Add credentials framework

[chrysn]

Right now, credentials for DTLS are hardcoded, and credentials for OSCORE are passed around in referenced files.

There should be a way to set credentials, whose concept is work in progress.

Judging from https://github.com/ggravlingen/pytradfri/issues/90, it is important to be able to switch credentials easily, ie. an application might want to exercise something like

original_creds = DTLSClientPSK('remote-hostname', identity, key)
ctx.credentials.add(original_creds)
my_application = MyApplication(ctx)
my_new_identity = my_application.generate_app_key('remote-hostname')
ctx.credentials.remove(original_creds)
ctx.credentials.add_my_new_identity)

such that the DTLS session established with the original credentials is only used briefly.

[chrysn]

There is now a draft of a generalized credentials map in master, with its DTLS use documented in the DTLS module documentation.

While I don't recommend using this in pytradfri & co yet (it's too much in flux; AFAICT you're using 0.4a1 which works, so the changing master branch is no danger), I'd like to ask @balloob (due to #71) and @lwis (due to the pytradfri contribution): Would you consider the API outlined there suitable for your needs?

[linuxlurak]

I am not sure if the following issues are related to this one: https://github.com/home-assistant/home-assistant/issues/15231 https://github.com/home-assistant/home-assistant/issues/15287 https://github.com/ggravlingen/pytradfri/issues/176

I have to tradfri gateways and both are detected in home assistant. But it seems the second gateway always uses the credentials of the first. Thus [coap] Fatal DTLS error: code 115 floods the logs.

[lwis]

@chrysn Sorry, this completely fell off my radar. I believe that proposal would be fine for pytradrfri, and many people would appreciate suppot for multiple gateways.

[balloob]

This can be closed, as a credential framework is now available.