From 3f3dbe36b4adcdd7c3cef41980058331e79ce620 Mon Sep 17 00:00:00 2001
From: Scott Murray <scott.murray@konsulko.com>
Date: Sat, 5 Aug 2023 13:27:44 -0400
Subject: [PATCH 2/2] kuksa_viss_client: Add external certificates support

Tweak the definition of __certificate_dir__ in the kuksa_certificates
package, and certificate location logic in the client library to allow
picking up alternative certificates from /etc/kuksa-certificates or
/etc/kuksa-val before falling back to the shipped defaults.  The
intent is to allow packagers to more straighhtforwardly use their own
certificates with both the server and clients.

Upstream-Status: pending

Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 kuksa-client/kuksa_client/cli_backend/__init__.py | 2 +-
 kuksa_certificates/__init__.py                    | 7 ++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/kuksa-client/kuksa_client/cli_backend/__init__.py b/kuksa-client/kuksa_client/cli_backend/__init__.py
index f757cd6..f4d1f35 100644
--- a/kuksa-client/kuksa_client/cli_backend/__init__.py
+++ b/kuksa-client/kuksa_client/cli_backend/__init__.py
@@ -30,7 +30,7 @@ class Backend:
             self.insecure = config.getboolean('insecure', False)
         except AttributeError:
             self.insecure = config.get('insecure', False)
-        self.default_cert_path = pathlib.Path(kuksa_certificates.__path__[0])
+        self.default_cert_path = pathlib.Path(kuksa_certificates.__certificate_dir__)
         self.cacertificate = config.get(
             'cacertificate', str(self.default_cert_path / 'CA.pem'))
         self.certificate = config.get('certificate', str(
diff --git a/kuksa_certificates/__init__.py b/kuksa_certificates/__init__.py
index 22ccd3f..8323868 100644
--- a/kuksa_certificates/__init__.py
+++ b/kuksa_certificates/__init__.py
@@ -2,4 +2,9 @@ import os
 
 from kuksa_client._metadata import *
 
-__certificate_dir__= os.path.dirname(os.path.realpath(__file__))
+if os.path.isdir("/etc/kuksa-certificates"):
+    __certificate_dir__= "/etc/kuksa-certificates"
+elif os.path.isdir("/etc/kuksa-val"):
+    __certificate_dir__= "/etc/kuksa-val"
+else:
+    __certificate_dir__= os.path.dirname(os.path.realpath(__file__))
-- 
2.41.0