From b9280d50e37633781172f5f0a994cbcb2777e051 Mon Sep 17 00:00:00 2001 From: Matthias Bussonnier Date: Wed, 25 Nov 2015 09:15:07 +0100 Subject: [PATCH 1/2] Create tool to auto generate secure settings. --- tools/secure_notebook.py | 101 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 tools/secure_notebook.py diff --git a/tools/secure_notebook.py b/tools/secure_notebook.py new file mode 100644 index 000000000..a6134980c --- /dev/null +++ b/tools/secure_notebook.py @@ -0,0 +1,101 @@ +#!/usr/bin/env python + +from notebook.auth import passwd +from traitlets.config.loader import JSONFileConfigLoader, ConfigFileNotFound +import six +from jupyter_core.paths import jupyter_config_dir +from traitlets.config import Config + + + +from OpenSSL import crypto, SSL +from socket import gethostname +from pprint import pprint +from time import gmtime, mktime +from os.path import exists, join + +import io +import os +import json + + +def create_self_signed_cert(cert_dir, keyfile, certfiile): + """ + If datacard.crt and datacard.key don't exist in cert_dir, create a new + self-signed cert and keypair and write them into that directory. + """ + + if not exists(join(cert_dir, certfiile)) \ + or not exists(join(cert_dir, keyfile)): + + # create a key pair + k = crypto.PKey() + k.generate_key(crypto.TYPE_RSA, 1024) + + # create a self-signed cert + cert = crypto.X509() + cert.get_subject().C = "US" + cert.get_subject().ST = "Jupyter notebook self-signed certificat" + cert.get_subject().L = "Jupyter notebook self-signed certificat" + cert.get_subject().O = "Jupyter notebook self-signed certificat" + cert.get_subject().OU = "my organization" + cert.get_subject().CN = "Jupyter notebook self-signed certificat" + cert.set_serial_number(1000) + cert.gmtime_adj_notBefore(0) + cert.gmtime_adj_notAfter(365*24*60*60) + cert.set_issuer(cert.get_subject()) + cert.set_pubkey(k) + cert.sign(k, 'sha256') + + with io.open(join(cert_dir, certfile), "wt") as f: + f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('utf8')) + with io.open(join(cert_dir, keyfile), "wt") as f: + f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k).decode('utf8')) + + +if __name__ == '__main__': + print("This guide you into securing your notebook server") + print("fist choose a password.") + pw = passwd() + print("We will sore you password encrypted in the notebook configuration file: ") + print(pw) + + loader = JSONFileConfigLoader('jupyter_notebook_config.json', jupyter_config_dir()) + try: + config = loader.load_config() + except ConfigFileNotFound: + config = Config() + + config.NotebookApp.password = pw + + with io.open(os.path.join(jupyter_config_dir(), 'jupyter_notebook_config.json'), 'w+') as f: + f.write(six.u(json.dumps(config, indent=2))) + + print('... done') + print() + + print("Now let's generate self signed https certificats to secure your connexion.") + print("where should the certificate live ?") + location = input('path [~/.ssh]: ') + if not location.strip(): + location = os.path.expanduser('~/.ssh') + keyfile = input('keyfile name [jupyter_server.key]: ') + if not keyfile.strip(): + keyfile = 'jupyter_server.key' + certfile = input('certfile name [jupyter_server.crt]: ') + if not certfile.strip(): + certfile = 'jupyter_server.crt' + + create_self_signed_cert(location, keyfile, certfile) + + fullkey = os.path.join(location, keyfile) + fullcrt = os.path.join(location, certfile) + + config.NotebookApp.certfile = fullcrt + config.NotebookApp.keyfile = fullkey + + with io.open(os.path.join(jupyter_config_dir(), 'jupyter_notebook_config.json'), 'w+') as f: + f.write(six.u(json.dumps(config, indent=2))) + + + From 5a7a41a83e93f515716ec415d70df98f0dc2c36e Mon Sep 17 00:00:00 2001 From: Matthias Bussonnier Date: Wed, 25 Nov 2015 13:39:04 +0100 Subject: [PATCH 2/2] don't write english before breakfast --- tools/secure_notebook.py | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tools/secure_notebook.py b/tools/secure_notebook.py index a6134980c..ebdc22a54 100644 --- a/tools/secure_notebook.py +++ b/tools/secure_notebook.py @@ -35,11 +35,11 @@ def create_self_signed_cert(cert_dir, keyfile, certfiile): # create a self-signed cert cert = crypto.X509() cert.get_subject().C = "US" - cert.get_subject().ST = "Jupyter notebook self-signed certificat" - cert.get_subject().L = "Jupyter notebook self-signed certificat" - cert.get_subject().O = "Jupyter notebook self-signed certificat" + cert.get_subject().ST = "Jupyter notebook self-signed certificate" + cert.get_subject().L = "Jupyter notebook self-signed certificate" + cert.get_subject().O = "Jupyter notebook self-signed certificate" cert.get_subject().OU = "my organization" - cert.get_subject().CN = "Jupyter notebook self-signed certificat" + cert.get_subject().CN = "Jupyter notebook self-signed certificate" cert.set_serial_number(1000) cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(365*24*60*60) @@ -55,9 +55,9 @@ def create_self_signed_cert(cert_dir, keyfile, certfiile): if __name__ == '__main__': print("This guide you into securing your notebook server") - print("fist choose a password.") + print("first choose a password.") pw = passwd() - print("We will sore you password encrypted in the notebook configuration file: ") + print("We will store your password encrypted in the notebook configuration file: ") print(pw) loader = JSONFileConfigLoader('jupyter_notebook_config.json', jupyter_config_dir()) @@ -68,14 +68,14 @@ if __name__ == '__main__': config.NotebookApp.password = pw - with io.open(os.path.join(jupyter_config_dir(), 'jupyter_notebook_config.json'), 'w+') as f: + with io.open(os.path.join(jupyter_config_dir(), 'jupyter_notebook_config.json'), 'w') as f: f.write(six.u(json.dumps(config, indent=2))) print('... done') print() - print("Now let's generate self signed https certificats to secure your connexion.") - print("where should the certificate live ?") + print("Now let's generate self-signed certificates to secure your connexion.") + print("where should the certificate live?") location = input('path [~/.ssh]: ') if not location.strip(): location = os.path.expanduser('~/.ssh') @@ -94,7 +94,7 @@ if __name__ == '__main__': config.NotebookApp.certfile = fullcrt config.NotebookApp.keyfile = fullkey - with io.open(os.path.join(jupyter_config_dir(), 'jupyter_notebook_config.json'), 'w+') as f: + with io.open(os.path.join(jupyter_config_dir(), 'jupyter_notebook_config.json'), 'w') as f: f.write(six.u(json.dumps(config, indent=2)))