recipes-connectivity/kuksa-val/kuksa-viss-client/0002-kuksa_viss_client-Add-external-certificates-support.patch

   1 From 101550383386f465e689aa846826b58aa72cf793 Mon Sep 17 00:00:00 2001
   2 From: Scott Murray <scott.murray@konsulko.com>
   3 Date: Mon, 24 Apr 2023 15:49:32 -0400
   4 Subject: [PATCH] kuksa_viss_client: Add external certificates support
   5
   6 Tweak the definition of __certificate_dir__ in the kuksa_certificates
   7 package, and certificate location logic in the client library to allow
   8 picking up alternative certificates from /etc/kuksa-certificates or
   9 /etc/kuksa-val before falling back to the shipped defaults.  The
  10 intent is to allow packagers to more straighhtforwardly use their own
  11 certificates with both the server and clients.
  12
  13 Upstream-Status: pending
  14
  15 Signed-off-by: Scott Murray <scott.murray@konsulko.com>
  16 ---
  17  kuksa_certificates/__init__.py     |  7 ++++++-
  18  kuksa_viss_client/KuksaGrpcComm.py | 10 +++++-----
  19  kuksa_viss_client/KuksaWsComm.py   | 10 +++++-----
  20  3 files changed, 16 insertions(+), 11 deletions(-)
  21
  22 diff --git a/kuksa_certificates/__init__.py b/kuksa_certificates/__init__.py
  23 index 5f05b75..ac60bc3 100644
  24 --- a/kuksa_certificates/__init__.py
  25 +++ b/kuksa_certificates/__init__.py
  26 @@ -2,4 +2,9 @@ import os
  27
  28  from kuksa_viss_client._metadata import *
  29
  30 -__certificate_dir__= os.path.dirname(os.path.realpath(__file__))
  31 +if os.path.isdir("/etc/kuksa-certificates"):
  32 +    __certificate_dir__= "/etc/kuksa-certificates"
  33 +elif os.path.isdir("/etc/kuksa-val"):
  34 +    __certificate_dir__= "/etc/kuksa-val"
  35 +else:
  36 +    __certificate_dir__= os.path.dirname(os.path.realpath(__file__))
  37 diff --git a/kuksa_viss_client/KuksaGrpcComm.py b/kuksa_viss_client/KuksaGrpcComm.py
  38 index 1f55754..e425e7e 100644
  39 --- a/kuksa_viss_client/KuksaGrpcComm.py
  40 +++ b/kuksa_viss_client/KuksaGrpcComm.py
  41 @@ -28,22 +28,22 @@ import uuid, time, threading
  42
  43  from . import kuksa_pb2
  44  from . import kuksa_pb2_grpc
  45 +from kuksa_certificates import __certificate_dir__
  46
  47  class KuksaGrpcComm:
  48
  49      # Constructor
  50      def __init__(self, config):
  51 -        scriptDir= os.path.dirname(os.path.realpath(__file__))
  52          self.serverIP = config.get('ip', "127.0.0.1")
  53          self.serverPort = config.get('port', 8090)
  54          try:
  55              self.insecure = config.getboolean('insecure', False)
  56          except AttributeError:
  57              self.insecure = config.get('insecure', False)
  58 -        self.cacertificate = config.get('cacertificate', os.path.join(scriptDir, "../kuksa_certificates/CA.pem"))
  59 -        self.certificate = config.get('certificate', os.path.join(scriptDir, "../kuksa_certificates/Client.pem"))
  60 -        self.keyfile = config.get('key', os.path.join(scriptDir, "../kuksa_certificates/Client.key"))
  61 -        self.tokenfile = config.get('token', os.path.join(scriptDir, "../kuksa_certificates/jwt/all-read-write.json.token"))
  62 +        self.cacertificate = config.get('cacertificate', os.path.join(__certificate_dir__, "CA.pem"))
  63 +        self.certificate = config.get('certificate', os.path.join(__certificate_dir__, "Client.pem"))
  64 +        self.keyfile = config.get('key', os.path.join(__certificate_dir__, "Client.key"))
  65 +        self.tokenfile = config.get('token', os.path.join(__certificate_dir__, "jwt/all-read-write.json.token"))
  66          self.grpcConnected = False
  67
  68          self.subscriptionCallbacks = {}
  69 diff --git a/kuksa_viss_client/KuksaWsComm.py b/kuksa_viss_client/KuksaWsComm.py
  70 index b0d4cc1..b85b573 100644
  71 --- a/kuksa_viss_client/KuksaWsComm.py
  72 +++ b/kuksa_viss_client/KuksaWsComm.py
  73 @@ -20,22 +20,22 @@
  74
  75  import json, queue, time, uuid, os, ssl
  76  import asyncio, websockets
  77 +from kuksa_certificates import __certificate_dir__
  78
  79  class KuksaWsComm:
  80
  81      # Constructor
  82      def __init__(self, config):
  83
  84 -        scriptDir= os.path.dirname(os.path.realpath(__file__))
  85          self.serverIP = config.get('ip', "127.0.0.1")
  86          self.serverPort = config.get('port', 8090)
  87          try:
  88              self.insecure = config.getboolean('insecure', False)
  89          except AttributeError:
  90              self.insecure = config.get('insecure', False)
  91 -        self.cacertificate = config.get('cacertificate', os.path.join(scriptDir, "../kuksa_certificates/CA.pem"))
  92 -        self.certificate = config.get('certificate', os.path.join(scriptDir, "../kuksa_certificates/Client.pem"))
  93 -        self.keyfile = config.get('key', os.path.join(scriptDir, "../kuksa_certificates/Client.key"))
  94 +        self.cacertificate = config.get('cacertificate', os.path.join(__certificate_dir__, "CA.pem"))
  95 +        self.certificate = config.get('certificate', os.path.join(__certificate_dir__, "Client.pem"))
  96 +        self.keyfile = config.get('key', os.path.join(__certificate_dir__, "Client.key"))
  97          self.wsConnected = False
  98
  99          self.subscriptionCallbacks = {}
 100 @@ -254,4 +254,4 @@ class KuksaWsComm:
 101                      await self._msgHandler(ws)
 102              except OSError as e:
 103                  print("Disconnected!! " + str(e))
 104 -                pass
 105 \ No newline at end of file
 106 +                pass
 107 --
 108 2.39.2
 109