From e6325a1be133751e38dc60776dec887d68a5e78a Mon Sep 17 00:00:00 2001
From: Ryan Melton <ryan@openc3.com>
Date: Wed, 15 Mar 2023 21:32:13 -0600
Subject: [PATCH] Fix HTTPClient SSL and realm reference

---
 openc3/lib/openc3/core_ext.rb                 |  3 ++-
 openc3/lib/openc3/core_ext/httpclient.rb      | 11 +++++++++++
 openc3/lib/openc3/utilities/authentication.rb |  3 ++-
 3 files changed, 15 insertions(+), 2 deletions(-)
 create mode 100644 openc3/lib/openc3/core_ext/httpclient.rb

diff --git a/openc3/lib/openc3/core_ext.rb b/openc3/lib/openc3/core_ext.rb
index d89b188455..39a5a47817 100644
--- a/openc3/lib/openc3/core_ext.rb
+++ b/openc3/lib/openc3/core_ext.rb
@@ -17,12 +17,13 @@
 # All changes Copyright 2022, OpenC3, Inc.
 # All Rights Reserved
 #
-# This file may also be used under the terms of a commercial license 
+# This file may also be used under the terms of a commercial license
 # if purchased from OpenC3, Inc.
 
 require 'openc3/core_ext/array'
 require 'openc3/core_ext/binding'
 require 'openc3/core_ext/class'
+require 'openc3/core_ext/httpclient'
 require 'openc3/core_ext/openc3_io'
 require 'openc3/core_ext/exception'
 require 'openc3/core_ext/file'
diff --git a/openc3/lib/openc3/core_ext/httpclient.rb b/openc3/lib/openc3/core_ext/httpclient.rb
new file mode 100644
index 0000000000..e563ef729d
--- /dev/null
+++ b/openc3/lib/openc3/core_ext/httpclient.rb
@@ -0,0 +1,11 @@
+require 'httpclient'
+
+class HTTPClient
+  alias original_initialize initialize
+
+  def initialize(*args, &block)
+    original_initialize(*args, &block)
+    # Force use of the default system CA certs (instead of the 6 year old bundled ones)
+    @session_manager&.ssl_config&.set_default_paths
+  end
+end
diff --git a/openc3/lib/openc3/utilities/authentication.rb b/openc3/lib/openc3/utilities/authentication.rb
index f767bf6670..54d69bcfc1 100644
--- a/openc3/lib/openc3/utilities/authentication.rb
+++ b/openc3/lib/openc3/utilities/authentication.rb
@@ -144,7 +144,8 @@ def _refresh_token(current_time)
 
     # Make the post request to keycloak
     def _make_request(headers, data)
-      uri = URI("#{@url}/realms/openc3/protocol/openid-connect/token")
+      realm = ENV['OPENC3_KEYCLOAK_REALM'] || 'openc3'
+      uri = URI("#{@url}/realms/#{realm}/protocol/openid-connect/token")
       @log[0] = "request uri: #{uri.to_s} header: #{headers.to_s} body: #{data.to_s}"
       STDOUT.puts @log[0] if JsonDRb.debug?
       saved_verbose = $VERBOSE; $VERBOSE = nil