def create_all_ssl(root_path: Path): # remove old key and crt config_dir = root_path / "config" old_key_path = config_dir / "trusted.key" old_crt_path = config_dir / "trusted.crt" if old_key_path.exists(): print(f"Old key not needed anymore, deleting {old_key_path}") os.remove(old_key_path) if old_crt_path.exists(): print(f"Old crt not needed anymore, deleting {old_crt_path}") os.remove(old_crt_path) ssl_dir = config_dir / "ssl" ca_dir = ssl_dir / "ca" ensure_ssl_dirs([ssl_dir, ca_dir]) private_ca_key_path = ca_dir / "private_ca.key" private_ca_crt_path = ca_dir / "private_ca.crt" chia_ca_crt, chia_ca_key = get_chia_ca_crt_key() chia_ca_crt_path = ca_dir / "chia_ca.crt" chia_ca_key_path = ca_dir / "chia_ca.key" write_ssl_cert_and_key(chia_ca_crt_path, chia_ca_crt, chia_ca_key_path, chia_ca_key) if not private_ca_key_path.exists() or not private_ca_crt_path.exists(): # Create private CA print( f"Can't find private CA, creating a new one in {root_path} to generate TLS certificates" ) make_ca_cert(private_ca_crt_path, private_ca_key_path) # Create private certs for each node ca_key = private_ca_key_path.read_bytes() ca_crt = private_ca_crt_path.read_bytes() generate_ssl_for_nodes(ssl_dir, ca_crt, ca_key, True) else: # This is entered when user copied over private CA print( f"Found private CA in {root_path}, using it to generate TLS certificates" ) ca_key = private_ca_key_path.read_bytes() ca_crt = private_ca_crt_path.read_bytes() generate_ssl_for_nodes(ssl_dir, ca_crt, ca_key, True) chia_ca_crt, chia_ca_key = get_chia_ca_crt_key() generate_ssl_for_nodes(ssl_dir, chia_ca_crt, chia_ca_key, False, overwrite=False)
def generate_ssl_for_nodes(ssl_dir: Path, ca_crt: bytes, ca_key: bytes, private: bool, overwrite=True): if private: names = private_node_names else: names = public_node_names for node_name in names: node_dir = ssl_dir / node_name ensure_ssl_dirs([node_dir]) if private: prefix = "private" else: prefix = "public" key_path = node_dir / f"{prefix}_{node_name}.key" crt_path = node_dir / f"{prefix}_{node_name}.crt" if key_path.exists() and crt_path.exists() and overwrite is False: continue generate_ca_signed_cert(ca_crt, ca_key, crt_path, key_path)