Demo fleet provisioning with csr - support option to write key and certificate to disk (#1897)

* save private key and CSR generated during provisioning

* write private key to GENERATED_PRIVATE_KEY_WRITE_PATH

* update corePKCS11 submodule

* updated manifest.yml for submodule corePKCS11

Author: giuspen

demos/fleet_provisioning/fleet_provisioning_keys_cert/fleet_provisioning_keys_cert_demo.c

@@ -57,7 +57,10 @@
 /* POSIX includes. */
 #include <unistd.h>
 #include <errno.h>
-#include <fcntl.h>
+
+#if defined( DOWNLOADED_CERT_WRITE_PATH ) || defined( DOWNLOADED_PRIVATE_KEY_WRITE_PATH )
+    #include <fcntl.h>
+#endif
 
 /* Demo config. */
 #include "demo_config.h"
@@ -125,7 +128,7 @@
 #define DELAY_BETWEEN_DEMO_RETRY_ITERATIONS_SECONDS    ( 5 )
 
 /**
- * @brief Size of buffer in which to hold the certificate signing request (CSR).
+ * @brief Size of buffer in which to hold the private key.
  */
 #define PRIV_KEY_BUFFER_LENGTH                         2048
 
@@ -605,7 +608,7 @@ int main( int argc,
 
         if( status == true )
         {
-            /* Save the certificate into PKCS #11. */
+            /* Save the private key into PKCS #11. */
             status = loadPrivateKey( p11Session,
                                      privatekey,
                                      pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS,

demos/fleet_provisioning/fleet_provisioning_with_csr/CMakeLists.txt

@@ -56,6 +56,9 @@ target_include_directories( ${DEMO_NAME}
                               "${CORE_PKCS11_3RDPARTY_LOCATION}/mbedtls_utils" )
 
 set_macro_definitions(TARGETS ${DEMO_NAME}
+                      OPTIONAL
+                        "DOWNLOADED_CERT_WRITE_PATH"
+                        "GENERATED_PRIVATE_KEY_WRITE_PATH"
                       REQUIRED
                         "AWS_IOT_ENDPOINT"
                         "ROOT_CA_CERT_PATH"

demos/fleet_provisioning/fleet_provisioning_with_csr/fleet_provisioning_with_csr_demo.c

@@ -58,6 +58,10 @@
 #include <unistd.h>
 #include <errno.h>
 
+#if defined( DOWNLOADED_CERT_WRITE_PATH )
+    #include <fcntl.h>
+#endif // DOWNLOADED_CERT_WRITE_PATH
+
 /* Demo config. */
 #include "demo_config.h"
 
@@ -777,6 +781,34 @@ int main( int argc,
     if( status == true )
     {
         LogInfo( ( "Demo completed successfully." ) );
+
+        #if defined( DOWNLOADED_CERT_WRITE_PATH )
+            {
+                int fd = open( DOWNLOADED_CERT_WRITE_PATH, O_CREAT | O_WRONLY | O_TRUNC, S_IRUSR | S_IWUSR );
+
+                if( -1 != fd )
+                {
+                    const ssize_t writtenBytes = write( fd, certificate, certificateLength );
+
+                    if( writtenBytes == certificateLength )
+                    {
+                        LogInfo( ( "Written %s successfully.", DOWNLOADED_CERT_WRITE_PATH ) );
+                    }
+                    else
+                    {
+                        LogError( ( "Could not write to %s. Error: %s.", DOWNLOADED_CERT_WRITE_PATH, strerror( errno ) ) );
+                    }
+
+                    close( fd );
+                }
+                else
+                {
+                    LogError( ( "Could not open %s. Error: %s.", DOWNLOADED_CERT_WRITE_PATH, strerror( errno ) ) );
+                }
+            }
+        #else /* if defined( DOWNLOADED_CERT_WRITE_PATH ) */
+            LogInfo( ( "NOTE: define DOWNLOADED_CERT_WRITE_PATH in order to have the certificate written to disk." ) );
+        #endif // DOWNLOADED_CERT_WRITE_PATH
     }
 
     return ( status == true ) ? EXIT_SUCCESS : EXIT_FAILURE;

libraries/standard/corePKCS11

@@ -56,7 +56,7 @@ dependencies:
       url: "https://github.com/FreeRTOS/backoffAlgorithm"
       path: "libraries/standard/backoffAlgorithm"
   - name: "corePKCS11"
-    version: "db05642c6c1f97055128f17c7962d7daf725d3c5"
+    version: "c671c11f2de13c31e8eb9563858fb513b4c5b678"
     repository:
       type: "git"
       url: "https://github.com/FreeRTOS/corePKCS11"