#!/usr/bin/lua
local keyfile = "/etc/nixio/rsa_main.der"
local certfile = "/etc/nixio/cert_main.der"

local px5g = require "px5g"
local nixio = require "nixio"
local fs = require "nixio.fs"
local os = require "os"
nixio.umask(77)

if not fs.access(certfile) then
	local key = px5g.genkey(2048)
	fs.writefile(keyfile, key:asn1())

	local cert = key:create_selfsigned(
		{CN=nixio.uname().nodename, O="LuCI Keymaster"},
		os.time(), os.time() + 3600 * 24 * 366 * 15)
	fs.writefile(certfile, cert)
end