Example
Dependencies: FXAS21002 FXOS8700Q
simple-mbed-cloud-client/mbed-cloud-client/certificate-enrollment-client/source/CertificateRenewalData.cpp@0:11cc2b7889af, 2019-11-19 (annotated)
- Committer:
- maygup01
- Date:
- Tue Nov 19 09:49:38 2019 +0000
- Revision:
- 0:11cc2b7889af
Example
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
maygup01 | 0:11cc2b7889af | 1 | // ---------------------------------------------------------------------------- |
maygup01 | 0:11cc2b7889af | 2 | // Copyright 2018 ARM Ltd. |
maygup01 | 0:11cc2b7889af | 3 | // |
maygup01 | 0:11cc2b7889af | 4 | // Licensed under the Apache License, Version 2.0 (the "License"); |
maygup01 | 0:11cc2b7889af | 5 | // you may not use this file except in compliance with the License. |
maygup01 | 0:11cc2b7889af | 6 | // You may obtain a copy of the License at |
maygup01 | 0:11cc2b7889af | 7 | // |
maygup01 | 0:11cc2b7889af | 8 | // http://www.apache.org/licenses/LICENSE-2.0 |
maygup01 | 0:11cc2b7889af | 9 | // |
maygup01 | 0:11cc2b7889af | 10 | // Unless required by applicable law or agreed to in writing, software |
maygup01 | 0:11cc2b7889af | 11 | // distributed under the License is distributed on an "AS IS" BASIS, |
maygup01 | 0:11cc2b7889af | 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
maygup01 | 0:11cc2b7889af | 13 | // See the License for the specific language governing permissions and |
maygup01 | 0:11cc2b7889af | 14 | // limitations under the License. |
maygup01 | 0:11cc2b7889af | 15 | // ---------------------------------------------------------------------------- |
maygup01 | 0:11cc2b7889af | 16 | |
maygup01 | 0:11cc2b7889af | 17 | #include "ce_tlv.h" |
maygup01 | 0:11cc2b7889af | 18 | #include "CertificateEnrollmentClientCommon.h" |
maygup01 | 0:11cc2b7889af | 19 | #include "CertificateRenewalData.h" |
maygup01 | 0:11cc2b7889af | 20 | #include "key_config_manager.h" |
maygup01 | 0:11cc2b7889af | 21 | #include "cs_der_keys_and_csrs.h" |
maygup01 | 0:11cc2b7889af | 22 | #include "pv_log.h" |
maygup01 | 0:11cc2b7889af | 23 | |
maygup01 | 0:11cc2b7889af | 24 | |
maygup01 | 0:11cc2b7889af | 25 | #include <string.h> |
maygup01 | 0:11cc2b7889af | 26 | #include <stdio.h> |
maygup01 | 0:11cc2b7889af | 27 | |
maygup01 | 0:11cc2b7889af | 28 | namespace CertificateEnrollmentClient { |
maygup01 | 0:11cc2b7889af | 29 | |
maygup01 | 0:11cc2b7889af | 30 | // Base class constructor - Allocate raw data so that it remains persistent |
maygup01 | 0:11cc2b7889af | 31 | CertificateRenewalDataBase::CertificateRenewalDataBase(const uint8_t *raw_data, size_t raw_data_size) |
maygup01 | 0:11cc2b7889af | 32 | { |
maygup01 | 0:11cc2b7889af | 33 | _raw_data_size = raw_data_size; |
maygup01 | 0:11cc2b7889af | 34 | cert_name = NULL; |
maygup01 | 0:11cc2b7889af | 35 | csr = NULL; |
maygup01 | 0:11cc2b7889af | 36 | csr_size = 0; |
maygup01 | 0:11cc2b7889af | 37 | est_data = NULL; |
maygup01 | 0:11cc2b7889af | 38 | key_handle = 0; |
maygup01 | 0:11cc2b7889af | 39 | _raw_data = (uint8_t *)malloc(raw_data_size); |
maygup01 | 0:11cc2b7889af | 40 | memcpy(_raw_data, raw_data, _raw_data_size); |
maygup01 | 0:11cc2b7889af | 41 | } |
maygup01 | 0:11cc2b7889af | 42 | |
maygup01 | 0:11cc2b7889af | 43 | // Free _raw_data, private_key, public_key (base destructor is called implicitly after derived destructor), |
maygup01 | 0:11cc2b7889af | 44 | CertificateRenewalDataBase::~CertificateRenewalDataBase() |
maygup01 | 0:11cc2b7889af | 45 | { |
maygup01 | 0:11cc2b7889af | 46 | kcm_status_e kcm_status; |
maygup01 | 0:11cc2b7889af | 47 | ce_status_e ce_status; |
maygup01 | 0:11cc2b7889af | 48 | |
maygup01 | 0:11cc2b7889af | 49 | free(_raw_data); |
maygup01 | 0:11cc2b7889af | 50 | free(csr); |
maygup01 | 0:11cc2b7889af | 51 | |
maygup01 | 0:11cc2b7889af | 52 | // Release the key handle, this shouldn't fail... |
maygup01 | 0:11cc2b7889af | 53 | kcm_status = cs_ec_key_free(&key_handle); |
maygup01 | 0:11cc2b7889af | 54 | ce_status = ce_error_handler(kcm_status); |
maygup01 | 0:11cc2b7889af | 55 | |
maygup01 | 0:11cc2b7889af | 56 | if (ce_status != CE_STATUS_SUCCESS) { |
maygup01 | 0:11cc2b7889af | 57 | SA_PV_LOG_ERR("Failed releasing CSR's key handle (status %u)\n", kcm_status); |
maygup01 | 0:11cc2b7889af | 58 | } |
maygup01 | 0:11cc2b7889af | 59 | } |
maygup01 | 0:11cc2b7889af | 60 | |
maygup01 | 0:11cc2b7889af | 61 | CertificateRenewalDataFromServer::CertificateRenewalDataFromServer(const uint8_t *raw_data, size_t raw_data_size) : |
maygup01 | 0:11cc2b7889af | 62 | CertificateRenewalDataBase(raw_data, raw_data_size) |
maygup01 | 0:11cc2b7889af | 63 | { |
maygup01 | 0:11cc2b7889af | 64 | } |
maygup01 | 0:11cc2b7889af | 65 | |
maygup01 | 0:11cc2b7889af | 66 | CertificateRenewalDataFromServer::~CertificateRenewalDataFromServer() |
maygup01 | 0:11cc2b7889af | 67 | { |
maygup01 | 0:11cc2b7889af | 68 | } |
maygup01 | 0:11cc2b7889af | 69 | |
maygup01 | 0:11cc2b7889af | 70 | // Parse the CertificateRenewalDataFromServer::data as a CBOR and retrieve the cert name and size |
maygup01 | 0:11cc2b7889af | 71 | ce_status_e CertificateRenewalDataFromServer::parse() |
maygup01 | 0:11cc2b7889af | 72 | { |
maygup01 | 0:11cc2b7889af | 73 | // NOTE: We should treat the TLV's VALUE according to the given type |
maygup01 | 0:11cc2b7889af | 74 | // since there is only one type at the moment no parsing is needed. |
maygup01 | 0:11cc2b7889af | 75 | |
maygup01 | 0:11cc2b7889af | 76 | ce_tlv_status_e status; |
maygup01 | 0:11cc2b7889af | 77 | ce_tlv_element_s element; |
maygup01 | 0:11cc2b7889af | 78 | |
maygup01 | 0:11cc2b7889af | 79 | cert_name = NULL; |
maygup01 | 0:11cc2b7889af | 80 | |
maygup01 | 0:11cc2b7889af | 81 | if (ce_tlv_parser_init(_raw_data, _raw_data_size, &element) != CE_TLV_STATUS_SUCCESS) { |
maygup01 | 0:11cc2b7889af | 82 | return CE_STATUS_BAD_INPUT_FROM_SERVER; |
maygup01 | 0:11cc2b7889af | 83 | } |
maygup01 | 0:11cc2b7889af | 84 | |
maygup01 | 0:11cc2b7889af | 85 | while ((status = ce_tlv_parse_next(&element)) != CE_TLV_STATUS_END) { |
maygup01 | 0:11cc2b7889af | 86 | if (status != CE_TLV_STATUS_SUCCESS) { |
maygup01 | 0:11cc2b7889af | 87 | // something got wrong while parsing |
maygup01 | 0:11cc2b7889af | 88 | return CE_STATUS_BAD_INPUT_FROM_SERVER; |
maygup01 | 0:11cc2b7889af | 89 | } |
maygup01 | 0:11cc2b7889af | 90 | |
maygup01 | 0:11cc2b7889af | 91 | // element parsed successfully - check if type supported |
maygup01 | 0:11cc2b7889af | 92 | |
maygup01 | 0:11cc2b7889af | 93 | if ((element.type != CE_TLV_TYPE_CERT_NAME) && (is_required(&element))) { |
maygup01 | 0:11cc2b7889af | 94 | return CE_STATUS_BAD_INPUT_FROM_SERVER; |
maygup01 | 0:11cc2b7889af | 95 | } else if ((element.type != CE_TLV_TYPE_CERT_NAME) && (!is_required(&element))) { |
maygup01 | 0:11cc2b7889af | 96 | // unsupported type but optional - ignored |
maygup01 | 0:11cc2b7889af | 97 | continue; |
maygup01 | 0:11cc2b7889af | 98 | } |
maygup01 | 0:11cc2b7889af | 99 | |
maygup01 | 0:11cc2b7889af | 100 | cert_name = element.val.text; |
maygup01 | 0:11cc2b7889af | 101 | SA_PV_LOG_INFO("\nParsed certificate to be updated is %s\n", (char *)element.val.text); |
maygup01 | 0:11cc2b7889af | 102 | } |
maygup01 | 0:11cc2b7889af | 103 | |
maygup01 | 0:11cc2b7889af | 104 | if (cert_name == NULL) { |
maygup01 | 0:11cc2b7889af | 105 | // parsing succeeded however we haven't got a concrete certificate name |
maygup01 | 0:11cc2b7889af | 106 | return CE_STATUS_BAD_INPUT_FROM_SERVER; |
maygup01 | 0:11cc2b7889af | 107 | } |
maygup01 | 0:11cc2b7889af | 108 | |
maygup01 | 0:11cc2b7889af | 109 | return CE_STATUS_SUCCESS; |
maygup01 | 0:11cc2b7889af | 110 | }; |
maygup01 | 0:11cc2b7889af | 111 | |
maygup01 | 0:11cc2b7889af | 112 | // call the user callback and send message to the cloud |
maygup01 | 0:11cc2b7889af | 113 | void CertificateRenewalDataFromServer::finish(ce_status_e status) |
maygup01 | 0:11cc2b7889af | 114 | { |
maygup01 | 0:11cc2b7889af | 115 | SA_PV_LOG_INFO("sending delayed response, status: %d\n", (int)status); |
maygup01 | 0:11cc2b7889af | 116 | g_cert_enroll_lwm2m_resource->set_value((int64_t)status); |
maygup01 | 0:11cc2b7889af | 117 | g_cert_enroll_lwm2m_resource->send_delayed_post_response(); |
maygup01 | 0:11cc2b7889af | 118 | |
maygup01 | 0:11cc2b7889af | 119 | // Call the user callback after setting the resource so that the user may delete the MCC object from the CB. |
maygup01 | 0:11cc2b7889af | 120 | // If we had called the CB prior to setting the resource value, this would result in writing to unallocated memory. |
maygup01 | 0:11cc2b7889af | 121 | call_user_cert_renewal_cb(cert_name, status, CE_INITIATOR_SERVER); |
maygup01 | 0:11cc2b7889af | 122 | }; |
maygup01 | 0:11cc2b7889af | 123 | |
maygup01 | 0:11cc2b7889af | 124 | CertificateRenewalDataFromDevice::CertificateRenewalDataFromDevice(const char *raw_data) : |
maygup01 | 0:11cc2b7889af | 125 | CertificateRenewalDataBase((uint8_t *)raw_data, (strlen(raw_data) + 1)) |
maygup01 | 0:11cc2b7889af | 126 | { |
maygup01 | 0:11cc2b7889af | 127 | } |
maygup01 | 0:11cc2b7889af | 128 | |
maygup01 | 0:11cc2b7889af | 129 | CertificateRenewalDataFromDevice::~CertificateRenewalDataFromDevice() |
maygup01 | 0:11cc2b7889af | 130 | { |
maygup01 | 0:11cc2b7889af | 131 | } |
maygup01 | 0:11cc2b7889af | 132 | |
maygup01 | 0:11cc2b7889af | 133 | // Nothing to do other than set the cert_name field |
maygup01 | 0:11cc2b7889af | 134 | ce_status_e CertificateRenewalDataFromDevice::parse() |
maygup01 | 0:11cc2b7889af | 135 | { |
maygup01 | 0:11cc2b7889af | 136 | cert_name = (const char *)_raw_data; |
maygup01 | 0:11cc2b7889af | 137 | return CE_STATUS_SUCCESS; |
maygup01 | 0:11cc2b7889af | 138 | } |
maygup01 | 0:11cc2b7889af | 139 | |
maygup01 | 0:11cc2b7889af | 140 | // Call the user callback but do not send anything to the server |
maygup01 | 0:11cc2b7889af | 141 | void CertificateRenewalDataFromDevice::finish(ce_status_e status) |
maygup01 | 0:11cc2b7889af | 142 | { |
maygup01 | 0:11cc2b7889af | 143 | call_user_cert_renewal_cb(cert_name, status, CE_INITIATOR_DEVICE); |
maygup01 | 0:11cc2b7889af | 144 | } |
maygup01 | 0:11cc2b7889af | 145 | |
maygup01 | 0:11cc2b7889af | 146 | } |