Mayank Gupta / Mbed OS pelion-example-frdm

Example

Dependencies:   FXAS21002 FXOS8700Q

simple-mbed-cloud-client/mbed-cloud-client/certificate-enrollment-client/source/ce_safe_renewal_internal.c@0:11cc2b7889af, 2019-11-19 (annotated)

Committer:
maygup01
Date:
Tue Nov 19 09:49:38 2019 +0000
Revision:
0:11cc2b7889af
Example

Who changed what in which revision?

UserRevisionLine numberNew contents of line
maygup01 0:11cc2b7889af 1 // ----------------------------------------------------------------------------
maygup01 0:11cc2b7889af 2 // Copyright 2016-2017 ARM Ltd.
maygup01 0:11cc2b7889af 3 //
maygup01 0:11cc2b7889af 4 // Licensed under the Apache License, Version 2.0 (the "License");
maygup01 0:11cc2b7889af 5 // you may not use this file except in compliance with the License.
maygup01 0:11cc2b7889af 6 // You may obtain a copy of the License at
maygup01 0:11cc2b7889af 7 //
maygup01 0:11cc2b7889af 8 // http://www.apache.org/licenses/LICENSE-2.0
maygup01 0:11cc2b7889af 9 //
maygup01 0:11cc2b7889af 10 // Unless required by applicable law or agreed to in writing, software
maygup01 0:11cc2b7889af 11 // distributed under the License is distributed on an "AS IS" BASIS,
maygup01 0:11cc2b7889af 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
maygup01 0:11cc2b7889af 13 // See the License for the specific language governing permissions and
maygup01 0:11cc2b7889af 14 // limitations under the License.
maygup01 0:11cc2b7889af 15 // ----------------------------------------------------------------------------
maygup01 0:11cc2b7889af 16 #include <stdbool.h>
maygup01 0:11cc2b7889af 17 #include "key_config_manager.h"
maygup01 0:11cc2b7889af 18 #include "pv_error_handling.h"
maygup01 0:11cc2b7889af 19 #include "storage.h"
maygup01 0:11cc2b7889af 20 #include "fcc_malloc.h"
maygup01 0:11cc2b7889af 21 #include "pv_macros.h"
maygup01 0:11cc2b7889af 22 #include "ce_internal.h"
maygup01 0:11cc2b7889af 23 #include "est_defs.h"
maygup01 0:11cc2b7889af 24 #include "storage.h"
maygup01 0:11cc2b7889af 25
maygup01 0:11cc2b7889af 26 const char g_lwm2m_name[] = "LWM2M";
maygup01 0:11cc2b7889af 27 const char g_renewal_status_file[] = "renewal_status";
maygup01 0:11cc2b7889af 28
maygup01 0:11cc2b7889af 29 extern const char g_fcc_lwm2m_device_certificate_name[];
maygup01 0:11cc2b7889af 30 extern const char g_fcc_lwm2m_device_private_key_name[];
maygup01 0:11cc2b7889af 31
maygup01 0:11cc2b7889af 32 /* The function reads item from storage according to its kcm and source type,
maygup01 0:11cc2b7889af 33 the function allocated buffer for the item*/
maygup01 0:11cc2b7889af 34 kcm_status_e ce_get_kcm_data(const uint8_t *parameter_name,
maygup01 0:11cc2b7889af 35 size_t size_of_parameter_name,
maygup01 0:11cc2b7889af 36 kcm_item_type_e kcm_type,
maygup01 0:11cc2b7889af 37 kcm_data_source_type_e data_source_type,
maygup01 0:11cc2b7889af 38 uint8_t **kcm_data,
maygup01 0:11cc2b7889af 39 size_t *kcm_data_size)
maygup01 0:11cc2b7889af 40 {
maygup01 0:11cc2b7889af 41
maygup01 0:11cc2b7889af 42 kcm_status_e kcm_status = KCM_STATUS_SUCCESS;
maygup01 0:11cc2b7889af 43
maygup01 0:11cc2b7889af 44 SA_PV_LOG_TRACE_FUNC_ENTER_NO_ARGS();
maygup01 0:11cc2b7889af 45 SA_PV_ERR_RECOVERABLE_RETURN_IF((parameter_name == NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Wrong parameter_name pointer");
maygup01 0:11cc2b7889af 46 SA_PV_ERR_RECOVERABLE_RETURN_IF((size_of_parameter_name == 0), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Wrong parameter_name size.");
maygup01 0:11cc2b7889af 47 SA_PV_ERR_RECOVERABLE_RETURN_IF((*kcm_data != NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Wrong *kcm_data pointer, should be NULL");
maygup01 0:11cc2b7889af 48 SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_data_size == NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Wrong kcm_data_size pointer.");
maygup01 0:11cc2b7889af 49
maygup01 0:11cc2b7889af 50 //Get size of kcm data
maygup01 0:11cc2b7889af 51 kcm_status = storage_data_size_read(parameter_name,
maygup01 0:11cc2b7889af 52 size_of_parameter_name,
maygup01 0:11cc2b7889af 53 kcm_type,
maygup01 0:11cc2b7889af 54 data_source_type,
maygup01 0:11cc2b7889af 55 kcm_data_size);
maygup01 0:11cc2b7889af 56 if (kcm_status == KCM_STATUS_ITEM_NOT_FOUND) {
maygup01 0:11cc2b7889af 57 return kcm_status;
maygup01 0:11cc2b7889af 58 }
maygup01 0:11cc2b7889af 59 SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to get kcm data size");
maygup01 0:11cc2b7889af 60 SA_PV_ERR_RECOVERABLE_RETURN_IF((*kcm_data_size == 0), kcm_status = KCM_STATUS_ITEM_IS_EMPTY, "KCM item is empty");
maygup01 0:11cc2b7889af 61
maygup01 0:11cc2b7889af 62 //Allocate memory and get device certificate data
maygup01 0:11cc2b7889af 63 *kcm_data = fcc_malloc(*kcm_data_size);
maygup01 0:11cc2b7889af 64 SA_PV_ERR_RECOVERABLE_RETURN_IF((*kcm_data == NULL), kcm_status = KCM_STATUS_OUT_OF_MEMORY, "Failed to allocate buffer for kcm data");
maygup01 0:11cc2b7889af 65
maygup01 0:11cc2b7889af 66 kcm_status = storage_data_read(parameter_name, size_of_parameter_name, kcm_type, data_source_type, *kcm_data, *kcm_data_size, kcm_data_size);
maygup01 0:11cc2b7889af 67 SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit, "Failed to get device certificate data");
maygup01 0:11cc2b7889af 68
maygup01 0:11cc2b7889af 69 exit:
maygup01 0:11cc2b7889af 70 if (kcm_status != KCM_STATUS_SUCCESS) {
maygup01 0:11cc2b7889af 71 fcc_free(*kcm_data);
maygup01 0:11cc2b7889af 72 *kcm_data = NULL;
maygup01 0:11cc2b7889af 73 }
maygup01 0:11cc2b7889af 74 SA_PV_LOG_TRACE_FUNC_EXIT_NO_ARGS();
maygup01 0:11cc2b7889af 75 return kcm_status;
maygup01 0:11cc2b7889af 76 }
maygup01 0:11cc2b7889af 77 /*The function copies certificate chain or single certificate from source to destination (inside storage)*/
maygup01 0:11cc2b7889af 78 static kcm_status_e copy_certificate_chain(const uint8_t *item_name, size_t item_name_len, kcm_data_source_type_e source_type, kcm_data_source_type_e destination_type)
maygup01 0:11cc2b7889af 79 {
maygup01 0:11cc2b7889af 80 kcm_status_e kcm_status = KCM_STATUS_SUCCESS;
maygup01 0:11cc2b7889af 81 uint8_t *item_data = NULL;
maygup01 0:11cc2b7889af 82 size_t item_data_len = 0;
maygup01 0:11cc2b7889af 83 kcm_cert_chain_handle kcm_source_chain_handle;
maygup01 0:11cc2b7889af 84 kcm_cert_chain_handle kcm_destination_chain_handle;
maygup01 0:11cc2b7889af 85 size_t kcm_chain_len_out = 0;
maygup01 0:11cc2b7889af 86 size_t kcm_actual_cert_data_size = 0;
maygup01 0:11cc2b7889af 87 int cert_index = 0;
maygup01 0:11cc2b7889af 88 kcm_cert_chain_context_int_s *chain_context;
maygup01 0:11cc2b7889af 89
maygup01 0:11cc2b7889af 90 //Open chain
maygup01 0:11cc2b7889af 91 kcm_status = storage_cert_chain_open(&kcm_source_chain_handle, item_name, item_name_len, source_type, &kcm_chain_len_out);
maygup01 0:11cc2b7889af 92 SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to open chain");
maygup01 0:11cc2b7889af 93 SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_chain_len_out == 0), kcm_status = KCM_STATUS_INVALID_NUM_OF_CERT_IN_CHAIN, exit, "Invalid kcm_chain_len_out");
maygup01 0:11cc2b7889af 94
maygup01 0:11cc2b7889af 95 chain_context = (kcm_cert_chain_context_int_s*)kcm_source_chain_handle;
maygup01 0:11cc2b7889af 96
maygup01 0:11cc2b7889af 97 //Current item is a single certificate
maygup01 0:11cc2b7889af 98 if (chain_context->is_meta_data == false && kcm_chain_len_out == 1) {
maygup01 0:11cc2b7889af 99 //Read the item from source
maygup01 0:11cc2b7889af 100 kcm_status = ce_get_kcm_data(item_name, item_name_len, KCM_CERTIFICATE_ITEM, source_type, &item_data, &item_data_len);
maygup01 0:11cc2b7889af 101 SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit, "Failed to get item data");
maygup01 0:11cc2b7889af 102
maygup01 0:11cc2b7889af 103 //Save the item as backup item
maygup01 0:11cc2b7889af 104 kcm_status = storage_data_write(item_name, item_name_len, KCM_CERTIFICATE_ITEM, false, destination_type, item_data, item_data_len );
maygup01 0:11cc2b7889af 105 SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit, "Failed to copy item data");
maygup01 0:11cc2b7889af 106 } else {
maygup01 0:11cc2b7889af 107 //Current item is certificate chian
maygup01 0:11cc2b7889af 108 for (cert_index = 1; cert_index <= (int)kcm_chain_len_out; cert_index++)
maygup01 0:11cc2b7889af 109 {
maygup01 0:11cc2b7889af 110
maygup01 0:11cc2b7889af 111 //Create destination chain for start
maygup01 0:11cc2b7889af 112 if (cert_index == 1) {
maygup01 0:11cc2b7889af 113 kcm_status = storage_cert_chain_create(&kcm_destination_chain_handle, item_name, item_name_len, kcm_chain_len_out, false, destination_type);
maygup01 0:11cc2b7889af 114 SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit, "Failed to create destination chain");
maygup01 0:11cc2b7889af 115 }
maygup01 0:11cc2b7889af 116 //Get next certificate data size from source chain
maygup01 0:11cc2b7889af 117 kcm_status = storage_cert_chain_get_next_size(kcm_source_chain_handle, source_type, &item_data_len);
maygup01 0:11cc2b7889af 118 SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit_and_close, "Failed to _kcm_cert_chain_get_next_sizen");
maygup01 0:11cc2b7889af 119
maygup01 0:11cc2b7889af 120 //Allocate memory and get certificate data from source chain
maygup01 0:11cc2b7889af 121 item_data = fcc_malloc(item_data_len);
maygup01 0:11cc2b7889af 122 SA_PV_ERR_RECOVERABLE_GOTO_IF((item_data == NULL), kcm_status = KCM_STATUS_OUT_OF_MEMORY, exit_and_close, "Failed to allocate buffer for kcm data");
maygup01 0:11cc2b7889af 123
maygup01 0:11cc2b7889af 124 //Get next certificate data
maygup01 0:11cc2b7889af 125 kcm_status = storage_cert_chain_get_next_data(kcm_source_chain_handle, item_data, item_data_len, source_type, &kcm_actual_cert_data_size);
maygup01 0:11cc2b7889af 126 SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit_and_close, "Failed to get certificate kcm data");
maygup01 0:11cc2b7889af 127 SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_actual_cert_data_size != item_data_len), kcm_status = kcm_status, exit_and_close, "Wrong certificate data size");
maygup01 0:11cc2b7889af 128
maygup01 0:11cc2b7889af 129 //Add the data to destination chain
maygup01 0:11cc2b7889af 130 kcm_status = storage_chain_add_next(kcm_destination_chain_handle, item_data, item_data_len, destination_type);
maygup01 0:11cc2b7889af 131 SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit_and_close, "Failed to add data to chain");
maygup01 0:11cc2b7889af 132
maygup01 0:11cc2b7889af 133 //free allocated buffer
maygup01 0:11cc2b7889af 134 fcc_free(item_data);
maygup01 0:11cc2b7889af 135 item_data = NULL;
maygup01 0:11cc2b7889af 136 }
maygup01 0:11cc2b7889af 137 //Close destination chain
maygup01 0:11cc2b7889af 138 exit_and_close:
maygup01 0:11cc2b7889af 139 kcm_status = storage_cert_chain_close(kcm_destination_chain_handle, destination_type);
maygup01 0:11cc2b7889af 140 SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit,"Failed to close destination chain");
maygup01 0:11cc2b7889af 141
maygup01 0:11cc2b7889af 142 }
maygup01 0:11cc2b7889af 143
maygup01 0:11cc2b7889af 144 exit:
maygup01 0:11cc2b7889af 145 if (item_data != NULL) {
maygup01 0:11cc2b7889af 146 fcc_free(item_data);
maygup01 0:11cc2b7889af 147 }
maygup01 0:11cc2b7889af 148 //close source chain
maygup01 0:11cc2b7889af 149 kcm_status = storage_cert_chain_close(kcm_source_chain_handle, source_type);
maygup01 0:11cc2b7889af 150 SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to close source chain");
maygup01 0:11cc2b7889af 151
maygup01 0:11cc2b7889af 152 return kcm_status;
maygup01 0:11cc2b7889af 153
maygup01 0:11cc2b7889af 154 }
maygup01 0:11cc2b7889af 155 static kcm_status_e copy_kcm_item(const uint8_t *item_name, size_t item_name_len, kcm_item_type_e kcm_type, kcm_data_source_type_e source_type, kcm_data_source_type_e destination_type)
maygup01 0:11cc2b7889af 156 {
maygup01 0:11cc2b7889af 157
maygup01 0:11cc2b7889af 158 kcm_status_e kcm_status = KCM_STATUS_SUCCESS;
maygup01 0:11cc2b7889af 159 uint8_t *item_data = NULL;
maygup01 0:11cc2b7889af 160 size_t item_data_len = 0;
maygup01 0:11cc2b7889af 161
maygup01 0:11cc2b7889af 162 //Read the data
maygup01 0:11cc2b7889af 163 if (kcm_type == KCM_CERTIFICATE_ITEM) {
maygup01 0:11cc2b7889af 164
maygup01 0:11cc2b7889af 165 //copy certificate chain
maygup01 0:11cc2b7889af 166 kcm_status = copy_certificate_chain(item_name, item_name_len, source_type, destination_type);
maygup01 0:11cc2b7889af 167 SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to copy chain");
maygup01 0:11cc2b7889af 168 } else { //not certificate
maygup01 0:11cc2b7889af 169 //Read the item from source
maygup01 0:11cc2b7889af 170 kcm_status = ce_get_kcm_data(item_name, item_name_len, kcm_type, source_type, &item_data, &item_data_len);
maygup01 0:11cc2b7889af 171 SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to get item data");
maygup01 0:11cc2b7889af 172
maygup01 0:11cc2b7889af 173 //Save the item as backup item
maygup01 0:11cc2b7889af 174 kcm_status = storage_data_write(item_name, item_name_len, kcm_type, false, destination_type,item_data, item_data_len );
maygup01 0:11cc2b7889af 175 SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit, "Failed to copy item data");
maygup01 0:11cc2b7889af 176 }
maygup01 0:11cc2b7889af 177
maygup01 0:11cc2b7889af 178 exit:
maygup01 0:11cc2b7889af 179 if (item_data != NULL) {
maygup01 0:11cc2b7889af 180 fcc_free(item_data);
maygup01 0:11cc2b7889af 181 }
maygup01 0:11cc2b7889af 182 return kcm_status;
maygup01 0:11cc2b7889af 183
maygup01 0:11cc2b7889af 184 }
maygup01 0:11cc2b7889af 185
maygup01 0:11cc2b7889af 186 bool ce_set_item_names(const char *item_name, char **private_key_name_out, char **public_key_name_out, char **certificate_name_out)
maygup01 0:11cc2b7889af 187 {
maygup01 0:11cc2b7889af 188 SA_PV_ERR_RECOVERABLE_RETURN_IF((item_name == NULL), false, "Invalid item_name");
maygup01 0:11cc2b7889af 189 SA_PV_ERR_RECOVERABLE_RETURN_IF((private_key_name_out == NULL), false, "Invalid private_key_name");
maygup01 0:11cc2b7889af 190 SA_PV_ERR_RECOVERABLE_RETURN_IF((certificate_name_out == NULL), false, "Invalid certificate");
maygup01 0:11cc2b7889af 191 // public key may be NULL - don't bother to check pointer
maygup01 0:11cc2b7889af 192
maygup01 0:11cc2b7889af 193 if (pv_str_equals(item_name, g_lwm2m_name, (uint32_t)(strlen(item_name) + 1)) == true) {
maygup01 0:11cc2b7889af 194 *private_key_name_out = (char*)g_fcc_lwm2m_device_private_key_name;
maygup01 0:11cc2b7889af 195 *certificate_name_out = (char*)g_fcc_lwm2m_device_certificate_name;
maygup01 0:11cc2b7889af 196 if (public_key_name_out != NULL) {
maygup01 0:11cc2b7889af 197 *public_key_name_out = NULL;
maygup01 0:11cc2b7889af 198 }
maygup01 0:11cc2b7889af 199 } else {
maygup01 0:11cc2b7889af 200 *private_key_name_out = (char*)item_name;
maygup01 0:11cc2b7889af 201 *certificate_name_out = (char*)item_name;
maygup01 0:11cc2b7889af 202 if (public_key_name_out != NULL) {
maygup01 0:11cc2b7889af 203 *public_key_name_out = (char*)item_name;
maygup01 0:11cc2b7889af 204 }
maygup01 0:11cc2b7889af 205 }
maygup01 0:11cc2b7889af 206 return true;
maygup01 0:11cc2b7889af 207 }
maygup01 0:11cc2b7889af 208
maygup01 0:11cc2b7889af 209 static kcm_status_e check_items_existence(const char *item_name, kcm_data_source_type_e source_type, bool *is_public_key)
maygup01 0:11cc2b7889af 210 {
maygup01 0:11cc2b7889af 211 kcm_status_e kcm_status = KCM_STATUS_SUCCESS;
maygup01 0:11cc2b7889af 212 kcm_cert_chain_handle kcm_source_chain_handle;
maygup01 0:11cc2b7889af 213 size_t kcm_data_size = 0;
maygup01 0:11cc2b7889af 214 uint8_t *private_key_name = NULL;
maygup01 0:11cc2b7889af 215 uint8_t *public_key_name = NULL;
maygup01 0:11cc2b7889af 216 uint8_t *certificate_name = NULL;
maygup01 0:11cc2b7889af 217 bool local_is_public_key = false;
maygup01 0:11cc2b7889af 218
maygup01 0:11cc2b7889af 219 SA_PV_ERR_RECOVERABLE_RETURN_IF((item_name == NULL), KCM_STATUS_INVALID_PARAMETER, "Invalid item_name");
maygup01 0:11cc2b7889af 220 SA_PV_ERR_RECOVERABLE_RETURN_IF(!(ce_set_item_names(item_name, (char**)&private_key_name, (char**)&public_key_name, (char**)&certificate_name)), KCM_STATUS_INVALID_PARAMETER, "Failed to set internal names for items");
maygup01 0:11cc2b7889af 221
maygup01 0:11cc2b7889af 222 //Check private key
maygup01 0:11cc2b7889af 223 kcm_status = storage_data_size_read((const uint8_t*)private_key_name, (size_t)strlen((char*)private_key_name), KCM_PRIVATE_KEY_ITEM, source_type, &kcm_data_size);
maygup01 0:11cc2b7889af 224 SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to get private key size");
maygup01 0:11cc2b7889af 225
maygup01 0:11cc2b7889af 226 if (public_key_name != NULL) {
maygup01 0:11cc2b7889af 227 kcm_status = storage_data_size_read((const uint8_t*)public_key_name, (size_t)strlen((char*)public_key_name), KCM_PUBLIC_KEY_ITEM, source_type, &kcm_data_size);
maygup01 0:11cc2b7889af 228 SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS && kcm_status != KCM_STATUS_ITEM_NOT_FOUND), kcm_status, "Failed to get public key size");
maygup01 0:11cc2b7889af 229
maygup01 0:11cc2b7889af 230 if (kcm_status == KCM_STATUS_SUCCESS) {
maygup01 0:11cc2b7889af 231 local_is_public_key = true;
maygup01 0:11cc2b7889af 232 }
maygup01 0:11cc2b7889af 233 }
maygup01 0:11cc2b7889af 234
maygup01 0:11cc2b7889af 235 kcm_status = storage_cert_chain_open(&kcm_source_chain_handle, (const uint8_t*)certificate_name, strlen((char*)certificate_name), source_type, &kcm_data_size);
maygup01 0:11cc2b7889af 236 SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to get certificate size");
maygup01 0:11cc2b7889af 237
maygup01 0:11cc2b7889af 238 kcm_status = storage_cert_chain_close(kcm_source_chain_handle, source_type);
maygup01 0:11cc2b7889af 239 SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to close source chain");
maygup01 0:11cc2b7889af 240
maygup01 0:11cc2b7889af 241 *is_public_key = local_is_public_key;
maygup01 0:11cc2b7889af 242 return kcm_status;
maygup01 0:11cc2b7889af 243
maygup01 0:11cc2b7889af 244 }
maygup01 0:11cc2b7889af 245 /*! The API deletes set of items (key pair and certificate/certificate chain) according to given name and source type.
maygup01 0:11cc2b7889af 246 * @param[in] item_name pointer to item name.
maygup01 0:11cc2b7889af 247 * @param[in] item_name_len length of item name.
maygup01 0:11cc2b7889af 248 * @param[in] source_data_type type of data type to verify (backup or original)
maygup01 0:11cc2b7889af 249 * @param[in] is_public_key flag that indicates if public key exists in the storage.
maygup01 0:11cc2b7889af 250 * @returns
maygup01 0:11cc2b7889af 251 * CE_STATUS_SUCCESS in case of success or one of the `::ce_status_e` errors otherwise.
maygup01 0:11cc2b7889af 252 */
maygup01 0:11cc2b7889af 253 kcm_status_e ce_clean_items(const char *item_name, kcm_data_source_type_e data_source_type, bool is_public_key)
maygup01 0:11cc2b7889af 254 {
maygup01 0:11cc2b7889af 255 kcm_status_e kcm_status = KCM_STATUS_SUCCESS;
maygup01 0:11cc2b7889af 256 int num_of_failures = 0;
maygup01 0:11cc2b7889af 257 uint8_t *private_key_name = NULL;
maygup01 0:11cc2b7889af 258 uint8_t *public_key_name = NULL;
maygup01 0:11cc2b7889af 259 uint8_t *certificate_name = NULL;
maygup01 0:11cc2b7889af 260
maygup01 0:11cc2b7889af 261 SA_PV_ERR_RECOVERABLE_RETURN_IF((item_name == NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Invalid item_name");
maygup01 0:11cc2b7889af 262 SA_PV_LOG_INFO_FUNC_ENTER("item name = %s", item_name);
maygup01 0:11cc2b7889af 263 SA_PV_ERR_RECOVERABLE_RETURN_IF((data_source_type != KCM_ORIGINAL_ITEM && data_source_type != KCM_BACKUP_ITEM), KCM_STATUS_INVALID_PARAMETER, "Invalid data_source_type");
maygup01 0:11cc2b7889af 264 SA_PV_ERR_RECOVERABLE_RETURN_IF(!(ce_set_item_names(item_name, (char**)&private_key_name, (char**)&public_key_name, (char**)&certificate_name)), KCM_STATUS_INVALID_PARAMETER, "Failed to set internal names for items");
maygup01 0:11cc2b7889af 265
maygup01 0:11cc2b7889af 266 //Try to delete private key
maygup01 0:11cc2b7889af 267 kcm_status = storage_data_delete((const uint8_t*)private_key_name, strlen((char*)private_key_name), KCM_PRIVATE_KEY_ITEM, data_source_type);
maygup01 0:11cc2b7889af 268 if (kcm_status != KCM_STATUS_SUCCESS && kcm_status != KCM_STATUS_ITEM_NOT_FOUND) {
maygup01 0:11cc2b7889af 269 num_of_failures++;
maygup01 0:11cc2b7889af 270 SA_PV_LOG_ERR("Failed to delete private key");
maygup01 0:11cc2b7889af 271 }
maygup01 0:11cc2b7889af 272
maygup01 0:11cc2b7889af 273 if (is_public_key == true && public_key_name != NULL)
maygup01 0:11cc2b7889af 274 {
maygup01 0:11cc2b7889af 275 //Try to delete public key
maygup01 0:11cc2b7889af 276 kcm_status = storage_data_delete((const uint8_t*)public_key_name, strlen((char*)public_key_name), KCM_PUBLIC_KEY_ITEM, data_source_type);
maygup01 0:11cc2b7889af 277 if (kcm_status != KCM_STATUS_SUCCESS && kcm_status != KCM_STATUS_ITEM_NOT_FOUND) {
maygup01 0:11cc2b7889af 278 num_of_failures++;
maygup01 0:11cc2b7889af 279 SA_PV_LOG_ERR("Failed to delete public key");
maygup01 0:11cc2b7889af 280 }
maygup01 0:11cc2b7889af 281 }
maygup01 0:11cc2b7889af 282
maygup01 0:11cc2b7889af 283 //Try to delete certificate/certificate chain
maygup01 0:11cc2b7889af 284 kcm_status = storage_data_delete((const uint8_t*)certificate_name, strlen((char*)certificate_name), KCM_CERTIFICATE_ITEM, data_source_type);
maygup01 0:11cc2b7889af 285 if (kcm_status == KCM_STATUS_ITEM_NOT_FOUND) {//We need to check certificate chain with the same name
maygup01 0:11cc2b7889af 286 kcm_status = storage_cert_chain_delete((const uint8_t*)certificate_name, strlen((char*)certificate_name), data_source_type);
maygup01 0:11cc2b7889af 287 }
maygup01 0:11cc2b7889af 288 if (kcm_status != KCM_STATUS_SUCCESS && kcm_status != KCM_STATUS_ITEM_NOT_FOUND) {
maygup01 0:11cc2b7889af 289 num_of_failures++;
maygup01 0:11cc2b7889af 290 SA_PV_LOG_ERR("Failed to delete certificate/certificate chain");
maygup01 0:11cc2b7889af 291 }
maygup01 0:11cc2b7889af 292
maygup01 0:11cc2b7889af 293 SA_PV_LOG_INFO_FUNC_EXIT_NO_ARGS();
maygup01 0:11cc2b7889af 294 if (num_of_failures != 0) {
maygup01 0:11cc2b7889af 295 return KCM_STATUS_STORAGE_ERROR;
maygup01 0:11cc2b7889af 296 }
maygup01 0:11cc2b7889af 297 return KCM_STATUS_SUCCESS;
maygup01 0:11cc2b7889af 298
maygup01 0:11cc2b7889af 299 }
maygup01 0:11cc2b7889af 300 /*! The API creates a copy of renewal items.
maygup01 0:11cc2b7889af 301 *
maygup01 0:11cc2b7889af 302 * @param[in] item_name pointer to item name.
maygup01 0:11cc2b7889af 303 * @param[in] item_name_len length of item name.
maygup01 0:11cc2b7889af 304 * @param[in] is_public_key flag that indicates if public key exists in the storage.
maygup01 0:11cc2b7889af 305 *
maygup01 0:11cc2b7889af 306 * @returns
maygup01 0:11cc2b7889af 307 * CE_STATUS_SUCCESS in case of success or one of the `::ce_status_e` errors otherwise.
maygup01 0:11cc2b7889af 308 */
maygup01 0:11cc2b7889af 309
maygup01 0:11cc2b7889af 310 kcm_status_e ce_create_backup_items(const char *item_name, bool is_public_key)
maygup01 0:11cc2b7889af 311 {
maygup01 0:11cc2b7889af 312 kcm_status_e kcm_status = KCM_STATUS_SUCCESS;
maygup01 0:11cc2b7889af 313 uint8_t *private_key_name = NULL;
maygup01 0:11cc2b7889af 314 uint8_t *public_key_name = NULL;
maygup01 0:11cc2b7889af 315 uint8_t *certificate_name = NULL;
maygup01 0:11cc2b7889af 316
maygup01 0:11cc2b7889af 317 SA_PV_ERR_RECOVERABLE_RETURN_IF((item_name == NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Invalid item_name");
maygup01 0:11cc2b7889af 318 SA_PV_LOG_INFO_FUNC_ENTER("item name = %s", item_name);
maygup01 0:11cc2b7889af 319 SA_PV_ERR_RECOVERABLE_RETURN_IF(!(ce_set_item_names(item_name, (char**)&private_key_name, (char**)&public_key_name, (char**)&certificate_name)), KCM_STATUS_INVALID_PARAMETER, "Failed to set internal names for items");
maygup01 0:11cc2b7889af 320
maygup01 0:11cc2b7889af 321 //Backup private key
maygup01 0:11cc2b7889af 322 kcm_status = copy_kcm_item(private_key_name, strlen((char*)private_key_name), KCM_PRIVATE_KEY_ITEM, KCM_ORIGINAL_ITEM, KCM_BACKUP_ITEM);
maygup01 0:11cc2b7889af 323 SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit, "Falid to backup private key");
maygup01 0:11cc2b7889af 324
maygup01 0:11cc2b7889af 325 //Check if public key exists
maygup01 0:11cc2b7889af 326 if (is_public_key == true && public_key_name != NULL) {
maygup01 0:11cc2b7889af 327 //Backup private key
maygup01 0:11cc2b7889af 328 kcm_status = copy_kcm_item(public_key_name, strlen((char*)public_key_name), KCM_PUBLIC_KEY_ITEM, KCM_ORIGINAL_ITEM, KCM_BACKUP_ITEM);
maygup01 0:11cc2b7889af 329 SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit , "Falid to backup public key");
maygup01 0:11cc2b7889af 330 }
maygup01 0:11cc2b7889af 331
maygup01 0:11cc2b7889af 332 //Backup certificate/certificate chain
maygup01 0:11cc2b7889af 333 kcm_status = copy_kcm_item((const uint8_t*)certificate_name, strlen((char*)certificate_name), KCM_CERTIFICATE_ITEM, KCM_ORIGINAL_ITEM, KCM_BACKUP_ITEM);
maygup01 0:11cc2b7889af 334 SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit , "Falid to backup certificate");
maygup01 0:11cc2b7889af 335
maygup01 0:11cc2b7889af 336 SA_PV_LOG_INFO_FUNC_EXIT_NO_ARGS();
maygup01 0:11cc2b7889af 337
maygup01 0:11cc2b7889af 338 return kcm_status;
maygup01 0:11cc2b7889af 339
maygup01 0:11cc2b7889af 340 exit:
maygup01 0:11cc2b7889af 341 //Delete item that was already copied
maygup01 0:11cc2b7889af 342 ce_clean_items(item_name, KCM_BACKUP_ITEM, is_public_key);
maygup01 0:11cc2b7889af 343 return kcm_status;
maygup01 0:11cc2b7889af 344 }
maygup01 0:11cc2b7889af 345
maygup01 0:11cc2b7889af 346 /*! The API restores backup items and moves it to original source, if the operation succeeded, the backup items deleted.
maygup01 0:11cc2b7889af 347 * @param[in] item_name pointer to item name.
maygup01 0:11cc2b7889af 348 * @param[in] item_name_len length of item name.
maygup01 0:11cc2b7889af 349 * @returns
maygup01 0:11cc2b7889af 350 * CE_STATUS_SUCCESS in case of success or one of the `::ce_status_e` errors otherwise.
maygup01 0:11cc2b7889af 351 */
maygup01 0:11cc2b7889af 352 kcm_status_e ce_restore_backup_items(const char *item_name)
maygup01 0:11cc2b7889af 353 {
maygup01 0:11cc2b7889af 354 kcm_status_e kcm_status = KCM_STATUS_SUCCESS;
maygup01 0:11cc2b7889af 355 uint8_t *private_key_name = NULL;
maygup01 0:11cc2b7889af 356 uint8_t *public_key_name = NULL;
maygup01 0:11cc2b7889af 357 uint8_t *certificate_name = NULL;
maygup01 0:11cc2b7889af 358
maygup01 0:11cc2b7889af 359 bool is_public_key_in_storage = false;
maygup01 0:11cc2b7889af 360
maygup01 0:11cc2b7889af 361 SA_PV_ERR_RECOVERABLE_RETURN_IF((item_name == NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Invalid item_name");
maygup01 0:11cc2b7889af 362 SA_PV_LOG_INFO_FUNC_ENTER("item name = %s",item_name);
maygup01 0:11cc2b7889af 363
maygup01 0:11cc2b7889af 364 //Check first that backup items exists
maygup01 0:11cc2b7889af 365 kcm_status = check_items_existence(item_name, KCM_BACKUP_ITEM, &is_public_key_in_storage);
maygup01 0:11cc2b7889af 366 if (kcm_status == KCM_STATUS_ITEM_NOT_FOUND) {
maygup01 0:11cc2b7889af 367 //One of mandatory backup items is missing -> clean the backup items, do not change original items
maygup01 0:11cc2b7889af 368 ce_clean_items(item_name, KCM_BACKUP_ITEM, true);
maygup01 0:11cc2b7889af 369 return KCM_STATUS_ITEM_NOT_FOUND;
maygup01 0:11cc2b7889af 370 } else {
maygup01 0:11cc2b7889af 371 SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to verify backup items");
maygup01 0:11cc2b7889af 372 }
maygup01 0:11cc2b7889af 373 SA_PV_ERR_RECOVERABLE_RETURN_IF(!(ce_set_item_names(item_name,(char**)&private_key_name, (char**)&public_key_name, (char**)&certificate_name)), KCM_STATUS_INVALID_PARAMETER, "Failed to set internal names for items");
maygup01 0:11cc2b7889af 374
maygup01 0:11cc2b7889af 375
maygup01 0:11cc2b7889af 376 //Clean original items before backup restore
maygup01 0:11cc2b7889af 377 ce_clean_items(item_name, KCM_ORIGINAL_ITEM, true);
maygup01 0:11cc2b7889af 378
maygup01 0:11cc2b7889af 379 //Restore backup items by copying backup items to original source
maygup01 0:11cc2b7889af 380 kcm_status = copy_kcm_item(private_key_name, strlen((char*)private_key_name), KCM_PRIVATE_KEY_ITEM, KCM_BACKUP_ITEM, KCM_ORIGINAL_ITEM);
maygup01 0:11cc2b7889af 381 SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to copy backup private key to original source");
maygup01 0:11cc2b7889af 382
maygup01 0:11cc2b7889af 383 if (is_public_key_in_storage == true && public_key_name != NULL) {
maygup01 0:11cc2b7889af 384 kcm_status = copy_kcm_item(public_key_name, strlen((char*)public_key_name), KCM_PUBLIC_KEY_ITEM, KCM_BACKUP_ITEM, KCM_ORIGINAL_ITEM);
maygup01 0:11cc2b7889af 385 SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to copy backup public key to original source");
maygup01 0:11cc2b7889af 386 }
maygup01 0:11cc2b7889af 387
maygup01 0:11cc2b7889af 388 kcm_status = copy_kcm_item(certificate_name, strlen((char*)certificate_name), KCM_CERTIFICATE_ITEM, KCM_BACKUP_ITEM, KCM_ORIGINAL_ITEM);
maygup01 0:11cc2b7889af 389 SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to copy backup certificate to original source");
maygup01 0:11cc2b7889af 390
maygup01 0:11cc2b7889af 391 //Clean backup items after it was restored
maygup01 0:11cc2b7889af 392 kcm_status = ce_clean_items(item_name,KCM_BACKUP_ITEM, true);
maygup01 0:11cc2b7889af 393 SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS && kcm_status != KCM_STATUS_ITEM_NOT_FOUND), kcm_status, "Failed to clean backup items");
maygup01 0:11cc2b7889af 394
maygup01 0:11cc2b7889af 395 SA_PV_LOG_INFO_FUNC_EXIT_NO_ARGS();
maygup01 0:11cc2b7889af 396
maygup01 0:11cc2b7889af 397 return kcm_status;
maygup01 0:11cc2b7889af 398 }
maygup01 0:11cc2b7889af 399
maygup01 0:11cc2b7889af 400 kcm_status_e ce_create_renewal_status(const char *item_name)
maygup01 0:11cc2b7889af 401 {
maygup01 0:11cc2b7889af 402 kcm_status_e kcm_status = KCM_STATUS_SUCCESS;
maygup01 0:11cc2b7889af 403
maygup01 0:11cc2b7889af 404 SA_PV_ERR_RECOVERABLE_RETURN_IF((item_name == NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Invalid item_name");
maygup01 0:11cc2b7889af 405 SA_PV_LOG_INFO_FUNC_ENTER("item name = %s", item_name);
maygup01 0:11cc2b7889af 406
maygup01 0:11cc2b7889af 407 kcm_status = storage_data_write((const uint8_t*)g_renewal_status_file,(size_t)strlen(g_renewal_status_file), KCM_CONFIG_ITEM, false, KCM_BACKUP_ITEM,(const uint8_t*)item_name, (size_t)strlen(item_name));
maygup01 0:11cc2b7889af 408 SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to create renewal status");
maygup01 0:11cc2b7889af 409
maygup01 0:11cc2b7889af 410 SA_PV_LOG_INFO_FUNC_EXIT_NO_ARGS();
maygup01 0:11cc2b7889af 411
maygup01 0:11cc2b7889af 412 return KCM_STATUS_SUCCESS;
maygup01 0:11cc2b7889af 413 }
maygup01 0:11cc2b7889af 414
maygup01 0:11cc2b7889af 415 kcm_status_e ce_delete_renewal_status(void)
maygup01 0:11cc2b7889af 416 {
maygup01 0:11cc2b7889af 417 kcm_status_e kcm_status = KCM_STATUS_SUCCESS;
maygup01 0:11cc2b7889af 418
maygup01 0:11cc2b7889af 419 SA_PV_LOG_INFO_FUNC_ENTER_NO_ARGS();
maygup01 0:11cc2b7889af 420
maygup01 0:11cc2b7889af 421 kcm_status = storage_data_delete((const uint8_t*)g_renewal_status_file, (size_t)strlen(g_renewal_status_file), KCM_CONFIG_ITEM, KCM_BACKUP_ITEM);
maygup01 0:11cc2b7889af 422 SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to delete renewal status");
maygup01 0:11cc2b7889af 423
maygup01 0:11cc2b7889af 424 SA_PV_LOG_INFO_FUNC_EXIT_NO_ARGS();
maygup01 0:11cc2b7889af 425
maygup01 0:11cc2b7889af 426 return KCM_STATUS_SUCCESS;
maygup01 0:11cc2b7889af 427 }
maygup01 0:11cc2b7889af 428
maygup01 0:11cc2b7889af 429 kcm_status_e ce_store_new_certificate(const char *certificate_name, struct cert_chain_context_s *chain_data)
maygup01 0:11cc2b7889af 430 {
maygup01 0:11cc2b7889af 431
maygup01 0:11cc2b7889af 432 kcm_status_e kcm_status = KCM_STATUS_SUCCESS;
maygup01 0:11cc2b7889af 433 kcm_cert_chain_handle kcm_chain_handle;
maygup01 0:11cc2b7889af 434 uint32_t cert_index = 0;
maygup01 0:11cc2b7889af 435 uint8_t *certificate = NULL;
maygup01 0:11cc2b7889af 436 size_t certificate_size = 0;
maygup01 0:11cc2b7889af 437 // struct cert_chain_context_s current_chain_data;
maygup01 0:11cc2b7889af 438 struct cert_context_s *current_certs;
maygup01 0:11cc2b7889af 439
maygup01 0:11cc2b7889af 440 //Check parameters
maygup01 0:11cc2b7889af 441 SA_PV_ERR_RECOVERABLE_RETURN_IF((certificate_name == NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Invalid certificate_name");
maygup01 0:11cc2b7889af 442 SA_PV_ERR_RECOVERABLE_RETURN_IF((chain_data == NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Invalid chain_data");
maygup01 0:11cc2b7889af 443 SA_PV_ERR_RECOVERABLE_RETURN_IF((chain_data->chain_length == 0), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Invalid certificate chain length");
maygup01 0:11cc2b7889af 444 SA_PV_ERR_RECOVERABLE_RETURN_IF((chain_data->certs == NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Invalid certificate data");
maygup01 0:11cc2b7889af 445 SA_PV_ERR_RECOVERABLE_RETURN_IF((chain_data->certs->cert == NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Invalid first certificate pointer");
maygup01 0:11cc2b7889af 446 SA_PV_ERR_RECOVERABLE_RETURN_IF((chain_data->certs->cert_length == 0), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Invalid first certificate length");
maygup01 0:11cc2b7889af 447 SA_PV_LOG_INFO_FUNC_ENTER("certificate_name = %s", certificate_name);
maygup01 0:11cc2b7889af 448
maygup01 0:11cc2b7889af 449
maygup01 0:11cc2b7889af 450 //Get first certificate
maygup01 0:11cc2b7889af 451 current_certs = chain_data->certs;
maygup01 0:11cc2b7889af 452 certificate = current_certs->cert;
maygup01 0:11cc2b7889af 453 certificate_size = current_certs->cert_length;
maygup01 0:11cc2b7889af 454
maygup01 0:11cc2b7889af 455 if (chain_data->chain_length == 1) {
maygup01 0:11cc2b7889af 456 //Save single certificate
maygup01 0:11cc2b7889af 457 kcm_status = storage_data_write((const uint8_t*)certificate_name,(size_t)strlen(certificate_name), KCM_CERTIFICATE_ITEM, false, KCM_ORIGINAL_ITEM,certificate, certificate_size );
maygup01 0:11cc2b7889af 458 SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to store new certificate");
maygup01 0:11cc2b7889af 459
maygup01 0:11cc2b7889af 460 return kcm_status;
maygup01 0:11cc2b7889af 461 } else {
maygup01 0:11cc2b7889af 462 //Save chain
maygup01 0:11cc2b7889af 463 kcm_status = storage_cert_chain_create(&kcm_chain_handle, (const uint8_t*)certificate_name,(size_t) strlen(certificate_name), chain_data->chain_length, false, KCM_ORIGINAL_ITEM);
maygup01 0:11cc2b7889af 464 SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to create chain");
maygup01 0:11cc2b7889af 465
maygup01 0:11cc2b7889af 466 for (cert_index = 0; cert_index < chain_data->chain_length ; cert_index++)
maygup01 0:11cc2b7889af 467 {
maygup01 0:11cc2b7889af 468 SA_PV_ERR_RECOVERABLE_GOTO_IF((certificate_size == 0 || certificate == NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, exit, "Invalid certificate data at index %" PRIu32 "", cert_index);
maygup01 0:11cc2b7889af 469
maygup01 0:11cc2b7889af 470 kcm_status = storage_chain_add_next(kcm_chain_handle, certificate, certificate_size, KCM_ORIGINAL_ITEM);
maygup01 0:11cc2b7889af 471 SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit, "Failed to store certificate at index %" PRIu32 "", cert_index);
maygup01 0:11cc2b7889af 472
maygup01 0:11cc2b7889af 473 //Get next certificate
maygup01 0:11cc2b7889af 474 // chain_data->certs = chain_data->certs->next;
maygup01 0:11cc2b7889af 475 current_certs = current_certs->next;
maygup01 0:11cc2b7889af 476 if (current_certs != NULL) {
maygup01 0:11cc2b7889af 477 certificate = current_certs->cert;
maygup01 0:11cc2b7889af 478 certificate_size = current_certs->cert_length;
maygup01 0:11cc2b7889af 479 }
maygup01 0:11cc2b7889af 480 }
maygup01 0:11cc2b7889af 481 }
maygup01 0:11cc2b7889af 482
maygup01 0:11cc2b7889af 483 exit:
maygup01 0:11cc2b7889af 484 kcm_status = storage_cert_chain_close(kcm_chain_handle, KCM_ORIGINAL_ITEM);
maygup01 0:11cc2b7889af 485 SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit, "Failed to close chain");
maygup01 0:11cc2b7889af 486
maygup01 0:11cc2b7889af 487 return kcm_status;
maygup01 0:11cc2b7889af 488 }