-
- if (os.path.exists(key_file)) and (not os.path.exists(cert_file)):
- # If private key exists and cert doesnt, recreate cert
- key = Keypair(filename=key_file)
- cert = Certificate(subject=subject)
- cert.set_issuer(key=key, subject=subject)
- cert.set_pubkey(key)
- cert.sign()
- cert.save_to_file(cert_file)
-
- elif (not os.path.exists(key_file)) or (not os.path.exists(cert_file)):
- # if no key is specified, then make one up
- key = Keypair(create=True)
- key.save_to_file(key_file)
+
+ # check if the server's private key exists. If it doesnt,
+ # get the right one from the authorities directory. If it cant be
+ # found in the authorities directory, generate a random one
+ if not os.path.exists(server_key_file):
+ hrn = config.SFA_INTERFACE_HRN.lower()
+ key_file = os.sep.join([hierarchy.basedir, hrn, hrn+".pkey"])
+ if not os.path.exists(key_file):
+ # if it doesnt exist then this is probably a fresh interface
+ # with no records. Generate a random keypair for now
+ trace("server's public key not found in %s" % key_file)
+ trace("generating a random server key pair")
+ key = Keypair(create=True)
+ key.save_to_file(server_key_file)
+ cert = Certificate(subject=subject)
+ cert.set_issuer(key=key, subject=subject)
+ cert.set_pubkey(key)
+ cert.sign()
+ cert.save_to_file(server_cert_file)
+
+ else:
+ # the pkey was found in the authorites directory. lets
+ # copy it to where the server key should be and generate
+ # the cert
+ key = Keypair(filename=key_file)
+ key.save_to_file(server_key_file)
+ cert = Certificate(subject=subject)
+ cert.set_issuer(key=key, subject=subject)
+ cert.set_pubkey(key)
+ cert.sign()
+ cert.save_to_file(server_cert_file)
+
+
+ # If private key exists and cert doesnt, recreate cert
+ if (os.path.exists(server_key_file)) and (not os.path.exists(server_cert_file)):
+ key = Keypair(filename=server_key_file)