static void create_x509_enrollment_device()
{
INDIVIDUAL_ENROLLMENT_HANDLE indiv_enrollment = NULL;
PROVISIONING_SERVICE_CLIENT_HANDLE prov_sc_handle = prov_sc_create_from_connection_string(g_prov_conn_string);
ASSERT_IS_NOT_NULL(prov_sc_handle, "Failure creating provisioning service client");
prov_sc_set_trace(prov_sc_handle, TRACING_STATUS_ON);
PROV_AUTH_HANDLE auth_handle = prov_auth_create();
ASSERT_IS_NOT_NULL(auth_handle, "Failure creating auth client");
char* registration_id = prov_auth_get_registration_id(auth_handle);
ASSERT_IS_NOT_NULL(registration_id, "Failure prov_auth_get_common_name");
if (prov_sc_get_individual_enrollment(prov_sc_handle, registration_id, &indiv_enrollment) != 0)
{
char* x509_cert = prov_auth_get_certificate(auth_handle);
ASSERT_IS_NOT_NULL(x509_cert, "Failure prov_auth_get_certificate");
STRING_HANDLE base64_cert = Azure_Base64_Encode_Bytes((const unsigned char*)x509_cert, strlen(x509_cert));
ASSERT_IS_NOT_NULL(base64_cert, "Failure Azure_Base64_Encode_Bytes");
ATTESTATION_MECHANISM_HANDLE attest_handle = attestationMechanism_createWithX509ClientCert(STRING_c_str(base64_cert), NULL);
ASSERT_IS_NOT_NULL(attest_handle, "Failure hsm_client_riot_get_certificate ");
indiv_enrollment = individualEnrollment_create(registration_id, attest_handle);
ASSERT_IS_NOT_NULL(indiv_enrollment, "Failure hsm_client_riot_get_certificate ");
ASSERT_ARE_EQUAL(int, 0, prov_sc_create_or_update_individual_enrollment(prov_sc_handle, &indiv_enrollment), "Failure prov_sc_create_or_update_individual_enrollment");
STRING_delete(base64_cert);
free(x509_cert);
}
char* secure_dev_tpm_get_storage_key(SEC_DEVICE_HANDLE handle)
{
char* result;
if (handle == NULL)
{
/* Codes_SRS_SECURE_DEVICE_TPM_07_016: [ If handle is NULL, secure_dev_tpm_get_storage_key shall return NULL. ] */
LogError("Invalid handle value specified");
result = NULL;
}
else if (handle->srk_pub.publicArea.unique.rsa.t.size == 0)
{
/* Codes_SRS_SECURE_DEVICE_TPM_07_017: [ If the srk_public value was not initialized, secure_dev_tpm_get_storage_key shall return NULL. ] */
LogError("storage root key is invalid");
result = NULL;
}
else
{
unsigned char data_bytes[1024];
unsigned char* data_pos = data_bytes;
/* Codes_SRS_SECURE_DEVICE_TPM_07_018: [ secure_dev_tpm_get_storage_key shall allocate and return the Storage Root Key. ] */
uint32_t data_length = TPM2B_PUBLIC_Marshal(&handle->srk_pub, &data_pos, NULL);
STRING_HANDLE encoded_srk = Azure_Base64_Encode_Bytes(data_bytes, data_length);
if (encoded_srk == NULL)
{
/* Codes_SRS_SECURE_DEVICE_TPM_07_019: [ If any failure is encountered, secure_dev_tpm_get_storage_key shall return NULL. ] */
LogError("Failure encoding storage root key");
result = NULL;
}
else
{
if (mallocAndStrcpy_s(&result, STRING_c_str(encoded_srk)) != 0)
{
/* Codes_SRS_SECURE_DEVICE_TPM_07_019: [ If any failure is encountered, secure_dev_tpm_get_storage_key shall return NULL. ] */
LogError("Failure allocating storage root key");
result = NULL;
}
STRING_delete(encoded_srk);
}
}
return result;
}
BLOB_RESULT Blob_UploadBlock(
HTTPAPIEX_HANDLE httpApiExHandle,
const char* relativePath,
BUFFER_HANDLE requestContent,
unsigned int blockID,
STRING_HANDLE blockIDList,
unsigned int* httpStatus,
BUFFER_HANDLE httpResponse)
{
BLOB_RESULT result;
if (requestContent == NULL ||
blockIDList == NULL ||
relativePath == NULL ||
httpApiExHandle == NULL ||
httpStatus == NULL ||
httpResponse == NULL)
{
LogError("invalid argument detected requestContent=%p blockIDList=%p relativePath=%p httpApiExHandle=%p httpStatus=%p httpResponse=%p", requestContent, blockIDList, relativePath, httpApiExHandle, httpStatus, httpResponse);
result = BLOB_ERROR;
}
else
{
char temp[7]; /*this will contain 000000... 049999*/
if (sprintf(temp, "%6u", (unsigned int)blockID) != 6) /*produces 000000... 049999*/
{
/*Codes_SRS_BLOB_02_033: [ If any previous operation that doesn't have an explicit failure description fails then Blob_UploadMultipleBlocksFromSasUri shall fail and return BLOB_ERROR ]*/
LogError("failed to sprintf");
result = BLOB_ERROR;
}
else
{
STRING_HANDLE blockIdString = Azure_Base64_Encode_Bytes((const unsigned char*)temp, 6);
if (blockIdString == NULL)
{
/*Codes_SRS_BLOB_02_033: [ If any previous operation that doesn't have an explicit failure description fails then Blob_UploadMultipleBlocksFromSasUri shall fail and return BLOB_ERROR ]*/
LogError("unable to Azure_Base64_Encode_Bytes");
result = BLOB_ERROR;
}
else
{
/*add the blockId base64 encoded to the XML*/
if (!(
(STRING_concat(blockIDList, "<Latest>") == 0) &&
(STRING_concat_with_STRING(blockIDList, blockIdString) == 0) &&
(STRING_concat(blockIDList, "</Latest>") == 0)
))
{
/*Codes_SRS_BLOB_02_033: [ If any previous operation that doesn't have an explicit failure description fails then Blob_UploadMultipleBlocksFromSasUri shall fail and return BLOB_ERROR ]*/
LogError("unable to STRING_concat");
result = BLOB_ERROR;
}
else
{
/*Codes_SRS_BLOB_02_022: [ Blob_UploadMultipleBlocksFromSasUri shall construct a new relativePath from following string: base relativePath + "&comp=block&blockid=BASE64 encoded string of blockId" ]*/
STRING_HANDLE newRelativePath = STRING_construct(relativePath);
if (newRelativePath == NULL)
{
/*Codes_SRS_BLOB_02_033: [ If any previous operation that doesn't have an explicit failure description fails then Blob_UploadMultipleBlocksFromSasUri shall fail and return BLOB_ERROR ]*/
LogError("unable to STRING_construct");
result = BLOB_ERROR;
}
else
{
if (!(
(STRING_concat(newRelativePath, "&comp=block&blockid=") == 0) &&
(STRING_concat_with_STRING(newRelativePath, blockIdString) == 0)
))
{
/*Codes_SRS_BLOB_02_033: [ If any previous operation that doesn't have an explicit failure description fails then Blob_UploadMultipleBlocksFromSasUri shall fail and return BLOB_ERROR ]*/
LogError("unable to STRING concatenate");
result = BLOB_ERROR;
}
else
{
/*Codes_SRS_BLOB_02_024: [ Blob_UploadMultipleBlocksFromSasUri shall call HTTPAPIEX_ExecuteRequest with a PUT operation, passing httpStatus and httpResponse. ]*/
if (HTTPAPIEX_ExecuteRequest(
httpApiExHandle,
HTTPAPI_REQUEST_PUT,
STRING_c_str(newRelativePath),
NULL,
requestContent,
httpStatus,
NULL,
httpResponse) != HTTPAPIEX_OK
)
{
/*Codes_SRS_BLOB_02_025: [ If HTTPAPIEX_ExecuteRequest fails then Blob_UploadMultipleBlocksFromSasUri shall fail and return BLOB_HTTP_ERROR. ]*/
LogError("unable to HTTPAPIEX_ExecuteRequest");
result = BLOB_HTTP_ERROR;
}
else if (*httpStatus >= 300)
{
/*Codes_SRS_BLOB_02_026: [ Otherwise, if HTTP response code is >=300 then Blob_UploadMultipleBlocksFromSasUri shall succeed and return BLOB_OK. ]*/
LogError("HTTP status from storage does not indicate success (%d)", (int)*httpStatus);
result = BLOB_OK;
}
else
{
/*Codes_SRS_BLOB_02_027: [ Otherwise Blob_UploadMultipleBlocksFromSasUri shall continue execution. ]*/
result = BLOB_OK;
}
}
STRING_delete(newRelativePath);
}
}
STRING_delete(blockIdString);
}
}
}
return result;
}
char* prov_auth_construct_sas_token(PROV_AUTH_HANDLE handle, const char* token_scope, const char* key_name, size_t expiry_time)
{
char* result;
char expire_token[64] = { 0 };
if (handle == NULL || token_scope == NULL || key_name == NULL)
{
LogError("Invalid handle parameter handle: %p, token_scope: %p, key_name: %p", handle, token_scope, key_name);
result = NULL;
}
else if (handle->sec_type == PROV_AUTH_TYPE_X509)
{
LogError("Invalid type for operation");
result = NULL;
}
else if (size_tToString(expire_token, sizeof(expire_token), expiry_time) != 0)
{
result = NULL;
LogError("Failure creating expire token");
}
else
{
size_t len = strlen(token_scope) + strlen(expire_token) + 3;
char* payload = malloc(len + 1);
if (payload == NULL)
{
result = NULL;
LogError("Failure allocating payload for sas token.");
}
else
{
unsigned char* data_value;
size_t data_len;
(void)sprintf(payload, "%s\n%s", token_scope, expire_token);
/* Codes_SRS_SECURE_ENCLAVE_CLIENT_07_031: [ prov_auth_get_certificate shall import the specified cert into the client using hsm_client_get_cert secure enclave function. ] */
if (sign_sas_data(handle, payload, &data_value, &data_len) == 0)
{
STRING_HANDLE urlEncodedSignature;
STRING_HANDLE base64Signature;
STRING_HANDLE sas_token_handle;
if ((base64Signature = Azure_Base64_Encode_Bytes(data_value, data_len)) == NULL)
{
result = NULL;
LogError("Failure constructing base64 encoding.");
}
else if ((urlEncodedSignature = URL_Encode(base64Signature)) == NULL)
{
result = NULL;
LogError("Failure constructing url Signature.");
STRING_delete(base64Signature);
}
else
{
sas_token_handle = STRING_construct_sprintf("SharedAccessSignature sr=%s&sig=%s&se=%s&skn=%s", token_scope, STRING_c_str(urlEncodedSignature), expire_token, key_name);
if (sas_token_handle == NULL)
{
result = NULL;
LogError("Failure constructing url Signature.");
}
else
{
const char* temp_sas_token = STRING_c_str(sas_token_handle);
if (mallocAndStrcpy_s(&result, temp_sas_token) != 0)
{
LogError("Failure allocating and copying string.");
result = NULL;
}
STRING_delete(sas_token_handle);
}
STRING_delete(base64Signature);
STRING_delete(urlEncodedSignature);
}
free(data_value);
}
else
{
result = NULL;
LogError("Failure generate sas token.");
}
free(payload);
}
}
return result;
}
