feat: enable verification of certs via network.tls_verify and private CA chains with network.tls_ca_path (#16)

Signed-off-by: Christopher Klein <ckl@dreitier.com>
2025-01-06 10:09:30 +01:00
parent 00da053f50
commit bfad0418ad
4 changed files with 94 additions and 14 deletions
--- a/custom_components/auth_oidc/config.py
+++ b/custom_components/auth_oidc/config.py
@@ -19,6 +19,10 @@ ROLES = "roles"
 ROLE_ADMINS = "admin"
 ROLE_USERS = "user"

+NETWORK = "network"
+NETWORK_TLS_VERIFY = "tls_verify"
+NETWORK_TLS_CA_PATH = "tls_ca_path"
+
 DEFAULT_TITLE = "OpenID Connect (SSO)"

 DOMAIN = "auth_oidc"
@@ -78,6 +82,17 @@ CONFIG_SCHEMA = vol.Schema(
                        vol.Optional(ROLE_ADMINS): vol.Coerce(str),
                    }
                ),
+                # Network options
+                vol.Optional(NETWORK): vol.Schema(
+                    {
+                        # Verify x509 certificates provided when starting TLS connections
+                        vol.Optional(NETWORK_TLS_VERIFY, default=True): vol.Coerce(
+                            bool
+                        ),
+                        # Load custom certificate chain for private CAs
+                        vol.Optional(NETWORK_TLS_CA_PATH): vol.Coerce(str),
+                    }
+                ),
            }
        )
    },