Commit 472b2068 authored by Kishen Maloor's avatar Kishen Maloor

Update cloud client/server:read CA cert from file

Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
parent 90f68dd6
......@@ -292,28 +292,63 @@ discover_resources(void)
signal_event_loop();
}
#if defined(OC_SECURITY) && defined(OC_PKI)
static int
read_pem(const char *file_path, char *buffer, size_t *buffer_len)
{
FILE *fp = fopen(file_path, "r");
if (fp == NULL) {
PRINT("ERROR: unable to read PEM\n");
return -1;
}
if (fseek(fp, 0, SEEK_END) != 0) {
PRINT("ERROR: unable to read PEM\n");
fclose(fp);
return -1;
}
long pem_len = ftell(fp);
if (pem_len < 0) {
PRINT("ERROR: could not obtain length of file\n");
fclose(fp);
return -1;
}
if (pem_len > (long)*buffer_len) {
PRINT("ERROR: buffer provided too small\n");
fclose(fp);
return -1;
}
if (fseek(fp, 0, SEEK_SET) != 0) {
PRINT("ERROR: unable to read PEM\n");
fclose(fp);
return -1;
}
if (fread(buffer, 1, pem_len, fp) < (size_t)pem_len) {
PRINT("ERROR: unable to read PEM\n");
fclose(fp);
return -1;
}
fclose(fp);
buffer[pem_len] = '\0';
*buffer_len = (size_t)pem_len;
return 0;
}
#endif /* OC_SECURITY && OC_PKI */
void
factory_presets_cb(size_t device, void *data)
{
(void)device;
(void)data;
#if defined(OC_SECURITY) && defined(OC_PKI)
// This installs the root CA certificate for the
// https://portal.try.plgd.cloud/ OCF Cloud
const char *cloud_ca =
"-----BEGIN CERTIFICATE-----\r\n"
"MIIBhDCCASmgAwIBAgIQdAMxveYP9Nb48xe9kRm3ajAKBggqhkjOPQQDAjAxMS8w\r\n"
"LQYDVQQDEyZPQ0YgQ2xvdWQgUHJpdmF0ZSBDZXJ0aWZpY2F0ZXMgUm9vdCBDQTAe\r\n"
"Fw0xOTExMDYxMjAzNTJaFw0yOTExMDMxMjAzNTJaMDExLzAtBgNVBAMTJk9DRiBD\r\n"
"bG91ZCBQcml2YXRlIENlcnRpZmljYXRlcyBSb290IENBMFkwEwYHKoZIzj0CAQYI\r\n"
"KoZIzj0DAQcDQgAEaNJi86t5QlZiLcJ7uRMNlcwIpmFiJf9MOqyz2GGnGVBypU6H\r\n"
"lwZHY2/l5juO/O4EH2s9h3HfcR+nUG2/tFzFEaMjMCEwDgYDVR0PAQH/BAQDAgEG\r\n"
"MA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAM7gFe39UJPIjIDE\r\n"
"KrtyPSIGAk0OAO8txhow1BAGV486AiEAqszg1fTfOHdE/pfs8/9ZP5gEVVkexRHZ\r\n"
"JCYVaa2Spbg=\r\n"
"-----END CERTIFICATE-----\r\n";
int rootca_credid = oc_pki_add_trust_anchor(
0, (const unsigned char *)cloud_ca, strlen(cloud_ca));
unsigned char cloud_ca[4096];
size_t cert_len = 4096;
if (read_pem("pki_certs/cloudca.pem", (char *)cloud_ca, &cert_len) < 0) {
PRINT("ERROR: unable to read certificates\n");
return;
}
int rootca_credid =
oc_pki_add_trust_anchor(0, (const unsigned char *)cloud_ca, cert_len);
if (rootca_credid < 0) {
PRINT("ERROR installing root cert\n");
return;
......
......@@ -296,28 +296,63 @@ register_resources(void)
oc_add_resource(res2);
}
#if defined(OC_SECURITY) && defined(OC_PKI)
static int
read_pem(const char *file_path, char *buffer, size_t *buffer_len)
{
FILE *fp = fopen(file_path, "r");
if (fp == NULL) {
PRINT("ERROR: unable to read PEM\n");
return -1;
}
if (fseek(fp, 0, SEEK_END) != 0) {
PRINT("ERROR: unable to read PEM\n");
fclose(fp);
return -1;
}
long pem_len = ftell(fp);
if (pem_len < 0) {
PRINT("ERROR: could not obtain length of file\n");
fclose(fp);
return -1;
}
if (pem_len > (long)*buffer_len) {
PRINT("ERROR: buffer provided too small\n");
fclose(fp);
return -1;
}
if (fseek(fp, 0, SEEK_SET) != 0) {
PRINT("ERROR: unable to read PEM\n");
fclose(fp);
return -1;
}
if (fread(buffer, 1, pem_len, fp) < (size_t)pem_len) {
PRINT("ERROR: unable to read PEM\n");
fclose(fp);
return -1;
}
fclose(fp);
buffer[pem_len] = '\0';
*buffer_len = (size_t)pem_len;
return 0;
}
#endif /* OC_SECURITY && OC_PKI */
void
factory_presets_cb(size_t device, void *data)
{
(void)device;
(void)data;
#if defined(OC_SECURITY) && defined(OC_PKI)
// This installs the root CA certificate for the
// https://portal.try.plgd.cloud/ OCF Cloud
const char *cloud_ca =
"-----BEGIN CERTIFICATE-----\r\n"
"MIIBhDCCASmgAwIBAgIQdAMxveYP9Nb48xe9kRm3ajAKBggqhkjOPQQDAjAxMS8w\r\n"
"LQYDVQQDEyZPQ0YgQ2xvdWQgUHJpdmF0ZSBDZXJ0aWZpY2F0ZXMgUm9vdCBDQTAe\r\n"
"Fw0xOTExMDYxMjAzNTJaFw0yOTExMDMxMjAzNTJaMDExLzAtBgNVBAMTJk9DRiBD\r\n"
"bG91ZCBQcml2YXRlIENlcnRpZmljYXRlcyBSb290IENBMFkwEwYHKoZIzj0CAQYI\r\n"
"KoZIzj0DAQcDQgAEaNJi86t5QlZiLcJ7uRMNlcwIpmFiJf9MOqyz2GGnGVBypU6H\r\n"
"lwZHY2/l5juO/O4EH2s9h3HfcR+nUG2/tFzFEaMjMCEwDgYDVR0PAQH/BAQDAgEG\r\n"
"MA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAM7gFe39UJPIjIDE\r\n"
"KrtyPSIGAk0OAO8txhow1BAGV486AiEAqszg1fTfOHdE/pfs8/9ZP5gEVVkexRHZ\r\n"
"JCYVaa2Spbg=\r\n"
"-----END CERTIFICATE-----\r\n";
int rootca_credid = oc_pki_add_trust_anchor(
0, (const unsigned char *)cloud_ca, strlen(cloud_ca));
unsigned char cloud_ca[4096];
size_t cert_len = 4096;
if (read_pem("pki_certs/cloudca.pem", (char *)cloud_ca, &cert_len) < 0) {
PRINT("ERROR: unable to read certificates\n");
return;
}
int rootca_credid =
oc_pki_add_trust_anchor(0, (const unsigned char *)cloud_ca, cert_len);
if (rootca_credid < 0) {
PRINT("ERROR installing root cert\n");
return;
......
-----BEGIN CERTIFICATE-----
MIIBhDCCASmgAwIBAgIQdAMxveYP9Nb48xe9kRm3ajAKBggqhkjOPQQDAjAxMS8w
LQYDVQQDEyZPQ0YgQ2xvdWQgUHJpdmF0ZSBDZXJ0aWZpY2F0ZXMgUm9vdCBDQTAe
Fw0xOTExMDYxMjAzNTJaFw0yOTExMDMxMjAzNTJaMDExLzAtBgNVBAMTJk9DRiBD
bG91ZCBQcml2YXRlIENlcnRpZmljYXRlcyBSb290IENBMFkwEwYHKoZIzj0CAQYI
KoZIzj0DAQcDQgAEaNJi86t5QlZiLcJ7uRMNlcwIpmFiJf9MOqyz2GGnGVBypU6H
lwZHY2/l5juO/O4EH2s9h3HfcR+nUG2/tFzFEaMjMCEwDgYDVR0PAQH/BAQDAgEG
MA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAM7gFe39UJPIjIDE
KrtyPSIGAk0OAO8txhow1BAGV486AiEAqszg1fTfOHdE/pfs8/9ZP5gEVVkexRHZ
JCYVaa2Spbg=
-----END CERTIFICATE-----
\ No newline at end of file
......@@ -374,11 +374,11 @@ multi_device_client: libiotivity-lite-client.a $(ROOT_DIR)/apps/multi_device_cli
@mkdir -p $@_creds
${CC} -o $@ ../../apps/multi_device_client_linux.c libiotivity-lite-client.a -DOC_CLIENT ${CFLAGS} ${LIBS}
cloud_server: libiotivity-lite-client-server.a $(ROOT_DIR)/apps/cloud_server.c
cloud_server: libiotivity-lite-client-server.a $(ROOT_DIR)/apps/cloud_server.c copy_pki_certs
@mkdir -p $@_creds
${CC} -o $@ ../../apps/cloud_server.c libiotivity-lite-client-server.a -DOC_CLIENT -DOC_SERVER ${CFLAGS} ${CFLAGS_CLOUD} ${LIBS}
cloud_client: libiotivity-lite-client-server.a $(ROOT_DIR)/apps/cloud_client.c
cloud_client: libiotivity-lite-client-server.a $(ROOT_DIR)/apps/cloud_client.c copy_pki_certs
@mkdir -p $@_creds
${CC} -o $@ ../../apps/cloud_client.c libiotivity-lite-client-server.a -DOC_CLIENT -DOC_SERVER ${CFLAGS} ${CFLAGS_CLOUD} ${LIBS}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment