From c6876b9c0a3b5109b21ff6a7169471511f7c2200 Mon Sep 17 00:00:00 2001
From: Anton Gerasimov <anton@advancedtelematic.com>
Date: Thu, 15 Feb 2018 18:17:36 +0100
Subject: Add provisioning with CA

---
 recipes-sota/aktualizr/aktualizr-implicit-prov.bb | 39 ++++++++++++++++++++---
 1 file changed, 35 insertions(+), 4 deletions(-)

(limited to 'recipes-sota/aktualizr/aktualizr-implicit-prov.bb')

diff --git a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
index cf3d22c..c8d0c7e 100644
--- a/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
+++ b/recipes-sota/aktualizr/aktualizr-implicit-prov.bb
@@ -5,7 +5,7 @@ SECTION = "base"
 LICENSE = "MPL-2.0"
 LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3"
 
-DEPENDS = "aktualizr-native"
+DEPENDS = "aktualizr-native openssl-native"
 RDEPENDS_${PN} = "aktualizr"
 
 SRC_URI = " \
@@ -17,12 +17,43 @@ PR = "1"
 require environment.inc
 require credentials.inc
 
+export SOTA_CACERT_PATH
+export SOTA_CAKEY_PATH
 do_install() {
     install -d ${D}${libdir}/sota
-    if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then
-        aktualizr_implicit_writer -c ${SOTA_PACKED_CREDENTIALS} \
-            -i ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml -o ${D}${libdir}/sota/sota.toml -p ${D}
+
+    if [ -z ${SOTA_CACERT_PATH} ]; then
+        SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem
+        SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem
+        mkdir -p ${DEPLOY_DIR_IMAGE}/CA
+        bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH" 
+
+        if [ ! -f ${SOTA_CACERT_PATH} ]; then
+            bbwarn "${SOTA_CACERT_PATH} doesn't exist, generate a new CA"
+                SOTA_CACERT_DIR_PATH="$(dirname "$SOTA_CACERT_PATH")"
+            openssl genrsa -out ${SOTA_CERTCA_DIR_PATH}/ca.private.pem 4096
+            openssl req -key ${SOTA_CERTCA_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch
+            bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server"
+        fi
+    fi
+
+    if [ -z ${SOTA_CAKEY_PATH} ]; then
+        bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning"
     fi
+
+    if [ -z "${SOTA_PACKED_CREDENTIALS}" ]; then
+        bberror "SOTA_PACKED_CREDENTIALS are required for implicit provisioning"
+    fi
+
+    install -d ${D}${libdir}/sota
+    install -d ${D}${localstatedir}/sota
+    install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov.toml ${D}${libdir}/sota/sota.toml
+    aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \
+                            --device-ca ${SOTA_CACERT_PATH} \
+                            --device-ca-key ${SOTA_CAKEY_PATH} \
+                            -r \
+                            --local ${D}${localstatedir}/sota \
+                            --config ${D}{libdir}/sota/sota.toml
 }
 
 FILES_${PN} = " \
-- 
cgit v1.2.3-54-g00ecf