| User | Revision | Line number | New contents of line |
|---|
| leothedragon |
0:25fa8795676b
|
1
|
// ----------------------------------------------------------------------------
|
| leothedragon |
0:25fa8795676b
|
2
|
// Copyright 2018 ARM Ltd.
|
| leothedragon |
0:25fa8795676b
|
3
|
//
|
| leothedragon |
0:25fa8795676b
|
4
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
| leothedragon |
0:25fa8795676b
|
5
|
// you may not use this file except in compliance with the License.
|
| leothedragon |
0:25fa8795676b
|
6
|
// You may obtain a copy of the License at
|
| leothedragon |
0:25fa8795676b
|
7
|
//
|
| leothedragon |
0:25fa8795676b
|
8
|
// http://www.apache.org/licenses/LICENSE-2.0
|
| leothedragon |
0:25fa8795676b
|
9
|
//
|
| leothedragon |
0:25fa8795676b
|
10
|
// Unless required by applicable law or agreed to in writing, software
|
| leothedragon |
0:25fa8795676b
|
11
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
| leothedragon |
0:25fa8795676b
|
12
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
| leothedragon |
0:25fa8795676b
|
13
|
// See the License for the specific language governing permissions and
|
| leothedragon |
0:25fa8795676b
|
14
|
// limitations under the License.
|
| leothedragon |
0:25fa8795676b
|
15
|
// ----------------------------------------------------------------------------
|
| leothedragon |
0:25fa8795676b
|
16
|
|
| leothedragon |
0:25fa8795676b
|
17
|
#ifndef __CERTIFICATE_RENEWAL_DATA_H__
|
| leothedragon |
0:25fa8795676b
|
18
|
#define __CERTIFICATE_RENEWAL_DATA_H__
|
| leothedragon |
0:25fa8795676b
|
19
|
|
| leothedragon |
0:25fa8795676b
|
20
|
#include "certificate_enrollment.h"
|
| leothedragon |
0:25fa8795676b
|
21
|
#include "est_defs.h"
|
| leothedragon |
0:25fa8795676b
|
22
|
|
| leothedragon |
0:25fa8795676b
|
23
|
/*
|
| leothedragon |
0:25fa8795676b
|
24
|
* This file declares the CertificateRenewalDataBase base class and its derived class.
|
| leothedragon |
0:25fa8795676b
|
25
|
* An instantiated object holds all the data necessary for a certificate renewal process.
|
| leothedragon |
0:25fa8795676b
|
26
|
* The derived classes implement different virtual methods of the base class.
|
| leothedragon |
0:25fa8795676b
|
27
|
*/
|
| leothedragon |
0:25fa8795676b
|
28
|
|
| leothedragon |
0:25fa8795676b
|
29
|
namespace CertificateEnrollmentClient {
|
| leothedragon |
0:25fa8795676b
|
30
|
|
| leothedragon |
0:25fa8795676b
|
31
|
// Abstract base class for data for the renewal process of a single certificate
|
| leothedragon |
0:25fa8795676b
|
32
|
/*
|
| leothedragon |
0:25fa8795676b
|
33
|
* Abstract base class for data for the renewal process of a single certificate
|
| leothedragon |
0:25fa8795676b
|
34
|
* Keeps data required for the process.
|
| leothedragon |
0:25fa8795676b
|
35
|
* Derived class must implement the pure virtual functions of this class.
|
| leothedragon |
0:25fa8795676b
|
36
|
*/
|
| leothedragon |
0:25fa8795676b
|
37
|
class CertificateRenewalDataBase {
|
| leothedragon |
0:25fa8795676b
|
38
|
|
| leothedragon |
0:25fa8795676b
|
39
|
public:
|
| leothedragon |
0:25fa8795676b
|
40
|
CertificateRenewalDataBase(const uint8_t *raw_data, size_t raw_data_size);
|
| leothedragon |
0:25fa8795676b
|
41
|
virtual ~CertificateRenewalDataBase();
|
| leothedragon |
0:25fa8795676b
|
42
|
|
| leothedragon |
0:25fa8795676b
|
43
|
/*
|
| leothedragon |
0:25fa8795676b
|
44
|
* Gets a TLV (Type-Length-Value) buffer to parse, each element in the TLV buffer is being treated and executed
|
| leothedragon |
0:25fa8795676b
|
45
|
* according to the given ce_tlv_type_e that is defined in ce_tlv.h file.
|
| leothedragon |
0:25fa8795676b
|
46
|
* Each element Type defined as uint16_t primitive and signifies two things:
|
| leothedragon |
0:25fa8795676b
|
47
|
* (1) the type of operation
|
| leothedragon |
0:25fa8795676b
|
48
|
* (2) is element 'required' or 'optional'.
|
| leothedragon |
0:25fa8795676b
|
49
|
*
|
| leothedragon |
0:25fa8795676b
|
50
|
* We distinguish if an element is required or optional by toggling the type's field MSB (Most Significant Bit).
|
| leothedragon |
0:25fa8795676b
|
51
|
* If the type's field MSB is set to '0' - this element marked as 'required'
|
| leothedragon |
0:25fa8795676b
|
52
|
* If the type's field MSB is set to '1' - this element marked as 'optional'
|
| leothedragon |
0:25fa8795676b
|
53
|
*
|
| leothedragon |
0:25fa8795676b
|
54
|
* The function iterates through the TLV buffer and enforces the following rules for each element:
|
| leothedragon |
0:25fa8795676b
|
55
|
* (1) if element's type is unsupported and the type is marked as 'optional' - element is being skipped
|
| leothedragon |
0:25fa8795676b
|
56
|
* (2) if element's type is unsupported and the type is marked as 'required' - CE_STATUS_BAD_INPUT_FROM_SERVER error will be returned
|
| leothedragon |
0:25fa8795676b
|
57
|
* (3) if element's type is supported and the type is marked as 'optional' / 'required' - element is parsed and executed
|
| leothedragon |
0:25fa8795676b
|
58
|
*
|
| leothedragon |
0:25fa8795676b
|
59
|
* Currently the only supported type is CE_TLV_TYPE_CERT_NAME as presents in ce_tlv.h, it means that the certificate name
|
| leothedragon |
0:25fa8795676b
|
60
|
* will be pointed by 'cert_name' which must be persist until this object is destroyed.
|
| leothedragon |
0:25fa8795676b
|
61
|
*
|
| leothedragon |
0:25fa8795676b
|
62
|
* The TLV buffer MUST be coherent in memory.
|
| leothedragon |
0:25fa8795676b
|
63
|
* The TLV buffer is not forced to be word aligned.
|
| leothedragon |
0:25fa8795676b
|
64
|
*
|
| leothedragon |
0:25fa8795676b
|
65
|
* @return CE_STATUS_SUCCESS if parsing succeeded or one of the faulty errors in ce_status.h
|
| leothedragon |
0:25fa8795676b
|
66
|
*/
|
| leothedragon |
0:25fa8795676b
|
67
|
virtual ce_status_e parse() = 0;
|
| leothedragon |
0:25fa8795676b
|
68
|
|
| leothedragon |
0:25fa8795676b
|
69
|
/*
|
| leothedragon |
0:25fa8795676b
|
70
|
* This function is called after the certificate renewal operation has completed (success or error).
|
| leothedragon |
0:25fa8795676b
|
71
|
* Important: When this function is called, the application assumes that the operation had already finished and new connections are allowed to be made.
|
| leothedragon |
0:25fa8795676b
|
72
|
*
|
| leothedragon |
0:25fa8795676b
|
73
|
* \param status The end status of the certificate renewal.
|
| leothedragon |
0:25fa8795676b
|
74
|
*/
|
| leothedragon |
0:25fa8795676b
|
75
|
virtual void finish(ce_status_e status) = 0;
|
| leothedragon |
0:25fa8795676b
|
76
|
|
| leothedragon |
0:25fa8795676b
|
77
|
// Certificate name - NULL terminated. Should not be freed, should point to the name inside _raw_data
|
| leothedragon |
0:25fa8795676b
|
78
|
const char *cert_name;
|
| leothedragon |
0:25fa8795676b
|
79
|
|
| leothedragon |
0:25fa8795676b
|
80
|
// The certificate chain received from the EST service. Released in the destructor.
|
| leothedragon |
0:25fa8795676b
|
81
|
cert_chain_context_s *est_data;
|
| leothedragon |
0:25fa8795676b
|
82
|
|
| leothedragon |
0:25fa8795676b
|
83
|
// Key handle that should be initialized and then used when generating a CSR and later when storing the certificate. Released in destructor.
|
| leothedragon |
0:25fa8795676b
|
84
|
cs_key_handle_t key_handle;
|
| leothedragon |
0:25fa8795676b
|
85
|
|
| leothedragon |
0:25fa8795676b
|
86
|
// Pointer to the generated CSR. Freed in destructor.
|
| leothedragon |
0:25fa8795676b
|
87
|
uint8_t *csr;
|
| leothedragon |
0:25fa8795676b
|
88
|
|
| leothedragon |
0:25fa8795676b
|
89
|
// Size of the CSR
|
| leothedragon |
0:25fa8795676b
|
90
|
size_t csr_size;
|
| leothedragon |
0:25fa8795676b
|
91
|
|
| leothedragon |
0:25fa8795676b
|
92
|
protected:
|
| leothedragon |
0:25fa8795676b
|
93
|
// Pointer to raw data containing the certificate name. Free in destructor
|
| leothedragon |
0:25fa8795676b
|
94
|
uint8_t *_raw_data;
|
| leothedragon |
0:25fa8795676b
|
95
|
|
| leothedragon |
0:25fa8795676b
|
96
|
// Size of _raw_data
|
| leothedragon |
0:25fa8795676b
|
97
|
size_t _raw_data_size;
|
| leothedragon |
0:25fa8795676b
|
98
|
|
| leothedragon |
0:25fa8795676b
|
99
|
};
|
| leothedragon |
0:25fa8795676b
|
100
|
|
| leothedragon |
0:25fa8795676b
|
101
|
// From device API data is not a TLV but a string
|
| leothedragon |
0:25fa8795676b
|
102
|
class CertificateRenewalDataFromDevice : public CertificateRenewalDataBase {
|
| leothedragon |
0:25fa8795676b
|
103
|
public:
|
| leothedragon |
0:25fa8795676b
|
104
|
CertificateRenewalDataFromDevice(const char *raw_data);
|
| leothedragon |
0:25fa8795676b
|
105
|
virtual ~CertificateRenewalDataFromDevice();
|
| leothedragon |
0:25fa8795676b
|
106
|
|
| leothedragon |
0:25fa8795676b
|
107
|
/*
|
| leothedragon |
0:25fa8795676b
|
108
|
* Set cert_name to point to the raw_data from the user which is null terminated.
|
| leothedragon |
0:25fa8795676b
|
109
|
* Note that the constructor already allocated and copied the string provided by the user so cert_name will just point to that.
|
| leothedragon |
0:25fa8795676b
|
110
|
*/
|
| leothedragon |
0:25fa8795676b
|
111
|
virtual ce_status_e parse();
|
| leothedragon |
0:25fa8795676b
|
112
|
|
| leothedragon |
0:25fa8795676b
|
113
|
/*
|
| leothedragon |
0:25fa8795676b
|
114
|
* Call the user callback with status. The initiator is CE_INITIATOR_DEVICE.
|
| leothedragon |
0:25fa8795676b
|
115
|
*
|
| leothedragon |
0:25fa8795676b
|
116
|
* \param status The status that will be specified when the user callback is called.
|
| leothedragon |
0:25fa8795676b
|
117
|
*/
|
| leothedragon |
0:25fa8795676b
|
118
|
virtual void finish(ce_status_e status);
|
| leothedragon |
0:25fa8795676b
|
119
|
};
|
| leothedragon |
0:25fa8795676b
|
120
|
|
| leothedragon |
0:25fa8795676b
|
121
|
// Class used when the request was initiated by the server. raw_data is TLV
|
| leothedragon |
0:25fa8795676b
|
122
|
class CertificateRenewalDataFromServer : public CertificateRenewalDataBase {
|
| leothedragon |
0:25fa8795676b
|
123
|
public:
|
| leothedragon |
0:25fa8795676b
|
124
|
CertificateRenewalDataFromServer(const uint8_t *raw_data, size_t raw_data_size);
|
| leothedragon |
0:25fa8795676b
|
125
|
virtual ~CertificateRenewalDataFromServer();
|
| leothedragon |
0:25fa8795676b
|
126
|
|
| leothedragon |
0:25fa8795676b
|
127
|
/*
|
| leothedragon |
0:25fa8795676b
|
128
|
* Parse the certificate name from _raw_data which contains the TLV received from the server.
|
| leothedragon |
0:25fa8795676b
|
129
|
*/
|
| leothedragon |
0:25fa8795676b
|
130
|
virtual ce_status_e parse();
|
| leothedragon |
0:25fa8795676b
|
131
|
|
| leothedragon |
0:25fa8795676b
|
132
|
/*
|
| leothedragon |
0:25fa8795676b
|
133
|
* Call the user callback with status. The initiator is CE_INITIATOR_DEVICE.
|
| leothedragon |
0:25fa8795676b
|
134
|
* Then set the resource to the status value and set a delayed response to the server.
|
| leothedragon |
0:25fa8795676b
|
135
|
*
|
| leothedragon |
0:25fa8795676b
|
136
|
* \param status The status that will be specified when the user callback is called, and sent to the server.
|
| leothedragon |
0:25fa8795676b
|
137
|
*/
|
| leothedragon |
0:25fa8795676b
|
138
|
virtual void finish(ce_status_e status);
|
| leothedragon |
0:25fa8795676b
|
139
|
};
|
| leothedragon |
0:25fa8795676b
|
140
|
|
| leothedragon |
0:25fa8795676b
|
141
|
|
| leothedragon |
0:25fa8795676b
|
142
|
}
|
| leothedragon |
0:25fa8795676b
|
143
|
|
| leothedragon |
0:25fa8795676b
|
144
|
#endif // __CERTIFICATE_RENEWAL_DATA_H__
|
| leothedragon |
0:25fa8795676b
|
145
|
|