Skip to content

Commit faf8033

Browse files
write provisioned certificate to "active-certificate.pem.crt" (#466)
* write certificate to a unique file name + nonunique file name * add function for setting csr cert
1 parent c5f7512 commit faf8033

File tree

2 files changed

+91
-67
lines changed

2 files changed

+91
-67
lines changed

source/fleetprovisioning/FleetProvisioning.cpp

+75-66
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,76 @@ constexpr int FleetProvisioning::DEFAULT_WAIT_TIME_SECONDS;
4848

4949
FleetProvisioning::FleetProvisioning() : collectSystemInformation(false) {}
5050

51+
bool FleetProvisioning::WriteKeyAndCertToDirectory(CreateKeysAndCertificateResponse *response, string fileName)
52+
{
53+
ostringstream certPathStream, keyPathStream;
54+
certPathStream << keyDir << fileName << "-certificate.pem.crt";
55+
keyPathStream << keyDir << fileName << "-private.pem.key";
56+
57+
certPath = FileUtils::ExtractExpandedPath(certPathStream.str().c_str()).c_str();
58+
keyPath = FileUtils::ExtractExpandedPath(keyPathStream.str().c_str()).c_str();
59+
60+
if (FileUtils::StoreValueInFile(response->CertificatePem->c_str(), certPath.c_str()) &&
61+
FileUtils::StoreValueInFile(response->PrivateKey->c_str(), keyPath.c_str()))
62+
{
63+
LOGM_INFO(
64+
TAG, "Stored certificate and private key in %s and %s files", certPath.c_str(), keyPath.c_str());
65+
66+
LOG_INFO(TAG, "Attempting to set permissions for certificate and private key...");
67+
chmod(certPath.c_str(), S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
68+
chmod(keyPath.c_str(), S_IRUSR | S_IWUSR);
69+
70+
if (FileUtils::ValidateFilePermissions(certPath.c_str(), Permissions::PUBLIC_CERT) &&
71+
FileUtils::ValidateFilePermissions(keyPath.c_str(), Permissions::PRIVATE_KEY))
72+
{
73+
LOG_INFO(TAG, "Successfully set permissions on provisioned public certificate and private key");
74+
return true;
75+
}
76+
else
77+
{
78+
return false;
79+
}
80+
}
81+
else
82+
{
83+
LOGM_ERROR(
84+
TAG,
85+
"Failed to store public certificate and private key in files %s and %s",
86+
certPath.c_str(),
87+
keyPath.c_str());
88+
return false;
89+
}
90+
}
91+
92+
bool FleetProvisioning::WriteCSRCertToDirectory(CreateCertificateFromCsrResponse *response, string fileName)
93+
{
94+
ostringstream certPathStream;
95+
certPathStream << keyDir << fileName << "-certificate.pem.crt";
96+
certPath = FileUtils::ExtractExpandedPath(certPathStream.str().c_str()).c_str();
97+
98+
if (FileUtils::StoreValueInFile(response->CertificatePem->c_str(), certPath.c_str()))
99+
{
100+
LOGM_INFO(TAG, "Stored certificate in %s file", certPath.c_str());
101+
102+
LOG_INFO(TAG, "Attempting to set permissions for certificate...");
103+
chmod(certPath.c_str(), S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
104+
if (FileUtils::ValidateFilePermissions(certPath.c_str(), Permissions::PUBLIC_CERT))
105+
{
106+
LOG_INFO(TAG, "Successfully set permissions on provisioned public certificate");
107+
return true;
108+
}
109+
else
110+
{
111+
return false;
112+
}
113+
}
114+
else
115+
{
116+
LOGM_ERROR(TAG, "Failed to store public certificate in file %s", certPath.c_str());
117+
return false;
118+
}
119+
}
120+
51121
bool FleetProvisioning::CreateCertificateAndKey(Iotidentity::IotIdentityClient identityClient)
52122
{
53123
LOG_INFO(TAG, "Provisioning new device certificate and private key using CreateKeysAndCertificate API");
@@ -93,44 +163,8 @@ bool FleetProvisioning::CreateCertificateAndKey(Iotidentity::IotIdentityClient i
93163
LOGM_INFO(TAG, "CreateKeysAndCertificateResponse certificateId: %s.", response->CertificateId->c_str());
94164
certificateOwnershipToken = *response->CertificateOwnershipToken;
95165
Aws::Crt::String certificateID = response->CertificateId->c_str();
96-
97-
ostringstream certPathStream, keyPathStream;
98-
certPathStream << keyDir << certificateID << "-certificate.pem.crt";
99-
keyPathStream << keyDir << certificateID << "-private.pem.key";
100-
101-
certPath = FileUtils::ExtractExpandedPath(certPathStream.str().c_str()).c_str();
102-
keyPath = FileUtils::ExtractExpandedPath(keyPathStream.str().c_str()).c_str();
103-
104-
if (FileUtils::StoreValueInFile(response->CertificatePem->c_str(), certPath.c_str()) &&
105-
FileUtils::StoreValueInFile(response->PrivateKey->c_str(), keyPath.c_str()))
106-
{
107-
LOGM_INFO(
108-
TAG, "Stored certificate and private key in %s and %s files", certPath.c_str(), keyPath.c_str());
109-
110-
LOG_INFO(TAG, "Attempting to set permissions for certificate and private key...");
111-
chmod(certPath.c_str(), S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
112-
chmod(keyPath.c_str(), S_IRUSR | S_IWUSR);
113-
114-
if (FileUtils::ValidateFilePermissions(certPath.c_str(), Permissions::PUBLIC_CERT) &&
115-
FileUtils::ValidateFilePermissions(keyPath.c_str(), Permissions::PRIVATE_KEY))
116-
{
117-
LOG_INFO(TAG, "Successfully set permissions on provisioned public certificate and private key");
118-
keysCreationCompletedPromise.set_value(true);
119-
}
120-
else
121-
{
122-
keysCreationCompletedPromise.set_value(false);
123-
}
124-
}
125-
else
126-
{
127-
LOGM_ERROR(
128-
TAG,
129-
"Failed to store public certificate and private key in files %s and %s",
130-
certPath.c_str(),
131-
keyPath.c_str());
132-
keysCreationCompletedPromise.set_value(false);
133-
}
166+
bool writeSucceeded = WriteKeyAndCertToDirectory(response, certificateID.c_str()) && WriteKeyAndCertToDirectory(response, "active");
167+
keysCreationCompletedPromise.set_value(writeSucceeded);
134168
}
135169
else
136170
{
@@ -260,32 +294,8 @@ bool FleetProvisioning::CreateCertificateUsingCSR(Iotidentity::IotIdentityClient
260294
LOGM_INFO(TAG, "CreateCertificateFromCsrResponse certificateId: %s. ***", response->CertificateId->c_str());
261295
certificateOwnershipToken = *response->CertificateOwnershipToken;
262296
Aws::Crt::String certificateID = response->CertificateId->c_str();
263-
264-
ostringstream certPathStream;
265-
certPathStream << keyDir << certificateID << "-certificate.pem.crt";
266-
certPath = FileUtils::ExtractExpandedPath(certPathStream.str().c_str()).c_str();
267-
268-
if (FileUtils::StoreValueInFile(response->CertificatePem->c_str(), certPath.c_str()))
269-
{
270-
LOGM_INFO(TAG, "Stored certificate in %s file", certPath.c_str());
271-
272-
LOG_INFO(TAG, "Attempting to set permissions for certificate...");
273-
chmod(certPath.c_str(), S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
274-
if (FileUtils::ValidateFilePermissions(certPath.c_str(), Permissions::PUBLIC_CERT))
275-
{
276-
LOG_INFO(TAG, "Successfully set permissions on provisioned public certificate");
277-
csrCreationCompletedPromise.set_value(true);
278-
}
279-
else
280-
{
281-
csrCreationCompletedPromise.set_value(false);
282-
}
283-
}
284-
else
285-
{
286-
LOGM_ERROR(TAG, "Failed to store public certificate in file %s", certPath.c_str());
287-
csrCreationCompletedPromise.set_value(false);
288-
}
297+
bool writeSucceeded = WriteCSRCertToDirectory(response, certificateID.c_str()) && WriteCSRCertToDirectory(response, "active");
298+
csrCreationCompletedPromise.set_value(writeSucceeded);
289299
}
290300
else
291301
{
@@ -519,8 +529,7 @@ bool FleetProvisioning::ProvisionDevice(shared_ptr<SharedCrtResourceManager> fpC
519529
LOG_INFO(TAG, "Fleet Provisioning Feature has been started.");
520530
collectSystemInformation = config.fleetProvisioning.collectSystemInformation;
521531

522-
bool didSetup = FileUtils::CreateDirectoryWithPermissions(keyDir.c_str(), S_IRWXU) &&
523-
FileUtils::CreateDirectoryWithPermissions(
532+
bool didSetup = FileUtils::CreateDirectoryWithPermissions(keyDir.c_str(), S_IRWXU) && FileUtils::CreateDirectoryWithPermissions(
524533
Config::DEFAULT_CONFIG_DIR, S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IROTH | S_IXOTH);
525534
if (!didSetup)
526535
{

source/fleetprovisioning/FleetProvisioning.h

+16-1
Original file line numberDiff line numberDiff line change
@@ -166,13 +166,28 @@ namespace Aws
166166
*/
167167
bool collectSystemInformation;
168168

169+
/**
170+
* \brief writes contents of the cert and key to the device client config directory.
171+
*
172+
* @param response from IotIdentity CreateKeysAndCertificate call
173+
* @return returns true if successfully written to directory
174+
*/
175+
bool WriteKeyAndCertToDirectory(Iotidentity::CreateKeysAndCertificateResponse *response, std::string fileName);
176+
177+
/**
178+
* \brief writes contents of the cert from CSR to the device client config directory.
179+
*
180+
* @param response from IotIdentity CreateCertificateFromCsrResponse call
181+
* @return returns true if successfully written to directory
182+
*/
183+
bool WriteCSRCertToDirectory(Iotidentity::CreateCertificateFromCsrResponse *response, std::string fileName);
184+
169185
/**
170186
* \brief creates a new certificate and private key using the AWS certificate authority
171187
*
172188
* @param identityClient used for subscribing and publishing request for creating resources
173189
* @return returns true if resources are created successfully
174190
*/
175-
176191
bool CreateCertificateAndKey(Iotidentity::IotIdentityClient identityClient);
177192

178193
/**

0 commit comments

Comments
 (0)