-
Kishen Maloor authored
This change adds new and simple public APIs for applications/tools to pre-configure a manufacturer certificate chain on an OCF device via functions for setting the end-entity manufacturer certificate (and its accompanying private key), an intermediate CA certificate (if there's one) and the root certificate/trust anchor. The APIs accept "char" arrays and may be supplied with PEM encoded strings or DER encoded byte arrays alike. The implementation internally works out the format, performs parsing using mbedTLS and populates cred entries into the /oic/sec/cred resource and persists those entries to storage. All APIs return the credid of the populated cred entry in /oic/sec/cred. The APIs also attempt to check for duplicates, i.e. if there already exists cred entries with the required credusage containing the same certificate, it will simply return the credid of that entry and not duplicate it. Further adding an intermediate cert needs the user the supply the credid of an existing end-entity cert in /oic/sec/cred. The API for adding intermediate certs checks for its existence and also verfies that the end-entity cert was indeed issued by the intermediate cert before adding it to /oic/sec/cred. The APIs return -1 for errors. Change-Id: Ib57cb6e42d08335e422c8be515b6de0559c53596 Signed-off-by:
Kishen Maloor <kishen.maloor@intel.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/27691
408b69ca
