leo hendrickson
/
example-Ethernet-mbed-Cloud-connect
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
simple-mbed-cloud-client/mbed-cloud-client/certificate-enrollment-client/source/include/CertificateRenewalData.h@0:8f0bb79ddd48, 2021-05-04 (annotated)
- Committer:
- leothedragon
- Date:
- Tue May 04 08:55:12 2021 +0000
- Revision:
- 0:8f0bb79ddd48
nmn
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| leothedragon | 0:8f0bb79ddd48 | 1 | // ---------------------------------------------------------------------------- |
| leothedragon | 0:8f0bb79ddd48 | 2 | // Copyright 2018 ARM Ltd. |
| leothedragon | 0:8f0bb79ddd48 | 3 | // |
| leothedragon | 0:8f0bb79ddd48 | 4 | // Licensed under the Apache License, Version 2.0 (the "License"); |
| leothedragon | 0:8f0bb79ddd48 | 5 | // you may not use this file except in compliance with the License. |
| leothedragon | 0:8f0bb79ddd48 | 6 | // You may obtain a copy of the License at |
| leothedragon | 0:8f0bb79ddd48 | 7 | // |
| leothedragon | 0:8f0bb79ddd48 | 8 | // http://www.apache.org/licenses/LICENSE-2.0 |
| leothedragon | 0:8f0bb79ddd48 | 9 | // |
| leothedragon | 0:8f0bb79ddd48 | 10 | // Unless required by applicable law or agreed to in writing, software |
| leothedragon | 0:8f0bb79ddd48 | 11 | // distributed under the License is distributed on an "AS IS" BASIS, |
| leothedragon | 0:8f0bb79ddd48 | 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| leothedragon | 0:8f0bb79ddd48 | 13 | // See the License for the specific language governing permissions and |
| leothedragon | 0:8f0bb79ddd48 | 14 | // limitations under the License. |
| leothedragon | 0:8f0bb79ddd48 | 15 | // ---------------------------------------------------------------------------- |
| leothedragon | 0:8f0bb79ddd48 | 16 | |
| leothedragon | 0:8f0bb79ddd48 | 17 | #ifndef __CERTIFICATE_RENEWAL_DATA_H__ |
| leothedragon | 0:8f0bb79ddd48 | 18 | #define __CERTIFICATE_RENEWAL_DATA_H__ |
| leothedragon | 0:8f0bb79ddd48 | 19 | |
| leothedragon | 0:8f0bb79ddd48 | 20 | #include "certificate_enrollment.h" |
| leothedragon | 0:8f0bb79ddd48 | 21 | #include "est_defs.h" |
| leothedragon | 0:8f0bb79ddd48 | 22 | |
| leothedragon | 0:8f0bb79ddd48 | 23 | /* |
| leothedragon | 0:8f0bb79ddd48 | 24 | * This file declares the CertificateRenewalDataBase base class and its derived class. |
| leothedragon | 0:8f0bb79ddd48 | 25 | * An instantiated object holds all the data necessary for a certificate renewal process. |
| leothedragon | 0:8f0bb79ddd48 | 26 | * The derived classes implement different virtual methods of the base class. |
| leothedragon | 0:8f0bb79ddd48 | 27 | */ |
| leothedragon | 0:8f0bb79ddd48 | 28 | |
| leothedragon | 0:8f0bb79ddd48 | 29 | namespace CertificateEnrollmentClient { |
| leothedragon | 0:8f0bb79ddd48 | 30 | |
| leothedragon | 0:8f0bb79ddd48 | 31 | // Abstract base class for data for the renewal process of a single certificate |
| leothedragon | 0:8f0bb79ddd48 | 32 | /* |
| leothedragon | 0:8f0bb79ddd48 | 33 | * Abstract base class for data for the renewal process of a single certificate |
| leothedragon | 0:8f0bb79ddd48 | 34 | * Keeps data required for the process. |
| leothedragon | 0:8f0bb79ddd48 | 35 | * Derived class must implement the pure virtual functions of this class. |
| leothedragon | 0:8f0bb79ddd48 | 36 | */ |
| leothedragon | 0:8f0bb79ddd48 | 37 | class CertificateRenewalDataBase { |
| leothedragon | 0:8f0bb79ddd48 | 38 | |
| leothedragon | 0:8f0bb79ddd48 | 39 | public: |
| leothedragon | 0:8f0bb79ddd48 | 40 | CertificateRenewalDataBase(const uint8_t *raw_data, size_t raw_data_size); |
| leothedragon | 0:8f0bb79ddd48 | 41 | virtual ~CertificateRenewalDataBase(); |
| leothedragon | 0:8f0bb79ddd48 | 42 | |
| leothedragon | 0:8f0bb79ddd48 | 43 | /* |
| leothedragon | 0:8f0bb79ddd48 | 44 | * Gets a TLV (Type-Length-Value) buffer to parse, each element in the TLV buffer is being treated and executed |
| leothedragon | 0:8f0bb79ddd48 | 45 | * according to the given ce_tlv_type_e that is defined in ce_tlv.h file. |
| leothedragon | 0:8f0bb79ddd48 | 46 | * Each element Type defined as uint16_t primitive and signifies two things: |
| leothedragon | 0:8f0bb79ddd48 | 47 | * (1) the type of operation |
| leothedragon | 0:8f0bb79ddd48 | 48 | * (2) is element 'required' or 'optional'. |
| leothedragon | 0:8f0bb79ddd48 | 49 | * |
| leothedragon | 0:8f0bb79ddd48 | 50 | * We distinguish if an element is required or optional by toggling the type's field MSB (Most Significant Bit). |
| leothedragon | 0:8f0bb79ddd48 | 51 | * If the type's field MSB is set to '0' - this element marked as 'required' |
| leothedragon | 0:8f0bb79ddd48 | 52 | * If the type's field MSB is set to '1' - this element marked as 'optional' |
| leothedragon | 0:8f0bb79ddd48 | 53 | * |
| leothedragon | 0:8f0bb79ddd48 | 54 | * The function iterates through the TLV buffer and enforces the following rules for each element: |
| leothedragon | 0:8f0bb79ddd48 | 55 | * (1) if element's type is unsupported and the type is marked as 'optional' - element is being skipped |
| leothedragon | 0:8f0bb79ddd48 | 56 | * (2) if element's type is unsupported and the type is marked as 'required' - CE_STATUS_BAD_INPUT_FROM_SERVER error will be returned |
| leothedragon | 0:8f0bb79ddd48 | 57 | * (3) if element's type is supported and the type is marked as 'optional' / 'required' - element is parsed and executed |
| leothedragon | 0:8f0bb79ddd48 | 58 | * |
| leothedragon | 0:8f0bb79ddd48 | 59 | * Currently the only supported type is CE_TLV_TYPE_CERT_NAME as presents in ce_tlv.h, it means that the certificate name |
| leothedragon | 0:8f0bb79ddd48 | 60 | * will be pointed by 'cert_name' which must be persist until this object is destroyed. |
| leothedragon | 0:8f0bb79ddd48 | 61 | * |
| leothedragon | 0:8f0bb79ddd48 | 62 | * The TLV buffer MUST be coherent in memory. |
| leothedragon | 0:8f0bb79ddd48 | 63 | * The TLV buffer is not forced to be word aligned. |
| leothedragon | 0:8f0bb79ddd48 | 64 | * |
| leothedragon | 0:8f0bb79ddd48 | 65 | * @return CE_STATUS_SUCCESS if parsing succeeded or one of the faulty errors in ce_status.h |
| leothedragon | 0:8f0bb79ddd48 | 66 | */ |
| leothedragon | 0:8f0bb79ddd48 | 67 | virtual ce_status_e parse() = 0; |
| leothedragon | 0:8f0bb79ddd48 | 68 | |
| leothedragon | 0:8f0bb79ddd48 | 69 | /* |
| leothedragon | 0:8f0bb79ddd48 | 70 | * This function is called after the certificate renewal operation has completed (success or error). |
| leothedragon | 0:8f0bb79ddd48 | 71 | * Important: When this function is called, the application assumes that the operation had already finished and new connections are allowed to be made. |
| leothedragon | 0:8f0bb79ddd48 | 72 | * |
| leothedragon | 0:8f0bb79ddd48 | 73 | * \param status The end status of the certificate renewal. |
| leothedragon | 0:8f0bb79ddd48 | 74 | */ |
| leothedragon | 0:8f0bb79ddd48 | 75 | virtual void finish(ce_status_e status) = 0; |
| leothedragon | 0:8f0bb79ddd48 | 76 | |
| leothedragon | 0:8f0bb79ddd48 | 77 | // Certificate name - NULL terminated. Should not be freed, should point to the name inside _raw_data |
| leothedragon | 0:8f0bb79ddd48 | 78 | const char *cert_name; |
| leothedragon | 0:8f0bb79ddd48 | 79 | |
| leothedragon | 0:8f0bb79ddd48 | 80 | // The certificate chain received from the EST service. Released in the destructor. |
| leothedragon | 0:8f0bb79ddd48 | 81 | cert_chain_context_s *est_data; |
| leothedragon | 0:8f0bb79ddd48 | 82 | |
| leothedragon | 0:8f0bb79ddd48 | 83 | // Key handle that should be initialized and then used when generating a CSR and later when storing the certificate. Released in destructor. |
| leothedragon | 0:8f0bb79ddd48 | 84 | cs_key_handle_t key_handle; |
| leothedragon | 0:8f0bb79ddd48 | 85 | |
| leothedragon | 0:8f0bb79ddd48 | 86 | // Pointer to the generated CSR. Freed in destructor. |
| leothedragon | 0:8f0bb79ddd48 | 87 | uint8_t *csr; |
| leothedragon | 0:8f0bb79ddd48 | 88 | |
| leothedragon | 0:8f0bb79ddd48 | 89 | // Size of the CSR |
| leothedragon | 0:8f0bb79ddd48 | 90 | size_t csr_size; |
| leothedragon | 0:8f0bb79ddd48 | 91 | |
| leothedragon | 0:8f0bb79ddd48 | 92 | protected: |
| leothedragon | 0:8f0bb79ddd48 | 93 | // Pointer to raw data containing the certificate name. Free in destructor |
| leothedragon | 0:8f0bb79ddd48 | 94 | uint8_t *_raw_data; |
| leothedragon | 0:8f0bb79ddd48 | 95 | |
| leothedragon | 0:8f0bb79ddd48 | 96 | // Size of _raw_data |
| leothedragon | 0:8f0bb79ddd48 | 97 | size_t _raw_data_size; |
| leothedragon | 0:8f0bb79ddd48 | 98 | |
| leothedragon | 0:8f0bb79ddd48 | 99 | }; |
| leothedragon | 0:8f0bb79ddd48 | 100 | |
| leothedragon | 0:8f0bb79ddd48 | 101 | // From device API data is not a TLV but a string |
| leothedragon | 0:8f0bb79ddd48 | 102 | class CertificateRenewalDataFromDevice : public CertificateRenewalDataBase { |
| leothedragon | 0:8f0bb79ddd48 | 103 | public: |
| leothedragon | 0:8f0bb79ddd48 | 104 | CertificateRenewalDataFromDevice(const char *raw_data); |
| leothedragon | 0:8f0bb79ddd48 | 105 | virtual ~CertificateRenewalDataFromDevice(); |
| leothedragon | 0:8f0bb79ddd48 | 106 | |
| leothedragon | 0:8f0bb79ddd48 | 107 | /* |
| leothedragon | 0:8f0bb79ddd48 | 108 | * Set cert_name to point to the raw_data from the user which is null terminated. |
| leothedragon | 0:8f0bb79ddd48 | 109 | * Note that the constructor already allocated and copied the string provided by the user so cert_name will just point to that. |
| leothedragon | 0:8f0bb79ddd48 | 110 | */ |
| leothedragon | 0:8f0bb79ddd48 | 111 | virtual ce_status_e parse(); |
| leothedragon | 0:8f0bb79ddd48 | 112 | |
| leothedragon | 0:8f0bb79ddd48 | 113 | /* |
| leothedragon | 0:8f0bb79ddd48 | 114 | * Call the user callback with status. The initiator is CE_INITIATOR_DEVICE. |
| leothedragon | 0:8f0bb79ddd48 | 115 | * |
| leothedragon | 0:8f0bb79ddd48 | 116 | * \param status The status that will be specified when the user callback is called. |
| leothedragon | 0:8f0bb79ddd48 | 117 | */ |
| leothedragon | 0:8f0bb79ddd48 | 118 | virtual void finish(ce_status_e status); |
| leothedragon | 0:8f0bb79ddd48 | 119 | }; |
| leothedragon | 0:8f0bb79ddd48 | 120 | |
| leothedragon | 0:8f0bb79ddd48 | 121 | // Class used when the request was initiated by the server. raw_data is TLV |
| leothedragon | 0:8f0bb79ddd48 | 122 | class CertificateRenewalDataFromServer : public CertificateRenewalDataBase { |
| leothedragon | 0:8f0bb79ddd48 | 123 | public: |
| leothedragon | 0:8f0bb79ddd48 | 124 | CertificateRenewalDataFromServer(const uint8_t *raw_data, size_t raw_data_size); |
| leothedragon | 0:8f0bb79ddd48 | 125 | virtual ~CertificateRenewalDataFromServer(); |
| leothedragon | 0:8f0bb79ddd48 | 126 | |
| leothedragon | 0:8f0bb79ddd48 | 127 | /* |
| leothedragon | 0:8f0bb79ddd48 | 128 | * Parse the certificate name from _raw_data which contains the TLV received from the server. |
| leothedragon | 0:8f0bb79ddd48 | 129 | */ |
| leothedragon | 0:8f0bb79ddd48 | 130 | virtual ce_status_e parse(); |
| leothedragon | 0:8f0bb79ddd48 | 131 | |
| leothedragon | 0:8f0bb79ddd48 | 132 | /* |
| leothedragon | 0:8f0bb79ddd48 | 133 | * Call the user callback with status. The initiator is CE_INITIATOR_DEVICE. |
| leothedragon | 0:8f0bb79ddd48 | 134 | * Then set the resource to the status value and set a delayed response to the server. |
| leothedragon | 0:8f0bb79ddd48 | 135 | * |
| leothedragon | 0:8f0bb79ddd48 | 136 | * \param status The status that will be specified when the user callback is called, and sent to the server. |
| leothedragon | 0:8f0bb79ddd48 | 137 | */ |
| leothedragon | 0:8f0bb79ddd48 | 138 | virtual void finish(ce_status_e status); |
| leothedragon | 0:8f0bb79ddd48 | 139 | }; |
| leothedragon | 0:8f0bb79ddd48 | 140 | |
| leothedragon | 0:8f0bb79ddd48 | 141 | |
| leothedragon | 0:8f0bb79ddd48 | 142 | } |
| leothedragon | 0:8f0bb79ddd48 | 143 | |
| leothedragon | 0:8f0bb79ddd48 | 144 | #endif // __CERTIFICATE_RENEWAL_DATA_H__ |
| leothedragon | 0:8f0bb79ddd48 | 145 |