+ utils.CreateBackup(rapicert_file)
+
+ logging.debug("Generating new RAPI certificate at %s", rapicert_file)
+ utils.GenerateSelfSignedSslCert(rapicert_file)
+
+ # SPICE
+ spice_cert_exists = os.path.exists(spicecert_file)
+ spice_cacert_exists = os.path.exists(spicecacert_file)
+ if spice_cert_pem:
+ # spice_cert_pem implies also spice_cacert_pem
+ logging.debug("Writing SPICE certificate at %s", spicecert_file)
+ utils.WriteFile(spicecert_file, data=spice_cert_pem, backup=True)
+ logging.debug("Writing SPICE CA certificate at %s", spicecacert_file)
+ utils.WriteFile(spicecacert_file, data=spice_cacert_pem, backup=True)
+ elif new_spice_cert or not spice_cert_exists:
+ if spice_cert_exists:
+ utils.CreateBackup(spicecert_file)
+ if spice_cacert_exists:
+ utils.CreateBackup(spicecacert_file)
+
+ logging.debug("Generating new self-signed SPICE certificate at %s",
+ spicecert_file)
+ (_, cert_pem) = utils.GenerateSelfSignedSslCert(spicecert_file)
+
+ # Self-signed certificate -> the public certificate is also the CA public
+ # certificate
+ logging.debug("Writing the public certificate to %s",
+ spicecert_file)
+ utils.io.WriteFile(spicecacert_file, mode=0400, data=cert_pem)
+
+ # Cluster domain secret
+ if cds:
+ logging.debug("Writing cluster domain secret to %s", cds_file)
+ utils.WriteFile(cds_file, data=cds, backup=True)
+
+ elif new_cds or not os.path.exists(cds_file):
+ logging.debug("Generating new cluster domain secret at %s", cds_file)
+ GenerateHmacKey(cds_file)