diff --git a/acertmgr.py b/acertmgr.py index 4ae5e58..a8f304b 100755 --- a/acertmgr.py +++ b/acertmgr.py @@ -53,11 +53,13 @@ def cert_get(domains, settings): key_file = settings['server_key'] if not os.path.isfile(key_file): - raise FileNotFoundError("The server key file (%s) is missing!" % key_file) + print("Server key not found at '{0}'. Creating RSA key.".format(key_file)) + tools.new_rsa_key(key_file) acc_file = settings['account_key'] if not os.path.isfile(acc_file): - raise FileNotFoundError("The account key file (%s) is missing!" % acc_file) + print("Account key not found at '{0}'. Creating RSA key.".format(acc_file)) + tools.new_rsa_key(acc_file) filename = hashlib.md5(domains).hexdigest() _, csr_file = tempfile.mkstemp(".csr", "%s." % filename) diff --git a/tools.py b/tools.py index 76fe01b..afb80f6 100644 --- a/tools.py +++ b/tools.py @@ -14,6 +14,7 @@ import os from cryptography import x509 from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes, serialization +from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.x509.oid import NameOID @@ -66,6 +67,27 @@ def new_cert_request(names, key): return req +# @brief generate a new rsa key +# @param path path where the new key file should be written +def new_rsa_key(path, key_size=4096): + private_key = rsa.generate_private_key( + public_exponent=65537, + key_size=key_size, + backend=default_backend() + ) + pem = private_key.private_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.TraditionalOpenSSL, + encryption_algorithm=serialization.NoEncryption() + ) + with open(path, 'wb') as pem_out: + pem_out.write(pem) + try: + os.chmod(path, int("0400", 8)) + except OSError: + print('Warning: Could not set file permissions on {0}!'.format(path)) + + # @brief convert certificate to PEM format # @param cert certificate object in pyopenssl format # @return the certificate in PEM format