static void create_x509_enrollment_device() { INDIVIDUAL_ENROLLMENT_HANDLE indiv_enrollment = NULL; PROVISIONING_SERVICE_CLIENT_HANDLE prov_sc_handle = prov_sc_create_from_connection_string(g_prov_conn_string); ASSERT_IS_NOT_NULL(prov_sc_handle, "Failure creating provisioning service client"); prov_sc_set_trace(prov_sc_handle, TRACING_STATUS_ON); PROV_AUTH_HANDLE auth_handle = prov_auth_create(); ASSERT_IS_NOT_NULL(auth_handle, "Failure creating auth client"); char* registration_id = prov_auth_get_registration_id(auth_handle); ASSERT_IS_NOT_NULL(registration_id, "Failure prov_auth_get_common_name"); if (prov_sc_get_individual_enrollment(prov_sc_handle, registration_id, &indiv_enrollment) != 0) { char* x509_cert = prov_auth_get_certificate(auth_handle); ASSERT_IS_NOT_NULL(x509_cert, "Failure prov_auth_get_certificate"); STRING_HANDLE base64_cert = Azure_Base64_Encode_Bytes((const unsigned char*)x509_cert, strlen(x509_cert)); ASSERT_IS_NOT_NULL(base64_cert, "Failure Azure_Base64_Encode_Bytes"); ATTESTATION_MECHANISM_HANDLE attest_handle = attestationMechanism_createWithX509ClientCert(STRING_c_str(base64_cert), NULL); ASSERT_IS_NOT_NULL(attest_handle, "Failure hsm_client_riot_get_certificate "); indiv_enrollment = individualEnrollment_create(registration_id, attest_handle); ASSERT_IS_NOT_NULL(indiv_enrollment, "Failure hsm_client_riot_get_certificate "); ASSERT_ARE_EQUAL(int, 0, prov_sc_create_or_update_individual_enrollment(prov_sc_handle, &indiv_enrollment), "Failure prov_sc_create_or_update_individual_enrollment"); STRING_delete(base64_cert); free(x509_cert); }
char* secure_dev_tpm_get_storage_key(SEC_DEVICE_HANDLE handle) { char* result; if (handle == NULL) { /* Codes_SRS_SECURE_DEVICE_TPM_07_016: [ If handle is NULL, secure_dev_tpm_get_storage_key shall return NULL. ] */ LogError("Invalid handle value specified"); result = NULL; } else if (handle->srk_pub.publicArea.unique.rsa.t.size == 0) { /* Codes_SRS_SECURE_DEVICE_TPM_07_017: [ If the srk_public value was not initialized, secure_dev_tpm_get_storage_key shall return NULL. ] */ LogError("storage root key is invalid"); result = NULL; } else { unsigned char data_bytes[1024]; unsigned char* data_pos = data_bytes; /* Codes_SRS_SECURE_DEVICE_TPM_07_018: [ secure_dev_tpm_get_storage_key shall allocate and return the Storage Root Key. ] */ uint32_t data_length = TPM2B_PUBLIC_Marshal(&handle->srk_pub, &data_pos, NULL); STRING_HANDLE encoded_srk = Azure_Base64_Encode_Bytes(data_bytes, data_length); if (encoded_srk == NULL) { /* Codes_SRS_SECURE_DEVICE_TPM_07_019: [ If any failure is encountered, secure_dev_tpm_get_storage_key shall return NULL. ] */ LogError("Failure encoding storage root key"); result = NULL; } else { if (mallocAndStrcpy_s(&result, STRING_c_str(encoded_srk)) != 0) { /* Codes_SRS_SECURE_DEVICE_TPM_07_019: [ If any failure is encountered, secure_dev_tpm_get_storage_key shall return NULL. ] */ LogError("Failure allocating storage root key"); result = NULL; } STRING_delete(encoded_srk); } } return result; }
BLOB_RESULT Blob_UploadBlock( HTTPAPIEX_HANDLE httpApiExHandle, const char* relativePath, BUFFER_HANDLE requestContent, unsigned int blockID, STRING_HANDLE blockIDList, unsigned int* httpStatus, BUFFER_HANDLE httpResponse) { BLOB_RESULT result; if (requestContent == NULL || blockIDList == NULL || relativePath == NULL || httpApiExHandle == NULL || httpStatus == NULL || httpResponse == NULL) { LogError("invalid argument detected requestContent=%p blockIDList=%p relativePath=%p httpApiExHandle=%p httpStatus=%p httpResponse=%p", requestContent, blockIDList, relativePath, httpApiExHandle, httpStatus, httpResponse); result = BLOB_ERROR; } else { char temp[7]; /*this will contain 000000... 049999*/ if (sprintf(temp, "%6u", (unsigned int)blockID) != 6) /*produces 000000... 049999*/ { /*Codes_SRS_BLOB_02_033: [ If any previous operation that doesn't have an explicit failure description fails then Blob_UploadMultipleBlocksFromSasUri shall fail and return BLOB_ERROR ]*/ LogError("failed to sprintf"); result = BLOB_ERROR; } else { STRING_HANDLE blockIdString = Azure_Base64_Encode_Bytes((const unsigned char*)temp, 6); if (blockIdString == NULL) { /*Codes_SRS_BLOB_02_033: [ If any previous operation that doesn't have an explicit failure description fails then Blob_UploadMultipleBlocksFromSasUri shall fail and return BLOB_ERROR ]*/ LogError("unable to Azure_Base64_Encode_Bytes"); result = BLOB_ERROR; } else { /*add the blockId base64 encoded to the XML*/ if (!( (STRING_concat(blockIDList, "<Latest>") == 0) && (STRING_concat_with_STRING(blockIDList, blockIdString) == 0) && (STRING_concat(blockIDList, "</Latest>") == 0) )) { /*Codes_SRS_BLOB_02_033: [ If any previous operation that doesn't have an explicit failure description fails then Blob_UploadMultipleBlocksFromSasUri shall fail and return BLOB_ERROR ]*/ LogError("unable to STRING_concat"); result = BLOB_ERROR; } else { /*Codes_SRS_BLOB_02_022: [ Blob_UploadMultipleBlocksFromSasUri shall construct a new relativePath from following string: base relativePath + "&comp=block&blockid=BASE64 encoded string of blockId" ]*/ STRING_HANDLE newRelativePath = STRING_construct(relativePath); if (newRelativePath == NULL) { /*Codes_SRS_BLOB_02_033: [ If any previous operation that doesn't have an explicit failure description fails then Blob_UploadMultipleBlocksFromSasUri shall fail and return BLOB_ERROR ]*/ LogError("unable to STRING_construct"); result = BLOB_ERROR; } else { if (!( (STRING_concat(newRelativePath, "&comp=block&blockid=") == 0) && (STRING_concat_with_STRING(newRelativePath, blockIdString) == 0) )) { /*Codes_SRS_BLOB_02_033: [ If any previous operation that doesn't have an explicit failure description fails then Blob_UploadMultipleBlocksFromSasUri shall fail and return BLOB_ERROR ]*/ LogError("unable to STRING concatenate"); result = BLOB_ERROR; } else { /*Codes_SRS_BLOB_02_024: [ Blob_UploadMultipleBlocksFromSasUri shall call HTTPAPIEX_ExecuteRequest with a PUT operation, passing httpStatus and httpResponse. ]*/ if (HTTPAPIEX_ExecuteRequest( httpApiExHandle, HTTPAPI_REQUEST_PUT, STRING_c_str(newRelativePath), NULL, requestContent, httpStatus, NULL, httpResponse) != HTTPAPIEX_OK ) { /*Codes_SRS_BLOB_02_025: [ If HTTPAPIEX_ExecuteRequest fails then Blob_UploadMultipleBlocksFromSasUri shall fail and return BLOB_HTTP_ERROR. ]*/ LogError("unable to HTTPAPIEX_ExecuteRequest"); result = BLOB_HTTP_ERROR; } else if (*httpStatus >= 300) { /*Codes_SRS_BLOB_02_026: [ Otherwise, if HTTP response code is >=300 then Blob_UploadMultipleBlocksFromSasUri shall succeed and return BLOB_OK. ]*/ LogError("HTTP status from storage does not indicate success (%d)", (int)*httpStatus); result = BLOB_OK; } else { /*Codes_SRS_BLOB_02_027: [ Otherwise Blob_UploadMultipleBlocksFromSasUri shall continue execution. ]*/ result = BLOB_OK; } } STRING_delete(newRelativePath); } } STRING_delete(blockIdString); } } } return result; }
char* prov_auth_construct_sas_token(PROV_AUTH_HANDLE handle, const char* token_scope, const char* key_name, size_t expiry_time) { char* result; char expire_token[64] = { 0 }; if (handle == NULL || token_scope == NULL || key_name == NULL) { LogError("Invalid handle parameter handle: %p, token_scope: %p, key_name: %p", handle, token_scope, key_name); result = NULL; } else if (handle->sec_type == PROV_AUTH_TYPE_X509) { LogError("Invalid type for operation"); result = NULL; } else if (size_tToString(expire_token, sizeof(expire_token), expiry_time) != 0) { result = NULL; LogError("Failure creating expire token"); } else { size_t len = strlen(token_scope) + strlen(expire_token) + 3; char* payload = malloc(len + 1); if (payload == NULL) { result = NULL; LogError("Failure allocating payload for sas token."); } else { unsigned char* data_value; size_t data_len; (void)sprintf(payload, "%s\n%s", token_scope, expire_token); /* Codes_SRS_SECURE_ENCLAVE_CLIENT_07_031: [ prov_auth_get_certificate shall import the specified cert into the client using hsm_client_get_cert secure enclave function. ] */ if (sign_sas_data(handle, payload, &data_value, &data_len) == 0) { STRING_HANDLE urlEncodedSignature; STRING_HANDLE base64Signature; STRING_HANDLE sas_token_handle; if ((base64Signature = Azure_Base64_Encode_Bytes(data_value, data_len)) == NULL) { result = NULL; LogError("Failure constructing base64 encoding."); } else if ((urlEncodedSignature = URL_Encode(base64Signature)) == NULL) { result = NULL; LogError("Failure constructing url Signature."); STRING_delete(base64Signature); } else { sas_token_handle = STRING_construct_sprintf("SharedAccessSignature sr=%s&sig=%s&se=%s&skn=%s", token_scope, STRING_c_str(urlEncodedSignature), expire_token, key_name); if (sas_token_handle == NULL) { result = NULL; LogError("Failure constructing url Signature."); } else { const char* temp_sas_token = STRING_c_str(sas_token_handle); if (mallocAndStrcpy_s(&result, temp_sas_token) != 0) { LogError("Failure allocating and copying string."); result = NULL; } STRING_delete(sas_token_handle); } STRING_delete(base64Signature); STRING_delete(urlEncodedSignature); } free(data_value); } else { result = NULL; LogError("Failure generate sas token."); } free(payload); } } return result; }