notebook/tools/secure_notebook.py

#!/usr/bin/env python

from notebook.auth import passwd
from traitlets.config.loader import JSONFileConfigLoader, ConfigFileNotFound
import six
from jupyter_core.paths import jupyter_config_dir
from traitlets.config import Config


from OpenSSL import crypto, SSL
from socket import gethostname
from pprint import pprint
from time import gmtime, mktime
from os.path import exists, join

import io
import os
import json


def create_self_signed_cert(cert_dir, keyfile, certfiile):
    """
    If datacard.crt and datacard.key don't exist in cert_dir, create a new
    self-signed cert and keypair and write them into that directory.
    """

    if not exists(join(cert_dir, certfiile)) \
            or not exists(join(cert_dir, keyfile)):

        # create a key pair
        k = crypto.PKey()
        k.generate_key(crypto.TYPE_RSA, 1024)

        # create a self-signed cert
        cert = crypto.X509()
        cert.get_subject().C = "US"
        cert.get_subject().ST = "Jupyter notebook self-signed certificate"
        cert.get_subject().L = "Jupyter notebook self-signed certificate"
        cert.get_subject().O = "Jupyter notebook self-signed certificate"
        cert.get_subject().OU = "my organization"
        cert.get_subject().CN = "Jupyter notebook self-signed certificate"
        cert.set_serial_number(1000)
        cert.gmtime_adj_notBefore(0)
        cert.gmtime_adj_notAfter(365*24*60*60)
        cert.set_issuer(cert.get_subject())
        cert.set_pubkey(k)
        cert.sign(k, 'sha256')

        with io.open(join(cert_dir, certfile), "wt") as f:
            f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('utf8'))
        with io.open(join(cert_dir, keyfile), "wt") as f:
            f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k).decode('utf8'))


if __name__ == '__main__':
    print("This guide you into securing your notebook server")
    print("first choose a password.")
    pw = passwd()
    print("We will store your password encrypted in the notebook configuration file: ")
    print(pw)

    loader = JSONFileConfigLoader('jupyter_notebook_config.json', jupyter_config_dir())
    try:
        config = loader.load_config()
    except ConfigFileNotFound:
        config = Config()

    config.NotebookApp.password = pw

    with io.open(os.path.join(jupyter_config_dir(), 'jupyter_notebook_config.json'), 'w') as f:
        f.write(six.u(json.dumps(config, indent=2)))

    print('... done')
    print()

    print("Now let's generate self-signed certificates to secure your connexion.")
    print("where should the certificate live?")
    location = input('path [~/.ssh]: ')
    if not location.strip():
        location = os.path.expanduser('~/.ssh')
    keyfile = input('keyfile name [jupyter_server.key]: ')
    if not keyfile.strip():
        keyfile = 'jupyter_server.key'
    certfile = input('certfile name [jupyter_server.crt]: ')
    if not certfile.strip():
        certfile = 'jupyter_server.crt'

    create_self_signed_cert(location, keyfile, certfile)

    fullkey = os.path.join(location, keyfile)
    fullcrt = os.path.join(location, certfile)

    config.NotebookApp.certfile = fullcrt
    config.NotebookApp.keyfile = fullkey

    with io.open(os.path.join(jupyter_config_dir(), 'jupyter_notebook_config.json'), 'w') as f:
        f.write(six.u(json.dumps(config, indent=2)))
Create tool to auto generate secure settings. 2015-11-25 16:15:07 +08:00			`#!/usr/bin/env python`

			`from notebook.auth import passwd`
			`from traitlets.config.loader import JSONFileConfigLoader, ConfigFileNotFound`
			`import six`
			`from jupyter_core.paths import jupyter_config_dir`
			`from traitlets.config import Config`



			`from OpenSSL import crypto, SSL`
			`from socket import gethostname`
			`from pprint import pprint`
			`from time import gmtime, mktime`
			`from os.path import exists, join`

			`import io`
			`import os`
			`import json`


			`def create_self_signed_cert(cert_dir, keyfile, certfiile):`
			`"""`
			`If datacard.crt and datacard.key don't exist in cert_dir, create a new`
			`self-signed cert and keypair and write them into that directory.`
			`"""`

			`if not exists(join(cert_dir, certfiile)) \`
			`or not exists(join(cert_dir, keyfile)):`

			`# create a key pair`
			`k = crypto.PKey()`
			`k.generate_key(crypto.TYPE_RSA, 1024)`

			`# create a self-signed cert`
			`cert = crypto.X509()`
			`cert.get_subject().C = "US"`
don't write english before breakfast 2015-11-25 20:39:04 +08:00			`cert.get_subject().ST = "Jupyter notebook self-signed certificate"`
			`cert.get_subject().L = "Jupyter notebook self-signed certificate"`
			`cert.get_subject().O = "Jupyter notebook self-signed certificate"`
Create tool to auto generate secure settings. 2015-11-25 16:15:07 +08:00			`cert.get_subject().OU = "my organization"`
don't write english before breakfast 2015-11-25 20:39:04 +08:00			`cert.get_subject().CN = "Jupyter notebook self-signed certificate"`
Create tool to auto generate secure settings. 2015-11-25 16:15:07 +08:00			`cert.set_serial_number(1000)`
			`cert.gmtime_adj_notBefore(0)`
			`cert.gmtime_adj_notAfter(3652460*60)`
			`cert.set_issuer(cert.get_subject())`
			`cert.set_pubkey(k)`
			`cert.sign(k, 'sha256')`

			`with io.open(join(cert_dir, certfile), "wt") as f:`
			`f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('utf8'))`
			`with io.open(join(cert_dir, keyfile), "wt") as f:`
			`f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k).decode('utf8'))`


			`if __name__ == '__main__':`
			`print("This guide you into securing your notebook server")`
don't write english before breakfast 2015-11-25 20:39:04 +08:00			`print("first choose a password.")`
Create tool to auto generate secure settings. 2015-11-25 16:15:07 +08:00			`pw = passwd()`
don't write english before breakfast 2015-11-25 20:39:04 +08:00			`print("We will store your password encrypted in the notebook configuration file: ")`
Create tool to auto generate secure settings. 2015-11-25 16:15:07 +08:00			`print(pw)`

			`loader = JSONFileConfigLoader('jupyter_notebook_config.json', jupyter_config_dir())`
			`try:`
			`config = loader.load_config()`
			`except ConfigFileNotFound:`
			`config = Config()`

			`config.NotebookApp.password = pw`

don't write english before breakfast 2015-11-25 20:39:04 +08:00			`with io.open(os.path.join(jupyter_config_dir(), 'jupyter_notebook_config.json'), 'w') as f:`
Create tool to auto generate secure settings. 2015-11-25 16:15:07 +08:00			`f.write(six.u(json.dumps(config, indent=2)))`

			`print('... done')`
			`print()`

don't write english before breakfast 2015-11-25 20:39:04 +08:00			`print("Now let's generate self-signed certificates to secure your connexion.")`
			`print("where should the certificate live?")`
Create tool to auto generate secure settings. 2015-11-25 16:15:07 +08:00			`location = input('path [~/.ssh]: ')`
			`if not location.strip():`
			`location = os.path.expanduser('~/.ssh')`
			`keyfile = input('keyfile name [jupyter_server.key]: ')`
			`if not keyfile.strip():`
			`keyfile = 'jupyter_server.key'`
			`certfile = input('certfile name [jupyter_server.crt]: ')`
			`if not certfile.strip():`
			`certfile = 'jupyter_server.crt'`

			`create_self_signed_cert(location, keyfile, certfile)`

			`fullkey = os.path.join(location, keyfile)`
			`fullcrt = os.path.join(location, certfile)`

			`config.NotebookApp.certfile = fullcrt`
			`config.NotebookApp.keyfile = fullkey`

don't write english before breakfast 2015-11-25 20:39:04 +08:00			`with io.open(os.path.join(jupyter_config_dir(), 'jupyter_notebook_config.json'), 'w') as f:`
Create tool to auto generate secure settings. 2015-11-25 16:15:07 +08:00			`f.write(six.u(json.dumps(config, indent=2)))`