Tls cert bugfix (#262)

* Bugfix for systems that cannot generate openssl certs. Includes self-signed certs that expire in 10 years. Removed automatic cert generation from install-deps.sh. Updated create-cert.sh to manually generate 10year certs (or any custom duration).

* Docker config changes to support web demo TLS

Dockerfile

@@ -8,13 +8,16 @@ RUN apt-get update && apt-get install -y \
     curl \
     git \
     graphicsmagick \
+    libssl-dev \
+    libffi-dev \
     python-dev \
     python-pip \
     python-numpy \
     python-nose \
     python-scipy \
     python-pandas \
-    python-protobuf\
+    python-protobuf \
+    python-openssl \
     wget \
     zip \
     && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

demos/web/create-cert.sh

@@ -1,10 +1,11 @@
 # generate self-signed certs with no password for the web and socket servers
+# this script requires that openssl is installed: e.g. sudo apt-get install openssl
 mkdir tls
 openssl genrsa -des3 -out tls/server.key 1024
 openssl req -new -key tls/server.key -out tls/server.csr
 cp tls/server.key tls/server.key.org
 openssl rsa -in tls/server.key.org -out tls/server.key
-openssl x509 -req -days 365 -in tls/server.csr -signkey tls/server.key -out tls/server.crt
+openssl x509 -req -days 3650 -in tls/server.csr -signkey tls/server.key -out tls/server.crt
 echo 'converting to pem'
 cat tls/server.crt tls/server.key > tls/server.pem
 echo 'cert complete'

demos/web/install-deps.sh

@@ -7,11 +7,10 @@ sudo apt-get install -y libprotobuf-dev libleveldb-dev libsnappy-dev \
   libopencv-dev libhdf5-serial-dev libboost-all-dev libgflags-dev \
   libgoogle-glog-dev liblmdb-dev protobuf-compiler libboost-all-dev \
   libatlas-dev libatlas-base-dev liblapack-dev libblas-dev \
-  python-pip python-numpy python-imaging python-opencv \
+  libssl-dev libffi-dev python-pip python-numpy python-imaging \
+  python-openssl python-opencv \
   git wget cmake gfortran
 
-source ~/openface/demos/web/create-cert.sh
-
 mkdir -p ~/src
 cd ~/src
 git clone https://github.com/bvlc/caffe.git

demos/web/requirements.txt

@@ -4,3 +4,7 @@ twisted == 15.2.1
 scipy >= 0.13, < 0.17
 scikit-learn >= 0.17, < 0.18
 protobuf >= 2.5, < 2.7
+appdirs >= 1.4.3
+pyOpenSSL >= 17.0.0
+cryptography >= 1.8.1
+service-identity >= 16.0.0

demos/web/tls/server.crt

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICATCCAWoCCQC0Yl1TUb3gjzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
+VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
+cyBQdHkgTHRkMB4XDTE3MDQzMDE2MDIxNFoXDTI3MDQyODE2MDIxNFowRTELMAkG
+A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
+IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApnSL
+fpgnKHKCNypUxedbBMik02B40zlK5jQUqAt8ityNYM4DxZV2pOwS4RLfgDrWfLKV
+kOiBL+2iJmNWtc8fcU/4MnhAUCgYXvl+o3yFu8EVOLU+FXhlqJRAJOpqESMVa+II
+haXDSuLLnSA0e/UrxhDmWEiTGAkteWPLyEP7G6kCAwEAATANBgkqhkiG9w0BAQsF
+AAOBgQAwYgs2CrrCoknDs2p2bS/sEBc/cAWxlB3VA0yQXTAxh+6rLOYLwoF+z92w
+IbUhUkZss1r0k7zZDBZ32ZEB6Hc0+q4r599UVV3gF/2Ongc6rvtzJtRAv5EZza0d
+l3aaZ0aPu09XuDqv9cb/g+i/L7RgQgoEiEpK60WoTm9FeJ4Fpw==
+-----END CERTIFICATE-----

demos/web/tls/server.key

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCmdIt+mCcocoI3KlTF51sEyKTTYHjTOUrmNBSoC3yK3I1gzgPF
+lXak7BLhEt+AOtZ8spWQ6IEv7aImY1a1zx9xT/gyeEBQKBhe+X6jfIW7wRU4tT4V
+eGWolEAk6moRIxVr4giFpcNK4sudIDR79SvGEOZYSJMYCS15Y8vIQ/sbqQIDAQAB
+AoGAAM7D9oNKfVnA4/+ilas/t9A5bIUlUPEQOfm6t+4GVq4nSXb2cbj98GLs3Ia4
+6uheLhC3xRI7vj3K8aC9xPgSUPpvdqEfef+SlfC7/lcHdtIfz1Fm2qtGdUERw2TC
+Iy1ttU58sDLK5dy1Igx9SeIPGMHCWemDw4CA0HVaplCIrPkCQQDRWl0HouUquzNd
+7i6kk2uNKvj0Hdft5tGNdSk9diJU2d5kLravwXKxq9cFkoZ5g8bgxjGrdnguNO4y
+bcv/fN0LAkEAy4tED+0Etg0PLIXuYpHUjy5SGYpykaNx+Rfktv2lF5Uf2aDnh6Pv
+DObQEYF1NAZVcT8BsLGKta9RGFL7UJOSmwJAS3fgu2T8abgMH1tCUy+VgNEx54Zu
+laM0fWLz1+UjISVc5w5z6s24k9XXcHnOojVf1x17QE03q6iHCYTNGi+f2wJAXgfk
+VYclmgTGcccdraO5ErxPaUUwUF+1k2GaY38h+ZcGs79Ftr/g+5DVpoCr6HDUoBB/
+c2VRs0VerWIIf9zs6QJAI0M7qCsyLw9z3wfMt8uZjGLokeSet9+LarJyRFkDVFow
+PBHMPvgU1+no5L+4A61cB9azn9zkIvchI2bSG0Ubgg==
+-----END RSA PRIVATE KEY-----

demos/web/tls/server.pem

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIICATCCAWoCCQC0Yl1TUb3gjzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
+VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
+cyBQdHkgTHRkMB4XDTE3MDQzMDE2MDIxNFoXDTI3MDQyODE2MDIxNFowRTELMAkG
+A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
+IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApnSL
+fpgnKHKCNypUxedbBMik02B40zlK5jQUqAt8ityNYM4DxZV2pOwS4RLfgDrWfLKV
+kOiBL+2iJmNWtc8fcU/4MnhAUCgYXvl+o3yFu8EVOLU+FXhlqJRAJOpqESMVa+II
+haXDSuLLnSA0e/UrxhDmWEiTGAkteWPLyEP7G6kCAwEAATANBgkqhkiG9w0BAQsF
+AAOBgQAwYgs2CrrCoknDs2p2bS/sEBc/cAWxlB3VA0yQXTAxh+6rLOYLwoF+z92w
+IbUhUkZss1r0k7zZDBZ32ZEB6Hc0+q4r599UVV3gF/2Ongc6rvtzJtRAv5EZza0d
+l3aaZ0aPu09XuDqv9cb/g+i/L7RgQgoEiEpK60WoTm9FeJ4Fpw==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCmdIt+mCcocoI3KlTF51sEyKTTYHjTOUrmNBSoC3yK3I1gzgPF
+lXak7BLhEt+AOtZ8spWQ6IEv7aImY1a1zx9xT/gyeEBQKBhe+X6jfIW7wRU4tT4V
+eGWolEAk6moRIxVr4giFpcNK4sudIDR79SvGEOZYSJMYCS15Y8vIQ/sbqQIDAQAB
+AoGAAM7D9oNKfVnA4/+ilas/t9A5bIUlUPEQOfm6t+4GVq4nSXb2cbj98GLs3Ia4
+6uheLhC3xRI7vj3K8aC9xPgSUPpvdqEfef+SlfC7/lcHdtIfz1Fm2qtGdUERw2TC
+Iy1ttU58sDLK5dy1Igx9SeIPGMHCWemDw4CA0HVaplCIrPkCQQDRWl0HouUquzNd
+7i6kk2uNKvj0Hdft5tGNdSk9diJU2d5kLravwXKxq9cFkoZ5g8bgxjGrdnguNO4y
+bcv/fN0LAkEAy4tED+0Etg0PLIXuYpHUjy5SGYpykaNx+Rfktv2lF5Uf2aDnh6Pv
+DObQEYF1NAZVcT8BsLGKta9RGFL7UJOSmwJAS3fgu2T8abgMH1tCUy+VgNEx54Zu
+laM0fWLz1+UjISVc5w5z6s24k9XXcHnOojVf1x17QE03q6iHCYTNGi+f2wJAXgfk
+VYclmgTGcccdraO5ErxPaUUwUF+1k2GaY38h+ZcGs79Ftr/g+5DVpoCr6HDUoBB/
+c2VRs0VerWIIf9zs6QJAI0M7qCsyLw9z3wfMt8uZjGLokeSet9+LarJyRFkDVFow
+PBHMPvgU1+no5L+4A61cB9azn9zkIvchI2bSG0Ubgg==
+-----END RSA PRIVATE KEY-----