From 971970f6ad981453d0ca7eb346e73cd884c5c6eb Mon Sep 17 00:00:00 2001
From: Rui Carmo <rui.carmo@gmail.com>
Date: Mon, 25 Apr 2016 12:12:18 +0100
Subject: [PATCH] Second pass at certificate generation

---
 piku.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/piku.py b/piku.py
index 5c56f8a..200e17a 100644
--- a/piku.py
+++ b/piku.py
@@ -340,13 +340,14 @@ def spawn_app(app, deltas={}):
                 
     # Set up nginx if $SERVER_NAME is present
     if 'SERVER_NAME' in env:
+        domain = env['SERVER_NAME'].split()[0]       
         key, req, crt, conf = [join(CA_ROOT,'%s.%s' % (app,x)) for x in ['key','req','crt','conf']]
         cakey, cacrt = [join(CA_ROOT, 'ca.%s' % x) for x in ['key','crt']]
-        serial = md5(SERVER_NAME.split()[0] + str(datetime.now())).hexdigest()
+        serial = md5(domain + str(datetime.now())).hexdigest()
         if not exists(key):
             call('openssl genrsa -out %(key)s 1024' % locals(), shell=True)
             with open(conf,'w') as h:
-                h.write(SSL_TEMPLATE % {'domain': domain})
+                h.write(SSL_TEMPLATE % locals())
             call('openssl req -new -key %(key)s -out %(req)s -config %(conf)s' % locals(), shell=True)
             call('openssl x509 -req -days 3650 -in %(req)s -CA %(cacrt)s -CAkey %(cakey)s -set_serial 0x%(serial)s -out %(crt)s -extensions v3_req -extfile %(conf)s' % locals(), shell=True)
     
@@ -573,7 +574,9 @@ def destroy_app(app):
                 echo("Removing file '%s'" % f, fg='yellow')
                 os.remove(f)
                 
-    for f in [join(CA_ROOT, "%s.%s" % (app,x)) for x in ['conf','key','crt']].append(join(NGINX_ROOT,"%s.conf" % app)):
+    nginx_files = [join(CA_ROOT, "%s.%s" % (app,x)) for x in ['conf','key','crt']].
+    nginx_files.append(join(NGINX_ROOT,"%s.conf" % app))
+    for f in nginx_files:
         if exists(f):
             echo("Removing file '%s'" % f, fg='yellow')
             os.remove(f)
@@ -683,11 +686,12 @@ def init_paths():
     
     # Create a local certificate authority
     key, crt, conf = [join(CA_ROOT, 'ca.%s' % x) for x in ['key','crt','conf']]
+    domain = 'piku.local'
     if not exists(key):
         echo("Creating local certificate authority...", fg='yellow')
         call('openssl genrsa -des3 -out %(key)s 4096' % locals(), shell=True)
         with open(conf,'w') as h:
-            h.write(SSL_TEMPLATE % {'domain': domain})
+            h.write(SSL_TEMPLATE % locals())
         call('openssl req -new -x509 -days 3650 -key %(key)s -out %(crt)s -config %(conf)s' % locals(), shell=True)
 
     # mark this script as executable (in case we were invoked via interpreter)