scripts/utils/wifi_ent_cert_installer.py - third_party/github/zephyrproject-rtos/zephyr - Git at Google

 #!/usr/bin/env python3
 # Copyright (c) 2025, Nordic Semiconductor ASA
 # SPDX-License-Identifier: Apache-2.0

 import argparse
 import logging
 import os
 import signal
 import subprocess
 import sys


 def signal_handler(sig, frame):
     logger.info('Script terminated by user')
     sys.exit(0)


 def main():
     signal.signal(signal.SIGINT, signal_handler)
     parser = argparse.ArgumentParser(description='Install Wi-Fi certificates', allow_abbrev=False)
     parser.add_argument('--path', required=True, help='Path to certificate files')
     parser.add_argument(
         '--serial-device', default='/dev/ttyACM1', help='Serial port device (default: /dev/ttyACM1)'
     )
     parser.add_argument(
         '--operation-mode',
         choices=['AP', 'STA'],
         default='STA',
         help='Operation mode: AP or STA (default: STA)',
     )
     parser.add_argument('-v', '--verbose', action='store_true', help='Enable verbose output')
     args = parser.parse_args()

     # Configure logging
     log_level = logging.DEBUG if args.verbose else logging.INFO
     logging.basicConfig(level=log_level, format='%(asctime)s - %(levelname)s - %(message)s')
     global logger
     logger = logging.getLogger(__name__)

     cert_path = args.path
     port = args.serial_device
     mode = args.operation_mode
     if not os.path.isdir(cert_path):
         logger.error(f"Directory {cert_path} does not exist.")
         sys.exit(1)

     logger.warning(
         "Please make sure that the Serial port is not being used by another application."
     )
     input("Press Enter to continue or Ctrl+C to exit...")

     # TLS credential types
     TLS_CREDENTIAL_CA_CERTIFICATE = 0
     TLS_CREDENTIAL_PUBLIC_CERTIFICATE = 1
     TLS_CREDENTIAL_PRIVATE_KEY = 2

     WIFI_CERT_SEC_TAG_BASE = 0x1020001
     WIFI_CERT_SEC_TAG_MAP = {
         "ca.pem": (TLS_CREDENTIAL_CA_CERTIFICATE, WIFI_CERT_SEC_TAG_BASE),
         "client-key.pem": (TLS_CREDENTIAL_PRIVATE_KEY, WIFI_CERT_SEC_TAG_BASE + 1),
         "server-key.pem": (TLS_CREDENTIAL_PRIVATE_KEY, WIFI_CERT_SEC_TAG_BASE + 2),
         "client.pem": (TLS_CREDENTIAL_PUBLIC_CERTIFICATE, WIFI_CERT_SEC_TAG_BASE + 3),
         "server.pem": (TLS_CREDENTIAL_PUBLIC_CERTIFICATE, WIFI_CERT_SEC_TAG_BASE + 4),
         "ca2.pem": (TLS_CREDENTIAL_CA_CERTIFICATE, WIFI_CERT_SEC_TAG_BASE + 5),
         "client-key2.pem": (TLS_CREDENTIAL_PRIVATE_KEY, WIFI_CERT_SEC_TAG_BASE + 6),
         "client2.pem": (TLS_CREDENTIAL_PUBLIC_CERTIFICATE, WIFI_CERT_SEC_TAG_BASE + 7),
     }

     cert_files = (
         ["ca.pem", "server-key.pem", "server.pem"]
         if mode == "AP"
         else ["ca.pem", "client-key.pem", "client.pem", "ca2.pem", "client-key2.pem", "client2.pem"]
     )

     total_certs = len(cert_files)
     for idx, cert in enumerate(cert_files, 1):
         logger.info(f"Processing certificate {idx} of {total_certs}: {cert}")

         cert_file_path = os.path.join(cert_path, cert)
         if not os.path.isfile(cert_file_path):
             logger.warning(f"Certificate file {cert_file_path} does not exist. Skipping...")
             continue

         cert_type, sec_tag = WIFI_CERT_SEC_TAG_MAP[cert]
         try:
             command = [
                 "./scripts/utils/tls_creds_installer.py",
                 "-p",
                 port,
                 "-l",
                 cert_file_path,
                 "-d",
                 "-t",
                 str(cert_type),
                 "-S",
                 str(sec_tag),
             ]
             if args.verbose:
                 command.append("-v")

             subprocess.run(command, check=True)
             logger.info(f"Successfully installed {cert}.")
         except subprocess.CalledProcessError:
             logger.error(f"Failed to install {cert}.")

     logger.info("Certificate installation process completed.")


 if __name__ == "__main__":
     main()
	#!/usr/bin/env python3
	# Copyright (c) 2025, Nordic Semiconductor ASA
	# SPDX-License-Identifier: Apache-2.0

	import argparse
	import logging
	import os
	import signal
	import subprocess
	import sys


	def signal_handler(sig, frame):
	logger.info('Script terminated by user')
	sys.exit(0)


	def main():
	signal.signal(signal.SIGINT, signal_handler)
	parser = argparse.ArgumentParser(description='Install Wi-Fi certificates', allow_abbrev=False)
	parser.add_argument('--path', required=True, help='Path to certificate files')
	parser.add_argument(
	'--serial-device', default='/dev/ttyACM1', help='Serial port device (default: /dev/ttyACM1)'
	)
	parser.add_argument(
	'--operation-mode',
	choices=['AP', 'STA'],
	default='STA',
	help='Operation mode: AP or STA (default: STA)',
	)
	parser.add_argument('-v', '--verbose', action='store_true', help='Enable verbose output')
	args = parser.parse_args()

	# Configure logging
	log_level = logging.DEBUG if args.verbose else logging.INFO
	logging.basicConfig(level=log_level, format='%(asctime)s - %(levelname)s - %(message)s')
	global logger
	logger = logging.getLogger(__name__)

	cert_path = args.path
	port = args.serial_device
	mode = args.operation_mode
	if not os.path.isdir(cert_path):
	logger.error(f"Directory {cert_path} does not exist.")
	sys.exit(1)

	logger.warning(
	"Please make sure that the Serial port is not being used by another application."
	)
	input("Press Enter to continue or Ctrl+C to exit...")

	# TLS credential types
	TLS_CREDENTIAL_CA_CERTIFICATE = 0
	TLS_CREDENTIAL_PUBLIC_CERTIFICATE = 1
	TLS_CREDENTIAL_PRIVATE_KEY = 2

	WIFI_CERT_SEC_TAG_BASE = 0x1020001
	WIFI_CERT_SEC_TAG_MAP = {
	"ca.pem": (TLS_CREDENTIAL_CA_CERTIFICATE, WIFI_CERT_SEC_TAG_BASE),
	"client-key.pem": (TLS_CREDENTIAL_PRIVATE_KEY, WIFI_CERT_SEC_TAG_BASE + 1),
	"server-key.pem": (TLS_CREDENTIAL_PRIVATE_KEY, WIFI_CERT_SEC_TAG_BASE + 2),
	"client.pem": (TLS_CREDENTIAL_PUBLIC_CERTIFICATE, WIFI_CERT_SEC_TAG_BASE + 3),
	"server.pem": (TLS_CREDENTIAL_PUBLIC_CERTIFICATE, WIFI_CERT_SEC_TAG_BASE + 4),
	"ca2.pem": (TLS_CREDENTIAL_CA_CERTIFICATE, WIFI_CERT_SEC_TAG_BASE + 5),
	"client-key2.pem": (TLS_CREDENTIAL_PRIVATE_KEY, WIFI_CERT_SEC_TAG_BASE + 6),
	"client2.pem": (TLS_CREDENTIAL_PUBLIC_CERTIFICATE, WIFI_CERT_SEC_TAG_BASE + 7),
	}

	cert_files = (
	["ca.pem", "server-key.pem", "server.pem"]
	if mode == "AP"
	else ["ca.pem", "client-key.pem", "client.pem", "ca2.pem", "client-key2.pem", "client2.pem"]
	)

	total_certs = len(cert_files)
	for idx, cert in enumerate(cert_files, 1):
	logger.info(f"Processing certificate {idx} of {total_certs}: {cert}")

	cert_file_path = os.path.join(cert_path, cert)
	if not os.path.isfile(cert_file_path):
	logger.warning(f"Certificate file {cert_file_path} does not exist. Skipping...")
	continue

	cert_type, sec_tag = WIFI_CERT_SEC_TAG_MAP[cert]
	try:
	command = [
	"./scripts/utils/tls_creds_installer.py",
	"-p",
	port,
	"-l",
	cert_file_path,
	"-d",
	"-t",
	str(cert_type),
	"-S",
	str(sec_tag),
	]
	if args.verbose:
	command.append("-v")

	subprocess.run(command, check=True)
	logger.info(f"Successfully installed {cert}.")
	except subprocess.CalledProcessError:
	logger.error(f"Failed to install {cert}.")

	logger.info("Certificate installation process completed.")


	if __name__ == "__main__":
	main()