1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
From 101550383386f465e689aa846826b58aa72cf793 Mon Sep 17 00:00:00 2001
From: Scott Murray <scott.murray@konsulko.com>
Date: Mon, 24 Apr 2023 15:49:32 -0400
Subject: [PATCH] kuksa_viss_client: Add external certificates support
Tweak the definition of __certificate_dir__ in the kuksa_certificates
package, and certificate location logic in the client library to allow
picking up alternative certificates from /etc/kuksa-certificates or
/etc/kuksa-val before falling back to the shipped defaults. The
intent is to allow packagers to more straighhtforwardly use their own
certificates with both the server and clients.
Upstream-Status: pending
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
kuksa_certificates/__init__.py | 7 ++++++-
kuksa_viss_client/KuksaGrpcComm.py | 10 +++++-----
kuksa_viss_client/KuksaWsComm.py | 10 +++++-----
3 files changed, 16 insertions(+), 11 deletions(-)
diff --git a/kuksa_certificates/__init__.py b/kuksa_certificates/__init__.py
index 5f05b75..ac60bc3 100644
--- a/kuksa_certificates/__init__.py
+++ b/kuksa_certificates/__init__.py
@@ -2,4 +2,9 @@ import os
from kuksa_viss_client._metadata import *
-__certificate_dir__= os.path.dirname(os.path.realpath(__file__))
+if os.path.isdir("/etc/kuksa-certificates"):
+ __certificate_dir__= "/etc/kuksa-certificates"
+elif os.path.isdir("/etc/kuksa-val"):
+ __certificate_dir__= "/etc/kuksa-val"
+else:
+ __certificate_dir__= os.path.dirname(os.path.realpath(__file__))
diff --git a/kuksa_viss_client/KuksaGrpcComm.py b/kuksa_viss_client/KuksaGrpcComm.py
index 1f55754..e425e7e 100644
--- a/kuksa_viss_client/KuksaGrpcComm.py
+++ b/kuksa_viss_client/KuksaGrpcComm.py
@@ -28,22 +28,22 @@ import uuid, time, threading
from . import kuksa_pb2
from . import kuksa_pb2_grpc
+from kuksa_certificates import __certificate_dir__
class KuksaGrpcComm:
# Constructor
def __init__(self, config):
- scriptDir= os.path.dirname(os.path.realpath(__file__))
self.serverIP = config.get('ip', "127.0.0.1")
self.serverPort = config.get('port', 8090)
try:
self.insecure = config.getboolean('insecure', False)
except AttributeError:
self.insecure = config.get('insecure', False)
- self.cacertificate = config.get('cacertificate', os.path.join(scriptDir, "../kuksa_certificates/CA.pem"))
- self.certificate = config.get('certificate', os.path.join(scriptDir, "../kuksa_certificates/Client.pem"))
- self.keyfile = config.get('key', os.path.join(scriptDir, "../kuksa_certificates/Client.key"))
- self.tokenfile = config.get('token', os.path.join(scriptDir, "../kuksa_certificates/jwt/all-read-write.json.token"))
+ self.cacertificate = config.get('cacertificate', os.path.join(__certificate_dir__, "CA.pem"))
+ self.certificate = config.get('certificate', os.path.join(__certificate_dir__, "Client.pem"))
+ self.keyfile = config.get('key', os.path.join(__certificate_dir__, "Client.key"))
+ self.tokenfile = config.get('token', os.path.join(__certificate_dir__, "jwt/all-read-write.json.token"))
self.grpcConnected = False
self.subscriptionCallbacks = {}
diff --git a/kuksa_viss_client/KuksaWsComm.py b/kuksa_viss_client/KuksaWsComm.py
index b0d4cc1..b85b573 100644
--- a/kuksa_viss_client/KuksaWsComm.py
+++ b/kuksa_viss_client/KuksaWsComm.py
@@ -20,22 +20,22 @@
import json, queue, time, uuid, os, ssl
import asyncio, websockets
+from kuksa_certificates import __certificate_dir__
class KuksaWsComm:
# Constructor
def __init__(self, config):
- scriptDir= os.path.dirname(os.path.realpath(__file__))
self.serverIP = config.get('ip', "127.0.0.1")
self.serverPort = config.get('port', 8090)
try:
self.insecure = config.getboolean('insecure', False)
except AttributeError:
self.insecure = config.get('insecure', False)
- self.cacertificate = config.get('cacertificate', os.path.join(scriptDir, "../kuksa_certificates/CA.pem"))
- self.certificate = config.get('certificate', os.path.join(scriptDir, "../kuksa_certificates/Client.pem"))
- self.keyfile = config.get('key', os.path.join(scriptDir, "../kuksa_certificates/Client.key"))
+ self.cacertificate = config.get('cacertificate', os.path.join(__certificate_dir__, "CA.pem"))
+ self.certificate = config.get('certificate', os.path.join(__certificate_dir__, "Client.pem"))
+ self.keyfile = config.get('key', os.path.join(__certificate_dir__, "Client.key"))
self.wsConnected = False
self.subscriptionCallbacks = {}
@@ -254,4 +254,4 @@ class KuksaWsComm:
await self._msgHandler(ws)
except OSError as e:
print("Disconnected!! " + str(e))
- pass
\ No newline at end of file
+ pass
--
2.39.2
|
