--- a/CertManagement.py Fri Mar 21 11:10:59 2025 +0100
+++ b/CertManagement.py Fri Mar 21 14:27:18 2025 +0100
@@ -170,7 +170,7 @@
return os.path.join(own_keystore, "client.crt")
def GetClientCertificateInfo():
- file_path = GetClientCert()+ file_path = GetClientCert() if os.path.exists(file_path):
@@ -182,16 +182,20 @@
common_names = cert.subject.get_attributes_for_oid(x509.NameOID.COMMON_NAME)
info += "Common Name: %s\n"%cn.value
- ext = cert.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME)- SAN = ext.value.get_values_for_type(x509.DNSName)- info += "SubjectAltName: %s\n"%SANEntry+ ext = cert.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME) + SAN = ext.value.get_values_for_type(x509.DNSName) + info += "SubjectAltName: %s\n"%SANEntry + except x509.extensions.ExtensionNotFound: + info += "No SubjectAltName\n" info += "Fingerprint: %s\n"%cert.fingerprint(hashes.SHA256()).hex()
info += "Creation date: %s\n"%cert.not_valid_before.isoformat()
info += "Expiration date: %s\n"%cert.not_valid_after.isoformat()
info += "Error while loading certificate: %s\n"%str(e)
return "No client certificate available"
--- a/tests/cli_tests/wamp_test_client_cert.bash Fri Mar 21 11:10:59 2025 +0100
+++ b/tests/cli_tests/wamp_test_client_cert.bash Fri Mar 21 14:27:18 2025 +0100
@@ -1,15 +1,18 @@
rm -f ./CLI_OK ./PLC_OK ./PLC_CONNECTED
-APPDATA=$HOME/.local/share/beremiz-KEYSTORE=$APPDATA/keystore+export BEREMIZ_APPDATA=`pwd`/AppData +mkdir -p $BEREMIZ_APPDATA +KEYSTORE=$BEREMIZ_APPDATA/keystore # Set BEREMIZ_LOCAL_HOST to localhost if not already set
-:${BEREMIZ_LOCAL_HOST:=localhost}+: ${BEREMIZ_LOCAL_HOST:=localhost} URI="WAMPS-CRT://${BEREMIZ_LOCAL_HOST}:8888/ws#Automation#${PLC_wamp_ID}"
@@ -17,10 +20,11 @@
client_cns=(${IDE_wamp_ID} ${PLC_wamp_ID})
# Create base directory for the certificates and keys
-mkdir -p certs/ca certs/server certs/clients+mkdir -p certs/server certs/clients -yes "" | openssl req -nodes -new -x509 -keyout certs/server/server.key \- -addext "subjectAltName = DNS:${BEREMIZ_LOCAL_HOST}" \+openssl req -nodes -new -x509 -keyout certs/server/server.key \ + -subj "/C=FR/L=Paris/O=Beremiz/OU=server/CN=${BEREMIZ_LOCAL_HOST}" \ + -addext "subjectAltName=DNS:${BEREMIZ_LOCAL_HOST}" \ -out certs/server/server.crt
# Declare an associative array to store client certificate SHA1 fingerprints
@@ -30,10 +34,17 @@
for cn in "${client_cns[@]}"; do
# Generate client cert to be signed
- openssl req -nodes -newkey rsa:2048 -keyout certs/clients/${cn}.key -out certs/clients/${cn}.csr -subj "/C=AU/ST=NSW/L=Sydney/O=Beremiz/OU=client/CN=${cn}"+ openssl req -nodes -newkey rsa:2048 -keyout certs/clients/${cn}.key \ + -subj "/C=FR/L=Paris/O=Beremiz/OU=client/CN=${cn}" \ + -addext "subjectAltName=DNS:${cn}" \ + -out certs/clients/${cn}.csr - openssl x509 -req -in certs/clients/${cn}.csr -CA certs/server/server.crt -CAkey certs/server/server.key -out certs/clients/${cn}.crt+ openssl x509 -req -in certs/clients/${cn}.csr \ + -CA certs/server/server.crt \ + -CAkey certs/server/server.key \ + -out certs/clients/${cn}.crt \ + # -extfile <(printf "subjectAltName=DNS:${cn}") # Get the SHA1 fingerprint of the client certificate
fingerprint=$(openssl x509 -in certs/clients/${cn}.crt -noout -fingerprint -sha1 | sed 's/.*=//')
@@ -194,6 +205,7 @@
crossbar start &> crossbar_log.txt &
res=110 # default to ETIMEDOUT
@@ -233,6 +245,7 @@
# Re-use self-signed server cert for client
cp .crossbar/server.crt wampTrustStore.crt
cp certs/clients/${PLC_wamp_ID}.pem wampClientCert.pem
@@ -287,6 +300,7 @@
cp .crossbar/server.crt $IDE_CERT/${BEREMIZ_LOCAL_HOST}.crt
IDE_CLIENT_CERT=$KEYSTORE/own/client.crt
cp certs/clients/${IDE_wamp_ID}.pem $IDE_CLIENT_CERT
--- a/util/paths.py Fri Mar 21 11:10:59 2025 +0100
+++ b/util/paths.py Fri Mar 21 14:27:18 2025 +0100
@@ -65,6 +65,9 @@
Return path of files in Beremiz project
+ if "BEREMIZ_APPDATA" in os.environ: + return os.path.join(os.environ["BEREMIZ_APPDATA"], *names) return os.path.join(os.environ["HOME"], ".local", "share", "beremiz", *names)
