Revamp key generation.

We now create three different files in the .mitmproxy directory when a dummy CA
is made:

mitmproxy-ca.pem - the CA, including private key

mitmproxy-ca-cert.p12 - A pkcs12 version of the certificate, for distribution to Windows.

mitmproxy-ca-cert.pem - A PEM version of the certificate, for distribution to everyone else.

doc-src/index.html

@@ -1,15 +1,13 @@
 
 
 * [Introduction](@!urlTo("intro.html")!@)
-* Concepts
-    * [Client-side replay](@!urlTo("clientreplay.html")!@)
-    * [Server-side replay](@!urlTo("serverreplay.html")!@)
-    * [Sticky cookies](@!urlTo("stickycookies.html")!@)
-    * [Anticache](@!urlTo("anticache.html")!@)
-    * [Filter expressions](@!urlTo("filters.html")!@)
-    * [Scripting API](@!urlTo("scripts.html")!@)
-* SSL
-    * [Overview](@!urlTo("/ssl.html")!@)
+* [Client-side replay](@!urlTo("clientreplay.html")!@)
+* [Server-side replay](@!urlTo("serverreplay.html")!@)
+* [Sticky cookies](@!urlTo("stickycookies.html")!@)
+* [Anticache](@!urlTo("anticache.html")!@)
+* [Filter expressions](@!urlTo("filters.html")!@)
+* [Scripting API](@!urlTo("scripts.html")!@)
+* [SSL](@!urlTo("/ssl.html")!@)
     * Browser certificate installation: 
         * [Firefox](@!urlTo("certinstall/firefox.html")!@)
         * [Safari](@!urlTo("certinstall/safari.html")!@)

libmproxy/cmdline.py

@@ -29,6 +29,11 @@ def common_options(parser):
         action="store", type = "str", dest="addr", default='',
         help = "Address to bind proxy to (defaults to all interfaces)"
     )
+    parser.add_option(
+        "--confdir",
+        action="store", type = "str", dest="confdir", default='~/.mitmproxy',
+        help = "Configuration directory. (~/.mitmproxy)"
+    )
     parser.add_option(
         "-p",
         action="store", type = "int", dest="port", default=8080,

libmproxy/proxy.py

@@ -22,7 +22,7 @@ class ProxyError(Exception):
         return "ProxyError(%s, %s)"%(self.code, self.msg)
 
 
-class Config:
+class SSLConfig:
     def __init__(self, certfile = None, ciphers = None, cacert = None):
         self.certfile = certfile
         self.ciphers = ciphers
@@ -769,11 +769,6 @@ def certificate_option_group(parser):
         type = "str", dest="cert", default=None,
         help = "User-created SSL certificate file."
     )
-    group.add_option(
-        "--cacert", action="store",
-        type = "str", dest="cacert", default="~/.mitmproxy/ca.pem",
-        help = "SSL CA certificate file. Generated if it doesn't exist."
-    )
     group.add_option(
         "--ciphers", action="store",
         type = "str", dest="ciphers", default=None,
@@ -788,14 +783,15 @@ def process_certificate_option_group(parser, options):
         options.cert = os.path.expanduser(options.cert)
         if not os.path.exists(options.cert):
             parser.error("Manually created certificate does not exist: %s"%options.cert)
-    if options.cacert:
-        options.cacert = os.path.expanduser(options.cacert)
-        if not os.path.exists(options.cacert):
-            utils.dummy_ca(options.cacert)
+
+    cacert = os.path.join(options.confdir, "mitmproxy-ca.pem")
+    cacert = os.path.expanduser(cacert)
+    if not os.path.exists(cacert):
+        utils.dummy_ca(cacert)
     if getattr(options, "cache", None) is not None:
         options.cache = os.path.expanduser(options.cache)
-    return Config(
+    return SSLConfig(
         certfile = options.cert,
-        cacert = options.cacert,
+        cacert = cacert,
         ciphers = options.ciphers
     )

libmproxy/utils.py

@@ -339,9 +339,15 @@ def dummy_ca(path):
 
         Returns True if operation succeeded, False if not.
     """
-    d = os.path.dirname(path)
-    if not os.path.exists(d):
-        os.makedirs(d)
+    dirname = os.path.dirname(path)
+    if not os.path.exists(dirname):
+        os.makedirs(dirname)
+
+    if path.endswith(".pem"):
+        basename, _ = os.path.splitext(path)
+    else:
+        basename = path
+
     cmd = [
         "openssl",
         "req",
@@ -364,8 +370,44 @@ def dummy_ca(path):
     if ret:
         return False
     # end nocover
-    else:
-        return True
+
+    cmd = [
+        "openssl",
+        "pkcs12",
+        "-export",
+        "-password", "pass:",
+        "-nokeys",
+        "-in", path,
+        "-out", os.path.join(dirname, basename + "-cert.p12")
+    ]
+    ret = subprocess.call(
+        cmd,
+        stderr=subprocess.PIPE,
+        stdout=subprocess.PIPE,
+        stdin=subprocess.PIPE
+    )
+    # begin nocover
+    if ret:
+        return False
+    # end nocover
+    cmd = [
+        "openssl",
+        "x509",
+        "-in", path,
+        "-out", os.path.join(dirname, basename + "-cert.pem")
+    ]
+    ret = subprocess.call(
+        cmd,
+        stderr=subprocess.PIPE,
+        stdout=subprocess.PIPE,
+        stdin=subprocess.PIPE
+    )
+    # begin nocover
+    if ret:
+        return False
+    # end nocover
+
+    return True
 
 
 def dummy_cert(certdir, ca, commonname):

test/test_utils.py

@@ -281,6 +281,12 @@ class udummy_ca(libpry.AutoTree):
         assert utils.dummy_ca(path)
         assert os.path.exists(path)
 
+        path = os.path.join(d, "foo/cert2.pem")
+        assert utils.dummy_ca(path)
+        assert os.path.exists(path)
+        assert os.path.exists(os.path.join(d, "foo/cert2-cert.pem"))
+        assert os.path.exists(os.path.join(d, "foo/cert2-cert.p12"))
+
 
 class udummy_cert(libpry.AutoTree):
     def test_with_ca(self):

test/tutils.py

@@ -43,7 +43,7 @@ HTTPS_PORT = random.randint(30000, 40000)
 
 class TestMaster(controller.Master):
     def __init__(self, port, testq):
-        serv = proxy.ProxyServer(proxy.Config("data/testkey.pem"), port)
+        serv = proxy.ProxyServer(proxy.SSLConfig("data/testkey.pem"), port)
         controller.Master.__init__(self, serv)
         self.testq = testq
         self.log = []