From fdb58afacf2dff95cca48a772d653e45a1b577f3 Mon Sep 17 00:00:00 2001
From: Scott Murray <scott.murray@konsulko.com>
Date: Mon, 24 Apr 2023 18:01:29 -0400
Subject: kuksa-val: Rework to support updated SSL certificates

Changes:
- Tweak the kuksa-val recipe to remove installing a newer server
  certificate (since it will be done elsewhere), and to split the
  certificates up into finer grained packages to ease installing
  them piecemeal and replacing them with other packages.
- Remove the unused genCerts.sh certificate script patch form the
  kuksa-val recipe, an updated patch will be added in the near
  future.
- Added a patch in the kuksa-viss-client recipe that enables the
  library to use certificates installed in /etc/kuksa-certificates or
  /etc/kuksa-val instead of the default ones that are shipped.
- Add kuksa-certificates-agl recipe that installs AGL specific CA,
  server, and client certificates plus the required server and client
  keys to act as a replacement for the default ones shipped with
  KUKSA.val.  The kuksa-certificates-agl name is used to avoid needing
  a rename with a future switch to kuksa-databroker.  Note that the
  RPROVIDES variable is used for the various certificate packages to
  make them installable alternatives to the kuksa-val-certificates-*
  ones.  The certificates installed are valid for 1 year and have
  AGL as the providing organization, longer validity ones will be
  added in follow up commits for Octopus and Pike.
- Update the existing users of kuksa-val-*-certificates with the new
  kuksa-val-certificates-* package names.
- Add PREFERRED_RPROVIDER definitions for the kuksa-val-certificates-*
  packages to quiet the BitBake warnings coming from having multiple
  providers.

Bug-AGL: SPEC-4763

Change-Id: Ic6f1ca8b54f637674cd5ae42df0bed6ca4e729aa
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 .../kuksa-val/kuksa-certificates-agl/CA.pem        | 23 +++++++++++++++++
 .../kuksa-val/kuksa-certificates-agl/Client.key    | 28 +++++++++++++++++++++
 .../kuksa-val/kuksa-certificates-agl/Client.pem    | 29 ++++++++++++++++++++++
 .../kuksa-val/kuksa-certificates-agl/Server.key    | 28 +++++++++++++++++++++
 .../kuksa-val/kuksa-certificates-agl/Server.pem    | 29 ++++++++++++++++++++++
 5 files changed, 137 insertions(+)
 create mode 100644 recipes-connectivity/kuksa-val/kuksa-certificates-agl/CA.pem
 create mode 100644 recipes-connectivity/kuksa-val/kuksa-certificates-agl/Client.key
 create mode 100644 recipes-connectivity/kuksa-val/kuksa-certificates-agl/Client.pem
 create mode 100644 recipes-connectivity/kuksa-val/kuksa-certificates-agl/Server.key
 create mode 100644 recipes-connectivity/kuksa-val/kuksa-certificates-agl/Server.pem

(limited to 'recipes-connectivity/kuksa-val/kuksa-certificates-agl')

diff --git a/recipes-connectivity/kuksa-val/kuksa-certificates-agl/CA.pem b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/CA.pem
new file mode 100644
index 00000000..55e34409
--- /dev/null
+++ b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/CA.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2TCCAsECFF8Fc0+krnLo4rK6tD8ZS5JVGX3kMA0GCSqGSIb3DQEBCwUAMIGo
+MQswCQYDVQQGEwJDQTETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2Fu
+IEZyYW5jaXNjbzEZMBcGA1UECgwQTGludXggRm91bmRhdGlvbjEVMBMGA1UEAwwM
+bG9jYWxob3N0LWNhMTowOAYJKoZIhvcNAQkBFithZ2wtZGV2LWNvbW11bml0eUBs
+aXN0cy5hdXRvbW90aXZlbGludXgub3JnMB4XDTIzMDQyNDIwMzAyMloXDTMzMDQy
+MTIwMzAyMlowgagxCzAJBgNVBAYTAkNBMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw
+FAYDVQQHDA1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKDBBMaW51eCBGb3VuZGF0aW9u
+MRUwEwYDVQQDDAxsb2NhbGhvc3QtY2ExOjA4BgkqhkiG9w0BCQEWK2FnbC1kZXYt
+Y29tbXVuaXR5QGxpc3RzLmF1dG9tb3RpdmVsaW51eC5vcmcwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDmBHNxOpBfmYo8bc0omNuKDnnZuhB4JTbgmblN
+XCiPECdgVgSAD99YAaY/+LFKsUfwv0hMU45HcRPTN8CmijGFPMP9dmP6xZ6aCwPw
+gwCE8lTwiFp/L0BNySVhXwakCqhqssCNvmBXpJf+J+7MYXYInieBotetlAEPMV6B
+fcfJZxC00YVKlQX6vKQsxQB8LlSj57UwyjS0zYIhm3G5rAYLaEokgttbBDB5XKL2
+6D0yvqsdUoJygAeouq6PME8SiAY91ZwIwfL3BJyNoNnxxyJ7iRj28dmoetvtNQCl
+DrU82GG/hUeFF5KnLj65yHOrLiRlquHKgIG+XOvfp7WfXbstAgMBAAEwDQYJKoZI
+hvcNAQELBQADggEBAN+rVHBSJDYk6soCcd6a+zonWOiHJxw5JRbdWE56F1wvS5fv
+CFLlJ01JeaXdVdISh4/zk1sFnsGQ1NRv8C/LffciNpDpKugJgKcA1BYWECj0J9h9
+yR6Nw/Ifx3ovTJi9Rm6uYoH2shNbfX0H1HUZjLzMDZJUVdwI2bkekbYmJXI6XIAP
+3p4PFs0rH37z+ioIw10ubKdFjGMIW6vYcfWV6L/ybrh+dZ5GDkNncSaspMzf79PC
+7sAs9/RQkp92bmvygKkXO7zNBGjPF8osoY1rv9D201Ux1gJtfn3qde0LgdvOMoq8
+scN3iO1TU2pFNhxgcCkFkLmUHSceWK4l/Bxj1kM=
+-----END CERTIFICATE-----
diff --git a/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Client.key b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Client.key
new file mode 100644
index 00000000..769502a6
--- /dev/null
+++ b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Client.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC3wZbCVTustZcM
+NNTEP2clEm6WVQSJcYOU/A5gJoXaKOR4L0jLsH6n9REcEXfEQn1ZIgVgsasu984P
+DQYe7FSOp9PcIb9HuxrCPJQJ4xXWM7b6LDgatE2TBBHyMecDToWr8JIsywZ/0q2Q
+ucbLuUCOH6A58+EBDAbMpicJFB2l5RK1mZwCGXaWc4L/mMvNjRX6oO4QcoXDSnaS
+XK6nymKBlZRhGo0YN3FIpxLLkkK1qjCDC/asUAHoU7w3AZNpN8VzXtIeqEXF+wlu
+Rljpt9XnVcNMaGIbdOzLJdyAt975O/yqlhJqPG2T4Nn3Gt7+F7gAuZl28mTO6lTC
+A7rViRw5AgMBAAECggEAERwGO6i4PlXnnyg1peKx6cigMaDvo9UFD4yTEZaQqL4d
+PMgJTwbrWhvmSI7jUAuxVGjnp4fPdLd30RyxNNSkMGa1wiXFw8nq/Uoq7gs9+6Rz
+zXIr1Ke0X+OVgK+vDvajGV30XFWYkLMG/GZh2VLxzPHqpy67JO/v26L+WDjuZEVq
+OxIWJVfVqNFGPoL7EdyneUF3PHtKsCnaoz2Q0X0HbgKodItrYbxeXjgu0NQNXRw3
+fN675z0lR1dMeqR4YqO66Hsdchn64DzSP3MUj8RAXaJsoj4PtFcFCzbqTendaHQi
+1xymao72MFrBUTmzC0hkhi8H4h9ztdGe3fEL5aiTEQKBgQDSuNh+GGxbZrMSFRr2
+BHGGpNRSmCTc9apn8mBkz8BerLnolYxraipsYSlToUZkTQzj7lAx8RtlbAGu3DAY
+I8k2DURK/Bw7heN8Rd90X8/xn/9hj/A8U6rKGLxKyY3soy0MWdFbyiihVttuMLf7
+bw+SdGoGFkfWv/B5knJMBHlpaQKBgQDfPW/smxAmo3GsKCL+awOqEA+TEN44jkEJ
+n5VrEBbFoT4CaIP/c1aSzMv17GKWqwsC9gXRr242IeDBmJh6Llu8tutJfgRt4O9r
+SmwVekKWchXfp7nfsThdmVpILK0tNWFz0OW1OhR4Gtpm4g7+TeMoZyTOtTZ+q+gj
+n/Z2JP5yUQKBgQCWYv1+4IdUo/Lg0NcxBPLQmQo+9/43A8zd6okI6YvtBXCYoUJZ
+1qb4Ok94M/080BCHCymIuv5GX9LDrLlWQRP003sN2Od9Q4yawHM9ZrPNSdbFFijp
+pPyaxxR6e2YioEIiMmfMDnb4zjhEZ9imRRjj+NlCBty2Ur2Yxf90aS0NIQKBgGiw
+mSJufZ6BG7fOgsqpSOih64veZzhCjgGDU0EIJIW93iSm+u/7GOhzHltP5dQelmVn
+FseE67x7GrnvY+I4h1Dyv1iRvmYBDIZWOmXAFiYTjmp6b9KVe4d5eTtLqFMBK5hy
+qKbae+rvPOjurnVX9WVnKX2+wbWZzJ2YUK6LHsBhAoGBAIyJNNkybkZfXJ/nv03h
+Z33paK80nptjTI/aXVg6tsRQK0Sz0jucQVI9/zhsMpUnDkwRNvfLoU6hwN+lSbmd
+27/pjztXGcT9UdWoeA6YMxSfZAzzoq3Q4XJ2g7QwNjH89JwV3uoLxvy5LTzMgFDY
+TaY6xdM2TvEPN13mqTbs9Olg
+-----END PRIVATE KEY-----
diff --git a/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Client.pem b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Client.pem
new file mode 100644
index 00000000..f0134f15
--- /dev/null
+++ b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Client.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE6jCCA9KgAwIBAgIUZsoE7a5zcY96l9fWgANt2eueQ+UwDQYJKoZIhvcNAQEL
+BQAwgagxCzAJBgNVBAYTAkNBMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQH
+DA1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKDBBMaW51eCBGb3VuZGF0aW9uMRUwEwYD
+VQQDDAxsb2NhbGhvc3QtY2ExOjA4BgkqhkiG9w0BCQEWK2FnbC1kZXYtY29tbXVu
+aXR5QGxpc3RzLmF1dG9tb3RpdmVsaW51eC5vcmcwHhcNMjMwNDI0MjAzMDIzWhcN
+MjQwNDIzMjAzMDIzWjCBojELMAkGA1UEBhMCQ0ExEzARBgNVBAgMCkNhbGlmb3Ju
+aWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xGTAXBgNVBAoMEExpbnV4IEZvdW5k
+YXRpb24xDzANBgNVBAMMBkNsaWVudDE6MDgGCSqGSIb3DQEJARYrYWdsLWRldi1j
+b21tdW5pdHlAbGlzdHMuYXV0b21vdGl2ZWxpbnV4Lm9yZzCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALfBlsJVO6y1lww01MQ/ZyUSbpZVBIlxg5T8DmAm
+hdoo5HgvSMuwfqf1ERwRd8RCfVkiBWCxqy73zg8NBh7sVI6n09whv0e7GsI8lAnj
+FdYztvosOBq0TZMEEfIx5wNOhavwkizLBn/SrZC5xsu5QI4foDnz4QEMBsymJwkU
+HaXlErWZnAIZdpZzgv+Yy82NFfqg7hByhcNKdpJcrqfKYoGVlGEajRg3cUinEsuS
+QrWqMIML9qxQAehTvDcBk2k3xXNe0h6oRcX7CW5GWOm31edVw0xoYht07Msl3IC3
+3vk7/KqWEmo8bZPg2fca3v4XuAC5mXbyZM7qVMIDutWJHDkCAwEAAaOCAQ4wggEK
+MBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAdBgNVHQ4EFgQUDzUw+UO3LXFmQE7IcO/c
+JDjSXoowgdIGA1UdIwSByjCBx6GBrqSBqzCBqDELMAkGA1UEBhMCQ0ExEzARBgNV
+BAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xGTAXBgNVBAoM
+EExpbnV4IEZvdW5kYXRpb24xFTATBgNVBAMMDGxvY2FsaG9zdC1jYTE6MDgGCSqG
+SIb3DQEJARYrYWdsLWRldi1jb21tdW5pdHlAbGlzdHMuYXV0b21vdGl2ZWxpbnV4
+Lm9yZ4IUXwVzT6Sucujisrq0PxlLklUZfeQwDQYJKoZIhvcNAQELBQADggEBAJIm
+HInhtZUtYxt/Q3p1HtiH3GEIkc4DZMmEef4wq4/A210y9nwxrOaDXlVlz6WWRsAl
+ZpEqbLvXOM/uvh1oyyfi5xMm2cm4VytLb+NtflmFvnQj3hD1O0XSf0Vwx844aQgb
+5LYq2GLXXkW5afGTtGGOg8vmNg6kkjheySqRbyebkF46BGOmB/+XRD7pzfil4eTd
+Qnweso2UkGnboKpwBYLubEmhJmmX4sHeJnzzjJXkeco5uGnXfSVzYzDgco4/6JSv
+p1IjGNww5D1lPZfqTnSgRqoQyUXoMdSD5Q6y3FFjK38UvR7vjPcg2VmLIluMYIzH
+XJOwagvtjGTA7sfbNTU=
+-----END CERTIFICATE-----
diff --git a/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Server.key b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Server.key
new file mode 100644
index 00000000..602a8e0d
--- /dev/null
+++ b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Server.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCnttOu8pXFbell
+1xm2OKOCQUjTYdwACMXgkQm0pkCPdcZGdCJD6gaJfgVIhbbpu2eBbsXXedFfC+v/
+/iEsqW8tOonERtPxAjz1FjFZ1YumkxKUKs6VLsQPIZkd96GT6kRXLa8EzgwXV9L6
+nlb3n6HXXctLwzJhm6H1onWli3ZHrpl2ez5t/cIiZOKglh/jD+eJmEPglNZYBbBx
+61FZZ9LsGSyLD8fIgIOlB6RDjXFGv9aKR98e/8O9QhnIVWHJ4x8B4VR6srmEWApV
+qoccLS+HxVNqmjEVDfyavYudhCAk0PYuo0/vIcyANZkH6DxXlYrDlKxjSOZQkA55
+hB95LXdTAgMBAAECggEADFHDruAm3D+8mzx3qQj0Ccdd4BkaHe6HCn3c5qYnq+IM
+1HQHaFGydTsKjE82Jmkbq0hFxBQwqvinN0ClkzBG+F2KbR5+xv9RFvewXFbxUSUQ
+gk26qv6qbCodozPjbIgSyQyUBJhWDwjmeH5VCQ9yxe0f18rY0o6qEO8EEUrzP0SX
+efugez1n3pUJi7s04ktmfDTeJNKkTKVNaMJ/LZdz53hgeNzRu9nFDJhKwElTC/A6
++q4zRABvzZDh8omcOWn4Of0KEaZO4N8b7Bg3ti0SogtV3O1uU5YtslJ56Yo4dpPl
+KDfu07DXjoFVD3BQ+E5PClR13kPxo+4QVy/hEYWM0QKBgQDg8tSUJndBWlb6tTiP
+vT20tm6gXOY5Epb/URDs5cTjYNB4m3pj2FN8PA3kJ1NaYqQPD4PoHm6FHHcJXl3X
+/bm5SUA+y+rpgOHet+vddatbV9X7Ucf1MMBdzmushEhGSXJppPdjCc7GqnbSfTDY
+6qxDq/ecD98IEd3M8MyQnWu4xQKBgQC+3Xasd3+H6HHfy6GZNu3qhft2Hdtv5Rg4
+n4dU0AbUzK2jYnx4pF7Bg7TChpRQrosV7BQpFdq/UbvhiqRTtsYUXFnSpDsuZTQv
+6a0EkHMbz+WQc6/rpRnBqAsGjlM/z3A33zsGjDcXT+bJ534KXzrIEZPoFaFkJ4a9
+55NG4xABNwKBgQCx3O9e0Odcgjzh8OZvKPegatsf6zSSDfPcntGeLrM2Ajf0FSN5
+zPN9+NIXA00x22rTCbaHk4BZub8ZZkcXYGQ4cAXfYUc2KBTwEEbsDX1XNSVZmTlc
+0pZX1b5nYxTulmZjx+9fnMKlbOWU2y4DZdKdk1yuRhJYhB/3SrLE6ePh7QKBgDiZ
+3naY3XYFZbezYJHaK0XwQ7ksc4XET6GDFZP+OPhkVl3sd/Mi84K5tyI03Mjsagyv
+PO9OLterumbRQZgdzLH/DRgdYfuJQaevyYJf//LQfUiQNixQgsneNp7UGDYFI0c+
+aPexHylHpa5cexFCWmE4bT9XIsxbuGaaxR8xeO6TAoGAU/LkR6Ncvx8djtT5RpuK
+BtmLXDvhaTswXq6WVqf3ihl0PfPyoyFqt0vD5gKd7ShG7jU+vHSW7UAlEVoiawTb
+L+p9g/Y+0CS8+7xtbiWQZhwvdlBTYO4Ddgs/YsCEWZG3rB2p20Hj7KwrHiNFGMry
+Ju6j+QZ4Go0nO/hFmWiRgdk=
+-----END PRIVATE KEY-----
diff --git a/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Server.pem b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Server.pem
new file mode 100644
index 00000000..d7e9571a
--- /dev/null
+++ b/recipes-connectivity/kuksa-val/kuksa-certificates-agl/Server.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE6jCCA9KgAwIBAgIUZsoE7a5zcY96l9fWgANt2eueQ+QwDQYJKoZIhvcNAQEL
+BQAwgagxCzAJBgNVBAYTAkNBMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQH
+DA1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKDBBMaW51eCBGb3VuZGF0aW9uMRUwEwYD
+VQQDDAxsb2NhbGhvc3QtY2ExOjA4BgkqhkiG9w0BCQEWK2FnbC1kZXYtY29tbXVu
+aXR5QGxpc3RzLmF1dG9tb3RpdmVsaW51eC5vcmcwHhcNMjMwNDI0MjAzMDIzWhcN
+MjQwNDIzMjAzMDIzWjCBojELMAkGA1UEBhMCQ0ExEzARBgNVBAgMCkNhbGlmb3Ju
+aWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xGTAXBgNVBAoMEExpbnV4IEZvdW5k
+YXRpb24xDzANBgNVBAMMBlNlcnZlcjE6MDgGCSqGSIb3DQEJARYrYWdsLWRldi1j
+b21tdW5pdHlAbGlzdHMuYXV0b21vdGl2ZWxpbnV4Lm9yZzCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAKe2067ylcVt6WXXGbY4o4JBSNNh3AAIxeCRCbSm
+QI91xkZ0IkPqBol+BUiFtum7Z4Fuxdd50V8L6//+ISypby06icRG0/ECPPUWMVnV
+i6aTEpQqzpUuxA8hmR33oZPqRFctrwTODBdX0vqeVvefodddy0vDMmGbofWidaWL
+dkeumXZ7Pm39wiJk4qCWH+MP54mYQ+CU1lgFsHHrUVln0uwZLIsPx8iAg6UHpEON
+cUa/1opH3x7/w71CGchVYcnjHwHhVHqyuYRYClWqhxwtL4fFU2qaMRUN/Jq9i52E
+ICTQ9i6jT+8hzIA1mQfoPFeVisOUrGNI5lCQDnmEH3ktd1MCAwEAAaOCAQ4wggEK
+MBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAdBgNVHQ4EFgQUA1ZxK520N3pMPVYrUk1o
+2K5tEzEwgdIGA1UdIwSByjCBx6GBrqSBqzCBqDELMAkGA1UEBhMCQ0ExEzARBgNV
+BAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xGTAXBgNVBAoM
+EExpbnV4IEZvdW5kYXRpb24xFTATBgNVBAMMDGxvY2FsaG9zdC1jYTE6MDgGCSqG
+SIb3DQEJARYrYWdsLWRldi1jb21tdW5pdHlAbGlzdHMuYXV0b21vdGl2ZWxpbnV4
+Lm9yZ4IUXwVzT6Sucujisrq0PxlLklUZfeQwDQYJKoZIhvcNAQELBQADggEBAARb
+sfPoqFk2ApNUz8PMhnk1W9XG9Z9as8Nasd39Khxq/ecyAH0eMllsK5u5z6ms9Kcu
+FETd8l+t4ITpV3ST57p83/UtWiabNg39J4ChB8YfvzNAG6qew5BfnQG/4mb0xHJE
+3Mnk7+4PnlDSkSXnmq0wnnavhrt4DIHuKyU3fFsYDr6rSIscVlmYPtjSlpqu+ZTP
+FKrDamXPDsCiIK8dY2oN8oAjcylkPc/vD1PefBFSeCDb0isxujjgwRzCeSSAXKOi
+wnYdgfH/gpkIgaZyCrm46ifkm7ckX1i5qVwUoA4ilv5AU9o1TCzijFd6505OzlO+
+8RPI4uaCYgGPCWBjMsw=
+-----END CERTIFICATE-----
-- 
cgit 1.2.3-korg