• Kishen Maloor's avatar
    oc_pki & oc_cred: updates and fixes · 76fd81e0
    Kishen Maloor authored
    oc_pki:
    -Install cert chains in PEM instead of DER.
    
    oc_cred:
    -Removed special logic for provisioning DER chains. The use of the DER
    format has been deprecated in the OCF Security Specification.
    -Fixed logic for locating a role credential with/without an authority.
    -Fixed oc_sec_clear_creds() to remove all cred entries (including any
    pre-installed PKI chains) upon every DELETE or RESET. PKI chains may
    be reinstalled later from the factory_presets callback.
    -Fixed logic while receiving an identity cert to check for a
    match of public key from the certificate with the device's own
    public key. This would enable the provisioning of cred entries
    with/without the device's own UUID being filled into that entry's
    "subjectuuid".
    Previously there was logic that checked for a match of the
    cred entry's "subjectuuid" and the device's own deviceuuid. This
    required OBTs to provision a cred object with the correct "subjectuuid".
    This change has instead made it more flexible for OBTs by removing
    any reliance on "subjectuuid".
    -Fixed add_new_cred() to parse role certificates when provisioned
    to a Client's /oic/sec/cred and extract the roleid for storage
    inside the cred entry.
    
    Change-Id: I59a1f11272bc546e4d21af37742658f4403d1449
    Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
    76fd81e0
oc_pki.c 10.5 KB