzfGExdON9ovu2uBIdm/gmpCNK76X54OIF+6jJZP
-IhvDqgZjfltTZsJXdrcwsQMTbynWSULI1QJBAIB1Ye0Zc16KRJrE5strYuP0N9K2
-g3KjFAvVc0GsEbsIvOnzejsbm9tnRJOyu6s+qryy6/ZHHhyVqt99QUqeB7ECQDiQ
-JURW+yvP1XpSnSCpkH4aVby0R3g3cZ56rmzLg6Fg7sH1FjlUTp/98FhbEOrNnATT
-XPMek2QgQGfuNZ6svmkCQQC6QNI2D1QkpMuLonsZso8iGTzvBrYva43uUiZhgil6
-kTpio1XGphzFI/ddx0gMgrzhYqHb9X9Ow1MnRs1LWlHH
+MIICWwIBAAKBgQCTC7RORlCZL25D5HEUTrXQIiKCoGesuw3Mbyl05PK2HmyiOKBD
+2dL/l1JIqfZKIFrT4RxDpGnrR3RgQ4J3mc7osladyrlyqCvLjPXCJV8aaks87fNP
+W4fE8z0liaeiqbOCwJAZsLE3JmkvhFLOtsd2CfDRxGHMyBka0ou3N6l3cQIDAQAB
+AoGAdWG2gXWoCWDPiOrnSeq7QHa/Tb92g3Cexz9FvMa26aLH3YeOiBtuUBIf4Vmr
+/ehuGQ1uXqD03Jih0eaSU584h1tuESnKMJjmN3EPdIzx3VhRP4Oo28khFGAbsNFe
+NRFPj9w2IZk9wRbgipnm4CcqNGmJ/plCmVq7/txjKM5t/EECQQDEAvSdfFV1jZkF
+A1Equr5sJRsZ6GQyNjcAVxqSL0Q63JMjkrq8xcLlSuTQ9tcV2gIOZSrVD60V1d63
+FE3riKiNAkEAwAxkLmqSQDotA9ALBPwJa/Fc+XwTLd/7g8K/XoJW4UguhewtOE/u
+rsKkX7IKd8DT7raTZ37RC0aS89IMuifrdQJAc3MuMyhNiay6KVq3zwwpJreAS/U2
+NuD56mhjjSDr9iN/Qt+kv5VX4wgG2BHbw9IhjesGnHHcR9UtlfYOoyFd7QJASj3A
+EK2EIi4bLskjKWchYUgqMAwGAgr/WR1VC30Jhwd3bLAzfvxvgcGe95uFLmwtwa90
+5mKA/4Hl1znRT7mU7QJAAVZi9pj9WXQrOJVT9Lj0/Dq9HB4O9kEG7ofKV95HbvZp
+mcrEPOc1LyIiIJKuLe2gCP4FgEsCWmLc0qU62B/QBg==
 -----END RSA PRIVATE KEY-----

sslserver/certs/server.csr

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB+zCCAWQCAQAwgboxCzAJBgNVBAYTAlVTMRowGAYDVQQIDBFERVZFTE9QTUVO
+VCBTVEFURTEZMBcGA1UEBwwQREVWRUxPUE1FTlQgQ0lUWTEcMBoGA1UECgwTREVW
+RUxPUE1FTlQgQ09NUEFOWTEaMBgGA1UECwwRREpBTkdPIERFVkVMT1BFUlMxEjAQ
+BgNVBAMMCWxvY2FsaG9zdDEmMCQGCSqGSIb3DQEJARYXZGV2ZWxvcG1lbnRAZXhh
+bXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMLtE5GUJkvbkPk
+cRROtdAiIoKgZ6y7DcxvKXTk8rYebKI4oEPZ0v+XUkip9kogWtPhHEOkaetHdGBD
+gneZzuiyVp3KuXKoK8uM9cIlXxpqSzzt809bh8TzPSWJp6Kps4LAkBmwsTcmaS+E
+Us62x3YJ8NHEYczIGRrSi7c3qXdxAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQAJ
+5XEhcUqUeOh3gK3dNoMcszfhTCCg71p2adF1ofOSxSxk53VMHD90WebsGIk4qRjT
+Kbmj46qD8wkL8VQENPgEJhDx0ms5a3gEIVdh+N5ICErE+y7ANX85Fk5jws7KyKD3
+B3iilGkFsn60Nlcpo6OcUzx1JxYaUZDKeh97VvTQvg==
+-----END CERTIFICATE REQUEST-----

sslserver/management/commands/runsslserver.py

@@ -0,0 +1,119 @@
+from datetime import datetime
+from optparse import make_option
+import os
+import ssl
+import sys
+
+from django.core.servers.basehttp import WSGIRequestHandler
+from django.core.servers.basehttp import WSGIServer
+from django.core.servers.basehttp import WSGIServerException
+from django.core.management.base import CommandError
+from django.core.management.commands import runserver
+from django.utils.importlib import import_module
+from django.utils._os import upath
+
+
+class SecureHTTPServer(WSGIServer):
+    def __init__(self, address, handler_cls, certificate, key):
+        super(SecureHTTPServer, self).__init__(address, handler_cls)
+        self.socket = ssl.wrap_socket(self.socket, certfile=certificate,
+                                      keyfile=key, server_side=True,
+                                      ssl_version=ssl.PROTOCOL_SSLv3,
+                                      cert_reqs=ssl.CERT_NONE)
+
+def default_ssl_files_dir():
+    app_module = import_module("sslserver")
+    mod_path = os.path.dirname(upath(app_module.__file__))
+    ssl_dir = os.path.join(mod_path, "certs")
+    return ssl_dir
+
+
+class Command(runserver.Command):
+    option_list = runserver.Command.option_list + (
+        make_option("--certificate",
+                    default=os.path.join(default_ssl_files_dir(),
+                                         "development.crt"),
+                    help="Path to the certificate"),
+        make_option("--key",
+                    default=os.path.join(default_ssl_files_dir(),
+                                         "development.key"),
+                    help="Path to the key file")
+    )
+
+    help = "Run a Django development server over HTTPS"
+
+    def check_certs(self, key_file, cert_file):
+        # TODO: maybe validate these? wrap_socket doesn't...
+
+        if not os.path.exists(key_file):
+            raise CommandError("Can't find key at %s" % key_file)
+        if not os.path.exists(cert_file):
+            raise CommandError("Can't find certificate at %s" %
+                               cert_file)
+
+
+    def inner_run(self, *args, **options):
+        # Django did a shitty job abstracting this.
+
+        key_file = options.get("key")
+        cert_file = options.get("certificate")
+        self.check_certs(key_file, cert_file)
+
+        from django.conf import settings
+        from django.utils import translation
+
+        threading = options.get('use_threading')
+        shutdown_message = options.get('shutdown_message', '')
+        quit_command = (sys.platform == 'win32') and 'CTRL-BREAK' or 'CONTROL-C'
+
+        self.stdout.write("Validating models...\n\n")
+        self.validate(display_num_errors=True)
+        self.stdout.write((
+            "%(started_at)s\n"
+            "Django version %(version)s, using settings %(settings)r\n"
+            "Starting development server at https://%(addr)s:%(port)s/\n"
+            "Using SSL certificate: %(cert)s\n"
+            "Using SSL key: %(key)s\n"
+            "Quit the server with %(quit_command)s.\n"
+        ) % {
+            "started_at": datetime.now().strftime('%B %d, %Y - %X'),
+            "version": self.get_version(),
+            "settings": settings.SETTINGS_MODULE,
+            "addr": self._raw_ipv6 and '[%s]' % self.addr or self.addr,
+            "port": self.port,
+            "quit_command": quit_command,
+            "cert": cert_file,
+            "key": key_file
+        })
+        # django.core.management.base forces the locale to en-us. We should
+        # set it up correctly for the first request (particularly important
+        # in the "--noreload" case).
+        translation.activate(settings.LANGUAGE_CODE)
+
+        try:
+            handler = self.get_handler(*args, **options)
+            server = SecureHTTPServer((self.addr, int(self.port)),
+                                      WSGIRequestHandler,
+                                      cert_file, key_file)
+            server.set_app(handler)
+            server.serve_forever()
+
+        except WSGIServerException, e:
+            # Use helpful error messages instead of ugly tracebacks.
+            ERRORS = {
+                13: "You don't have permission to access that port.",
+                98: "That port is already in use.",
+                99: "That IP address can't be assigned-to.",
+            }
+            try:
+                error_text = ERRORS[e.args[0].args[0]]
+            except (AttributeError, KeyError):
+                error_text = str(e)
+            self.stderr.write("Error: %s" % error_text)
+            # Need to use an OS exit because sys.exit doesn't work in a thread
+            os._exit(1)
+        except KeyboardInterrupt:
+            if shutdown_message:
+                self.stdout.write(shutdown_message)
+            sys.exit(0)
+