Auto-provision Engine TLS assets when launching

2025-10-26 13:21:57 -06:00 · 2025-10-26 03:20:57 -06:00
parent 3edb20d21b
commit 021ba436f7
1 changed files with 28 additions and 0 deletions
--- a/Data/Engine/bootstrapper.py
+++ b/Data/Engine/bootstrapper.py
@@ -29,9 +29,37 @@ def _build_runtime_config() -> Dict[str, Any]:
    }


+def _ensure_tls_material(context: EngineContext) -> None:
+    """Ensure TLS certificate material exists, updating the context if created."""
+
+    try:  # Lazy import so Engine still starts if legacy modules are unavailable.
+        from Modules.crypto import certificates  # type: ignore
+    except Exception:
+        return
+
+    try:
+        cert_path, key_path, bundle_path = certificates.ensure_certificate()
+    except Exception as exc:
+        context.logger.error("Failed to auto-provision Engine TLS certificates: %s", exc)
+        return
+
+    cert_path_str = str(cert_path)
+    key_path_str = str(key_path)
+    bundle_path_str = str(bundle_path)
+
+    if not context.tls_cert_path or not Path(context.tls_cert_path).is_file():
+        context.tls_cert_path = cert_path_str
+    if not context.tls_key_path or not Path(context.tls_key_path).is_file():
+        context.tls_key_path = key_path_str
+    if not context.tls_bundle_path or not Path(context.tls_bundle_path).is_file():
+        context.tls_bundle_path = bundle_path_str
+
+
 def _prepare_tls_run_kwargs(context: EngineContext) -> Dict[str, Any]:
    """Validate and return TLS arguments for the Socket.IO runner."""

+    _ensure_tls_material(context)
+
    run_kwargs: Dict[str, Any] = {}

    key_path_value = context.tls_key_path