mirror of
https://github.com/moepman/acertmgr.git
synced 2025-01-04 00:15:23 +01:00
Automatically create RSA keys if they are missing
This commit is contained in:
parent
93377fd3a9
commit
622c4866da
@ -53,11 +53,13 @@ def cert_get(domains, settings):
|
|||||||
|
|
||||||
key_file = settings['server_key']
|
key_file = settings['server_key']
|
||||||
if not os.path.isfile(key_file):
|
if not os.path.isfile(key_file):
|
||||||
raise FileNotFoundError("The server key file (%s) is missing!" % key_file)
|
print("Server key not found at '{0}'. Creating RSA key.".format(key_file))
|
||||||
|
tools.new_rsa_key(key_file)
|
||||||
|
|
||||||
acc_file = settings['account_key']
|
acc_file = settings['account_key']
|
||||||
if not os.path.isfile(acc_file):
|
if not os.path.isfile(acc_file):
|
||||||
raise FileNotFoundError("The account key file (%s) is missing!" % acc_file)
|
print("Account key not found at '{0}'. Creating RSA key.".format(acc_file))
|
||||||
|
tools.new_rsa_key(acc_file)
|
||||||
|
|
||||||
filename = hashlib.md5(domains).hexdigest()
|
filename = hashlib.md5(domains).hexdigest()
|
||||||
_, csr_file = tempfile.mkstemp(".csr", "%s." % filename)
|
_, csr_file = tempfile.mkstemp(".csr", "%s." % filename)
|
||||||
|
22
tools.py
22
tools.py
@ -14,6 +14,7 @@ import os
|
|||||||
from cryptography import x509
|
from cryptography import x509
|
||||||
from cryptography.hazmat.backends import default_backend
|
from cryptography.hazmat.backends import default_backend
|
||||||
from cryptography.hazmat.primitives import hashes, serialization
|
from cryptography.hazmat.primitives import hashes, serialization
|
||||||
|
from cryptography.hazmat.primitives.asymmetric import rsa
|
||||||
from cryptography.x509.oid import NameOID
|
from cryptography.x509.oid import NameOID
|
||||||
|
|
||||||
|
|
||||||
@ -66,6 +67,27 @@ def new_cert_request(names, key):
|
|||||||
return req
|
return req
|
||||||
|
|
||||||
|
|
||||||
|
# @brief generate a new rsa key
|
||||||
|
# @param path path where the new key file should be written
|
||||||
|
def new_rsa_key(path, key_size=4096):
|
||||||
|
private_key = rsa.generate_private_key(
|
||||||
|
public_exponent=65537,
|
||||||
|
key_size=key_size,
|
||||||
|
backend=default_backend()
|
||||||
|
)
|
||||||
|
pem = private_key.private_bytes(
|
||||||
|
encoding=serialization.Encoding.PEM,
|
||||||
|
format=serialization.PrivateFormat.TraditionalOpenSSL,
|
||||||
|
encryption_algorithm=serialization.NoEncryption()
|
||||||
|
)
|
||||||
|
with open(path, 'wb') as pem_out:
|
||||||
|
pem_out.write(pem)
|
||||||
|
try:
|
||||||
|
os.chmod(path, int("0400", 8))
|
||||||
|
except OSError:
|
||||||
|
print('Warning: Could not set file permissions on {0}!'.format(path))
|
||||||
|
|
||||||
|
|
||||||
# @brief convert certificate to PEM format
|
# @brief convert certificate to PEM format
|
||||||
# @param cert certificate object in pyopenssl format
|
# @param cert certificate object in pyopenssl format
|
||||||
# @return the certificate in PEM format
|
# @return the certificate in PEM format
|
||||||
|
Loading…
Reference in New Issue
Block a user