add function for setting csr cert

awslabs · Sep 12, 2024 · b187fc5 · b187fc5
1 parent 5b066a0
commit b187fc5
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 38 deletions.
diff --git a/source/fleetprovisioning/FleetProvisioning.cpp b/source/fleetprovisioning/FleetProvisioning.cpp
@@ -48,9 +48,8 @@ constexpr int FleetProvisioning::DEFAULT_WAIT_TIME_SECONDS;
 
 FleetProvisioning::FleetProvisioning() : collectSystemInformation(false) {}
 
-bool FleetProvisioning::WriteCertToDirectory(CreateKeysAndCertificateResponse *response, string fileName){
-    Aws::Crt::String certificateID = response->CertificateId->c_str();
-
+bool FleetProvisioning::WriteKeyAndCertToDirectory(CreateKeysAndCertificateResponse *response, string fileName)
+{
     ostringstream certPathStream, keyPathStream;
     certPathStream << keyDir << fileName << "-certificate.pem.crt";
     keyPathStream << keyDir << fileName << "-private.pem.key";
@@ -72,13 +71,12 @@ bool FleetProvisioning::WriteCertToDirectory(CreateKeysAndCertificateResponse *r
             FileUtils::ValidateFilePermissions(keyPath.c_str(), Permissions::PRIVATE_KEY))
         {
             LOG_INFO(TAG, "Successfully set permissions on provisioned public certificate and private key");
-            keysCreationCompletedPromise.set_value(true);
+            return true;
         }
         else
         {
-            keysCreationCompletedPromise.set_value(false);
+            return false;
         }
-        return true;
     }
     else
     {
@@ -87,7 +85,35 @@ bool FleetProvisioning::WriteCertToDirectory(CreateKeysAndCertificateResponse *r
             "Failed to store public certificate and private key in files %s and %s",
             certPath.c_str(),
             keyPath.c_str());
-        keysCreationCompletedPromise.set_value(false);
+        return false;
+    }
+}
+
+bool FleetProvisioning::WriteCSRCertToDirectory(CreateCertificateFromCsrResponse *response, string fileName)
+{
+    ostringstream certPathStream;
+    certPathStream << keyDir << fileName << "-certificate.pem.crt";
+    certPath = FileUtils::ExtractExpandedPath(certPathStream.str().c_str()).c_str();
+
+    if (FileUtils::StoreValueInFile(response->CertificatePem->c_str(), certPath.c_str()))
+    {
+        LOGM_INFO(TAG, "Stored certificate in %s file", certPath.c_str());
+
+        LOG_INFO(TAG, "Attempting to set permissions for certificate...");
+        chmod(certPath.c_str(), S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+        if (FileUtils::ValidateFilePermissions(certPath.c_str(), Permissions::PUBLIC_CERT))
+        {
+            LOG_INFO(TAG, "Successfully set permissions on provisioned public certificate");
+            return true;
+        }
+        else
+        {
+            return false;
+        }
+    }
+    else
+    {
+        LOGM_ERROR(TAG, "Failed to store public certificate in file %s", certPath.c_str());
         return false;
     }
 }
@@ -137,8 +163,8 @@ bool FleetProvisioning::CreateCertificateAndKey(Iotidentity::IotIdentityClient i
             LOGM_INFO(TAG, "CreateKeysAndCertificateResponse certificateId: %s.", response->CertificateId->c_str());
             certificateOwnershipToken = *response->CertificateOwnershipToken;
             Aws::Crt::String certificateID = response->CertificateId->c_str();
-            WriteCertToDirectory(response, certificateID.c_str());
-            WriteCertToDirectory(response, "active");
+            bool writeSucceeded = WriteKeyAndCertToDirectory(response, certificateID.c_str()) && WriteKeyAndCertToDirectory(response, "active");
+            keysCreationCompletedPromise.set_value(writeSucceeded);
         }
         else
         {
@@ -268,32 +294,8 @@ bool FleetProvisioning::CreateCertificateUsingCSR(Iotidentity::IotIdentityClient
             LOGM_INFO(TAG, "CreateCertificateFromCsrResponse certificateId: %s. ***", response->CertificateId->c_str());
             certificateOwnershipToken = *response->CertificateOwnershipToken;
             Aws::Crt::String certificateID = response->CertificateId->c_str();
-
-            ostringstream certPathStream;
-            certPathStream << keyDir << certificateID << "-certificate.pem.crt";
-            certPath = FileUtils::ExtractExpandedPath(certPathStream.str().c_str()).c_str();
-
-            if (FileUtils::StoreValueInFile(response->CertificatePem->c_str(), certPath.c_str()))
-            {
-                LOGM_INFO(TAG, "Stored certificate in %s file", certPath.c_str());
-
-                LOG_INFO(TAG, "Attempting to set permissions for certificate...");
-                chmod(certPath.c_str(), S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
-                if (FileUtils::ValidateFilePermissions(certPath.c_str(), Permissions::PUBLIC_CERT))
-                {
-                    LOG_INFO(TAG, "Successfully set permissions on provisioned public certificate");
-                    csrCreationCompletedPromise.set_value(true);
-                }
-                else
-                {
-                    csrCreationCompletedPromise.set_value(false);
-                }
-            }
-            else
-            {
-                LOGM_ERROR(TAG, "Failed to store public certificate in file %s", certPath.c_str());
-                csrCreationCompletedPromise.set_value(false);
-            }
+            bool writeSucceeded = WriteCSRCertToDirectory(response, certificateID.c_str()) && WriteCSRCertToDirectory(response, "active");
+            csrCreationCompletedPromise.set_value(writeSucceeded);
         }
         else
         {
@@ -527,8 +529,7 @@ bool FleetProvisioning::ProvisionDevice(shared_ptr<SharedCrtResourceManager> fpC
         LOG_INFO(TAG, "Fleet Provisioning Feature has been started.");
         collectSystemInformation = config.fleetProvisioning.collectSystemInformation;
 
-        bool didSetup = FileUtils::CreateDirectoryWithPermissions(keyDir.c_str(), S_IRWXU) &&
-                        FileUtils::CreateDirectoryWithPermissions(
+        bool didSetup =  FileUtils::CreateDirectoryWithPermissions(keyDir.c_str(), S_IRWXU) && FileUtils::CreateDirectoryWithPermissions(
                             Config::DEFAULT_CONFIG_DIR, S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IROTH | S_IXOTH);
         if (!didSetup)
         {

diff --git a/source/fleetprovisioning/FleetProvisioning.h b/source/fleetprovisioning/FleetProvisioning.h
@@ -172,7 +172,15 @@ namespace Aws
                      * @param response from IotIdentity CreateKeysAndCertificate call
                      * @return returns true if successfully written to directory
                      */
-                    bool WriteCertToDirectory(Iotidentity::CreateKeysAndCertificateResponse *response, std::string fileName);
+                    bool WriteKeyAndCertToDirectory(Iotidentity::CreateKeysAndCertificateResponse *response, std::string fileName);
+
+                    /**
+                     * \brief writes contents of the cert from CSR to the device client config directory.
+                     *
+                     * @param response from IotIdentity CreateCertificateFromCsrResponse call
+                     * @return returns true if successfully written to directory
+                     */
+                    bool WriteCSRCertToDirectory(Iotidentity::CreateCertificateFromCsrResponse *response, std::string fileName);
 
                     /**
                      * \brief creates a new certificate and private key using the AWS certificate authority