Make the sample server use SSL.

There's one problem: the sample wget --post-file command hangs.
zopefoundation · Sep 4, 2008 · f6aa225 · f6aa225
1 parent 7997552
commit f6aa225
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 3 deletions.
diff --git a/README.txt b/README.txt
@@ -10,12 +10,14 @@ To get started do::
 The server will come up on port 8080. You can create a new key encrypting key
 using::
 
-  $ wget http://localhost:8080/new -O kek.dat
+  $ wget https://localhost:8080/new -O kek.dat --ca-certificate sample.pem
 
 The data encryption key can now be retrieved by posting the KEK to another
 URL::
 
-  $ wget http://localhost:8080/key --post-file kek.dat -O datakey.dat
+  $ wget https://localhost:8080/key --post-file kek.dat -O datakey.dat --ca-certificate sample.pem
 
 Note: To be compliant, the server must use an encrypted communication channel
-of course.
+of course.  The ``--ca-certificate`` tells wget to trust the sample self-signed
+certificate included in the keas.kmi distribution; you'll want to generate a
+new SSL certificate for production use.
diff --git a/buildout.cfg b/buildout.cfg
@@ -31,6 +31,7 @@ recipe = zc.recipe.egg
 eggs = Paste
        PasteScript
        PasteDeploy
+       pyOpenSSL
        zope.app.component
        zope.app.publication
        zope.app.publisher

diff --git a/generate-sample-cert.sh b/generate-sample-cert.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+openssl genrsa 1024 > sample.key
+openssl req -new -x509 -nodes -sha1 -days 3650 -key sample.key > sample.cert
+cat sample.cert sample.key > sample.pem
+rm sample.key sample.cert
+
diff --git a/sample.pem b/sample.pem
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIICcTCCAdqgAwIBAgIJAMvA30EY1rKtMA0GCSqGSIb3DQEBBQUAMDAxCzAJBgNV
+BAYTAlVTMQ0wCwYDVQQKEwRLZWFzMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMDgw
+OTA0MTU1MTU5WhcNMTgwOTAyMTU1MTU5WjAwMQswCQYDVQQGEwJVUzENMAsGA1UE
+ChMES2VhczESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDK17rB/KVaK8MVjiEkvA4ZncOOIC3nStZ/erXM+qwkghPM4Tfr2FTU
+iTgwwdLdu/ht74oWnppttfaTQ+sVz2rFXnPgfqKTGoJTwWFiuNuZhSRDVssGVnL/
+RatZW6wns8UNf+W4hUe6/vGQP6obNTe2T4R+t2hXP51OkOy4BMcq0QIDAQABo4GS
+MIGPMB0GA1UdDgQWBBQDIsX7HoSqbxKrCawi64MkXRmtmzBgBgNVHSMEWTBXgBQD
+IsX7HoSqbxKrCawi64MkXRmtm6E0pDIwMDELMAkGA1UEBhMCVVMxDTALBgNVBAoT
+BEtlYXMxEjAQBgNVBAMTCWxvY2FsaG9zdIIJAMvA30EY1rKtMAwGA1UdEwQFMAMB
+Af8wDQYJKoZIhvcNAQEFBQADgYEAW5UBM7EIMpARzQwpQ8N1gyTR/VqJ9fSm4MIw
+Y5m90HRgsDcXVbhn0rRfcC8o4EtGDvCjqsFYXy/ImF9tjEiuaysxbqepl+XMszPE
+1kO50quWsV1FLSdcJX6t/ofJYOxiQkqPvg9t/ovTnEZ+w4NfPo+0MJgudjJoD2+w
+5UTsKtU=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDK17rB/KVaK8MVjiEkvA4ZncOOIC3nStZ/erXM+qwkghPM4Tfr
+2FTUiTgwwdLdu/ht74oWnppttfaTQ+sVz2rFXnPgfqKTGoJTwWFiuNuZhSRDVssG
+VnL/RatZW6wns8UNf+W4hUe6/vGQP6obNTe2T4R+t2hXP51OkOy4BMcq0QIDAQAB
+AoGAHcDJDx1M784NfoLrj6TZ+J3wik9kDFIo5mgMdLWsPGqsFthOSJTh1I8QI+66
+THX++bkyKyE2i7MuKOnEeN2Ezo2jAThF7XoWhm6/+pSXhSqmL1jKr/1CZRaR9jv0
+cCVJc3mTuAGH+yFVeGpWNvDaCmOUlD5M48xTROJXteDQ0TECQQDuDM9pmQdqkGIp
+dvbIviS8donYn0kJ0TKS14pMtb/C63lcld513rHS43ru3FRY9baR/q5vV9vW5RhH
+S7w4cYvVAkEA2iNLsFEAkY88oZJYbdyybeKxZdReyes1/zPe4RYzRdbDHRNAa+zk
+mZIZDI820E0Y+DeoT+q3nXkXiiOS/iRNDQJBAKdAvOH2sO1AcJetjArS/cCkkIlw
+sMKDB0OAyRzIfekXxPc2HU03oD0Jsy/sAh9W1GWTST/VvRIpeHtvTNljfdkCQF5T
+UuBcNoW6zXoEYU6oV1Oi6hjhW1eu6PuAv4jPY754XoiNEZdZqYQqo8BFkWtDW1/C
+GXrtQRbMDPzD40UYB2UCQQCmJpJp+u2lHj7zuZikHIHQBNyXyoGnzgNs6XUj1Bs6
+Y4vjue8w6RkRLZ1YGP+xqsngVqb9IRygyLDpEgwEnOT4
+-----END RSA PRIVATE KEY-----
diff --git a/server.ini b/server.ini
@@ -6,3 +6,4 @@ conf=zope.conf
 use = egg:Paste#http
 host = 0.0.0.0
 port = 8080
+ssl_pem = sample.pem