source: azure_iot_hub/trunk/azure_iohub/iothub_client/src/iothub_client_authorization.c@ 388

Last change on this file since 388 was 388, checked in by coas-nagasima, 5 years ago

Azure IoT Hub Device C SDK を使ったサンプルの追加
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
  • Property svn:mime-type set to text/x-csrc
File size: 24.9 KB
Line 
1// Copyright (c) Microsoft. All rights reserved.
2// Licensed under the MIT license. See LICENSE file in the project root for full license information.
3
4#include <stdlib.h>
5#include "azure_c_shared_utility/gballoc.h"
6#include "azure_c_shared_utility/macro_utils.h"
7#include "azure_c_shared_utility/umock_c_prod.h"
8#include "azure_c_shared_utility/crt_abstractions.h"
9#include "azure_c_shared_utility/agenttime.h"
10#include "azure_c_shared_utility/xlogging.h"
11#include "azure_c_shared_utility/strings.h"
12#include "azure_c_shared_utility/sastoken.h"
13#include "azure_c_shared_utility/shared_util_options.h"
14
15#ifdef USE_PROV_MODULE
16#include "azure_prov_client/internal/iothub_auth_client.h"
17#endif
18
19#include "internal/iothub_client_authorization.h"
20
21#define DEFAULT_SAS_TOKEN_EXPIRY_TIME_SECS 3600
22#define INDEFINITE_TIME ((time_t)(-1))
23#define MIN_SAS_EXPIRY_TIME 5 // 5 seconds
24
25typedef struct IOTHUB_AUTHORIZATION_DATA_TAG
26{
27 char* device_sas_token;
28 char* device_key;
29 char* device_id;
30 char* module_id;
31 size_t token_expiry_time_sec;
32 IOTHUB_CREDENTIAL_TYPE cred_type;
33#ifdef USE_PROV_MODULE
34 IOTHUB_SECURITY_HANDLE device_auth_handle;
35#endif
36} IOTHUB_AUTHORIZATION_DATA;
37
38static int get_seconds_since_epoch(size_t* seconds)
39{
40 int result;
41 time_t current_time;
42 if ((current_time = get_time(NULL)) == INDEFINITE_TIME)
43 {
44 LogError("Failed getting the current local time (get_time() failed)");
45 result = MU_FAILURE;
46 }
47 else
48 {
49 *seconds = (size_t)get_difftime(current_time, (time_t)0);
50 result = 0;
51 }
52 return result;
53}
54
55static IOTHUB_AUTHORIZATION_DATA* initialize_auth_client(const char* device_id, const char* module_id)
56{
57 IOTHUB_AUTHORIZATION_DATA* result;
58
59 /* Codes_SRS_IoTHub_Authorization_07_002: [IoTHubClient_Auth_Create shall allocate a IOTHUB_AUTHORIZATION_HANDLE that is needed for subsequent calls. ] */
60 result = (IOTHUB_AUTHORIZATION_DATA*)malloc(sizeof(IOTHUB_AUTHORIZATION_DATA) );
61 if (result == NULL)
62 {
63 /* Codes_SRS_IoTHub_Authorization_07_019: [ On error IoTHubClient_Auth_Create shall return NULL. ] */
64 LogError("Failed allocating IOTHUB_AUTHORIZATION_DATA");
65 result = NULL;
66 }
67 else
68 {
69 memset(result, 0, sizeof(IOTHUB_AUTHORIZATION_DATA) );
70 if (mallocAndStrcpy_s(&result->device_id, device_id) != 0)
71 {
72 /* Codes_SRS_IoTHub_Authorization_07_019: [ On error IoTHubClient_Auth_Create shall return NULL. ] */
73 LogError("Failed allocating device_key");
74 free(result);
75 result = NULL;
76 }
77 else if (module_id != NULL && mallocAndStrcpy_s(&result->module_id, module_id) != 0)
78 {
79 /* Codes_SRS_IoTHub_Authorization_07_019: [ On error IoTHubClient_Auth_Create shall return NULL. ] */
80 LogError("Failed allocating module_id");
81 free(result->device_id);
82 free(result);
83 result = NULL;
84 }
85 else
86 {
87 result->token_expiry_time_sec = DEFAULT_SAS_TOKEN_EXPIRY_TIME_SECS;
88 }
89 }
90 return result;
91}
92
93IOTHUB_AUTHORIZATION_HANDLE IoTHubClient_Auth_Create(const char* device_key, const char* device_id, const char* device_sas_token, const char *module_id)
94{
95 IOTHUB_AUTHORIZATION_DATA* result;
96 /* Codes_SRS_IoTHub_Authorization_07_001: [if device_id is NULL IoTHubClient_Auth_Create, shall return NULL. ] */
97 if (device_id == NULL)
98 {
99 LogError("Invalid Parameter device_id: %p", device_id);
100 result = NULL;
101 }
102 else
103 {
104 result = initialize_auth_client(device_id, module_id);
105 if (result == NULL)
106 {
107 LogError("Failure initializing auth client");
108 }
109 else if (device_key != NULL && mallocAndStrcpy_s(&result->device_key, device_key) != 0)
110 {
111 /* Codes_SRS_IoTHub_Authorization_07_019: [ On error IoTHubClient_Auth_Create shall return NULL. ] */
112 LogError("Failed allocating device_key");
113 free(result->device_id);
114 free(result->module_id);
115 free(result);
116 result = NULL;
117 }
118 else
119 {
120 if (device_key != NULL)
121 {
122 /* Codes_SRS_IoTHub_Authorization_07_003: [ IoTHubClient_Auth_Create shall set the credential type to IOTHUB_CREDENTIAL_TYPE_DEVICE_KEY if the device_sas_token is NULL. ]*/
123 result->cred_type = IOTHUB_CREDENTIAL_TYPE_DEVICE_KEY;
124 }
125 else if (device_sas_token != NULL)
126 {
127 /* Codes_SRS_IoTHub_Authorization_07_020: [ else IoTHubClient_Auth_Create shall set the credential type to IOTHUB_CREDENTIAL_TYPE_SAS_TOKEN. ] */
128 result->cred_type = IOTHUB_CREDENTIAL_TYPE_SAS_TOKEN;
129 if (mallocAndStrcpy_s(&result->device_sas_token, device_sas_token) != 0)
130 {
131 /* Codes_SRS_IoTHub_Authorization_07_019: [ On error IoTHubClient_Auth_Create shall return NULL. ] */
132 LogError("Failed allocating device_key");
133 free(result->device_key);
134 free(result->device_id);
135 free(result->module_id);
136 free(result);
137 result = NULL;
138 }
139 }
140 else
141 {
142 /* Codes_SRS_IoTHub_Authorization_07_024: [ if device_sas_token and device_key are NULL IoTHubClient_Auth_Create shall set the credential type to IOTHUB_CREDENTIAL_TYPE_UNKNOWN. ] */
143 result->cred_type = IOTHUB_CREDENTIAL_TYPE_UNKNOWN;
144 }
145 }
146 }
147 /* Codes_SRS_IoTHub_Authorization_07_004: [ If successful IoTHubClient_Auth_Create shall return a IOTHUB_AUTHORIZATION_HANDLE value. ] */
148 return result;
149}
150
151IOTHUB_AUTHORIZATION_HANDLE IoTHubClient_Auth_CreateFromDeviceAuth(const char* device_id, const char* module_id)
152{
153 IOTHUB_AUTHORIZATION_DATA* result;
154 if (device_id == NULL)
155 {
156 LogError("Invalid Parameter device_id: %p", device_id);
157 result = NULL;
158 }
159 else
160 {
161#ifdef USE_PROV_MODULE
162 result = initialize_auth_client(device_id, module_id);
163 if (result == NULL)
164 {
165 LogError("Failure initializing auth client");
166 }
167 else
168 {
169 result->device_auth_handle = iothub_device_auth_create();
170 if (result->device_auth_handle == NULL)
171 {
172 LogError("Failed allocating IOTHUB_AUTHORIZATION_DATA");
173 free(result->device_id);
174 free(result->module_id);
175 free(result);
176 result = NULL;
177 }
178 else
179 {
180 DEVICE_AUTH_TYPE auth_type = iothub_device_auth_get_type(result->device_auth_handle);
181 if (auth_type == AUTH_TYPE_SAS || auth_type == AUTH_TYPE_SYMM_KEY)
182 {
183 result->cred_type = IOTHUB_CREDENTIAL_TYPE_DEVICE_AUTH;
184 }
185 else
186 {
187 result->cred_type = IOTHUB_CREDENTIAL_TYPE_X509_ECC;
188 }
189 }
190 }
191#else
192 (void)module_id;
193 LogError("Failed HSM module is not supported");
194 result = NULL;
195#endif
196 }
197 return result;
198}
199
200void IoTHubClient_Auth_Destroy(IOTHUB_AUTHORIZATION_HANDLE handle)
201{
202 /* Codes_SRS_IoTHub_Authorization_07_005: [ if handle is NULL IoTHubClient_Auth_Destroy shall do nothing. ] */
203 if (handle != NULL)
204 {
205 /* Codes_SRS_IoTHub_Authorization_07_006: [ IoTHubClient_Auth_Destroy shall free all resources associated with the IOTHUB_AUTHORIZATION_HANDLE handle. ] */
206#ifdef USE_PROV_MODULE
207 iothub_device_auth_destroy(handle->device_auth_handle);
208#endif
209 free(handle->device_key);
210 free(handle->device_id);
211 free(handle->module_id);
212 free(handle->device_sas_token);
213 free(handle);
214 }
215}
216
217IOTHUB_CREDENTIAL_TYPE IoTHubClient_Auth_Set_x509_Type(IOTHUB_AUTHORIZATION_HANDLE handle, bool enable_x509)
218{
219 IOTHUB_CREDENTIAL_TYPE result;
220 if (handle != NULL)
221 {
222 if (enable_x509)
223 {
224 result = handle->cred_type = IOTHUB_CREDENTIAL_TYPE_X509;
225 }
226 else
227 {
228 if (handle->device_sas_token == NULL)
229 {
230 result = handle->cred_type = IOTHUB_CREDENTIAL_TYPE_DEVICE_KEY;
231 }
232 else if (handle->device_key == NULL)
233 {
234 result = handle->cred_type = IOTHUB_CREDENTIAL_TYPE_SAS_TOKEN;
235 }
236 else
237 {
238 result = handle->cred_type = IOTHUB_CREDENTIAL_TYPE_UNKNOWN;
239 }
240 }
241 }
242 else
243 {
244 result = IOTHUB_CREDENTIAL_TYPE_UNKNOWN;
245 }
246 return result;
247}
248
249int IoTHubClient_Auth_Set_xio_Certificate(IOTHUB_AUTHORIZATION_HANDLE handle, XIO_HANDLE xio)
250{
251 int result;
252 if (handle == NULL || xio == NULL)
253 {
254 LogError("Invalid Parameter handle: %p xio: %p", handle, xio);
255 result = MU_FAILURE;
256 }
257 else if (handle->cred_type != IOTHUB_CREDENTIAL_TYPE_X509_ECC)
258 {
259 LogError("Invalid credential types for this operation");
260 result = MU_FAILURE;
261 }
262 else
263 {
264#ifdef USE_PROV_MODULE
265 CREDENTIAL_RESULT* cred_result = iothub_device_auth_generate_credentials(handle->device_auth_handle, NULL);
266 if (cred_result == NULL)
267 {
268 LogError("Failure generating credentials");
269 result = MU_FAILURE;
270 }
271 else
272 {
273 if (xio_setoption(xio, OPTION_X509_ECC_CERT, cred_result->auth_cred_result.x509_result.x509_cert) != 0)
274 {
275 LogError("Failure setting x509 cert on xio");
276 result = MU_FAILURE;
277 }
278 else if (xio_setoption(xio, OPTION_X509_ECC_KEY, cred_result->auth_cred_result.x509_result.x509_alias_key) != 0)
279 {
280 LogError("Failure setting x509 key on xio");
281 result = MU_FAILURE;
282 }
283 else
284 {
285 result = 0;
286 }
287 free(cred_result);
288 }
289#else
290 LogError("Failed HSM module is not supported");
291 result = MU_FAILURE;
292#endif
293 }
294 return result;
295}
296
297int IoTHubClient_Auth_Get_x509_info(IOTHUB_AUTHORIZATION_HANDLE handle, char** x509_cert, char** x509_key)
298{
299 int result;
300 if (handle == NULL || x509_cert == NULL || x509_key == NULL)
301 {
302 LogError("Invalid Parameter handle: %p, x509_cert: %p, x509_key: %p", handle, x509_cert, x509_key);
303 result = MU_FAILURE;
304 }
305 else if (handle->cred_type != IOTHUB_CREDENTIAL_TYPE_X509_ECC)
306 {
307 LogError("Invalid credential types for this operation");
308 result = MU_FAILURE;
309 }
310 else
311 {
312#ifdef USE_PROV_MODULE
313 CREDENTIAL_RESULT* cred_result = iothub_device_auth_generate_credentials(handle->device_auth_handle, NULL);
314 if (cred_result == NULL)
315 {
316 LogError("Failure generating credentials");
317 result = MU_FAILURE;
318 }
319 else
320 {
321 if (mallocAndStrcpy_s(x509_cert, cred_result->auth_cred_result.x509_result.x509_cert) != 0)
322 {
323 LogError("Failure copying certificate");
324 result = MU_FAILURE;
325 }
326 else if (mallocAndStrcpy_s(x509_key, cred_result->auth_cred_result.x509_result.x509_alias_key) != 0)
327 {
328 LogError("Failure copying private key");
329 result = MU_FAILURE;
330 free(*x509_cert);
331 }
332 else
333 {
334 result = 0;
335 }
336 free(cred_result);
337 }
338#else
339 LogError("Failed HSM module is not supported");
340 result = MU_FAILURE;
341#endif
342 }
343 return result;
344}
345
346IOTHUB_CREDENTIAL_TYPE IoTHubClient_Auth_Get_Credential_Type(IOTHUB_AUTHORIZATION_HANDLE handle)
347{
348 IOTHUB_CREDENTIAL_TYPE result;
349 /* Codes_SRS_IoTHub_Authorization_07_007: [ if handle is NULL IoTHub_Auth_Get_Credential_Type shall return IOTHUB_CREDENTIAL_TYPE_UNKNOWN. ] */
350 if (handle == NULL)
351 {
352 LogError("Invalid Parameter handle: %p", handle);
353 result = IOTHUB_CREDENTIAL_TYPE_UNKNOWN;
354 }
355 else
356 {
357 /* Codes_SRS_IoTHub_Authorization_07_008: [ IoTHub_Auth_Get_Credential_Type shall return the credential type that is set upon creation. ] */
358 result = handle->cred_type;
359 }
360 return result;
361}
362
363char* IoTHubClient_Auth_Get_SasToken(IOTHUB_AUTHORIZATION_HANDLE handle, const char* scope, size_t expiry_time_relative_seconds, const char* key_name)
364{
365 char* result;
366 (void)expiry_time_relative_seconds;
367 /* Codes_SRS_IoTHub_Authorization_07_009: [ if handle or scope are NULL, IoTHubClient_Auth_Get_SasToken shall return NULL. ] */
368 if (handle == NULL)
369 {
370 LogError("Invalid Parameter handle: %p", handle);
371 result = NULL;
372 }
373 else
374 {
375 if (handle->cred_type == IOTHUB_CREDENTIAL_TYPE_DEVICE_AUTH)
376 {
377#ifdef USE_PROV_MODULE
378 DEVICE_AUTH_CREDENTIAL_INFO dev_auth_cred;
379 size_t sec_since_epoch;
380
381 if (get_seconds_since_epoch(&sec_since_epoch) != 0)
382 {
383 LogError("failure getting seconds from epoch");
384 result = NULL;
385 }
386 else
387 {
388 memset(&dev_auth_cred, 0, sizeof(DEVICE_AUTH_CREDENTIAL_INFO));
389 size_t expiry_time = sec_since_epoch + handle->token_expiry_time_sec;
390 dev_auth_cred.sas_info.expiry_seconds = expiry_time;
391 dev_auth_cred.sas_info.token_scope = scope;
392 dev_auth_cred.sas_info.key_name = key_name;
393 dev_auth_cred.dev_auth_type = AUTH_TYPE_SAS;
394
395 CREDENTIAL_RESULT* cred_result = iothub_device_auth_generate_credentials(handle->device_auth_handle, &dev_auth_cred);
396 if (cred_result == NULL)
397 {
398 LogError("failure getting credentials from device auth module");
399 result = NULL;
400 }
401 else
402 {
403 if (mallocAndStrcpy_s(&result, cred_result->auth_cred_result.sas_result.sas_token) != 0)
404 {
405 LogError("failure allocating Sas Token");
406 result = NULL;
407 }
408 free(cred_result);
409 }
410 }
411#else
412 LogError("Failed HSM module is not supported");
413 result = NULL;
414#endif
415 }
416 else if (handle->cred_type == IOTHUB_CREDENTIAL_TYPE_SAS_TOKEN)
417 {
418 /* Codes_SRS_IoTHub_Authorization_07_021: [If the device_sas_token is NOT NULL IoTHubClient_Auth_Get_SasToken shall return a copy of the device_sas_token. ] */
419 if (handle->device_sas_token != NULL)
420 {
421 if (mallocAndStrcpy_s(&result, handle->device_sas_token) != 0)
422 {
423 LogError("failure allocating sas token");
424 result = NULL;
425 }
426 }
427 else
428 {
429 LogError("failure device sas token is NULL");
430 result = NULL;
431 }
432 }
433 else if (handle->cred_type == IOTHUB_CREDENTIAL_TYPE_DEVICE_KEY)
434 {
435 /* Codes_SRS_IoTHub_Authorization_07_009: [ if handle or scope are NULL, IoTHubClient_Auth_Get_SasToken shall return NULL. ] */
436 if (scope == NULL)
437 {
438 LogError("Invalid Parameter scope: %p", scope);
439 result = NULL;
440 }
441 else
442 {
443 STRING_HANDLE sas_token;
444 size_t sec_since_epoch;
445
446 /* Codes_SRS_IoTHub_Authorization_07_010: [ IoTHubClient_Auth_Get_SasToken` shall construct the expiration time using the handle->token_expiry_time_sec added to epoch time. ] */
447 if (get_seconds_since_epoch(&sec_since_epoch) != 0)
448 {
449 /* Codes_SRS_IoTHub_Authorization_07_020: [ If any error is encountered IoTHubClient_Auth_Get_ConnString shall return NULL. ] */
450 LogError("failure getting seconds from epoch");
451 result = NULL;
452 }
453 else
454 {
455 /* Codes_SRS_IoTHub_Authorization_07_011: [ IoTHubClient_Auth_Get_ConnString shall call SASToken_CreateString to construct the sas token. ] */
456 size_t expiry_time = sec_since_epoch + handle->token_expiry_time_sec;
457 if ( (sas_token = SASToken_CreateString(handle->device_key, scope, key_name, expiry_time)) == NULL)
458 {
459 /* Codes_SRS_IoTHub_Authorization_07_020: [ If any error is encountered IoTHubClient_Auth_Get_ConnString shall return NULL. ] */
460 LogError("Failed creating sas_token");
461 result = NULL;
462 }
463 else
464 {
465 /* Codes_SRS_IoTHub_Authorization_07_012: [ On success IoTHubClient_Auth_Get_ConnString shall allocate and return the sas token in a char*. ] */
466 if (mallocAndStrcpy_s(&result, STRING_c_str(sas_token) ) != 0)
467 {
468 /* Codes_SRS_IoTHub_Authorization_07_020: [ If any error is encountered IoTHubClient_Auth_Get_ConnString shall return NULL. ] */
469 LogError("Failed copying result");
470 result = NULL;
471 }
472 STRING_delete(sas_token);
473 }
474 }
475 }
476 }
477 else
478 {
479 LogError("Failed getting sas token invalid credential type");
480 result = NULL;
481 }
482 }
483 return result;
484}
485
486const char* IoTHubClient_Auth_Get_DeviceId(IOTHUB_AUTHORIZATION_HANDLE handle)
487{
488 const char* result;
489 if (handle == NULL)
490 {
491 /* Codes_SRS_IoTHub_Authorization_07_013: [ if handle is NULL, IoTHubClient_Auth_Get_DeviceId shall return NULL. ] */
492 LogError("Invalid Parameter handle: %p", handle);
493 result = NULL;
494 }
495 else
496 {
497 /* Codes_SRS_IoTHub_Authorization_07_014: [ IoTHubClient_Auth_Get_DeviceId shall return the device_id specified upon creation. ] */
498 result = handle->device_id;
499 }
500 return result;
501}
502
503const char* IoTHubClient_Auth_Get_ModuleId(IOTHUB_AUTHORIZATION_HANDLE handle)
504{
505 const char* result;
506 if (handle == NULL)
507 {
508 /* Codes_SRS_IoTHub_Authorization_31_025: [ if handle is NULL, IoTHubClient_Auth_Get_ModuleId shall return NULL. ] */
509 LogError("Invalid Parameter handle: %p", handle);
510 result = NULL;
511 }
512 else
513 {
514 /* Codes_SRS_IoTHub_Authorization_31_026: [ IoTHubClient_Auth_Get_ModuleId shall return the module_id specified upon creation. ] */
515 result = handle->module_id;
516 }
517 return result;
518}
519
520const char* IoTHubClient_Auth_Get_DeviceKey(IOTHUB_AUTHORIZATION_HANDLE handle)
521{
522 const char* result;
523 if (handle == NULL)
524 {
525 /* Codes_SRS_IoTHub_Authorization_07_022: [ if handle is NULL, IoTHubClient_Auth_Get_DeviceKey shall return NULL. ] */
526 LogError("Invalid Parameter handle: %p", handle);
527 result = NULL;
528 }
529 else
530 {
531 /* Codes_SRS_IoTHub_Authorization_07_023: [ IoTHubClient_Auth_Get_DeviceKey shall return the device_key specified upon creation. ] */
532 result = handle->device_key;
533 }
534 return result;
535}
536
537SAS_TOKEN_STATUS IoTHubClient_Auth_Is_SasToken_Valid(IOTHUB_AUTHORIZATION_HANDLE handle)
538{
539 SAS_TOKEN_STATUS result;
540 if (handle == NULL)
541 {
542 /* Codes_SRS_IoTHub_Authorization_07_015: [ if handle is NULL, IoTHubClient_Auth_Is_SasToken_Valid shall return false. ] */
543 LogError("Invalid Parameter handle: %p", handle);
544 result = SAS_TOKEN_STATUS_FAILED;
545 }
546 else
547 {
548 if (handle->cred_type == IOTHUB_CREDENTIAL_TYPE_SAS_TOKEN)
549 {
550 if (handle->device_sas_token == NULL)
551 {
552 /* Codes_SRS_IoTHub_Authorization_07_017: [ If the sas_token is NULL IoTHubClient_Auth_Is_SasToken_Valid shall return false. ] */
553 LogError("Failure: device_sas_toke is NULL");
554 result = SAS_TOKEN_STATUS_FAILED;
555 }
556 else
557 {
558 /* Codes_SRS_IoTHub_Authorization_07_018: [ otherwise IoTHubClient_Auth_Is_SasToken_Valid shall return the value returned by SASToken_Validate. ] */
559 STRING_HANDLE strSasToken = STRING_construct(handle->device_sas_token);
560 if (strSasToken != NULL)
561 {
562 if (!SASToken_Validate(strSasToken))
563 {
564 result = SAS_TOKEN_STATUS_INVALID;
565 }
566 else
567 {
568 result = SAS_TOKEN_STATUS_VALID;
569 }
570 STRING_delete(strSasToken);
571 }
572 else
573 {
574 LogError("Failure constructing SAS Token");
575 result = SAS_TOKEN_STATUS_FAILED;
576 }
577 }
578 }
579 else
580 {
581 /* Codes_SRS_IoTHub_Authorization_07_016: [ if credential type is not IOTHUB_CREDENTIAL_TYPE_SAS_TOKEN IoTHubClient_Auth_Is_SasToken_Valid shall return SAS_TOKEN_STATUS_VALID. ] */
582 result = SAS_TOKEN_STATUS_VALID;
583 }
584 }
585 return result;
586}
587
588#ifdef USE_EDGE_MODULES
589
590// For debugging C modules, the environment can set the environment variable 'EdgeModuleCACertificateFile' to provide
591// trusted certificates. We'd otherwise usually get these from trusted Edge service, but this complicates debugging experience.
592// EdgeModuleCACertificateFile and the related EdgeHubConnectionString can be set either manually or by tooling (e.g. VS Code).
593static char* read_ca_certificate_from_file(const char* certificate_file_name)
594{
595 char* result;
596 FILE *file_stream = NULL;
597
598 if ((file_stream = fopen(certificate_file_name, "r")) == NULL)
599 {
600 LogError("Cannot read file %s, errno=%d", certificate_file_name, errno);
601 result = NULL;
602 }
603 else if (fseek(file_stream, 0, SEEK_END) != 0)
604 {
605 LogError("fseek on file %s fails, errno=%d", certificate_file_name, errno);
606 result = NULL;
607 }
608 else
609 {
610 long int file_size = ftell(file_stream);
611 if (file_size < 0)
612 {
613 LogError("ftell fails reading %s, errno=%d", certificate_file_name, errno);
614 result = NULL;
615 }
616 else if (file_size == 0)
617 {
618 LogError("file %s is 0 bytes, which is not valid certificate", certificate_file_name);
619 result = NULL;
620 }
621 else
622 {
623 rewind(file_stream);
624
625 if ((result = calloc(1, file_size + 1)) == NULL)
626 {
627 LogError("Cannot allocate %lu bytes", (unsigned long)file_size);
628 }
629 else if ((fread(result, 1, file_size, file_stream) == 0) || (ferror(file_stream) != 0))
630 {
631 LogError("fread failed on file %s, errno=%d", certificate_file_name, errno);
632 free(result);
633 result = NULL;
634 }
635 }
636 }
637
638 if (file_stream != NULL)
639 {
640 fclose(file_stream);
641 }
642
643 return result;
644}
645
646// IoTHubClient_Auth_Get_TrustBundle retrieves a trust bundle - namely a PEM indicating the certificates the client should
647// trust as root authorities - to caller. If certificate_file_name, we read this from a local file. This should in general
648// be limited only to debugging modules on Edge. If certificate_file_name is NULL, we invoke into the underlying
649// HSM to retrieve this.
650char* IoTHubClient_Auth_Get_TrustBundle(IOTHUB_AUTHORIZATION_HANDLE handle, const char* certificate_file_name)
651{
652 char* result;
653 if (handle == NULL)
654 {
655 LogError("Security Handle is NULL");
656 result = NULL;
657 }
658 else if (certificate_file_name != NULL)
659 {
660 result = read_ca_certificate_from_file(certificate_file_name);
661 }
662 else
663 {
664 result = iothub_device_auth_get_trust_bundle(handle->device_auth_handle);
665 }
666 return result;
667}
668#endif
669
670int IoTHubClient_Auth_Set_SasToken_Expiry(IOTHUB_AUTHORIZATION_HANDLE handle, size_t expiry_time_seconds)
671{
672 int result;
673 if (handle == NULL)
674 {
675 LogError("Invalid handle value handle: NULL");
676 result = MU_FAILURE;
677 }
678 // Validate the expiry_time in seconds
679 else if (expiry_time_seconds < MIN_SAS_EXPIRY_TIME)
680 {
681 LogError("Failure setting expiry time to value %lu min value is %d", (unsigned long)expiry_time_seconds, MIN_SAS_EXPIRY_TIME);
682 result = MU_FAILURE;
683 }
684 else
685 {
686 handle->token_expiry_time_sec = expiry_time_seconds;
687 result = 0;
688 }
689 return result;
690}
691
692size_t IoTHubClient_Auth_Get_SasToken_Expiry(IOTHUB_AUTHORIZATION_HANDLE handle)
693{
694 size_t result;
695 if (handle == NULL)
696 {
697 LogError("Invalid handle value handle: NULL");
698 result = 0;
699 }
700 else
701 {
702 result = handle->token_expiry_time_sec;
703 }
704 return result;
705}
Note: See TracBrowser for help on using the repository browser.