Remove token/certificate scripts from kuksa.val

And instead refer to kuksa-common

doc/KUKSA.val_server/jwt.md

@@ -19,7 +19,7 @@ How does this work? First the access rights are describe in JSON, an example tok
      "*": "rw"
   }
 }
-``` 
+```
 
 This are the rules to create a valid KUKSA.val token
 
@@ -44,23 +44,23 @@ This are the rules to create a valid KUKSA.val token
      "Vehicle.OBD.*": "r"
   }
 }
- ``` 
+ ```
 
 The tokens are protected using public key cryptography using the RS256 mechanism. This is basically an RSA encrypted  SHA256 hash of the token contents. The private key is used to create the signature and the public key needs to be provided to the KUKSA.val server so it can validate tokens. It will only accept tokens that are signed by the corresponding private key.
 
-In [kuksa_certificates/jwt](../../kuksa_certificates/jwt) is a helper script to create a valid token out of the json input like so 
+In [kuksa-common/jwt](https://github.com/eclipse-kuksa/kuksa-common/blob/main/jwt/) is a helper script to create a valid token out of the json input like so
 ```
-$ ./createToken.py sometoken.json 
+$ ./createToken.py sometoken.json
 Reading private key from jwt.key
 Reading JWT payload from sometoken.json
 Writing signed key to sometoken.json.token
 ```
 
 This uses `jwt.key` in the same folder as private key. The corresponding public key `jwt.key.pub` will be copied to the `build/src` folder during a cmake build.
 
-If you wish to create a new key pair, [kuksa_certificates/jwt](../../kuksa_certificates/jwt) contains a script for that
+If you wish to create a new key pair, [kuksa-common/jwt](https://github.com/eclipse-kuksa/kuksa-common/blob/main/jwt/) contains a script for that
 ```
-$ ./recreateJWTkeyPair.sh 
+$ ./recreateJWTkeyPair.sh
 Recreating KUKSA.val key pair used for JWT verification
 -------------------------------------------------------
 

jwt/README.md

@@ -1,5 +1,8 @@
 # Databroker Example Tokens
 
+*NOTE: The tokens here are copies of the tokens stored in [kuksa-common](https://github.com/eclipse-kuksa/kuksa-common/tree/main/jwt)!*
+
+
 This directory contains example tokens for demo and test purposes for KUKSA.val Databroker.
 For more information on token format see [documentation](../doc/KUKSA.val_data_broker/authorization.md).
 
@@ -15,14 +18,5 @@ For more information on token format see [documentation](../doc/KUKSA.val_data_b
 
 ## Create new tokens
 
-Tokens can be generated as described in [documentation](../kuksa_certificates/README.md).
-Note that token generation must take place from the directory containing `createToken.py`
-
-An example is shown below:
-
-```
-~/kuksa.val/kuksa_certificates/jwt$ python -m createToken ../../jwt/actuate-provide-all.json 
-Reading private key from jwt.key
-Reading JWT payload from ../../jwt/actuate-provide-all.json
-Writing signed access token to ../../jwt/actuate-provide-all.token
-```
+Helper scripts and documentation on how to generate new keys and tokens exist in
+[kuksa-common](https://github.com/eclipse-kuksa/kuksa-common/tree/main/jwt).

kuksa_certificates/README.md

@@ -3,12 +3,15 @@
 This directory contains example keys, tokens and certificates that can be used for testing clients and servers in this repository.
 Many of the clients and servers in this repository use keys, tokens and certificates from this directory by default.
 
+*Note that the primary storage location for keys, tokens and certificates usable for KUKSA Databroker*
+*is [kuksa-common](https://github.com/eclipse-kuksa/kuksa-common/tree/main).*
+*Files that also exist here should be considered as copies.*
 
 ## Keys and Certificates for TLS connections
 
 This directory contain a set of example certificates, used by the KUKSA-project during development and testing.
 They may or may not be useful for your test environment.
-If needed you can customize `genCerts.sh` and generate keys and certificates that fits your environment.
+If needed you can customize the [genCerts.sh](https://github.com/eclipse-kuksa/kuksa-common/blob/main/tls/genCerts.sh) script and generate keys and certificates that fits your environment.
 
 See the [KUKSA.val TLS documentation](../doc/tls.md) for general information on the KUKSA.val TLS concept.
 
@@ -24,23 +27,7 @@ This directory contains the following files with cryptographical information.
 | `Server.pem` | Client certificate chain, valid for 365 days, currently not needed as mutual authentication is not supported. |
 
 If the certificates have expired or you by any other reason need to regenerate keys or certificates you can use
-the `genCerts.sh` cript as described below.
-
-### Generating Keys and Certificates for TLS Connections
-
-Execute the script
-
-```
-> ./genCerts.sh
-```
-
-This creates `Client.pem` and `Server.pem` valid for 365 days since the day of generation.
-If you want to also generate new keys, then delete the keys you want to regenerate before running the script.
-This will trigger the script to generate new keys before generating the corresponding certificate.
-If you want to regenerate `CA.pem` you must first delete it.
-
-**NOTE: The script genCerts.sh may not be suitable to use for generating keys and certificates for your production environment!  **
-**NOTE: Please consult with your Project Security Manager (or similar) on how your keys and certificates shall be generated!  **
+the [genCerts.sh](https://github.com/eclipse-kuksa/kuksa-common/blob/main/tls/genCerts.sh) as described in kuksa-common [documentation](https://github.com/eclipse-kuksa/kuksa-common/blob/main/tls/README.md).
 
 ## Java Web Tokens (JWT)
 
@@ -57,15 +44,5 @@ The following example tokens exist:
 
 Note that the tokens have limited validity, if expired the `*.json` files need to be updated and the `*.json.token` files regenerated.
 
-Two helper scripts exist for generating keys and tokens
-
-* [recreateJWTkeyPair.sh](jwt/recreateJWTkeyPair.sh) to regenerate the JWT keys used for signing
-* [createToken.py](jwt/createToken.py) to create signed tokens, requires `*.json` files as parameters
-
-Example use:
-
-
-```bash
-$ pip3 install -r requirements.txt
-$ ./createToken.py all-read-write.json
-```
+Two helper scripts exist for generating keys and tokens, please see
+[kuksa-common documentation](https://github.com/eclipse-kuksa/kuksa-common/tree/main/jwt)

kuksa_certificates/jwt/README.md

@@ -1,20 +1,21 @@
 # KUKSA Server JWT Tokens
 
 This directory contains example tokens for communication with the KUKSA Server.
-Corresponding tokens for Databroker can be found [here](../../jwt).
+Corresponding tokens for Databroker can be found in
+[kuksa-common](https://github.com/eclipse-kuksa/kuksa-common/tree/main/jwt) and local copies [here](../../jwt).
 
-The script [createToken.py](createToken.py) can be used to generate new tokens if needed.
+The script [createToken.py](https://github.com/eclipse-kuksa/kuksa-common/blob/main/jwt/createToken.py) can be used to generate new tokens if needed.
 
 For historical reasons KUKSA Server tokens use a different pattern for token names.
-If you generate new tokens for KUKSA Server you must first run the script and then rename the generated token.
+If you generate new tokens for KUKSA Server you must first run the script and then rename the generated token, or specify output name with the `--output` parameter.
 
 ## Example: Re-generate token with new expiry date
 
 The current example tokens expire at 2025-12-31. To generate new ones you must first add a new expiry date in
 the corresponding `*.json files. Then do:
 
 ```
-./createToken.py single-read.json
+createToken.py single-read.json
 mv single-read.token single-read.json.token
 ```