add certificates for https

.gitignore

@@ -40,3 +40,5 @@ __pycache__/
 wg_config/wg_confs/
 records/
 src/auracast/server/stream_settings.json
+src/auracast/server/dev_cert.pem
+src/auracast/server/dev_key.pem

README.md

@@ -0,0 +1,111 @@
+## Local HTTP/HTTPS Setup with Custom CA
+
+This project provides a dual-port Streamlit server setup for local networks:
+
+- **HTTP** available on port **8502**
+- **HTTPS** (trusted with custom CA) available on port **8503**
+
+### How it works
+- A custom Certificate Authority (CA) is generated for your organization.
+- Each device/server is issued a certificate signed by this CA.
+- Customers can import the CA certificate into their OS/browser trust store, so the device's HTTPS connection is fully trusted (no browser warnings).
+
+### Usage
+
+1. **Generate Certificates**
+    - Run `generate_ca_and_device_cert.sh` in `src/auracast/server/`.
+    - This creates:
+        - `ca_cert.pem` / `ca_key.pem` (CA cert/key)
+        - `device_cert.pem` / `device_key.pem` (device/server cert/key)
+    - **Distribute `ca_cert.pem` to customers** for installation in their trust store.
+
+2. **Start the Server**
+    - Run `run_http_and_https.sh` in `src/auracast/server/`.
+    - This starts:
+        - HTTP Streamlit on port 8500
+        - HTTPS Streamlit on port 8501 (using the signed device cert)
+
+3. **Client Trust Setup**
+    - Customers should install `ca_cert.pem` in their operating system or browser trust store to trust the HTTPS connection.
+    - After this, browsers will show a secure HTTPS connection to the device (no warnings).
+
+### Why this setup?
+- **WebRTC and other browser features require HTTPS for local devices.**
+- Using a local CA allows trusted HTTPS without needing a public certificate or exposing devices to the internet.
+- HTTP is also available for compatibility/testing.
+
+### Advertise Hostname with mDNS
+
+To make your device discoverable as `your-hostname.your-domain.local` (e.g., `box1.auracast.local`) using mDNS/Avahi, you need to:
+
+#### Manual Method (Step-by-Step)
+
+1. **Set the Hostname (Single Label, No Dots)**
+   - Choose a simple hostname, e.g., `box1` or `auracast-box1` (do **not** use dots).
+   - Set it:
+     ```bash
+     sudo hostnamectl set-hostname <your-new-hostname>
+     ```
+
+2. **Update `/etc/hosts` for Local Resolution**
+   - Ensure `127.0.1.1` maps to your new hostname:
+     ```bash
+     sudo grep -q '^127.0.1.1' /etc/hosts && sudo sed -i 's/^127.0.1.1.*/127.0.1.1   <your-new-hostname>/' /etc/hosts || echo '127.0.1.1   <your-new-hostname>' | sudo tee -a /etc/hosts
+     ```
+
+3. **Configure Avahi Domain Name**
+   - Edit the Avahi config:
+     ```bash
+     sudo nano /etc/avahi/avahi-daemon.conf
+     ```
+   - In the `[server]` section, set or add:
+     ```ini
+     domain-name=auracast.local
+     ```
+   - Save and close the file.
+   - Restart Avahi:
+     ```bash
+     sudo systemctl restart avahi-daemon
+     ```
+
+4. **(Optional) One-liner for Avahi Domain**
+   ```bash
+   DESIRED_DOMAIN="auracast.local"; sudo sed -i -E '/^\[server\]/,/^\s*\[/{s/^\s*(#\s*)?domain-name\s*=.*/domain-name='"$DESIRED_DOMAIN"'/}' /etc/avahi/avahi-daemon.conf && sudo systemctl restart avahi-daemon
+   ```
+
+---
+
+#### Automated Method (Recommended for Most Users)
+
+Instead of the manual steps above, you can use the provided script to perform all actions safely and atomically:
+
+```bash
+cd src/auracast/server
+sudo ./change_domain_hostname.sh <new_hostname> <new_domain>
+```
+- Example:
+  ```bash
+  sudo ./change_domain_hostname.sh box1 auracast.local
+  ```
+- The script will:
+  - Validate your input (no dots in hostname)
+  - Set the system hostname
+  - Update `/etc/hosts`
+  - Set the Avahi domain in `/etc/avahi/avahi-daemon.conf`
+  - Restart Avahi
+  - Print status and error messages
+
+Use the manual method if you want to understand or customize each step, or the script for a quick, reliable setup.
+
+---
+
+### Troubleshooting & Tips
+- **Hostnames must not contain dots** (`.`). Only use single-label names for the system hostname.
+- **Avahi domain** can be multi-label (e.g., `auracast.local`).
+- **Clients may need** `libnss-mdns` installed and `/etc/nsswitch.conf` configured with `mdns4_minimal` and `mdns4` for multi-label mDNS names.
+- If you have issues with mDNS name resolution, check for conflicting mDNS stacks (e.g., systemd-resolved, Bonjour, or other daemons).
+- Some Linux clients may not resolve multi-label mDNS names via NSS—test with `avahi-resolve-host-name` and try from another device if needed.
+
+---
+
+After completing these steps, your device will be discoverable as `<hostname>.<domain>` (e.g., `box1.auracast.local`) on the local network via mDNS.

src/auracast/server/certs/ca_cert.crt

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFCTCCAvGgAwIBAgIUexHtlpFLx2VNx8NoBktV9sD22gEwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJTXlMb2NhbENBMB4XDTI1MDYyMDEwMjAzOFoXDTMwMDYx
+OTEwMjAzOFowFDESMBAGA1UEAwwJTXlMb2NhbENBMIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEA3gxg11FumiOClaZsN6a7FJg1GMsVHRocOtiFYCAeQoZ8
+7JItixKdcw3rzjRuqJpkiav9E3K3wP66sbDSxBwdYN2WIKGENLLDOLT4S54oXeeg
+gcezWu57N+2X4qWJpa6AApZgxKhqvHMMnmigikAp+5gHxEPtvv+mnLPKmcoyP8Qy
+akwx+Nl2iPGo0m4GmwK3HUSI3hhTOXWhTvjJBHTGy77jjMXWDhupNWCWbAnP9qzX
+yh4hd1O/B1zyE7hqRMZxZn5G5ibaf+AutDNJJbhoLgKWblNq1+cSym/x5+XMul66
+EgxaOVYVgfhwyqnHnCTYhz8ms8VbZmmWsmycEb/q+PDF8SxL1ORJO8UKGShGTRN8
+IpmkIzRPmqoOxnWmELm+BvZa2ATqAo+zSufS0X+VsUoyNuCNQRaMrsR3BhaHdY53
+KiQX6oPyNLj0fOchsFlSD6uQhZrEEy6n49wzykxUZODQ7TzqeCEo6EzdgvaOC/sv
+HEKemQunVRjmPPXYq3ztwrbkF24vLmr8VJcHnTSnstvzTK7Bj96w5Xk0EGUY2jkn
+7XpY1R56bu/ROCzVk031Zh8JjJNEwahPd4wK05NoaEEzlKwH+AuwJERhBHpzCFZD
+epn8MRZhoTsULQ64B2G58qBnpJQK1IwSAV2kgqjaBse+Mhv16lmM8XUoDX5xDdMC
+AwEAAaNTMFEwHQYDVR0OBBYEFEDRG1UmSY6a2RqLuP0YFGAKJmwvMB8GA1UdIwQY
+MBaAFEDRG1UmSY6a2RqLuP0YFGAKJmwvMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggIBAHLZ0m/cGDjptEKKK1IV7D3egVwEJr3lCalyuAm1Lm3eSI7E
+o/4hio0lJhkB4x7dZKveDZXYfTKGdsEPB/FdAq5zXqc6BD1VFwH9Hd7tISrQNDVv
+3QqNSGhAKilj60Sb4ZINIS+hffCeNwBIKWxM0gvrFksTUGaxkSX0hZ8zRtHhP//X
+I6PnnA8v/JvU7QjxpM3rsnOwyRBWZZRVmKEU2i1RhBett+Acj2DTwmrFryFHvl0v
+UavfO0I3+0MIkzFfLhCal01aPMXESkBWT55yZIEz3KUbuTfaNUjz2fYh1DZ/INUW
+ruBTZwdJoutdnxKf9HVnwO/NPWh3MNYb0210x8yTL0EyLxzBLH7krbre0mdL7D0t
+QXEANF+X0KWIzzOF+pWTBvDFiDx5eA4ZxgSEBJ1m+PMaAyGAwgxNPBDJ4lVf0YyY
+JwId46IPejiuxd0ExTskQ4NLVMJx+dlQQKOYueWbxM5DLG52YtuB7kfmOkq/aiMX
+k7DW/a2jK1KJbzUafsELGYRu+KZDZxYAgTFIJQBL6TSwU6FGQYy5GIL+wwjzaM6y
+SNtogAJl3ioGNSYh9ansoh1JgL7AKryez9YgHOkQwZqt5qT3ogBJH3pxM9w5YpSN
+9TD2v1jzxYDT3Bkxj5WkhsszNJ2qX0ffKZVnAJWrkv4O8W6en+HLCOcMHNxN
+-----END CERTIFICATE-----

src/auracast/server/certs/ca_cert.pem

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFCTCCAvGgAwIBAgIUexHtlpFLx2VNx8NoBktV9sD22gEwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJTXlMb2NhbENBMB4XDTI1MDYyMDEwMjAzOFoXDTMwMDYx
+OTEwMjAzOFowFDESMBAGA1UEAwwJTXlMb2NhbENBMIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEA3gxg11FumiOClaZsN6a7FJg1GMsVHRocOtiFYCAeQoZ8
+7JItixKdcw3rzjRuqJpkiav9E3K3wP66sbDSxBwdYN2WIKGENLLDOLT4S54oXeeg
+gcezWu57N+2X4qWJpa6AApZgxKhqvHMMnmigikAp+5gHxEPtvv+mnLPKmcoyP8Qy
+akwx+Nl2iPGo0m4GmwK3HUSI3hhTOXWhTvjJBHTGy77jjMXWDhupNWCWbAnP9qzX
+yh4hd1O/B1zyE7hqRMZxZn5G5ibaf+AutDNJJbhoLgKWblNq1+cSym/x5+XMul66
+EgxaOVYVgfhwyqnHnCTYhz8ms8VbZmmWsmycEb/q+PDF8SxL1ORJO8UKGShGTRN8
+IpmkIzRPmqoOxnWmELm+BvZa2ATqAo+zSufS0X+VsUoyNuCNQRaMrsR3BhaHdY53
+KiQX6oPyNLj0fOchsFlSD6uQhZrEEy6n49wzykxUZODQ7TzqeCEo6EzdgvaOC/sv
+HEKemQunVRjmPPXYq3ztwrbkF24vLmr8VJcHnTSnstvzTK7Bj96w5Xk0EGUY2jkn
+7XpY1R56bu/ROCzVk031Zh8JjJNEwahPd4wK05NoaEEzlKwH+AuwJERhBHpzCFZD
+epn8MRZhoTsULQ64B2G58qBnpJQK1IwSAV2kgqjaBse+Mhv16lmM8XUoDX5xDdMC
+AwEAAaNTMFEwHQYDVR0OBBYEFEDRG1UmSY6a2RqLuP0YFGAKJmwvMB8GA1UdIwQY
+MBaAFEDRG1UmSY6a2RqLuP0YFGAKJmwvMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggIBAHLZ0m/cGDjptEKKK1IV7D3egVwEJr3lCalyuAm1Lm3eSI7E
+o/4hio0lJhkB4x7dZKveDZXYfTKGdsEPB/FdAq5zXqc6BD1VFwH9Hd7tISrQNDVv
+3QqNSGhAKilj60Sb4ZINIS+hffCeNwBIKWxM0gvrFksTUGaxkSX0hZ8zRtHhP//X
+I6PnnA8v/JvU7QjxpM3rsnOwyRBWZZRVmKEU2i1RhBett+Acj2DTwmrFryFHvl0v
+UavfO0I3+0MIkzFfLhCal01aPMXESkBWT55yZIEz3KUbuTfaNUjz2fYh1DZ/INUW
+ruBTZwdJoutdnxKf9HVnwO/NPWh3MNYb0210x8yTL0EyLxzBLH7krbre0mdL7D0t
+QXEANF+X0KWIzzOF+pWTBvDFiDx5eA4ZxgSEBJ1m+PMaAyGAwgxNPBDJ4lVf0YyY
+JwId46IPejiuxd0ExTskQ4NLVMJx+dlQQKOYueWbxM5DLG52YtuB7kfmOkq/aiMX
+k7DW/a2jK1KJbzUafsELGYRu+KZDZxYAgTFIJQBL6TSwU6FGQYy5GIL+wwjzaM6y
+SNtogAJl3ioGNSYh9ansoh1JgL7AKryez9YgHOkQwZqt5qT3ogBJH3pxM9w5YpSN
+9TD2v1jzxYDT3Bkxj5WkhsszNJ2qX0ffKZVnAJWrkv4O8W6en+HLCOcMHNxN
+-----END CERTIFICATE-----

src/auracast/server/certs/ca_cert.srl

@@ -0,0 +1 @@
+3CD7CEC591EAD645892F49A2ECA1018C8AD98EB4

src/auracast/server/certs/ca_key.pem

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDeDGDXUW6aI4KV
+pmw3prsUmDUYyxUdGhw62IVgIB5Chnzski2LEp1zDevONG6ommSJq/0TcrfA/rqx
+sNLEHB1g3ZYgoYQ0ssM4tPhLnihd56CBx7Na7ns37ZfipYmlroAClmDEqGq8cwye
+aKCKQCn7mAfEQ+2+/6acs8qZyjI/xDJqTDH42XaI8ajSbgabArcdRIjeGFM5daFO
++MkEdMbLvuOMxdYOG6k1YJZsCc/2rNfKHiF3U78HXPITuGpExnFmfkbmJtp/4C60
+M0kluGguApZuU2rX5xLKb/Hn5cy6XroSDFo5VhWB+HDKqcecJNiHPyazxVtmaZay
+bJwRv+r48MXxLEvU5Ek7xQoZKEZNE3wimaQjNE+aqg7GdaYQub4G9lrYBOoCj7NK
+59LRf5WxSjI24I1BFoyuxHcGFod1jncqJBfqg/I0uPR85yGwWVIPq5CFmsQTLqfj
+3DPKTFRk4NDtPOp4ISjoTN2C9o4L+y8cQp6ZC6dVGOY89dirfO3CtuQXbi8uavxU
+lwedNKey2/NMrsGP3rDleTQQZRjaOSfteljVHnpu79E4LNWTTfVmHwmMk0TBqE93
+jArTk2hoQTOUrAf4C7AkRGEEenMIVkN6mfwxFmGhOxQtDrgHYbnyoGeklArUjBIB
+XaSCqNoGx74yG/XqWYzxdSgNfnEN0wIDAQABAoIB/zNNjGfBe8Lx2bU+jvG1BeNA
++65DiYpVtu2ozU4Jhf3F5YjpIMwUDzBWqEE+v5TfpWR1fkXaHwxbzmf9TNsMKKES
+3TSZ4+hcD8hpJBGD/fWOaNMhph94wV40KC9ubqGDzEim1L5PWqW+AixehN8NlVBJ
+oJ4zX4H6mMaSZPE2Z4IuOs0SIxFSb5VtScOgnratItElDgihSk1uGQ/jmrQhBJ37
+mS9CmVhKTizhESJ81gsVX4POocbmuHUqdiw+LTL5GFbFWwR8s0GDBbk0fxDZNSXe
+CuOrkbgqmG821msTO1/5/jMj1uQmEoY3W9gPA0hvJ/boOBJtfWTNTGxxyA81W1bE
+PxK7Uoelv6ukSrATlknzkjxLOB9MwIk6s4wT+ThPHpJbQKqwtPMYAmEXev9JFWON
+VRP4eYaFDgMz1EZnz4EnA+/KAnsonzaUjV/chG81rdHtc7qesI01LVwX/DMJowk1
+FemHqVJjtaJa1zZhvkCsy+1XMQ3I+Okh0FVqs4gMV9QbJwEQi8Be3SbXqSdV/Hgt
+I81beOn/6yDbsNQ31+tirPdNZJcKIqRM7/hgBTEt/wiqN1WF0Qr6hYPvJGl+zLpz
+aXwbo3ciylHLr32QKOuWRVgZFXCaMQbzrEzo/ptcvwdHAY9n9vWw951waBR98AJH
+h1hR+g9OLXGDVejKJekCggEBAPh5r/YLHLUsTf/HZ/Oe7lwUtyt7mDZNfISNyuaI
+PR3vqLQoB0Xbi8aJijjasW8TaRpva26XzVqzeAq4/GQqS5E4KFoUAMVbEW4p3vEI
+5syJWPbQj3Ht/TAqjZbC6k/+1j0i2svVBRBvrDLBjR3+j+IWwBZ3c9OVis8iQM/J
+0CPl6u4L+QEj3dY4NBcPCC2+tpGKOW46G0mVMWRjlyRaONIqMLONPsSLoOacNX75
+lbv/bZzQVr9oTBsJXqxXK2pbDm5S9xQZYYTo6IzA8CzXZ1mdi3OHXc+XLiX0VHiv
+hs+rg5hDbSjfXqfFkk7fCS6gA0CJTmrxguUsr+4wjYN4CHcCggEBAOTF0J2JpWYs
+OVhrbMQ3LmEgZhVOqConYG5f92JiG3uPPrQhkBJmGqyls5UgdOorC5El28RdlZTJ
+7P8JPHU9VUU3Floyg2Kc5vIJz6Ck5GEsIbn79TT4cxeMWoyQd9oY9zA35NEvlDAB
+v5csGZeCo85XozurSgdincDwdNGWsfPIapl6WMxJWHoOz4lwV/eOnfi+xMwVv/b5
+pX+3YMz7lx098H0bPerAQQI2Pj2wqLUNkpTbwmtVmlh/HDEDbkHxnN34x2zrJQxS
+98dQIiKOy+vKdc8qCqgV86oPC3ErdEkxxacCnYJiyKc4MVi8p8M/YVOq5Kp+q/bL
+n1wpSeXimIUCggEAE0Z9W/zosTVKp7j0W3XMz9/bhcgEutGwAyhswQ14kEXzNGaW
+idjKMxCgZGCyuwcqdB6Imv+zsoGRomNPUQXm7tEIcFR06tpxs7YT0Wb7YIqXGC59
+sjzgE0h5y2Q7gREn1X5Kst1Hk0rWdOmG5PjGeKeDJzsFBTjol8D0fioNt3syilzr
+aCc8Ik4h3FgSLlpJF2k9o0tmqoKkXkFLjEpjdgpH1OX0JJMgXENp8vuxne/mtO+E
+izywCrjjW0M33vxJVk2hVTHS2timkaS1/QSIw+7wznmF0YDM16zokKQtNRb9EmbI
+pQ8O7Lzq6Ktsru1C01LTfoBVwymATF3/3F8HaQKCAQEA5Kk4AA6RrJMtakxNdb31
+9IyunEN3YFLlVs1C9io7b//YW7FkUI+Pv9sLqVW8pkYKFLUzeY1Uslg2MyAnNsPs
+E/egttzgZ9OOHoRh7B6ESwASYdQN3jkqyHG4G+FWej8T6zUi11doFafZuR8SIVcp
+pVgBRuXJY6JVLYDqMoceLR24NtmMIfx5m95r3+LTehQpn3QGPjrLGe+jVQmUjq41
+97tuQY3WEGrDT5OqGH0X04fSaElThXcVg7jhE7hrHyyBb3h21E4gRLY1BRn6VHJI
+LtC5eix6ZFE0sFjDRgV6AKLn/StnBej4x/Mpl5lRUZ1rCXa5ghSEi3QxP6vhOg6I
+BQKCAQA28DtqLSQ/egqeOGY5EsZQW7rtO/DOUQ40rRzRuIwK+lA0OnjLbkUqiDBy
+CVjuR11wKEF1gb//RlwWZc1OkNZAfhm5f49XY3FfjiBU+1yxH05r11ilSC5bh1dL
+0D1bt2WivFSB1HaCOnCS1KqljilReBqqPUcN33nK4YlCoXwd6I8NRbq0TG6q4q6T
+KF1W/3b227LVZ7PiZWntYtuxPjeamZMGyAPgTXILMwFfOnSdVPS+mu57vWKTgzrC
+bMwlIdYVtXseolseLCELe5EO9ANIScfp/oj5x12Fz6UCejq1WsKKlPENRRGqK816
+ezBHOM0XW/NyHv3CkV3Ix0V9+aRK
+-----END PRIVATE KEY-----

src/auracast/server/certs/device.csr

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEtzCCAp8CAQAwHjEcMBoGA1UEAwwTYm94MS5hdXJhY2FzdC5sb2NhbDCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALjzcRKkLi4eTP7vsy3DxzYjB1X9
+U/u5Y3m9wEkk5hdvu1TV1kpB0g2oo+NHQlTzmUIke50Cov1JFnoeJUz1BvFezR+h
+QZOeRqvVJu4DeJJ7+II4WfR69g6geEXDiiFH2wN6YREqY5SGdJVGy7RyRFwGZYDh
+YtB7R8LHBde/1d1Pw66IWn7hXqSssQAdiYAxIKgKhNfAHERQlirciKBKl25UJkHd
+7gN0l5QVtrV+ZHDuYrkcWWUS+03N7AKHjUAfU2j5nug+JuWkkXryrgmcMltL7+aO
+g7SzIUeQdsdXvkJVYK5DM/sFtEO0Pen8W50XUp82eUAXYTLSu/oU3rCUcqrCIxDH
+oDlSC+roRH11odMtEjifBr5FAv83xfSQmydWGT96tWaqtCJ7zeAd7eZEYj8TJr30
+R81ZZJohT/zDfxBmaFl5dP6IEvLM65Tepp8resnvnHboQAL7vvEXrp10clY5FpMo
+cq9X1Ej5Sk6Um1M2RdvQtQ0JFFBaKh50fQmFma7hARXJ/9vOkNnT1qKGEH4B9+h3
+VZofPLMYvgAN5kFR+9M0mNryzXbnayAw7IDvIIsd0OsudpSg0SsmOGFwBPWmMyIn
+fqdyNtTXtZh4K2g+L8Sh7UsZzq4+1f/2B2lG816BDSioQ7mevyudaKyYn3cAQN6Z
+wxWd6n+3bqo/1sODAgMBAAGgVDBSBgkqhkiG9w0BCQ4xRTBDMEEGA1UdEQQ6MDiC
+ECouYXVyYWNhc3QubG9jYWyCE2JveDEuYXVyYWNhc3QubG9jYWyCCWxvY2FsaG9z
+dIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAgEABMu4mdk7APnQwBHRKFdsKNQ0kfFR
+EzVsMnhkP4aLHoKuD9lw8JE4cBgaB8BZkce3Sra/9B8WHHlWnlYeOXDguMCp6M8L
+lO0K191+orTIr2sceslp929bp+itLDZG/qTMKl7N4oUZyEU5saEFoK1c3xK9u/7b
+6VicmOo3ntVa9CzJ1yMwnIOPl84FsmC+L/rhDUj9XARwjwRavQ/cGyXO4IBQa+Uq
+loOnw/Autd/XAejzpvSfNL3+12qrARr9h43r0RP8KHz+v/C7r7/JpJyvs24nJ5Rz
+ZCVtYFQF5/tLRxEopRljC916mzXvjRwW/MslkNmJ90sWXqE3CIi0uWXkArDoXeg8
+tGX7vpq92oxHRuJw4yeoyeO+vEEQ8516+e75LJy+zd9zzYyM6/EziqOjC24+m/X0
+PUoLlHhObgIl7gSxKNPPSpJuCbfpCzCMtoZJIYfVFjIT3ASs9OWo0PGwVw1DRnT1
+/fHULLDnHP5NxpvCNujYOpsERH6HH1Dkz8+fQWfu6EhO7fJo3hZIVq9SXvglZKuq
+ItpyhBEQsOKguAUjVVhk2iCRb4fAhK9jx4dV1eJIiFag8Oi+s0avZdjRXRj5PB3B
+tDNHXdrxZVoC2SEKXzjf8+dGCsKsSZm+jCXCWMq4zs6kqronkEMQA43kgvnHyKPq
+uUwb6+qK9NbVYr0=
+-----END CERTIFICATE REQUEST-----

src/auracast/server/certs/device_cert.pem

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFRzCCAy+gAwIBAgIUPNfOxZHq1kWJL0mi7KEBjIrZjrQwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJTXlMb2NhbENBMB4XDTI1MDYyMDExNDMyMVoXDTI3MDky
+MzExNDMyMVowHjEcMBoGA1UEAwwTYm94MS5hdXJhY2FzdC5sb2NhbDCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBALjzcRKkLi4eTP7vsy3DxzYjB1X9U/u5
+Y3m9wEkk5hdvu1TV1kpB0g2oo+NHQlTzmUIke50Cov1JFnoeJUz1BvFezR+hQZOe
+RqvVJu4DeJJ7+II4WfR69g6geEXDiiFH2wN6YREqY5SGdJVGy7RyRFwGZYDhYtB7
+R8LHBde/1d1Pw66IWn7hXqSssQAdiYAxIKgKhNfAHERQlirciKBKl25UJkHd7gN0
+l5QVtrV+ZHDuYrkcWWUS+03N7AKHjUAfU2j5nug+JuWkkXryrgmcMltL7+aOg7Sz
+IUeQdsdXvkJVYK5DM/sFtEO0Pen8W50XUp82eUAXYTLSu/oU3rCUcqrCIxDHoDlS
+C+roRH11odMtEjifBr5FAv83xfSQmydWGT96tWaqtCJ7zeAd7eZEYj8TJr30R81Z
+ZJohT/zDfxBmaFl5dP6IEvLM65Tepp8resnvnHboQAL7vvEXrp10clY5FpMocq9X
+1Ej5Sk6Um1M2RdvQtQ0JFFBaKh50fQmFma7hARXJ/9vOkNnT1qKGEH4B9+h3VZof
+PLMYvgAN5kFR+9M0mNryzXbnayAw7IDvIIsd0OsudpSg0SsmOGFwBPWmMyInfqdy
+NtTXtZh4K2g+L8Sh7UsZzq4+1f/2B2lG816BDSioQ7mevyudaKyYn3cAQN6ZwxWd
+6n+3bqo/1sODAgMBAAGjgYYwgYMwQQYDVR0RBDowOIIQKi5hdXJhY2FzdC5sb2Nh
+bIITYm94MS5hdXJhY2FzdC5sb2NhbIIJbG9jYWxob3N0hwR/AAABMB0GA1UdDgQW
+BBTnr+xOaJFiSoxoVBQUgVvAjpZdiTAfBgNVHSMEGDAWgBRA0RtVJkmOmtkai7j9
+GBRgCiZsLzANBgkqhkiG9w0BAQsFAAOCAgEAbfV4CPxfqNsdvfvYVCtC9yViNajt
+xzrilB31SIBhZ6fp4NcmhwR7PNmLkRhrs6R55usFu95zC74d6iaBP/PN1XSY18Ge
+jSgEunfngoMrKMSoX2VI/JVeLQY2ImaVXxCtVCmc2Q/KQyKjpOh1ckddjCXRwO13
+aQX9STG4sEbjgHkp3cCQWrBX1YdLIGzaSLc47MmJknjbfQ311GguIYocP23yjNAS
+R4mNbeF448Vikkse85aS4CxGQ7BwB2+3xKO6U4tv1yhqjF/hozTV3Cnky2LoFt4E
+g930P50t7Z53TnfXGFNqsikBahipA06cQZ77nYtmvh9biPgrk+mBLSorsiuqTN4E
+586mJUSF59FWD3WxzWXhMPpdjfiKBrL1hslOedFg13O5vfesiuMryVw3MqCdvS1V
+O9DjlrE/jSOTVQc57vKMIcPDbopQ4GyvJ23p0zbAzJNIDkUvhyUFOSlL6PCivNr5
+ztlJVtYvtpEoA/K8ezRSH37QXIQfAD2LMEC8fwQ8EdbkFSAft8eSdoSJqswnWRCF
+QeTOh6xxgckt/HLL3aktNclWqiERvaYz8osEmKJa5JvQ9S6ERcBCQIfpIrqF14yz
+5gL6n8kqt0UkRj0dQfHdYSG6wkrrU2BlP8YR9c/tD44127X6m+9TlOytlnZ+Tx4f
+nZkQB4WWU4IwwEw=
+-----END CERTIFICATE-----

src/auracast/server/certs/device_key.pem

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC483ESpC4uHkz+
+77Mtw8c2IwdV/VP7uWN5vcBJJOYXb7tU1dZKQdINqKPjR0JU85lCJHudAqL9SRZ6
+HiVM9QbxXs0foUGTnkar1SbuA3iSe/iCOFn0evYOoHhFw4ohR9sDemERKmOUhnSV
+Rsu0ckRcBmWA4WLQe0fCxwXXv9XdT8OuiFp+4V6krLEAHYmAMSCoCoTXwBxEUJYq
+3IigSpduVCZB3e4DdJeUFba1fmRw7mK5HFllEvtNzewCh41AH1No+Z7oPiblpJF6
+8q4JnDJbS+/mjoO0syFHkHbHV75CVWCuQzP7BbRDtD3p/FudF1KfNnlAF2Ey0rv6
+FN6wlHKqwiMQx6A5Ugvq6ER9daHTLRI4nwa+RQL/N8X0kJsnVhk/erVmqrQie83g
+He3mRGI/Eya99EfNWWSaIU/8w38QZmhZeXT+iBLyzOuU3qafK3rJ75x26EAC+77x
+F66ddHJWORaTKHKvV9RI+UpOlJtTNkXb0LUNCRRQWioedH0JhZmu4QEVyf/bzpDZ
+09aihhB+Affod1WaHzyzGL4ADeZBUfvTNJja8s1252sgMOyA7yCLHdDrLnaUoNEr
+JjhhcAT1pjMiJ36ncjbU17WYeCtoPi/Eoe1LGc6uPtX/9gdpRvNegQ0oqEO5nr8r
+nWismJ93AEDemcMVnep/t26qP9bDgwIDAQABAoICAANRmv3SpGF/ebI5auWvVavL
+BR6t5QvnT7mnhgPJ/bb98kabb7T1aWeFVyuE49PSazWcofs3SOVyokyerdyrqOw7
+30JqClszw+DheklbFpbKUrNDf5m7ex7YElBuKdRfDbcKQyOjtxW7M+xZ0N30DvX3
+x2qAoN1M2QTNvXUZpCTMgZ5oI/eS47fgwWxXG1iJiSR6y9dzQw6Ww5sRSgJWVFFO
+gUE9UkANn4qwuQ6YrgS4wly//Xqq1IeY4ltJQ2ebKEwB7rAMLXaBdXrXT/gsLVsm
+CbABbquXa0l1diwtjuRx08JMwmoGuC1e1p2UQbCX8ouY1qQnxz66OVVLepOAlm4i
+H2PNbZY327H+dVc5+QAVtTlj3GWeMliNLFliNFmayXcjWOJ11laLFRtd+mAr2SWh
+EIIB9zKTyHMKlsodgKmGCzbnxRumwA4jZXaLdOjD9YDY0Gib33fGuUgq16fQifOb
+PCbP8TckK/JmDmL0YX+XKnVXtJ0mQ48IZ4p3eQrAVvIckuj8+Bj4vi3NE9p/mvp7
+oxrwS6SncVQvCqzqfIgUjlJRXVgLTSx3kgQANizT+T6eKCjgwTCv2pCCXFQsltsi
+56XVsSy2iGTGsajpuL42lUFD2RBLMott7A94U6dQewzR+QlkObQ67EW5hu8F8Ykv
+usiuXUQzS5avRHcLwG9BAoIBAQD2E0aadDiw0t7wMkmM1E1EGCcniz5ADKCNjuTC
+AAjDtJ9OnRn24jSvgh7+OynBmzwFGPgY3CmT5QKDlVSqZGm25Hd30NDPvdcBKoet
+zanUn8wfDAlRa1F40MMioZcMmeSNiM4qj9yzB3gBMZHdmKf+tTIAoV3a28X6A7le
+iCeAIiO2NtcG3qsozgyKJOCYtFP3hb/5y8hBMhp05smYVdegZP8hRPG3IP7hgpPJ
+YBhDaV9/ZLxMA3Fs74rUpGzE8fC6UUbfTKXikaMPavxT2Jlv/sh7/H+ns603oDIT
+qOMccfS6zPm0pZWAf24gl1bWORRT+KvjEjWs2GMqFsOMe2HXAoIBAQDAaQ7Jmqoc
+c9q9AUqyxF4jCDJRprcuxCOPBp0u4bELoSiz7T1Oo7JHJcdrEuvq+u9qwjhB6Ane
+9kUat+QduVbbwz2n84rrxT3f3jwC0RLBdq4Sd7zEF9FAhe5dlEiKSnr9dPFhJTL+
+r4WmE0rqSTSmkyo2Zjgh4FALIIudB44g9iOnFakFEfb+wx5t59YSew56bT5juYEW
+NVgfvDqPXxebTDBxcTW37PRgy+g4DeyOh5X6/O/93Q4T052BSWPsl27E9pfxVg3Q
+teOdGDEsq6NqK8slbwW6oWXu8LZKLdcdzOKV9JESSnM4QxUKmzqTQgDfqaHrYfL5
+0vyVXX4p5E41AoIBAA0LRIjXdFHbO7ob0E5Iyre7WAf+l5QplzEpy/KEsfI91twB
+8+hkYUqUaTQsyq/anLngcvZOZV3Tm+iBt/U4UWpCfhq51PfOJmGHcZ3C8ye0OMvE
+hZHtUGpJFq71Rd6DIdxmzhbvfVF4KeJWUFcgynbz/+yMoT8Cu2HfZKogKYffR2lX
+StqwXv5QvdVs0wMFPBY43s5NARaDo2di/Hi4xC9aazPGRdHhS+GEXHUmROL96PQF
+0P1uiUqu//r5pFJkSNB3knwvwfNaqPwePbXsG2YWaWY5IkMvgRUbxsvH/hH58HEe
+gHYU+PHQz3Om0hGVAQDag7ILuxCof8kxX7hIqg0CggEAHJP+FEeamJtEk+oLND4i
+VUW0Y5hFgPa06VtsITh4WWfYadEE2BdMNXERC4BF9iLLSKoMPQ2/2ZPuc6d4hEmw
+8vcuwzFTIu2q4QNbGnf/NyjvdeK+8Mkw1UqPOur5U0D4v4iNCYbC6j0btq0K5X12
+Cn+1N1s7Xxy4Bs8QrYQfwhmM9hYrgotGilRkwqI6k4gfgGOVbq5w0+Gccyo78GuJ
+UBGi6FaOSgEx0ua2WQ0IY6sTxbGn26bnnl5B+J/z7YIYe7y8mKXVa3h4lC6xrxbX
+ML/MboTs7ulmAHVUPfRNDSoPRYKLwZG5R1P/XhHsQ078XjwNxq5Hrn998JlwUbyN
+OQKCAQA3jaK68cTwVYJyPIVHkRRLifcKp6iFU3nDgQq6blUUQzlwxixidL+pjyBz
+GLXFods2DbbkdwG8d6M6OjvBs5HzFrf1iQ2g19uRN1hb6K0X5e8298fhtTGtEdoS
+NwG6Be7SxkIfcWb4tROeE14WGlMa0LvoF/hvnFLMTr+k+2w3vtid6stU5e29DuL3
+LeMvIsoS6yCBotYRsVO1GID5VAFuXK0h4a0qSbAF/SiQCC+fz754/2AUGo6vnS8m
+4Pw2Zc1hqEwtuKttXKqB4WUmEi+49mnVbwVfHlJ1qgdU45ubKb9IwLasqu3PD/rO
+vknU8wzd8m/mF6bHYmlmM7k/Qpxg
+-----END PRIVATE KEY-----

src/auracast/server/certs/san.cnf

@@ -0,0 +1,16 @@
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+CN = box1.auracast.local
+
+[v3_req]
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = *.auracast.local
+DNS.2 = box1.auracast.local
+DNS.3 = localhost
+IP.1 = 127.0.0.1

src/auracast/server/change_domain_hostname.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+# change_domain_hostname.sh
+# Safely change the system hostname and Avahi mDNS domain name, update /etc/hosts, and restart Avahi.
+# Usage: sudo ./change_domain_hostname.sh <new_hostname> <new_domain>
+
+set -e
+
+if [[ $EUID -ne 0 ]]; then
+  echo "Please run as root (sudo $0 <hostname> <domain>)"
+  exit 1
+fi
+
+if [[ $# -ne 2 ]]; then
+  echo "Usage: sudo $0 <new_hostname> <new_domain>"
+  exit 1
+fi
+
+NEW_HOSTNAME="$1"
+NEW_DOMAIN="$2"
+
+if [[ "$NEW_HOSTNAME" == *.* ]]; then
+  echo "ERROR: Hostname must be a single label (no dots)."
+  exit 1
+fi
+
+# Change hostname
+hostnamectl set-hostname "$NEW_HOSTNAME"
+echo "Set hostname to $NEW_HOSTNAME."
+
+# Update /etc/hosts for 127.0.1.1 mapping
+if grep -q '^127.0.1.1' /etc/hosts; then
+  sed -i "s/^127.0.1.1.*/127.0.1.1   $NEW_HOSTNAME/" /etc/hosts
+else
+  echo "127.0.1.1   $NEW_HOSTNAME" >> /etc/hosts
+fi
+echo "/etc/hosts updated."
+
+# Update Avahi domain name in /etc/avahi/avahi-daemon.conf
+AVAHI_CONF="/etc/avahi/avahi-daemon.conf"
+if grep -q '^\s*domain-name' "$AVAHI_CONF"; then
+  sed -i "/^\[server\]/,/^\s*\[/{s/^\s*domain-name\s*=.*/domain-name=$NEW_DOMAIN/}" "$AVAHI_CONF"
+else
+  sed -i "/^\[server\]/a domain-name=$NEW_DOMAIN" "$AVAHI_CONF"
+fi
+echo "Set Avahi domain name to $NEW_DOMAIN."
+
+# Restart Avahi
+echo "Restarting avahi-daemon..."
+systemctl restart avahi-daemon
+
+echo "Done. Hostname: $NEW_HOSTNAME, Avahi domain: $NEW_DOMAIN"

src/auracast/server/generate_ca_and_device_cert.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+# Script to generate a CA cert/key and a device/server cert signed by this CA
+# Outputs: ca_cert.pem, ca_key.pem, device_cert.pem, device_key.pem
+
+CERT_DIR=certs
+CA_CERT=$CERT_DIR/ca_cert.pem
+CA_KEY=$CERT_DIR/ca_key.pem
+DEVICE_CERT=$CERT_DIR/device_cert.pem
+DEVICE_KEY=$CERT_DIR/device_key.pem
+
+# Generate CA key and cert if not present
+if [ ! -f "$CA_KEY" ] || [ ! -f "$CA_CERT" ]; then
+    echo "Generating CA key and certificate..."
+    openssl req -x509 -newkey rsa:4096 -days 1825 -nodes -subj "/CN=MyLocalCA" -keyout "$CA_KEY" -out "$CA_CERT"
+fi
+
+# Generate device key if not present
+if [ ! -f "$DEVICE_KEY" ]; then
+    openssl genrsa -out "$DEVICE_KEY" 4096
+fi
+
+# Generate CSR for device with SAN (Subject Alternative Name)
+openssl req -new -key "$DEVICE_KEY" -out $CERT_DIR/device.csr -config $CERT_DIR/san.cnf
+
+# Sign device CSR with CA, including SAN extension
+openssl x509 -req -in $CERT_DIR/device.csr -CA "$CA_CERT" -CAkey "$CA_KEY" -CAcreateserial -out "$DEVICE_CERT" -days 825 -extensions v3_req -extfile $CERT_DIR/san.cnf
+
+# PEM version (for most browsers)
+cp "$CA_CERT" "$CERT_DIR/ca_cert.crt"
+# DER version (for Windows)
+openssl x509 -in "$CA_CERT" -outform der -out "$CERT_DIR/ca_cert.der"
+
+echo "CA cert: $CA_CERT"
+echo "CA cert (CRT for browser import): $CERT_DIR/ca_cert.crt"
+echo "CA key: $CA_KEY"
+echo "Device cert: $DEVICE_CERT"
+echo "Device key: $DEVICE_KEY"
+echo "Distribute $CA_CERT or $CERT_DIR/ca_cert.crt to clients to trust this device."

src/auracast/server/start_frontend_http.sh

@@ -0,0 +1,2 @@
+# Start Streamlit HTTP server (port 8500)
+poetry run streamlit run multicast_frontend.py --server.port 8500 --server.enableCORS false --server.enableXsrfProtection false --server.headless true --browser.gatherUsageStats false

src/auracast/server/start_frontend_https.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+# Unified startup script: generates certs if needed, starts HTTPS Streamlit and HTTP->HTTPS redirector
+
+CERT_DIR=certs
+CERT=$CERT_DIR/device_cert.pem
+KEY=$CERT_DIR/device_key.pem
+CA_CERT=$CERT_DIR/ca_cert.pem
+CA_KEY=$CERT_DIR/ca_key.pem
+
+echo "CA cert: $CA_CERT"
+echo "Device cert: $CERT"
+echo "Device key: $KEY"
+
+# Start Streamlit HTTPS server (port 8501)
+poetry run streamlit run multicast_frontend.py --server.port 8502 --server.enableCORS false --server.enableXsrfProtection false --server.headless true --server.sslCertFile "$CERT" --server.sslKeyFile "$KEY" --browser.gatherUsageStats false

src/auracast/server/start_mdns.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# Script to advertise the local device via mDNS for an HTTPS service.
+# This allows other clients on the network to discover this device
+# using its mDNS hostname (e.g., your-hostname.local) on the specified port.
+
+SERVICE_NAME="Auracast HTTPS Service" # You can customize this name
+SERVICE_TYPE="_https._tcp"             # Standard type for HTTPS services
+SERVICE_PORT="8502"                   # Port specified in the request
+
+echo "Starting mDNS advertisement..."
+echo "Command: avahi-publish-service -v \"$SERVICE_NAME\" \"$SERVICE_TYPE\" \"$SERVICE_PORT\""
+
+avahi-publish-service -v "$SERVICE_NAME" "$SERVICE_TYPE" "$SERVICE_PORT"
+EXIT_STATUS=$?
+
+# This part will be reached if avahi-publish-service exits.
+if [ $EXIT_STATUS -eq 0 ]; then
+    echo "mDNS advertisement command finished with status 0."
+    echo "This might indicate an issue connecting to the avahi-daemon or a configuration problem."
+    echo "Please check for any messages above from avahi-publish-service itself."
+else
+    echo "mDNS advertisement command exited with status $EXIT_STATUS."
+    echo "This might be due to an error, or if you pressed Ctrl+C (which typically results in a non-zero status from signal termination)."
+fi