rewritten

2025-03-26 09:36:58 +01:00
parent b87e30f6b4
commit fc7f4f4b7a
2 changed files with 23 additions and 26 deletions
--- a/generate_vapid_keys.py
+++ b/generate_vapid_keys.py
@@ -3,6 +3,7 @@ import os
 import base64
 from cryptography.hazmat.primitives.asymmetric import ec
 from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.backends import default_backend

 def generate_vapid_keys():
    """
@@ -29,17 +30,17 @@ def generate_vapid_keys():

    if need_new_keys:
        # Generate EC private key
-        private_key = ec.generate_private_key(ec.SECP256R1())
+        private_key = ec.generate_private_key(ec.SECP256R1(), backend=default_backend())

-        # Serialize private key to PEM format
+        # Serialize private key to PEM format, but keep it clean
        private_pem = private_key.private_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PrivateFormat.PKCS8,
            encryption_algorithm=serialization.NoEncryption()
        ).decode('utf-8')

-        # Format for .env file (replace newlines with \n)
-        env_private_key = private_pem.strip().replace('\n', '\\n')
+        # Clean up PEM formatting for .env file
+        private_pem_clean = private_pem.replace('-----BEGIN PRIVATE KEY-----\n', '').replace('\n-----END PRIVATE KEY-----\n', '').replace('\n', '')
        
        # Get public key
        public_key = private_key.public_key()
@@ -49,15 +50,12 @@ def generate_vapid_keys():
        )

        # Store keys
-        env_vars['VAPID_PRIVATE_KEY'] = env_private_key  # Single-line format
+        env_vars['VAPID_PRIVATE_KEY'] = private_pem_clean
        env_vars['VAPID_PUBLIC_KEY'] = base64.urlsafe_b64encode(public_key_bytes).decode('utf-8')
        
        print("New VAPID keys generated in .env-compatible format.")
    else:
        print("Existing VAPID keys found - no changes made.")
-        # Verify existing key format
-        if '-----BEGIN PRIVATE KEY-----' not in env_vars['VAPID_PRIVATE_KEY']:
-            print("Warning: Existing private key doesn't appear to be in PEM format!")

    # Ensure we have all required configuration variables with defaults if missing
    defaults = {