[RSDK-9049] cache TLS certificates for isolated network connection #330
Conversation
| impl From<CertificateResponse> for TlsCertificate { | ||
| fn from(resp: CertificateResponse) -> Self { | ||
| Self { | ||
| certificate: resp.tls_certificate.into_bytes(), | ||
| private_key: resp.tls_private_key.into_bytes(), | ||
| } | ||
| } | ||
| } |
micro-rdk/src/common/conn/viam.rs
Outdated
| match certs { | ||
| None => { | ||
| log::error!("no TLS certificates found in storage or after contacting app"); |
There was a problem hiding this comment.
Maybe this log is a warning? I think it should also state that it is disabling the requested HTTP2 server.
micro-rdk/src/common/conn/viam.rs
Outdated
| if let Some(app) = app_client.as_ref() { | ||
| certs = app.get_certificates().await.ok(); | ||
| if let Ok(cert_resp) = app.get_certificates().await { |
There was a problem hiding this comment.
Can we change the logic so that we only load certs from the nvs if the app client is absent? If storing the cert failed but the response passed then we should be able to continue regardless.
| let _ = std::mem::replace(&mut self.http2_server, HTTP2Server::Empty); | ||
| } | ||
| Some(certs) => { | ||
| if let HTTP2Server::HTTP2Connector(s) = &mut self.http2_server { | ||
| s.set_server_certificates( | ||
| certs.tls_certificate.into_bytes(), | ||
| certs.tls_private_key.into_bytes(), | ||
| certs.certificate.clone(), |
There was a problem hiding this comment.
I wanted to avoid changing the trait, but if we feel it's worth it I can
micro-rdk/src/common/conn/viam.rs
Outdated
| match certs { | ||
| None => { | ||
| log::error!("no TLS certificates found in storage or after contacting app"); |
There was a problem hiding this comment.
is that true all the time or only if the app was indeed contacted?
There was a problem hiding this comment.
it wasn't before, but after the change you requested above it will be I believe
| @@ -75,6 +78,29 @@ impl WifiCredentials { | |||
| } | |||
| } | |||
|
|
|||
| #[derive(Clone, Debug, Default)] | |||
| pub struct TlsCertificate { | |||
There was a problem hiding this comment.
can we fold this trait into the RobotStorage trait?
micro-rdk/src/esp32/nvs_storage.rs
Outdated
| fn store_tls_certificate(&self, creds: TlsCertificate) -> Result<(), Self::Error> { | ||
| self.set_blob( | ||
| NVS_TLS_CERTIFICATE_KEY, | ||
| Bytes::from(creds.certificate.clone()), |
There was a problem hiding this comment.
if we are going to clone we should take a ref instead
No description provided.