Extract reconstruction of certificate into util class CryptoUtil

Author: aentinger

src/ArduinoIoTCloudTCP.cpp

@@ -20,20 +20,13 @@
 #include <ArduinoIoTCloudTCP.h>
 #include "utility/time/TimeService.h"
 #ifdef BOARD_HAS_ECCX08
-  #include "utility/crypto/ECCX08Cert.h"
-  #include "utility/crypto/BearSSLTrustAnchor.h"
   #include <ArduinoECCX08.h>
+  #include "utility/crypto/BearSSLTrustAnchor.h"
   #include "utility/crypto/CryptoUtil.h"
 #endif
 
 TimeService time_service;
 
-#ifdef BOARD_HAS_ECCX08
-  const static int keySlot									                 = 0;
-  const static int compressedCertSlot						             = 10;
-  const static int serialNumberAndAuthorityKeyIdentifierSlot = 11;
-#endif
-
 const static int CONNECT_SUCCESS							               = 1;
 const static int CONNECT_FAILURE							               = 0;
 const static int CONNECT_FAILURE_SUBSCRIBE					         = -1;
@@ -86,28 +79,14 @@ int ArduinoIoTCloudTCP::begin(String brokerAddress, uint16_t brokerPort) {
   _device_id = CryptoUtil::readDeviceId(ECCX08, ECCX08Slot::DeviceId);
   if(_device_id.length() == 0) { Debug.print(DBG_ERROR, "Cryptography processor read failure."); return 0; }
 
-  if (!ECCX08Cert.beginReconstruction(keySlot, compressedCertSlot, serialNumberAndAuthorityKeyIdentifierSlot)) {
-    Debug.print(DBG_ERROR, "Cryptography certificate reconstruction failure.");
-    return 0;
-  }
-
-  ECCX08Cert.setSubjectCommonName(_device_id);
-  ECCX08Cert.setIssuerCountryName("US");
-  ECCX08Cert.setIssuerOrganizationName("Arduino LLC US");
-  ECCX08Cert.setIssuerOrganizationalUnitName("IT");
-  ECCX08Cert.setIssuerCommonName("Arduino");
-
-  if (!ECCX08Cert.endReconstruction()) {
-    Debug.print(DBG_ERROR, "Cryptography certificate reconstruction failure.");
-    return 0;
-  }
+  if (!CryptoUtil::reconstructCertificate(ECCX08Cert, _device_id, ECCX08Slot::Key, ECCX08Slot::CompressedCertificate, ECCX08Slot::SerialNumberAndAuthorityKeyIdentifier)) { Debug.print(DBG_ERROR, "Cryptography certificate reconstruction failure."); return 0; }
 
   ArduinoBearSSL.onGetTime(getTime);
   #endif /* BOARD_HAS_ECCX08 */
 
   #ifdef BOARD_HAS_ECCX08
   _sslClient = new BearSSLClient(_connection->getClient(), ArduinoIoTCloudTrustAnchor, ArduinoIoTCloudTrustAnchor_NUM);
-  _sslClient->setEccSlot(keySlot, ECCX08Cert.bytes(), ECCX08Cert.length());
+  _sslClient->setEccSlot(static_cast<int>(ECCX08Slot::Key), ECCX08Cert.bytes(), ECCX08Cert.length());
   #elif defined(BOARD_ESP)
   _sslClient = new WiFiClientSecure();
   _sslClient->setInsecure();

src/utility/crypto/CryptoUtil.cpp

@@ -35,7 +35,24 @@ String CryptoUtil::readDeviceId(ECCX08Class & eccx08, ECCX08Slot const slot)
    return String(reinterpret_cast<char *>(device_id_bytes));
   } else {
    return String("");
-  }  
+  }
+}
+
+bool CryptoUtil::reconstructCertificate(ECCX08CertClass & cert, String const & device_id, ECCX08Slot const key, ECCX08Slot const compressed_certificate, ECCX08Slot const serial_number_and_authority_key)
+{
+  if (cert.beginReconstruction(static_cast<int>(key), static_cast<int>(compressed_certificate), static_cast<int>(serial_number_and_authority_key)))
+  {
+    cert.setSubjectCommonName(device_id);
+    cert.setIssuerCountryName("US");
+    cert.setIssuerOrganizationName("Arduino LLC US");
+    cert.setIssuerOrganizationalUnitName("IT");
+    cert.setIssuerCommonName("Arduino");
+    return cert.endReconstruction();
+  }
+  else
+  {
+   return false;
+  }
 }
 
 #endif /* BOARD_HAS_ECCX08 */

src/utility/crypto/CryptoUtil.h

@@ -28,6 +28,7 @@
 
 #include <Arduino.h>
 #include <ArduinoECCX08.h>
+#include "ECCX08Cert.h"
 
 /******************************************************************************
    TYPEDEF
@@ -50,6 +51,7 @@ class CryptoUtil
 public:
 
   static String readDeviceId(ECCX08Class & eccx08, ECCX08Slot const slot);
+  static bool   reconstructCertificate(ECCX08CertClass & cert, String const & device_id, ECCX08Slot const key, ECCX08Slot const compressed_certificate, ECCX08Slot const serial_number_and_authority_key);
 
 
 private: