1 From 101550383386f465e689aa846826b58aa72cf793 Mon Sep 17 00:00:00 2001
2 From: Scott Murray <scott.murray@konsulko.com>
3 Date: Mon, 24 Apr 2023 15:49:32 -0400
4 Subject: [PATCH] kuksa_viss_client: Add external certificates support
6 Tweak the definition of __certificate_dir__ in the kuksa_certificates
7 package, and certificate location logic in the client library to allow
8 picking up alternative certificates from /etc/kuksa-certificates or
9 /etc/kuksa-val before falling back to the shipped defaults. The
10 intent is to allow packagers to more straighhtforwardly use their own
11 certificates with both the server and clients.
13 Upstream-Status: pending
15 Signed-off-by: Scott Murray <scott.murray@konsulko.com>
17 kuksa_certificates/__init__.py | 7 ++++++-
18 kuksa_viss_client/KuksaGrpcComm.py | 10 +++++-----
19 kuksa_viss_client/KuksaWsComm.py | 10 +++++-----
20 3 files changed, 16 insertions(+), 11 deletions(-)
22 diff --git a/kuksa_certificates/__init__.py b/kuksa_certificates/__init__.py
23 index 5f05b75..ac60bc3 100644
24 --- a/kuksa_certificates/__init__.py
25 +++ b/kuksa_certificates/__init__.py
26 @@ -2,4 +2,9 @@ import os
28 from kuksa_viss_client._metadata import *
30 -__certificate_dir__= os.path.dirname(os.path.realpath(__file__))
31 +if os.path.isdir("/etc/kuksa-certificates"):
32 + __certificate_dir__= "/etc/kuksa-certificates"
33 +elif os.path.isdir("/etc/kuksa-val"):
34 + __certificate_dir__= "/etc/kuksa-val"
36 + __certificate_dir__= os.path.dirname(os.path.realpath(__file__))
37 diff --git a/kuksa_viss_client/KuksaGrpcComm.py b/kuksa_viss_client/KuksaGrpcComm.py
38 index 1f55754..e425e7e 100644
39 --- a/kuksa_viss_client/KuksaGrpcComm.py
40 +++ b/kuksa_viss_client/KuksaGrpcComm.py
41 @@ -28,22 +28,22 @@ import uuid, time, threading
43 from . import kuksa_pb2
44 from . import kuksa_pb2_grpc
45 +from kuksa_certificates import __certificate_dir__
50 def __init__(self, config):
51 - scriptDir= os.path.dirname(os.path.realpath(__file__))
52 self.serverIP = config.get('ip', "127.0.0.1")
53 self.serverPort = config.get('port', 8090)
55 self.insecure = config.getboolean('insecure', False)
56 except AttributeError:
57 self.insecure = config.get('insecure', False)
58 - self.cacertificate = config.get('cacertificate', os.path.join(scriptDir, "../kuksa_certificates/CA.pem"))
59 - self.certificate = config.get('certificate', os.path.join(scriptDir, "../kuksa_certificates/Client.pem"))
60 - self.keyfile = config.get('key', os.path.join(scriptDir, "../kuksa_certificates/Client.key"))
61 - self.tokenfile = config.get('token', os.path.join(scriptDir, "../kuksa_certificates/jwt/all-read-write.json.token"))
62 + self.cacertificate = config.get('cacertificate', os.path.join(__certificate_dir__, "CA.pem"))
63 + self.certificate = config.get('certificate', os.path.join(__certificate_dir__, "Client.pem"))
64 + self.keyfile = config.get('key', os.path.join(__certificate_dir__, "Client.key"))
65 + self.tokenfile = config.get('token', os.path.join(__certificate_dir__, "jwt/all-read-write.json.token"))
66 self.grpcConnected = False
68 self.subscriptionCallbacks = {}
69 diff --git a/kuksa_viss_client/KuksaWsComm.py b/kuksa_viss_client/KuksaWsComm.py
70 index b0d4cc1..b85b573 100644
71 --- a/kuksa_viss_client/KuksaWsComm.py
72 +++ b/kuksa_viss_client/KuksaWsComm.py
75 import json, queue, time, uuid, os, ssl
76 import asyncio, websockets
77 +from kuksa_certificates import __certificate_dir__
82 def __init__(self, config):
84 - scriptDir= os.path.dirname(os.path.realpath(__file__))
85 self.serverIP = config.get('ip', "127.0.0.1")
86 self.serverPort = config.get('port', 8090)
88 self.insecure = config.getboolean('insecure', False)
89 except AttributeError:
90 self.insecure = config.get('insecure', False)
91 - self.cacertificate = config.get('cacertificate', os.path.join(scriptDir, "../kuksa_certificates/CA.pem"))
92 - self.certificate = config.get('certificate', os.path.join(scriptDir, "../kuksa_certificates/Client.pem"))
93 - self.keyfile = config.get('key', os.path.join(scriptDir, "../kuksa_certificates/Client.key"))
94 + self.cacertificate = config.get('cacertificate', os.path.join(__certificate_dir__, "CA.pem"))
95 + self.certificate = config.get('certificate', os.path.join(__certificate_dir__, "Client.pem"))
96 + self.keyfile = config.get('key', os.path.join(__certificate_dir__, "Client.key"))
97 self.wsConnected = False
99 self.subscriptionCallbacks = {}
100 @@ -254,4 +254,4 @@ class KuksaWsComm:
101 await self._msgHandler(ws)
103 print("Disconnected!! " + str(e))
105 \ No newline at end of file