adjustments for new confluence version

schorschii · Jan 11, 2020 · a1ec954 · a1ec954
1 parent 8793161
commit a1ec954
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 63 deletions.
diff --git a/README.md b/README.md
@@ -8,8 +8,7 @@ This script is currently in beta. Contributions welcome. Please also tell me if
 
 ## Debian Package Installation (Debian/Ubuntu/Mint)
 1. Download and install the `.deb` package from the latest release on Github.
-2. Import the generated CA certificate `/usr/share/companion/myCA.pem` in your browser. Please refer to the [instructions below](#importing-the-ca-certificate) how to import the CA certificate.
-3. After installation please log out and log in again. The script then starts automatically.
+2. After installation please log out and log in again. The script then starts automatically.
 
 ## Manual Installation (Debian/Ubuntu/Mint)
 1. Install required Python packages
@@ -18,13 +17,9 @@ apt install python3-pip python3-distutils python3-pyinotify
 pip3 install websockets
 ```
 
-2. The Companion App requires a valid certificate for the domain "atlassian-domain-for-localhost-connections-only.com" in order to communicate with the browser. You can generate your own certificate using `openssl` (recommended, [see below](#generating-an-own-certificate)) or use the provided demo certificate and key files.
+2. Edit `companion.py` and change `ALLOWED_SITE = "Confluence"` to your site name. If the defined name does not match the confluence server name, all requests are rejected. If rejected, the script prints out the site name, so you can adjust it.
 
-  The demo certificate is self signed. Thats why you have to import the associated root CA in your browser or (system-wide) in your operating system. Please refer to the [instructions below](#importing-the-ca-certificate) how to import the CA certificate.  
-
-3. Edit `companion.py` and change `ALLOWED_SITE = "Confluence"` to your site name. If the defined name does not match the confluence server name, all requests are rejected. If rejected, the script prints out the site name, so you can adjust it.
-
-4. Set execution rights and start the script.
+3. Set execution rights and start the script.
 ```bash
 chmod +x companion.py
 chmod +x start.sh
@@ -33,61 +28,11 @@ chmod +x start.sh
 
 Further hints:
 - Temporary files will be saved in `~/.cache/companion/tmp`. Please ensure that you have write permissions in that directory.
-- You can replace the cert paths in the script with absolute paths.
 - You can put `start.sh` in your personal autostart.
 - You can copy `companion.desktop` into `/etc/xdg/autostart` to install it in autostart for all users. Please do not forget to adjust the script path in the `companion.desktop` file.
 
 ---
 
 ## Installation Details
 ### Generating an own Certificate
-You can generate your own CA and Companion certificate so you don't have to trust the demo CA.
-```bash
-# generate CA private key
-openssl genrsa -aes256 -out myCA.key 2048
-
-# generate CA certificate
-openssl req -x509 -new -nodes -extensions v3_ca -key myCA.key -days 3650 -out myCA.pem -sha512
-
-# create openssl config file, content see below
-nano req.conf
-
-# create companion private key
-openssl genrsa -out companion.key 4096
-
-# create companion certificate signing request
-openssl req -new -key companion.key -out companion.csr -sha512 -config req.conf
-
-# sign request = create companion certificate
-openssl x509 -req -in companion.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out companion.crt -days 3650 -sha512 -extensions req_cert_extensions -extfile req.conf
-```
-req.conf:
-```
-[ req ]
-req_extensions     = req_cert_extensions
-distinguished_name = req_distinguished_name
-prompt = no
-
-[req_distinguished_name]
-C = DE
-ST = MyLocation
-L = MyCity
-O = MyCompany
-OU = MyDepartment
-CN = atlassian-domain-for-localhost-connections-only.com
-
-[req_cert_extensions]
-keyUsage = keyEncipherment, dataEncipherment
-extendedKeyUsage = serverAuth
-subjectAltName=@subject_alt_name
-
-[ subject_alt_name ]
-DNS.1=atlassian-domain-for-localhost-connections-only.com
-```
-
-### Importing the CA Certificate
-#### Chrome
-Go to "Settings" -> "Certificates" -> "Authorities" -> "Import" and choose the "myCA.pem" file.
-
-#### Firefox
-Go to "Preferences" -> "Privacy & Security" -> "View Certificates" -> "Authorities" -> "Import" and choose the "myCA.pem" file.
+**Update:** SSL encryption between Browser and Companion App (through atlassian-domain-for-localhost-connections-only.com) is not supported anymore as described [here](https://jira.atlassian.com/browse/CONFSERVER-59244?src=confmacro&_ga=2.138774577.300479270.1578747514-1264684236.1567087366). Confluence now uses a direct WebSocket connection to 127.0.0.1 (no domain name) without transport encryption.
diff --git a/companion.py b/companion.py
@@ -13,7 +13,7 @@
 from urllib.parse import urlparse
 import asyncio
 import pathlib
-import ssl
+#import ssl
 import websockets
 import json
 import urllib.request
@@ -250,11 +250,11 @@ def md5(fname):
             hash_md5.update(chunk)
     return hash_md5.hexdigest()
 
-ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
-ssl_context.load_cert_chain('demo-cert/companion.crt', 'demo-cert/companion.key')
+#ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+#ssl_context.load_cert_chain('demo-cert/companion.crt', 'demo-cert/companion.key')
 
 start_server = websockets.serve(
-    companionHandler, "localhost", 22274, ssl=ssl_context
+    companionHandler, "localhost", 31459#, ssl=ssl_context
 )
 
 asyncio.get_event_loop().run_until_complete(start_server)