diff --git a/examples/Azure_IoT_Central_ESP32/AzureIoT.cpp b/examples/Azure_IoT_Central_ESP32/AzureIoT.cpp index 1d2d10f6..37b9f07e 100644 --- a/examples/Azure_IoT_Central_ESP32/AzureIoT.cpp +++ b/examples/Azure_IoT_Central_ESP32/AzureIoT.cpp @@ -73,7 +73,7 @@ static int get_mqtt_client_config_for_iot_hub(azure_iot_t* azure_iot, mqtt_clien static az_span generate_dps_register_custom_property(az_span model_id, az_span data_buffer, az_span* remainder); #define is_device_provisioned(azure_iot) \ - (!is_az_span_empty(azure_iot->config->iot_hub_fqdn) && !is_az_span_empty(azure_iot->config->device_id)) + (!az_span_is_content_equal(azure_iot->config->iot_hub_fqdn, AZ_SPAN_EMPTY) && !az_span_is_content_equal(azure_iot->config->device_id, AZ_SPAN_EMPTY)) /* --- Public API --- */ void azure_iot_init(azure_iot_t* azure_iot, azure_iot_config_t* azure_iot_config) @@ -82,8 +82,8 @@ void azure_iot_init(azure_iot_t* azure_iot, azure_iot_config_t* azure_iot_config _az_PRECONDITION_NOT_NULL(azure_iot_config); if (azure_iot_config->use_device_provisioning) { - _az_PRECONDITION(is_az_span_empty(azure_iot_config->iot_hub_fqdn)); - _az_PRECONDITION(is_az_span_empty(azure_iot_config->device_id)); + _az_PRECONDITION(az_span_is_content_equal(azure_iot_config->iot_hub_fqdn, AZ_SPAN_EMPTY)); + _az_PRECONDITION(az_span_is_content_equal(azure_iot_config->device_id, AZ_SPAN_EMPTY)); _az_PRECONDITION_VALID_SPAN(azure_iot_config->dps_id_scope, 1, false); _az_PRECONDITION_VALID_SPAN(azure_iot_config->dps_registration_id, 1, false); } @@ -91,10 +91,18 @@ void azure_iot_init(azure_iot_t* azure_iot, azure_iot_config_t* azure_iot_config { _az_PRECONDITION_VALID_SPAN(azure_iot_config->iot_hub_fqdn, 1, false); _az_PRECONDITION_VALID_SPAN(azure_iot_config->device_id, 1, false); - _az_PRECONDITION(is_az_span_empty(azure_iot_config->dps_id_scope)); - _az_PRECONDITION(is_az_span_empty(azure_iot_config->dps_registration_id)); + _az_PRECONDITION(az_span_is_content_equal(azure_iot_config->dps_id_scope, AZ_SPAN_EMPTY)); + _az_PRECONDITION(az_span_is_content_equal(azure_iot_config->dps_registration_id, AZ_SPAN_EMPTY)); } - _az_PRECONDITION_VALID_SPAN(azure_iot_config->device_key, 1, false); + + // Either device key or device certificate and certificate key should be defined. + if (az_span_is_content_equal(azure_iot_config->device_key, AZ_SPAN_EMPTY) && + (az_span_is_content_equal(azure_iot_config->device_certificate, AZ_SPAN_EMPTY) || az_span_is_content_equal(azure_iot_config->device_certificate_private_key, AZ_SPAN_EMPTY) )) + { + LogError("Please define either a device key or a device certificate and certificate private key. See iot_configs.h"); + return; + } + _az_PRECONDITION_VALID_SPAN(azure_iot_config->data_buffer, 1, false); _az_PRECONDITION_NOT_NULL(azure_iot_config->data_manipulation_functions.base64_decode); _az_PRECONDITION_NOT_NULL(azure_iot_config->data_manipulation_functions.base64_encode); @@ -318,7 +326,7 @@ void azure_iot_do_work(azure_iot_t* azure_iot) mqtt_message.topic = split_az_span(data_buffer, length + 1, &data_buffer); - if (is_az_span_empty(mqtt_message.topic) || is_az_span_empty(data_buffer)) + if (az_span_is_content_equal(mqtt_message.topic, AZ_SPAN_EMPTY) || az_span_is_content_equal(data_buffer, AZ_SPAN_EMPTY)) { azure_iot->state = azure_iot_state_error; LogError("Failed reserving memory for DPS register payload."); @@ -328,7 +336,7 @@ void azure_iot_do_work(azure_iot_t* azure_iot) dps_register_custom_property = generate_dps_register_custom_property( azure_iot->config->model_id, data_buffer, &mqtt_message.payload); - if (is_az_span_empty(dps_register_custom_property)) + if (az_span_is_content_equal(dps_register_custom_property, AZ_SPAN_EMPTY)) { azure_iot->state = azure_iot_state_error; LogError("Failed generating DPS register custom property payload."); @@ -804,11 +812,11 @@ int azure_iot_mqtt_client_message_received(azure_iot_t* azure_iot, mqtt_message_ { result = RESULT_OK; - if (is_az_span_empty(azure_iot->dps_operation_id)) + if (az_span_is_content_equal(azure_iot->dps_operation_id, AZ_SPAN_EMPTY)) { azure_iot->dps_operation_id = slice_and_copy_az_span(azure_iot->data_buffer, register_response.operation_id, &azure_iot->data_buffer); - if (is_az_span_empty(azure_iot->dps_operation_id)) + if (az_span_is_content_equal(azure_iot->dps_operation_id, AZ_SPAN_EMPTY)) { azure_iot->state = azure_iot_state_error; LogError("Failed reserving memory for DPS operation id."); @@ -829,7 +837,7 @@ int azure_iot_mqtt_client_message_received(azure_iot_t* azure_iot, mqtt_message_ azure_iot->config->iot_hub_fqdn = slice_and_copy_az_span(data_buffer, register_response.registration_state.assigned_hub_hostname, &data_buffer); - if (is_az_span_empty(azure_iot->config->iot_hub_fqdn)) + if (az_span_is_content_equal(azure_iot->config->iot_hub_fqdn, AZ_SPAN_EMPTY)) { azure_iot->state = azure_iot_state_error; LogError("Failed saving IoT Hub fqdn from provisioning."); @@ -839,7 +847,7 @@ int azure_iot_mqtt_client_message_received(azure_iot_t* azure_iot, mqtt_message_ { azure_iot->config->device_id = slice_and_copy_az_span(data_buffer, register_response.registration_state.device_id, &data_buffer); - if (is_az_span_empty(azure_iot->config->device_id)) + if (az_span_is_content_equal(azure_iot->config->device_id, AZ_SPAN_EMPTY)) { azure_iot->state = azure_iot_state_error; LogError("Failed saving device id from provisioning."); @@ -947,20 +955,29 @@ static int get_mqtt_client_config_for_dps(azure_iot_t* azure_iot, mqtt_client_co data_buffer_span = azure_iot->data_buffer; password_span = split_az_span(data_buffer_span, MQTT_PASSWORD_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(password_span), RESULT_ERROR, "Failed reserving buffer for password_span."); + EXIT_IF_TRUE(az_span_is_content_equal(password_span, AZ_SPAN_EMPTY), RESULT_ERROR, "Failed reserving buffer for password_span."); - password_length = generate_sas_token_for_dps( - &azure_iot->dps_client, - azure_iot->config->device_key, - azure_iot->config->sas_token_lifetime_in_minutes, - data_buffer_span, - azure_iot->config->data_manipulation_functions, - password_span, - &azure_iot->sas_token_expiration_time); - EXIT_IF_TRUE(password_length == 0, RESULT_ERROR, "Failed creating mqtt password for DPS connection."); + if(!az_span_is_content_equal(azure_iot->config->device_key, AZ_SPAN_EMPTY)) + { + password_length = generate_sas_token_for_dps( + &azure_iot->dps_client, + azure_iot->config->device_key, + azure_iot->config->sas_token_lifetime_in_minutes, + data_buffer_span, + azure_iot->config->data_manipulation_functions, + password_span, + &azure_iot->sas_token_expiration_time); + EXIT_IF_TRUE(password_length == 0, RESULT_ERROR, "Failed creating mqtt password for DPS connection."); + + mqtt_client_config->password = password_span; + } + else + { + mqtt_client_config->password = AZ_SPAN_EMPTY; + } client_id_span = split_az_span(data_buffer_span, MQTT_CLIENT_ID_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(client_id_span), RESULT_ERROR, "Failed reserving buffer for client_id_span."); + EXIT_IF_TRUE(az_span_is_content_equal(client_id_span, AZ_SPAN_EMPTY), RESULT_ERROR, "Failed reserving buffer for client_id_span."); azrc = az_iot_provisioning_client_get_client_id( &azure_iot->dps_client, (char*)az_span_ptr(client_id_span), az_span_size(client_id_span), &client_id_length); @@ -977,7 +994,6 @@ static int get_mqtt_client_config_for_dps(azure_iot_t* azure_iot, mqtt_client_co mqtt_client_config->client_id = client_id_span; mqtt_client_config->username = username_span; - mqtt_client_config->password = password_span; return RESULT_OK; } @@ -1015,7 +1031,7 @@ static int get_mqtt_client_config_for_iot_hub(azure_iot_t* azure_iot, mqtt_clien data_buffer_span = azure_iot->data_buffer; password_span = split_az_span(data_buffer_span, MQTT_PASSWORD_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(password_span), RESULT_ERROR, "Failed reserving buffer for password_span."); + EXIT_IF_TRUE(az_span_is_content_equal(password_span, AZ_SPAN_EMPTY), RESULT_ERROR, "Failed reserving buffer for password_span."); password_length = generate_sas_token_for_iot_hub( &azure_iot->iot_hub_client, @@ -1028,7 +1044,7 @@ static int get_mqtt_client_config_for_iot_hub(azure_iot_t* azure_iot, mqtt_clien EXIT_IF_TRUE(password_length == 0, RESULT_ERROR, "Failed creating mqtt password for IoT Hub connection."); client_id_span = split_az_span(data_buffer_span, MQTT_CLIENT_ID_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(client_id_span), RESULT_ERROR, "Failed reserving buffer for client_id_span."); + EXIT_IF_TRUE(az_span_is_content_equal(client_id_span, AZ_SPAN_EMPTY), RESULT_ERROR, "Failed reserving buffer for client_id_span."); azrc = az_iot_hub_client_get_client_id( &azure_iot->iot_hub_client, (char*)az_span_ptr(client_id_span), az_span_size(client_id_span), &client_id_length); @@ -1093,7 +1109,7 @@ static int generate_sas_token_for_dps( // Step 2.a. plain_sas_signature = split_az_span(data_buffer_span, PLAIN_SAS_SIGNATURE_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(plain_sas_signature), 0, "Failed reserving buffer for plain sas token."); + EXIT_IF_TRUE(az_span_is_content_equal(plain_sas_signature, AZ_SPAN_EMPTY), 0, "Failed reserving buffer for plain sas token."); rc = az_iot_provisioning_client_sas_get_signature( provisioning_client, *expiration_time, plain_sas_signature, &plain_sas_signature); @@ -1101,10 +1117,10 @@ static int generate_sas_token_for_dps( // Step 2.b. sas_signature = split_az_span(data_buffer_span, SAS_SIGNATURE_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(sas_signature), 0, "Failed reserving buffer for sas_signature."); + EXIT_IF_TRUE(az_span_is_content_equal(sas_signature, AZ_SPAN_EMPTY), 0, "Failed reserving buffer for sas_signature."); decoded_sas_key = split_az_span(data_buffer_span, DECODED_SAS_KEY_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(decoded_sas_key), 0, "Failed reserving buffer for decoded_sas_key."); + EXIT_IF_TRUE(az_span_is_content_equal(decoded_sas_key, AZ_SPAN_EMPTY), 0, "Failed reserving buffer for decoded_sas_key."); result = data_manipulation_functions.base64_decode( az_span_ptr(device_key), az_span_size(device_key), az_span_ptr(decoded_sas_key), az_span_size(decoded_sas_key), &decoded_sas_key_length); @@ -1112,7 +1128,7 @@ static int generate_sas_token_for_dps( // Step 2.c. sas_hmac256_signed_signature = split_az_span(data_buffer_span, SAS_HMAC256_ENCRYPTED_SIGNATURE_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(sas_hmac256_signed_signature), 0, "Failed reserving buffer for sas_hmac256_signed_signature."); + EXIT_IF_TRUE(az_span_is_content_equal(sas_hmac256_signed_signature, AZ_SPAN_EMPTY), 0, "Failed reserving buffer for sas_hmac256_signed_signature."); result = data_manipulation_functions.hmac_sha256_encrypt( az_span_ptr(decoded_sas_key), decoded_sas_key_length, @@ -1184,7 +1200,7 @@ static int generate_sas_token_for_iot_hub( // Step 2.a. plain_sas_signature = split_az_span(data_buffer_span, PLAIN_SAS_SIGNATURE_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(plain_sas_signature), 0, "Failed reserving buffer for plain sas token."); + EXIT_IF_TRUE(az_span_is_content_equal(plain_sas_signature, AZ_SPAN_EMPTY), 0, "Failed reserving buffer for plain sas token."); rc = az_iot_hub_client_sas_get_signature( iot_hub_client, *expiration_time, plain_sas_signature, &plain_sas_signature); @@ -1192,10 +1208,10 @@ static int generate_sas_token_for_iot_hub( // Step 2.b. sas_signature = split_az_span(data_buffer_span, SAS_SIGNATURE_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(sas_signature), 0, "Failed reserving buffer for sas_signature."); + EXIT_IF_TRUE(az_span_is_content_equal(sas_signature, AZ_SPAN_EMPTY), 0, "Failed reserving buffer for sas_signature."); decoded_sas_key = split_az_span(data_buffer_span, DECODED_SAS_KEY_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(decoded_sas_key), 0, "Failed reserving buffer for decoded_sas_key."); + EXIT_IF_TRUE(az_span_is_content_equal(decoded_sas_key, AZ_SPAN_EMPTY), 0, "Failed reserving buffer for decoded_sas_key."); result = data_manipulation_functions.base64_decode( az_span_ptr(device_key), az_span_size(device_key), az_span_ptr(decoded_sas_key), az_span_size(decoded_sas_key), &decoded_sas_key_length); @@ -1203,7 +1219,7 @@ static int generate_sas_token_for_iot_hub( // Step 2.c. sas_hmac256_signed_signature = split_az_span(data_buffer_span, SAS_HMAC256_ENCRYPTED_SIGNATURE_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(sas_hmac256_signed_signature), 0, "Failed reserving buffer for sas_hmac256_signed_signature."); + EXIT_IF_TRUE(az_span_is_content_equal(sas_hmac256_signed_signature, AZ_SPAN_EMPTY), 0, "Failed reserving buffer for sas_hmac256_signed_signature."); result = data_manipulation_functions.hmac_sha256_encrypt( az_span_ptr(decoded_sas_key), decoded_sas_key_length, @@ -1251,16 +1267,16 @@ static az_span generate_dps_register_custom_property(az_span model_id, az_span d size_t length = lengthof(DPS_REGISTER_CUSTOM_PAYLOAD_BEGIN) + az_span_size(model_id) + lengthof(DPS_REGISTER_CUSTOM_PAYLOAD_END); custom_property = split_az_span(data_buffer, length, remainder); - EXIT_IF_TRUE(is_az_span_empty(custom_property), AZ_SPAN_EMPTY, "Failed generating DPS register custom property (not enough space)."); + EXIT_IF_TRUE(az_span_is_content_equal(custom_property, AZ_SPAN_EMPTY), AZ_SPAN_EMPTY, "Failed generating DPS register custom property (not enough space)."); data_buffer = az_span_copy(data_buffer, AZ_SPAN_FROM_STR(DPS_REGISTER_CUSTOM_PAYLOAD_BEGIN)); - EXIT_IF_TRUE(is_az_span_empty(data_buffer), AZ_SPAN_EMPTY, "Failed generating DPS register custom property (prefix)."); + EXIT_IF_TRUE(az_span_is_content_equal(data_buffer, AZ_SPAN_EMPTY), AZ_SPAN_EMPTY, "Failed generating DPS register custom property (prefix)."); data_buffer = az_span_copy(data_buffer, model_id); - EXIT_IF_TRUE(is_az_span_empty(data_buffer), AZ_SPAN_EMPTY, "Failed generating DPS register custom property (model id)."); + EXIT_IF_TRUE(az_span_is_content_equal(data_buffer, AZ_SPAN_EMPTY), AZ_SPAN_EMPTY, "Failed generating DPS register custom property (model id)."); data_buffer = az_span_copy(data_buffer, AZ_SPAN_FROM_STR(DPS_REGISTER_CUSTOM_PAYLOAD_END)); - EXIT_IF_TRUE(is_az_span_empty(data_buffer), AZ_SPAN_EMPTY, "Failed generating DPS register custom property (suffix)."); + EXIT_IF_TRUE(az_span_is_content_equal(data_buffer, AZ_SPAN_EMPTY), AZ_SPAN_EMPTY, "Failed generating DPS register custom property (suffix)."); return custom_property; } @@ -1270,7 +1286,7 @@ az_span split_az_span(az_span span, int32_t size, az_span* remainder) { az_span result = az_span_slice(span, 0, size); - if (remainder != NULL && !is_az_span_empty(result)) + if (remainder != NULL && !az_span_is_content_equal(result, AZ_SPAN_EMPTY)) { *remainder = az_span_slice(span, size, az_span_size(span)); } @@ -1282,12 +1298,12 @@ az_span slice_and_copy_az_span(az_span destination, az_span source, az_span* rem { az_span result = split_az_span(destination, az_span_size(source), remainder); - if (is_az_span_empty(*remainder)) + if (az_span_is_content_equal(*remainder, AZ_SPAN_EMPTY)) { result = AZ_SPAN_EMPTY; } - if (!is_az_span_empty(result)) + if (!az_span_is_content_equal(result, AZ_SPAN_EMPTY)) { (void)az_span_copy(result, source); } diff --git a/examples/Azure_IoT_Central_ESP32/AzureIoT.h b/examples/Azure_IoT_Central_ESP32/AzureIoT.h index 84795bd9..5a99b3d4 100644 --- a/examples/Azure_IoT_Central_ESP32/AzureIoT.h +++ b/examples/Azure_IoT_Central_ESP32/AzureIoT.h @@ -454,6 +454,18 @@ typedef struct azure_iot_config_t_struct */ az_span device_key; + /* + * @brief X509 certificate to be used for authentication. + * + */ + az_span device_certificate; + + /* + * @brief X509 certificate private key to be used for authentication. + * + */ + az_span device_certificate_private_key; + /* * @brief The "Registration ID" to authenticate with when connecting to * Azure Device Provisioning service. @@ -776,15 +788,6 @@ int azure_iot_mqtt_client_message_received(azure_iot_t* azure_iot, mqtt_message_ * These functions are used internally by the Azure IoT client code and its extensions. */ -/** - * @brief Checks whether `span` is equal to AZ_SPAN_EMPTY. - * - * @param[in] span A span to be verified. - * - * @return boolean True if `span`'s pointer and size are equal to AZ_SPAN_EMPTY, or false otherwise. - */ -#define is_az_span_empty(span) az_span_is_content_equal(span, AZ_SPAN_EMPTY) - /** * @brief Slices `span` at position `size`, returns the first slice and assigns the second slice to `remainder`. * diff --git a/examples/Azure_IoT_Central_ESP32/Azure_IoT_Central_ESP32.ino b/examples/Azure_IoT_Central_ESP32/Azure_IoT_Central_ESP32.ino index 47faa16c..38cd73a7 100644 --- a/examples/Azure_IoT_Central_ESP32/Azure_IoT_Central_ESP32.ino +++ b/examples/Azure_IoT_Central_ESP32/Azure_IoT_Central_ESP32.ino @@ -129,7 +129,15 @@ static int mqtt_client_init_function(mqtt_client_config_t* mqtt_client_config, m mqtt_config.port = mqtt_client_config->port; mqtt_config.client_id = (const char*)az_span_ptr(mqtt_client_config->client_id); mqtt_config.username = (const char*)az_span_ptr(mqtt_client_config->username); - mqtt_config.password = (const char*)az_span_ptr(mqtt_client_config->password); + + #ifdef IOT_CONFIG_USE_X509_CERT + LogInfo("MQTT client using X509 Certificate authentication"); + mqtt_config.client_cert_pem = IOT_CONFIG_DEVICE_CERT; + mqtt_config.client_key_pem = IOT_CONFIG_DEVICE_CERT_PRIVATE_KEY; + #else // Using SAS key + mqtt_config.password = (const char*)az_span_ptr(mqtt_client_config->password); + #endif + mqtt_config.keepalive = 30; mqtt_config.disable_clean_session = 0; mqtt_config.disable_auto_reconnect = false; @@ -331,7 +339,17 @@ void setup() azure_iot_config.use_device_provisioning = true; // Required for Azure IoT Central. azure_iot_config.iot_hub_fqdn = AZ_SPAN_EMPTY; azure_iot_config.device_id = AZ_SPAN_EMPTY; - azure_iot_config.device_key = AZ_SPAN_FROM_STR(IOT_CONFIG_DEVICE_KEY); + + #ifdef IOT_CONFIG_USE_X509_CERT + azure_iot_config.device_certificate = AZ_SPAN_FROM_STR(IOT_CONFIG_DEVICE_CERT); + azure_iot_config.device_certificate_private_key = AZ_SPAN_FROM_STR(IOT_CONFIG_DEVICE_CERT_PRIVATE_KEY); + azure_iot_config.device_key = AZ_SPAN_EMPTY; + #else + azure_iot_config.device_certificate = AZ_SPAN_EMPTY; + azure_iot_config.device_certificate_private_key = AZ_SPAN_EMPTY; + azure_iot_config.device_key = AZ_SPAN_FROM_STR(IOT_CONFIG_DEVICE_KEY); + #endif // IOT_CONFIG_USE_X509_CERT + azure_iot_config.dps_id_scope = AZ_SPAN_FROM_STR(DPS_ID_SCOPE); azure_iot_config.dps_registration_id = AZ_SPAN_FROM_STR(IOT_CONFIG_DEVICE_ID); // Use Device ID for Azure IoT Central. azure_iot_config.data_buffer = AZ_SPAN_FROM_BUFFER(az_iot_data_buffer); diff --git a/examples/Azure_IoT_Central_ESP32/iot_configs.h b/examples/Azure_IoT_Central_ESP32/iot_configs.h index 9d873758..85ab6dc5 100644 --- a/examples/Azure_IoT_Central_ESP32/iot_configs.h +++ b/examples/Azure_IoT_Central_ESP32/iot_configs.h @@ -5,10 +5,60 @@ #define IOT_CONFIG_WIFI_SSID "SSID" #define IOT_CONFIG_WIFI_PASSWORD "PWD" +// Enable macro IOT_CONFIG_USE_X509_CERT to use an x509 certificate to authenticate the IoT device. +// The two main modes of authentication are through SAS tokens (automatically generated by the sample using the provided device symmetric key) or through x509 certificates. +// Please choose the appropriate option according to your device authentication mode. + +// #define IOT_CONFIG_USE_X509_CERT + +#ifdef IOT_CONFIG_USE_X509_CERT + +/* + * Please set the define IOT_CONFIG_DEVICE_CERT below with + * the content of your device x509 certificate. + * + * Example: + * #define IOT_CONFIG_DEVICE_CERT "-----BEGIN CERTIFICATE-----\r\n" \ + * "MIIBJDCBywIUfeHrebBVa2eZAbouBgACp9R3BncwCgYIKoZIzj0EAwIwETEPMA0G\r\n" \ + * "A1UEAwwGRFBTIENBMB4XDTIyMDMyMjazMTAzN1oXDTIzMDMyMjIzMTAzN1owGTEX\r\n" \ + * "MBUGA1UEAwwOY29udG9zby1kZXZpY2UwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\r\n" \ + * ....... + * "YmGzdaHTb6P1W+p+jmc+jJn1MAoGCXqGSM49BAMCA0gAMEUCIEnbEMsAdGFroMwl\r\n" \ + * "vTfQahwsxN3xink9z1gtirrjQlqDAiEAyU+6TUJcG6d9JF+uJqsLFpsbbF3IzGAw\r\n" \ + * "yC+koNRC0MU=\r\n" \ + * "-----END CERTIFICATE-----" + * + */ +#define IOT_CONFIG_DEVICE_CERT "Device Certificate" + +/* + * Please set the define IOT_CONFIG_DEVICE_CERT_PRIVATE_KEY below with + * the content of your device x509 private key. + * + * Example: + * + * #define IOT_CONFIG_DEVICE_CERT_PRIVATE_KEY "-----BEGIN EC PRIVATE KEY-----\r\n" \ + * "MHcCAQEEIKGXkMMiO9D7jYpUjUGTBn7gGzeKPeNzCP83wbfQfLd9obAoGCCqGSM49\r\n" \ + * "AwEHoUQDQgAEU6nQoYbjgJvBwaeD6MyAYmOSDg0QhEdyyV337qrlIbDEKvFsn1El\r\n" \ + * "yRabc4dNp2Jhs3Xh02+j9Vvqfo5nPoyZ9Q==\r\n" \ + * "-----END EC PRIVATE KEY-----" + * + * Note the type of key may different in your case. Such as BEGIN PRIVATE KEY + * or BEGIN RSA PRIVATE KEY. + * +*/ +#define IOT_CONFIG_DEVICE_CERT_PRIVATE_KEY "Device Certificate Private Key" + +#endif // IOT_CONFIG_USE_X509_CERT + // Azure IoT Central #define DPS_ID_SCOPE "ID Scope" #define IOT_CONFIG_DEVICE_ID "Device ID" -#define IOT_CONFIG_DEVICE_KEY "Device Key" +// Use device key if not using certificates +#ifndef IOT_CONFIG_USE_X509_CERT + #define IOT_CONFIG_DEVICE_KEY "Device Key" +#endif // IOT_CONFIG_USE_X509_CERT + // User-agent (url-encoded) provided by the MQTT client to Azure IoT Services. // When developing for your own Arduino-based platform, diff --git a/examples/Azure_IoT_Central_ESP32_AzureIoTKit/AzureIoT.cpp b/examples/Azure_IoT_Central_ESP32_AzureIoTKit/AzureIoT.cpp index 1d2d10f6..a8934ced 100644 --- a/examples/Azure_IoT_Central_ESP32_AzureIoTKit/AzureIoT.cpp +++ b/examples/Azure_IoT_Central_ESP32_AzureIoTKit/AzureIoT.cpp @@ -73,7 +73,7 @@ static int get_mqtt_client_config_for_iot_hub(azure_iot_t* azure_iot, mqtt_clien static az_span generate_dps_register_custom_property(az_span model_id, az_span data_buffer, az_span* remainder); #define is_device_provisioned(azure_iot) \ - (!is_az_span_empty(azure_iot->config->iot_hub_fqdn) && !is_az_span_empty(azure_iot->config->device_id)) + (!az_span_is_content_equal(azure_iot->config->iot_hub_fqdn, AZ_SPAN_EMPTY) && !az_span_is_content_equal(azure_iot->config->device_id, AZ_SPAN_EMPTY)) /* --- Public API --- */ void azure_iot_init(azure_iot_t* azure_iot, azure_iot_config_t* azure_iot_config) @@ -82,8 +82,8 @@ void azure_iot_init(azure_iot_t* azure_iot, azure_iot_config_t* azure_iot_config _az_PRECONDITION_NOT_NULL(azure_iot_config); if (azure_iot_config->use_device_provisioning) { - _az_PRECONDITION(is_az_span_empty(azure_iot_config->iot_hub_fqdn)); - _az_PRECONDITION(is_az_span_empty(azure_iot_config->device_id)); + _az_PRECONDITION(az_span_is_content_equal(azure_iot_config->iot_hub_fqdn, AZ_SPAN_EMPTY)); + _az_PRECONDITION(az_span_is_content_equal(azure_iot_config->device_id, AZ_SPAN_EMPTY)); _az_PRECONDITION_VALID_SPAN(azure_iot_config->dps_id_scope, 1, false); _az_PRECONDITION_VALID_SPAN(azure_iot_config->dps_registration_id, 1, false); } @@ -91,10 +91,18 @@ void azure_iot_init(azure_iot_t* azure_iot, azure_iot_config_t* azure_iot_config { _az_PRECONDITION_VALID_SPAN(azure_iot_config->iot_hub_fqdn, 1, false); _az_PRECONDITION_VALID_SPAN(azure_iot_config->device_id, 1, false); - _az_PRECONDITION(is_az_span_empty(azure_iot_config->dps_id_scope)); - _az_PRECONDITION(is_az_span_empty(azure_iot_config->dps_registration_id)); + _az_PRECONDITION(az_span_is_content_equal(azure_iot_config->dps_id_scope, AZ_SPAN_EMPTY)); + _az_PRECONDITION(az_span_is_content_equal(azure_iot_config->dps_registration_id, AZ_SPAN_EMPTY)); } - _az_PRECONDITION_VALID_SPAN(azure_iot_config->device_key, 1, false); + + // Either device key or device certificate and certificate key should be defined. + if (az_span_is_content_equal(azure_iot_config->device_key, AZ_SPAN_EMPTY) && + (az_span_is_content_equal(azure_iot_config->device_certificate, AZ_SPAN_EMPTY) || az_span_is_content_equal(azure_iot_config->device_certificate_private_key, AZ_SPAN_EMPTY) )) + { + LogError("Please define either a device key or a device certificate and certificate private key. See iot_configs.h"); + return; + } + _az_PRECONDITION_VALID_SPAN(azure_iot_config->data_buffer, 1, false); _az_PRECONDITION_NOT_NULL(azure_iot_config->data_manipulation_functions.base64_decode); _az_PRECONDITION_NOT_NULL(azure_iot_config->data_manipulation_functions.base64_encode); @@ -318,7 +326,7 @@ void azure_iot_do_work(azure_iot_t* azure_iot) mqtt_message.topic = split_az_span(data_buffer, length + 1, &data_buffer); - if (is_az_span_empty(mqtt_message.topic) || is_az_span_empty(data_buffer)) + if (az_span_is_content_equal(mqtt_message.topic, AZ_SPAN_EMPTY) || az_span_is_content_equal(data_buffer, AZ_SPAN_EMPTY)) { azure_iot->state = azure_iot_state_error; LogError("Failed reserving memory for DPS register payload."); @@ -328,7 +336,7 @@ void azure_iot_do_work(azure_iot_t* azure_iot) dps_register_custom_property = generate_dps_register_custom_property( azure_iot->config->model_id, data_buffer, &mqtt_message.payload); - if (is_az_span_empty(dps_register_custom_property)) + if (az_span_is_content_equal(dps_register_custom_property, AZ_SPAN_EMPTY)) { azure_iot->state = azure_iot_state_error; LogError("Failed generating DPS register custom property payload."); @@ -804,11 +812,11 @@ int azure_iot_mqtt_client_message_received(azure_iot_t* azure_iot, mqtt_message_ { result = RESULT_OK; - if (is_az_span_empty(azure_iot->dps_operation_id)) + if (az_span_is_content_equal(azure_iot->dps_operation_id, AZ_SPAN_EMPTY)) { azure_iot->dps_operation_id = slice_and_copy_az_span(azure_iot->data_buffer, register_response.operation_id, &azure_iot->data_buffer); - if (is_az_span_empty(azure_iot->dps_operation_id)) + if (az_span_is_content_equal(azure_iot->dps_operation_id, AZ_SPAN_EMPTY)) { azure_iot->state = azure_iot_state_error; LogError("Failed reserving memory for DPS operation id."); @@ -829,7 +837,7 @@ int azure_iot_mqtt_client_message_received(azure_iot_t* azure_iot, mqtt_message_ azure_iot->config->iot_hub_fqdn = slice_and_copy_az_span(data_buffer, register_response.registration_state.assigned_hub_hostname, &data_buffer); - if (is_az_span_empty(azure_iot->config->iot_hub_fqdn)) + if (az_span_is_content_equal(azure_iot->config->iot_hub_fqdn, AZ_SPAN_EMPTY)) { azure_iot->state = azure_iot_state_error; LogError("Failed saving IoT Hub fqdn from provisioning."); @@ -839,7 +847,7 @@ int azure_iot_mqtt_client_message_received(azure_iot_t* azure_iot, mqtt_message_ { azure_iot->config->device_id = slice_and_copy_az_span(data_buffer, register_response.registration_state.device_id, &data_buffer); - if (is_az_span_empty(azure_iot->config->device_id)) + if (az_span_is_content_equal(azure_iot->config->device_id, AZ_SPAN_EMPTY)) { azure_iot->state = azure_iot_state_error; LogError("Failed saving device id from provisioning."); @@ -947,20 +955,29 @@ static int get_mqtt_client_config_for_dps(azure_iot_t* azure_iot, mqtt_client_co data_buffer_span = azure_iot->data_buffer; password_span = split_az_span(data_buffer_span, MQTT_PASSWORD_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(password_span), RESULT_ERROR, "Failed reserving buffer for password_span."); + EXIT_IF_TRUE(az_span_is_content_equal(password_span, AZ_SPAN_EMPTY), RESULT_ERROR, "Failed reserving buffer for password_span."); - password_length = generate_sas_token_for_dps( - &azure_iot->dps_client, - azure_iot->config->device_key, - azure_iot->config->sas_token_lifetime_in_minutes, - data_buffer_span, - azure_iot->config->data_manipulation_functions, - password_span, - &azure_iot->sas_token_expiration_time); - EXIT_IF_TRUE(password_length == 0, RESULT_ERROR, "Failed creating mqtt password for DPS connection."); + if(!az_span_is_content_equal(azure_iot->config->device_key, AZ_SPAN_EMPTY)) + { + password_length = generate_sas_token_for_dps( + &azure_iot->dps_client, + azure_iot->config->device_key, + azure_iot->config->sas_token_lifetime_in_minutes, + data_buffer_span, + azure_iot->config->data_manipulation_functions, + password_span, + &azure_iot->sas_token_expiration_time); + EXIT_IF_TRUE(password_length == 0, RESULT_ERROR, "Failed creating mqtt password for DPS connection."); + + mqtt_client_config->password = password_span; + } + else + { + mqtt_client_config->password = AZ_SPAN_EMPTY; + } client_id_span = split_az_span(data_buffer_span, MQTT_CLIENT_ID_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(client_id_span), RESULT_ERROR, "Failed reserving buffer for client_id_span."); + EXIT_IF_TRUE(az_span_is_content_equal(client_id_span, AZ_SPAN_EMPTY), RESULT_ERROR, "Failed reserving buffer for client_id_span."); azrc = az_iot_provisioning_client_get_client_id( &azure_iot->dps_client, (char*)az_span_ptr(client_id_span), az_span_size(client_id_span), &client_id_length); @@ -977,7 +994,6 @@ static int get_mqtt_client_config_for_dps(azure_iot_t* azure_iot, mqtt_client_co mqtt_client_config->client_id = client_id_span; mqtt_client_config->username = username_span; - mqtt_client_config->password = password_span; return RESULT_OK; } @@ -1015,7 +1031,7 @@ static int get_mqtt_client_config_for_iot_hub(azure_iot_t* azure_iot, mqtt_clien data_buffer_span = azure_iot->data_buffer; password_span = split_az_span(data_buffer_span, MQTT_PASSWORD_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(password_span), RESULT_ERROR, "Failed reserving buffer for password_span."); + EXIT_IF_TRUE(az_span_is_content_equal(password_span, AZ_SPAN_EMPTY), RESULT_ERROR, "Failed reserving buffer for password_span."); password_length = generate_sas_token_for_iot_hub( &azure_iot->iot_hub_client, @@ -1028,7 +1044,7 @@ static int get_mqtt_client_config_for_iot_hub(azure_iot_t* azure_iot, mqtt_clien EXIT_IF_TRUE(password_length == 0, RESULT_ERROR, "Failed creating mqtt password for IoT Hub connection."); client_id_span = split_az_span(data_buffer_span, MQTT_CLIENT_ID_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(client_id_span), RESULT_ERROR, "Failed reserving buffer for client_id_span."); + EXIT_IF_TRUE(az_span_is_content_equal(client_id_span, AZ_SPAN_EMPTY), RESULT_ERROR, "Failed reserving buffer for client_id_span."); azrc = az_iot_hub_client_get_client_id( &azure_iot->iot_hub_client, (char*)az_span_ptr(client_id_span), az_span_size(client_id_span), &client_id_length); @@ -1093,7 +1109,7 @@ static int generate_sas_token_for_dps( // Step 2.a. plain_sas_signature = split_az_span(data_buffer_span, PLAIN_SAS_SIGNATURE_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(plain_sas_signature), 0, "Failed reserving buffer for plain sas token."); + EXIT_IF_TRUE(az_span_is_content_equal(plain_sas_signature, AZ_SPAN_EMPTY), 0, "Failed reserving buffer for plain sas token."); rc = az_iot_provisioning_client_sas_get_signature( provisioning_client, *expiration_time, plain_sas_signature, &plain_sas_signature); @@ -1101,10 +1117,10 @@ static int generate_sas_token_for_dps( // Step 2.b. sas_signature = split_az_span(data_buffer_span, SAS_SIGNATURE_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(sas_signature), 0, "Failed reserving buffer for sas_signature."); + EXIT_IF_TRUE(az_span_is_content_equal(sas_signature, AZ_SPAN_EMPTY), 0, "Failed reserving buffer for sas_signature."); decoded_sas_key = split_az_span(data_buffer_span, DECODED_SAS_KEY_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(decoded_sas_key), 0, "Failed reserving buffer for decoded_sas_key."); + EXIT_IF_TRUE(az_span_is_content_equal(decoded_sas_key, AZ_SPAN_EMPTY), 0, "Failed reserving buffer for decoded_sas_key."); result = data_manipulation_functions.base64_decode( az_span_ptr(device_key), az_span_size(device_key), az_span_ptr(decoded_sas_key), az_span_size(decoded_sas_key), &decoded_sas_key_length); @@ -1112,7 +1128,7 @@ static int generate_sas_token_for_dps( // Step 2.c. sas_hmac256_signed_signature = split_az_span(data_buffer_span, SAS_HMAC256_ENCRYPTED_SIGNATURE_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(sas_hmac256_signed_signature), 0, "Failed reserving buffer for sas_hmac256_signed_signature."); + EXIT_IF_TRUE(az_span_is_content_equal(sas_hmac256_signed_signature, AZ_SPAN_EMPTY), 0, "Failed reserving buffer for sas_hmac256_signed_signature."); result = data_manipulation_functions.hmac_sha256_encrypt( az_span_ptr(decoded_sas_key), decoded_sas_key_length, @@ -1184,7 +1200,7 @@ static int generate_sas_token_for_iot_hub( // Step 2.a. plain_sas_signature = split_az_span(data_buffer_span, PLAIN_SAS_SIGNATURE_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(plain_sas_signature), 0, "Failed reserving buffer for plain sas token."); + EXIT_IF_TRUE(az_span_is_content_equal(plain_sas_signature, AZ_SPAN_EMPTY), 0, "Failed reserving buffer for plain sas token."); rc = az_iot_hub_client_sas_get_signature( iot_hub_client, *expiration_time, plain_sas_signature, &plain_sas_signature); @@ -1192,10 +1208,10 @@ static int generate_sas_token_for_iot_hub( // Step 2.b. sas_signature = split_az_span(data_buffer_span, SAS_SIGNATURE_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(sas_signature), 0, "Failed reserving buffer for sas_signature."); + EXIT_IF_TRUE(az_span_is_content_equal(sas_signature, AZ_SPAN_EMPTY), 0, "Failed reserving buffer for sas_signature."); decoded_sas_key = split_az_span(data_buffer_span, DECODED_SAS_KEY_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(decoded_sas_key), 0, "Failed reserving buffer for decoded_sas_key."); + EXIT_IF_TRUE(az_span_is_content_equal(decoded_sas_key, AZ_SPAN_EMPTY), 0, "Failed reserving buffer for decoded_sas_key."); result = data_manipulation_functions.base64_decode( az_span_ptr(device_key), az_span_size(device_key), az_span_ptr(decoded_sas_key), az_span_size(decoded_sas_key), &decoded_sas_key_length); @@ -1203,7 +1219,7 @@ static int generate_sas_token_for_iot_hub( // Step 2.c. sas_hmac256_signed_signature = split_az_span(data_buffer_span, SAS_HMAC256_ENCRYPTED_SIGNATURE_BUFFER_SIZE, &data_buffer_span); - EXIT_IF_TRUE(is_az_span_empty(sas_hmac256_signed_signature), 0, "Failed reserving buffer for sas_hmac256_signed_signature."); + EXIT_IF_TRUE(az_span_is_content_equal(sas_hmac256_signed_signature, AZ_SPAN_EMPTY), 0, "Failed reserving buffer for sas_hmac256_signed_signature."); result = data_manipulation_functions.hmac_sha256_encrypt( az_span_ptr(decoded_sas_key), decoded_sas_key_length, @@ -1251,16 +1267,16 @@ static az_span generate_dps_register_custom_property(az_span model_id, az_span d size_t length = lengthof(DPS_REGISTER_CUSTOM_PAYLOAD_BEGIN) + az_span_size(model_id) + lengthof(DPS_REGISTER_CUSTOM_PAYLOAD_END); custom_property = split_az_span(data_buffer, length, remainder); - EXIT_IF_TRUE(is_az_span_empty(custom_property), AZ_SPAN_EMPTY, "Failed generating DPS register custom property (not enough space)."); + EXIT_IF_TRUE(az_span_is_content_equal(custom_property, AZ_SPAN_EMPTY), AZ_SPAN_EMPTY, "Failed generating DPS register custom property (not enough space)."); data_buffer = az_span_copy(data_buffer, AZ_SPAN_FROM_STR(DPS_REGISTER_CUSTOM_PAYLOAD_BEGIN)); - EXIT_IF_TRUE(is_az_span_empty(data_buffer), AZ_SPAN_EMPTY, "Failed generating DPS register custom property (prefix)."); + EXIT_IF_TRUE(az_span_is_content_equal(data_buffer, AZ_SPAN_EMPTY), AZ_SPAN_EMPTY, "Failed generating DPS register custom property (prefix)."); data_buffer = az_span_copy(data_buffer, model_id); - EXIT_IF_TRUE(is_az_span_empty(data_buffer), AZ_SPAN_EMPTY, "Failed generating DPS register custom property (model id)."); + EXIT_IF_TRUE(az_span_is_content_equal(data_buffer, AZ_SPAN_EMPTY), AZ_SPAN_EMPTY, "Failed generating DPS register custom property (model id)."); data_buffer = az_span_copy(data_buffer, AZ_SPAN_FROM_STR(DPS_REGISTER_CUSTOM_PAYLOAD_END)); - EXIT_IF_TRUE(is_az_span_empty(data_buffer), AZ_SPAN_EMPTY, "Failed generating DPS register custom property (suffix)."); + EXIT_IF_TRUE(az_span_is_content_equal(data_buffer, AZ_SPAN_EMPTY), AZ_SPAN_EMPTY, "Failed generating DPS register custom property (suffix)."); return custom_property; } @@ -1270,7 +1286,7 @@ az_span split_az_span(az_span span, int32_t size, az_span* remainder) { az_span result = az_span_slice(span, 0, size); - if (remainder != NULL && !is_az_span_empty(result)) + if (remainder != NULL && !az_span_is_content_equal(result, AZ_SPAN_EMPTY)) { *remainder = az_span_slice(span, size, az_span_size(span)); } @@ -1282,12 +1298,12 @@ az_span slice_and_copy_az_span(az_span destination, az_span source, az_span* rem { az_span result = split_az_span(destination, az_span_size(source), remainder); - if (is_az_span_empty(*remainder)) + if (az_span_is_content_equal(*remainder, AZ_SPAN_EMPTY)) { result = AZ_SPAN_EMPTY; } - if (!is_az_span_empty(result)) + if (!az_span_is_content_equal(result, AZ_SPAN_EMPTY)) { (void)az_span_copy(result, source); } diff --git a/examples/Azure_IoT_Central_ESP32_AzureIoTKit/AzureIoT.h b/examples/Azure_IoT_Central_ESP32_AzureIoTKit/AzureIoT.h index 84795bd9..5a99b3d4 100644 --- a/examples/Azure_IoT_Central_ESP32_AzureIoTKit/AzureIoT.h +++ b/examples/Azure_IoT_Central_ESP32_AzureIoTKit/AzureIoT.h @@ -454,6 +454,18 @@ typedef struct azure_iot_config_t_struct */ az_span device_key; + /* + * @brief X509 certificate to be used for authentication. + * + */ + az_span device_certificate; + + /* + * @brief X509 certificate private key to be used for authentication. + * + */ + az_span device_certificate_private_key; + /* * @brief The "Registration ID" to authenticate with when connecting to * Azure Device Provisioning service. @@ -776,15 +788,6 @@ int azure_iot_mqtt_client_message_received(azure_iot_t* azure_iot, mqtt_message_ * These functions are used internally by the Azure IoT client code and its extensions. */ -/** - * @brief Checks whether `span` is equal to AZ_SPAN_EMPTY. - * - * @param[in] span A span to be verified. - * - * @return boolean True if `span`'s pointer and size are equal to AZ_SPAN_EMPTY, or false otherwise. - */ -#define is_az_span_empty(span) az_span_is_content_equal(span, AZ_SPAN_EMPTY) - /** * @brief Slices `span` at position `size`, returns the first slice and assigns the second slice to `remainder`. * diff --git a/examples/Azure_IoT_Central_ESP32_AzureIoTKit/Azure_IoT_Central_ESP32_AzureIoTKit.ino b/examples/Azure_IoT_Central_ESP32_AzureIoTKit/Azure_IoT_Central_ESP32_AzureIoTKit.ino index ea1a7b54..f61a4dfe 100644 --- a/examples/Azure_IoT_Central_ESP32_AzureIoTKit/Azure_IoT_Central_ESP32_AzureIoTKit.ino +++ b/examples/Azure_IoT_Central_ESP32_AzureIoTKit/Azure_IoT_Central_ESP32_AzureIoTKit.ino @@ -135,7 +135,15 @@ static int mqtt_client_init_function(mqtt_client_config_t* mqtt_client_config, m mqtt_config.port = mqtt_client_config->port; mqtt_config.client_id = (const char*)az_span_ptr(mqtt_client_config->client_id); mqtt_config.username = (const char*)az_span_ptr(mqtt_client_config->username); - mqtt_config.password = (const char*)az_span_ptr(mqtt_client_config->password); + + #ifdef IOT_CONFIG_USE_X509_CERT + LogInfo("MQTT client using X509 Certificate authentication"); + mqtt_config.client_cert_pem = IOT_CONFIG_DEVICE_CERT; + mqtt_config.client_key_pem = IOT_CONFIG_DEVICE_CERT_PRIVATE_KEY; + #else // Using SAS key + mqtt_config.password = (const char*)az_span_ptr(mqtt_client_config->password); + #endif + mqtt_config.keepalive = 30; mqtt_config.disable_clean_session = 0; mqtt_config.disable_auto_reconnect = false; @@ -336,7 +344,17 @@ void setup() azure_iot_config.use_device_provisioning = true; // Required for Azure IoT Central. azure_iot_config.iot_hub_fqdn = AZ_SPAN_EMPTY; azure_iot_config.device_id = AZ_SPAN_EMPTY; - azure_iot_config.device_key = AZ_SPAN_FROM_STR(IOT_CONFIG_DEVICE_KEY); + + #ifdef IOT_CONFIG_USE_X509_CERT + azure_iot_config.device_certificate = AZ_SPAN_FROM_STR(IOT_CONFIG_DEVICE_CERT); + azure_iot_config.device_certificate_private_key = AZ_SPAN_FROM_STR(IOT_CONFIG_DEVICE_CERT_PRIVATE_KEY); + azure_iot_config.device_key = AZ_SPAN_EMPTY; + #else + azure_iot_config.device_certificate = AZ_SPAN_EMPTY; + azure_iot_config.device_certificate_private_key = AZ_SPAN_EMPTY; + azure_iot_config.device_key = AZ_SPAN_FROM_STR(IOT_CONFIG_DEVICE_KEY); + #endif // IOT_CONFIG_USE_X509_CERT + azure_iot_config.dps_id_scope = AZ_SPAN_FROM_STR(DPS_ID_SCOPE); azure_iot_config.dps_registration_id = AZ_SPAN_FROM_STR(IOT_CONFIG_DEVICE_ID); // Use Device ID for Azure IoT Central. azure_iot_config.data_buffer = AZ_SPAN_FROM_BUFFER(az_iot_data_buffer); diff --git a/examples/Azure_IoT_Central_ESP32_AzureIoTKit/iot_configs.h b/examples/Azure_IoT_Central_ESP32_AzureIoTKit/iot_configs.h index 9d873758..159c627e 100644 --- a/examples/Azure_IoT_Central_ESP32_AzureIoTKit/iot_configs.h +++ b/examples/Azure_IoT_Central_ESP32_AzureIoTKit/iot_configs.h @@ -5,10 +5,60 @@ #define IOT_CONFIG_WIFI_SSID "SSID" #define IOT_CONFIG_WIFI_PASSWORD "PWD" +// Enable macro IOT_CONFIG_USE_X509_CERT to use an x509 certificate to authenticate the IoT device. +// The two main modes of authentication are through SAS tokens (automatically generated by the sample using the provided device symmetric key) or through x509 certificates. +// Please choose the appropriate option according to your device authentication mode. + +// #define IOT_CONFIG_USE_X509_CERT + +#ifdef IOT_CONFIG_USE_X509_CERT + +/* + * Please set the define IOT_CONFIG_DEVICE_CERT below with + * the content of your device x509 certificate. + * + * Example: + * #define IOT_CONFIG_DEVICE_CERT "-----BEGIN CERTIFICATE-----\r\n" \ + * "MIIBJDCBywIUfeHrebBVa2eZAbouBgACp9R3BncwCgYIKoZIzj0EAwIwETEPMA0G\r\n" \ + * "A1UEAwwGRFBTIENBMB4XDTIyMDMyMjazMTAzN1oXDTIzMDMyMjIzMTAzN1owGTEX\r\n" \ + * "MBUGA1UEAwwOY29udG9zby1kZXZpY2UwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\r\n" \ + * ....... + * "YmGzdaHTb6P1W+p+jmc+jJn1MAoGCXqGSM49BAMCA0gAMEUCIEnbEMsAdGFroMwl\r\n" \ + * "vTfQahwsxN3xink9z1gtirrjQlqDAiEAyU+6TUJcG6d9JF+uJqsLFpsbbF3IzGAw\r\n" \ + * "yC+koNRC0MU=\r\n" \ + * "-----END CERTIFICATE-----" + * + */ +#define IOT_CONFIG_DEVICE_CERT "Device Certificate" + +/* + * Please set the define IOT_CONFIG_DEVICE_CERT_PRIVATE_KEY below with + * the content of your device x509 private key. + * + * Example: + * + * #define IOT_CONFIG_DEVICE_CERT_PRIVATE_KEY "-----BEGIN EC PRIVATE KEY-----\r\n" \ + * "MHcCAQEEIKGXkMMiO9D7jYpUjUGTBn7gGzeKPeNzCP83wbfQfLd9obAoGCCqGSM49\r\n" \ + * "AwEHoUQDQgAEU6nQoYbjgJvBwaeD6MyAYmOSDg0QhEdyyV337qrlIbDEKvFsn1El\r\n" \ + * "yRabc4dNp2Jhs3Xh02+j9Vvqfo5nPoyZ9Q==\r\n" \ + * "-----END EC PRIVATE KEY-----" + * + * Note the type of key may different in your case. Such as BEGIN PRIVATE KEY + * or BEGIN RSA PRIVATE KEY. + * +*/ +#define IOT_CONFIG_DEVICE_CERT_PRIVATE_KEY "Device Certificate Private Key" + +#endif // IOT_CONFIG_USE_X509_CERT + // Azure IoT Central #define DPS_ID_SCOPE "ID Scope" #define IOT_CONFIG_DEVICE_ID "Device ID" -#define IOT_CONFIG_DEVICE_KEY "Device Key" +// Use device key if not using certificates +#ifndef IOT_CONFIG_USE_X509_CERT + #define IOT_CONFIG_DEVICE_KEY "Device Key" +#endif // IOT_CONFIG_USE_X509_CERT + // User-agent (url-encoded) provided by the MQTT client to Azure IoT Services. // When developing for your own Arduino-based platform, diff --git a/examples/Azure_IoT_Hub_ESP32/AzIoTSasToken.cpp b/examples/Azure_IoT_Hub_ESP32/AzIoTSasToken.cpp index 3cdc2f73..4fd578ed 100644 --- a/examples/Azure_IoT_Hub_ESP32/AzIoTSasToken.cpp +++ b/examples/Azure_IoT_Hub_ESP32/AzIoTSasToken.cpp @@ -12,7 +12,7 @@ #define INDEFINITE_TIME ((time_t)-1) -#define is_az_span_empty(x) (az_span_size(x) == az_span_size(AZ_SPAN_EMPTY) && az_span_ptr(x) == az_span_ptr(AZ_SPAN_EMPTY)) +#define az_span_is_content_equal(x, AZ_SPAN_EMPTY) (az_span_size(x) == az_span_size(AZ_SPAN_EMPTY) && az_span_ptr(x) == az_span_ptr(AZ_SPAN_EMPTY)) static uint32_t getSasTokenExpiration(const char* sasToken) { @@ -242,7 +242,7 @@ int AzIoTSasToken::Generate(unsigned int expiryTimeInMinutes) expiryTimeInMinutes, this->sasTokenBuffer); - if (is_az_span_empty(this->sasToken)) + if (az_span_is_content_equal(this->sasToken, AZ_SPAN_EMPTY)) { Logger.Error("Failed generating SAS token"); return 1; diff --git a/examples/Azure_IoT_Hub_ESP32/Azure_IoT_Hub_ESP32.ino b/examples/Azure_IoT_Hub_ESP32/Azure_IoT_Hub_ESP32.ino index 61e11a9d..94bb93ae 100644 --- a/examples/Azure_IoT_Hub_ESP32/Azure_IoT_Hub_ESP32.ino +++ b/examples/Azure_IoT_Hub_ESP32/Azure_IoT_Hub_ESP32.ino @@ -83,12 +83,13 @@ static uint32_t telemetry_send_count = 0; static char incoming_data[INCOMING_DATA_BUFFER_SIZE]; // Auxiliary functions - +#ifndef IOT_CONFIG_USE_X509_CERT static AzIoTSasToken sasToken( &client, AZ_SPAN_FROM_STR(IOT_CONFIG_DEVICE_KEY), AZ_SPAN_FROM_BUFFER(sas_signature_buffer), AZ_SPAN_FROM_BUFFER(mqtt_password)); +#endif // IOT_CONFIG_USE_X509_CERT static void connectToWiFi() { @@ -235,11 +236,13 @@ static void initializeIoTHubClient() static int initializeMqttClient() { + #ifndef IOT_CONFIG_USE_X509_CERT if (sasToken.Generate(SAS_TOKEN_DURATION_IN_MINUTES) != 0) { Logger.Error("Failed generating SAS token"); return 1; } + #endif esp_mqtt_client_config_t mqtt_config; memset(&mqtt_config, 0, sizeof(mqtt_config)); @@ -247,7 +250,15 @@ static int initializeMqttClient() mqtt_config.port = mqtt_port; mqtt_config.client_id = mqtt_client_id; mqtt_config.username = mqtt_username; - mqtt_config.password = (const char*)az_span_ptr(sasToken.Get()); + + #ifdef IOT_CONFIG_USE_X509_CERT + Logger.Info("MQTT client using X509 Certificate authentication"); + mqtt_config.client_cert_pem = IOT_CONFIG_DEVICE_CERT; + mqtt_config.client_key_pem = IOT_CONFIG_DEVICE_CERT_PRIVATE_KEY; + #else // Using SAS key + mqtt_config.password = (const char*)az_span_ptr(sasToken.Get()); + #endif + mqtt_config.keepalive = 30; mqtt_config.disable_clean_session = 0; mqtt_config.disable_auto_reconnect = false; @@ -355,12 +366,14 @@ void loop() { connectToWiFi(); } + #ifndef IOT_CONFIG_USE_X509_CERT else if (sasToken.IsExpired()) { Logger.Info("SAS token expired; reconnecting with a new one."); (void)esp_mqtt_client_destroy(mqtt_client); initializeMqttClient(); } + #endif else if (millis() > next_telemetry_send_time_ms) { sendTelemetry(); diff --git a/examples/Azure_IoT_Hub_ESP32/iot_configs.h b/examples/Azure_IoT_Hub_ESP32/iot_configs.h index 9a05c1cd..663eeee8 100644 --- a/examples/Azure_IoT_Hub_ESP32/iot_configs.h +++ b/examples/Azure_IoT_Hub_ESP32/iot_configs.h @@ -2,13 +2,62 @@ // SPDX-License-Identifier: MIT // Wifi -#define IOT_CONFIG_WIFI_SSID "SSID" -#define IOT_CONFIG_WIFI_PASSWORD "PWD" +#define IOT_CONFIG_WIFI_SSID "SSID" +#define IOT_CONFIG_WIFI_PASSWORD "PWD" + +// Enable macro IOT_CONFIG_USE_X509_CERT to use an x509 certificate to authenticate the IoT device. +// The two main modes of authentication are through SAS tokens (automatically generated by the sample using the provided device symmetric key) or through x509 certificates. +// Please choose the appropriate option according to your device authentication mode. + +// #define IOT_CONFIG_USE_X509_CERT + +#ifdef IOT_CONFIG_USE_X509_CERT + +/* + * Please set the define IOT_CONFIG_DEVICE_CERT below with + * the content of your device x509 certificate. + * + * Example: + * #define IOT_CONFIG_DEVICE_CERT "-----BEGIN CERTIFICATE-----\r\n" \ + * "MIIBJDCBywIUfeHrebBVa2eZAbouBgACp9R3BncwCgYIKoZIzj0EAwIwETEPMA0G\r\n" \ + * "A1UEAwwGRFBTIENBMB4XDTIyMDMyMjazMTAzN1oXDTIzMDMyMjIzMTAzN1owGTEX\r\n" \ + * "MBUGA1UEAwwOY29udG9zby1kZXZpY2UwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\r\n" \ + * ....... + * "YmGzdaHTb6P1W+p+jmc+jJn1MAoGCXqGSM49BAMCA0gAMEUCIEnbEMsAdGFroMwl\r\n" \ + * "vTfQahwsxN3xink9z1gtirrjQlqDAiEAyU+6TUJcG6d9JF+uJqsLFpsbbF3IzGAw\r\n" \ + * "yC+koNRC0MU=\r\n" \ + * "-----END CERTIFICATE-----" + * + */ +#define IOT_CONFIG_DEVICE_CERT "Device Certificate" + +/* + * Please set the define IOT_CONFIG_DEVICE_CERT_PRIVATE_KEY below with + * the content of your device x509 private key. + * + * Example: + * + * #define IOT_CONFIG_DEVICE_CERT_PRIVATE_KEY "-----BEGIN EC PRIVATE KEY-----\r\n" \ + * "MHcCAQEEIKGXkMMiO9D7jYpUjUGTBn7gGzeKPeNzCP83wbfQfLd9obAoGCCqGSM49\r\n" \ + * "AwEHoUQDQgAEU6nQoYbjgJvBwaeD6MyAYmOSDg0QhEdyyV337qrlIbDEKvFsn1El\r\n" \ + * "yRabc4dNp2Jhs3Xh02+j9Vvqfo5nPoyZ9Q==\r\n" \ + * "-----END EC PRIVATE KEY-----" + * + * Note the type of key may different in your case. Such as BEGIN PRIVATE KEY + * or BEGIN RSA PRIVATE KEY. + * +*/ +#define IOT_CONFIG_DEVICE_CERT_PRIVATE_KEY "Device Certificate Private Key" + +#endif // IOT_CONFIG_USE_X509_CERT // Azure IoT #define IOT_CONFIG_IOTHUB_FQDN "[your Azure IoT host name].azure-devices.net" #define IOT_CONFIG_DEVICE_ID "Device ID" -#define IOT_CONFIG_DEVICE_KEY "Device Key" +// Use device key if not using certificates +#ifndef IOT_CONFIG_USE_X509_CERT + #define IOT_CONFIG_DEVICE_KEY "Device Key" +#endif // IOT_CONFIG_USE_X509_CERT // Publish 1 message every 2 seconds #define TELEMETRY_FREQUENCY_MILLISECS 2000