From 6f91694d51211135a09b5c2167c97a8e5dfe2bf1 Mon Sep 17 00:00:00 2001
From: Bas Stottelaar <basstottelaar@gmail.com>
Date: Wed, 12 Nov 2014 22:53:22 +0100
Subject: [PATCH] Check if pyOpenSSL is installed before enabling HTTPS.

Previous, it is only checked if pyOpenSSL is installed when certificates are
generated. Now, it is checked when HTTPS is enabled. In case it is missing,
HTTPS will be disabled.
---
 Headphones.py          | 10 ++++++++++
 headphones/helpers.py  | 35 ++++++++++++++++-------------------
 headphones/webstart.py | 15 +++++++--------
 3 files changed, 33 insertions(+), 27 deletions(-)

diff --git a/Headphones.py b/Headphones.py
index 118494cd..12ee7d47 100755
--- a/Headphones.py
+++ b/Headphones.py
@@ -164,6 +164,16 @@ def main():
     else:
         http_port = int(headphones.CONFIG.HTTP_PORT)
 
+    # Check if pyOpenSSL is installed. It is required for certificate generation
+    # and for CherryPy.
+    if headphones.CONFIG.ENABLE_HTTPS:
+        try:
+            import OpenSSL
+        except ImportError:
+            logger.warn("The pyOpenSSL module is missing. Install this " \
+                "module to enable HTTPS. HTTPS will be disabled.")
+            headphones.CONFIG.ENABLE_HTTPS = False
+
     # Try to start the server. Will exit here is address is already in use.
     web_config = {
         'http_port': http_port,
diff --git a/headphones/helpers.py b/headphones/helpers.py
index 29f1fe23..8c1be7e7 100644
--- a/headphones/helpers.py
+++ b/headphones/helpers.py
@@ -660,44 +660,41 @@ def sab_sanitize_foldername(name):
 
     return name
 
-
 def split_string(mystring, splitvar=','):
     mylist = []
     for each_word in mystring.split(splitvar):
         mylist.append(each_word.strip())
     return mylist
 
-
 def create_https_certificates(ssl_cert, ssl_key):
     """
-    Stolen from SickBeard (http://github.com/midgetspy/Sick-Beard):
-    Create self-signed HTTPS certificares and store in paths 'ssl_cert' and 'ssl_key'
+    Create a pair of self-signed HTTPS certificares and store in them in
+    'ssl_cert' and 'ssl_key'. Method assumes pyOpenSSL is installed.
+
+    This code is stolen from SickBeard (http://github.com/midgetspy/Sick-Beard).
     """
+
     from headphones import logger
 
-    try:
-        from OpenSSL import crypto
-        from certgen import createKeyPair, createCertRequest, createCertificate, TYPE_RSA, serial
-    except:
-        logger.warn("pyOpenSSL module missing, please install to enable HTTPS")
-        return False
+    from OpenSSL import crypto
+    from certgen import createKeyPair, createCertRequest, createCertificate, \
+        TYPE_RSA, serial
 
     # Create the CA Certificate
-    cakey = createKeyPair(TYPE_RSA, 1024)
-    careq = createCertRequest(cakey, CN='Certificate Authority')
+    cakey = createKeyPair(TYPE_RSA, 2048)
+    careq = createCertRequest(cakey, CN="Certificate Authority")
     cacert = createCertificate(careq, (careq, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years
 
-    cname = 'Headphones'
-    pkey = createKeyPair(TYPE_RSA, 1024)
-    req = createCertRequest(pkey, CN=cname)
+    pkey = createKeyPair(TYPE_RSA, 2048)
+    req = createCertRequest(pkey, CN="Headphones")
     cert = createCertificate(req, (cacert, cakey), serial, (0, 60 * 60 * 24 * 365 * 10)) # ten years
 
     # Save the key and certificate to disk
     try:
-        with open(ssl_key, 'w') as f:
-            f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
-        with open(ssl_cert, 'w') as f:
-            f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
+        with open(ssl_key, "w") as fp:
+            fp.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
+        with open(ssl_cert, "w") as fp:
+            fp.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
     except IOError as e:
         logger.error("Error creating SSL key and certificate: %s", e)
         return False
diff --git a/headphones/webstart.py b/headphones/webstart.py
index ffeaf279..cf2f4a77 100644
--- a/headphones/webstart.py
+++ b/headphones/webstart.py
@@ -23,9 +23,7 @@ from headphones.webserve import WebInterface
 from headphones.helpers import create_https_certificates
 
 
-def initialize(options=None):
-    if options is None:
-        options = {}
+def initialize(options):
 
     # HTTPS stuff stolen from sickbeard
     enable_https = options['enable_https']
@@ -33,16 +31,17 @@ def initialize(options=None):
     https_key = options['https_key']
 
     if enable_https:
-        # If either the HTTPS certificate or key do not exist, make some self-signed ones.
+        # If either the HTTPS certificate or key do not exist, try to make
+        # self-signed ones.
         if not (https_cert and os.path.exists(https_cert)) or not (https_key and os.path.exists(https_key)):
             if not create_https_certificates(https_cert, https_key):
-                logger.warn(u"Unable to create cert/key files, disabling HTTPS")
-                headphones.CONFIG.ENABLE_HTTPS = False
+                logger.warn("Unable to create certificate and key. Disabling " \
+                    "HTTPS")
                 enable_https = False
 
         if not (os.path.exists(https_cert) and os.path.exists(https_key)):
-            logger.warn(u"Disabled HTTPS because of missing CERT and KEY files")
-            headphones.CONFIG.ENABLE_HTTPS = False
+            logger.warn("Disabled HTTPS because of missing certificate and " \
+                "key.")
             enable_https = False
 
     options_dict = {