• Kishen Maloor's avatar
    oc_pki: add APIs to configure manufacturer certs · 408b69ca
    Kishen Maloor authored
    This change adds new and simple public APIs for applications/tools
    to pre-configure a manufacturer certificate chain on an OCF device
    via functions for setting the end-entity manufacturer certificate
    (and its accompanying private key), an intermediate CA certificate
    (if there's one) and the root certificate/trust anchor.
    The APIs accept "char" arrays and may be supplied with PEM
    encoded strings or DER encoded byte arrays alike. The implementation
    internally works out the format, performs parsing using mbedTLS and
    populates cred entries into the /oic/sec/cred resource and persists
    those entries to storage.
    All APIs return the credid of the populated cred entry in
    The APIs also attempt to check for duplicates, i.e. if there already
    exists cred entries with the required credusage containing the
    same certificate, it will simply return the credid of that entry
    and not duplicate it.
    Further adding an intermediate cert needs the user the supply the
    credid of an existing end-entity cert in /oic/sec/cred. The API for
    adding intermediate certs checks for its existence and also verfies
    that the end-entity cert was indeed issued by the intermediate
    cert before adding it to /oic/sec/cred.
    The APIs return -1 for errors.
    Change-Id: Ib57cb6e42d08335e422c8be515b6de0559c53596
    Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
    Reviewed-on: https://gerrit.iotivity.org/gerrit/27691
oc_pki.c 9.52 KB