diff options
author | johnrhen <90864038+johnrhen@users.noreply.github.com> | 2022-07-20 13:35:59 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-07-20 13:35:59 -0700 |
commit | f062becb34f15f80f317670d753eb7b11d45c18d (patch) | |
tree | bf79f16a9cd0c6aa7e0da4bf8c6e5f53533f8026 | |
parent | cfb32b4f62ed2b4e1b3f70e807438860fa49195f (diff) | |
download | freertos-git-f062becb34f15f80f317670d753eb7b11d45c18d.tar.gz |
Create Fleet Provisioning Demo AWS Setup Script in Python (#778)
* Create CloudFormation template for demo setup
* Add CF_ prefix to CloudFormation-created resources to avoid collisions
* Update lexicon.txt
* Create initial python setup script
* Create separate demo_cleanup.py file
* Move setup items to DemoSetup folder
* Add demo_config.h setup to the demo_setup.py script
* Modify error logging on demo_setup.py
* Add file cleanup to demo_cleanup.py
* Rename convert_pem_to_der.py to convert_credentials_to_der.py
* Adjust comment wording on demo_cleanup.py
* added configUSE_TICKLESS_IDLE (#764)
* Fix tests needed for https://github.com/FreeRTOS/FreeRTOS-Kernel/pull/435 (#766)
* Fix tests needed for https://github.com/FreeRTOS/FreeRTOS-Kernel/pull/435
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Add tests to cover https://github.com/FreeRTOS/FreeRTOS-Kernel/pull/435 (#768)
Add tests to cover https://github.com/FreeRTOS/FreeRTOS-Kernel/pull/435
This ensures that the coverage does not go down with the PR
https://github.com/FreeRTOS/FreeRTOS-Kernel/pull/435.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Add tests to increase queue code coverage (#770)
These tests cover the following portion in the queue code:
static void prvUnlockQueue( Queue_t * const pxQueue )
{
...
if( prvNotifyQueueSetContainer( pxQueue ) != pdFALSE )
{
/* The queue is a member of a queue set, and posting to
* the queue set caused a higher priority task to unblock.
* A context switch is required. */
vTaskMissedYield();
}
else
{
mtCOVERAGE_TEST_MARKER();
}
...
}
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Update FreeRTOS-Kernel submodule pointer (#771)
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Add new names to spell check dictionary (#772)
* Return error if invalid input detected in transport layer (Send/Recv) (#773)
* return error if invalid input detected in transport layer
* Create mqtt_pkcs11_demo_helpers for AWS demos (#769)
* Create mqtt_pkcs11_demo_helpers by modifying mqtt_demo_helpers
* Update formatting and variable naming
* Fix multi-line parameter formatting
* Update file headers to match latest release version
* GCC/Rx100 Demo project files update to e2 Studio v8 (#776)
* Upgrade GCC project files for e2 studio v7.8.0 in Demo/RX100-RSK_GCC_e2studio folder
* Update Demo project file to e2 Studio v8 and remove the .bat file.
* Update the choice of toolchain version.
* Update the link in file header.
Co-authored-by: NoMaY (a user of Japan.RenesasRulz.com) <NoMaY-jp@outlook.com>
* Update FreeRTOS-Cellular-Interface submodule pointer (#775)
* Update cellular sub-module pointer
* Add more log in cellular_setup.c to indicate error
* Adjust cellular transport timeout value for demo application
* Add default cellular module specific config in cellular_config.h
* Create separate demo_cleanup.py file
* Move setup items to DemoSetup folder
* Add demo_config.h setup to the demo_setup.py script
* Modify error logging on demo_setup.py
* Add file cleanup to demo_cleanup.py
* Rename convert_pem_to_der.py to convert_credentials_to_der.py
* Adjust comment wording on demo_cleanup.py
* Adjust comment wording on demo_config.h
* Format files and reduce code redundancy
* Update lexicon.txt
* Remove preconfigured fields from demo_config,h
* Update convert_credentials_to_der.py
Co-authored-by: Archit Gupta <71798289+archigup@users.noreply.github.com>
* Make python files executable
Co-authored-by: Joseph Julicher <jjulicher@mac.com>
Co-authored-by: Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com>
Co-authored-by: Ravishankar Bhagavandas <bhagavar@amazon.com>
Co-authored-by: ActoryOu <jay2002824@gmail.com>
Co-authored-by: Ming Yue <mingyue86010@gmail.com>
Co-authored-by: NoMaY (a user of Japan.RenesasRulz.com) <NoMaY-jp@outlook.com>
Co-authored-by: chinglee-iot <61685396+chinglee-iot@users.noreply.github.com>
Co-authored-by: Archit Gupta <71798289+archigup@users.noreply.github.com>
12 files changed, 998 insertions, 64 deletions
diff --git a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/cloudformation_template.json b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/cloudformation_template.json new file mode 100644 index 000000000..4885e098e --- /dev/null +++ b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/cloudformation_template.json @@ -0,0 +1,183 @@ +{ + "Resources": { + "FPDemoRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "RoleName": "CF_FleetProvisioningDemoRole", + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "iot.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration" + ] + } + }, + "FPDemoThingPolicy": { + "Type": "AWS::IoT::Policy", + "Properties": { + "PolicyName": "CF_FleetProvisioningDemoThingPolicy", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "iot:Connect", + "Resource": { + "Fn::Join": [ + ":", + [ + "arn:aws:iot", + { + "Ref": "AWS::Region" + }, + { + "Ref": "AWS::AccountId" + }, + "*" + ] + ] + } + } + ] + } + } + }, + "FPDemoTemplate": { + "Type": "AWS::IoT::ProvisioningTemplate", + "Properties": { + "TemplateName": "CF_FleetProvisioningDemoTemplate", + "Enabled": "true", + "ProvisioningRoleArn": { + "Fn::Join": [ + "", + [ + "arn:aws:iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/", + { + "Ref": "FPDemoRole" + } + ] + ] + }, + "TemplateBody": "{ \"Parameters\": { \"SerialNumber\": { \"Type\": \"String\" }, \"AWS::IoT::Certificate::Id\": { \"Type\": \"String\" } }, \"Resources\": { \"certificate\": { \"Properties\": { \"CertificateId\": { \"Ref\": \"AWS::IoT::Certificate::Id\" }, \"Status\": \"Active\" }, \"Type\": \"AWS::IoT::Certificate\" }, \"policy\": { \"Properties\": { \"PolicyName\": \"CF_FleetProvisioningDemoThingPolicy\" }, \"Type\": \"AWS::IoT::Policy\" }, \"thing\": { \"OverrideSettings\": { \"AttributePayload\": \"MERGE\", \"ThingGroups\": \"DO_NOTHING\" }, \"Properties\": { \"AttributePayload\": {}, \"ThingGroups\": [], \"ThingName\": { \"Fn::Join\": [ \"\", [ \"fp_demo_\", { \"Ref\": \"SerialNumber\" } ] ] } }, \"Type\": \"AWS::IoT::Thing\" } }, \"DeviceConfiguration\": { \"Foo\": \"Bar\" } }" + } + }, + "FPDemoClaimPolicy": { + "Type": "AWS::IoT::Policy", + "Properties": { + "PolicyName": "CF_FleetProvisioningDemoClaimPolicy", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "iot:Connect" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "iot:Publish", + "iot:Receive" + ], + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:aws:iot:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":topic/$aws/certificates/create-from-csr/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:aws:iot:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":topic/$aws/provisioning-templates/", + { + "Ref": "FPDemoTemplate" + }, + "/provision/*" + ] + ] + } + ] + }, + { + "Effect": "Allow", + "Action": "iot:Subscribe", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:aws:iot:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":topicfilter/$aws/certificates/create-from-csr/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:aws:iot:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":topicfilter/$aws/provisioning-templates/", + { + "Ref": "FPDemoTemplate" + }, + "/provision/*" + ] + ] + } + ] + } + ] + } + } + } + } +} diff --git a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/convert_credentials_to_der.py b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/convert_credentials_to_der.py new file mode 100755 index 000000000..2253f8788 --- /dev/null +++ b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/convert_credentials_to_der.py @@ -0,0 +1,66 @@ +#!/usr/bin/env python + +import argparse +from cryptography import x509 +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives import serialization + +KEY_OUT_NAME = "corePKCS11_Claim_Key.dat" +CERT_OUT_NAME = "corePKCS11_Claim_Certificate.dat" + + +def convert_pem_to_der(cert_pem, key_pem): + # Convert certificate from PEM to DER + key = serialization.load_pem_private_key( + bytes(key_pem, "utf-8"), None, default_backend()) + key_der = key.private_bytes( + serialization.Encoding.DER, + serialization.PrivateFormat.TraditionalOpenSSL, + serialization.NoEncryption(), + ) + with open(f"../{KEY_OUT_NAME}", "wb") as key_out: + key_out.write(key_der) + print( + f"Successfully converted key PEM to DER. Output file named: {KEY_OUT_NAME}" + ) + + cert = x509.load_pem_x509_certificate( + bytes(cert_pem, "utf-8"), default_backend()) + with open(f"../{CERT_OUT_NAME}", "wb") as cert_out: + cert_out.write(cert.public_bytes(serialization.Encoding.DER)) + + print( + f"Successfully converted certificate PEM to DER. Output file named: {CERT_OUT_NAME}" + ) + + +def main(args): + with open(args.cert_file, "r") as cert: + cert_pem = cert.read() + + with open(args.key_file, "r") as key: + key_pem = key.read() + + convert_pem_to_der(cert_pem, key_pem) + + +if __name__ == "__main__": + arg_parser = argparse.ArgumentParser( + description="This script converts passed in PEM format certificates and keys into the binary DER format." + ) + arg_parser.add_argument( + "-c", + "--cert_file", + type=str, + help="Specify the name of the generated certificate file.", + required=True, + ) + arg_parser.add_argument( + "-k", + "--key_file", + type=str, + help="Specify the name of the generated key file.", + required=True, + ) + args = arg_parser.parse_args() + main(args) diff --git a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/demo_cleanup.py b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/demo_cleanup.py new file mode 100755 index 000000000..8ca86d3f5 --- /dev/null +++ b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/demo_cleanup.py @@ -0,0 +1,165 @@ +#!/usr/bin/env python + +import os +import boto3 +import botocore + +KEY_OUT_NAME = "corePKCS11_Claim_Key.dat" +CERT_OUT_NAME = "corePKCS11_Claim_Certificate.dat" + +THING_PRIVATE_KEY_NAME = "corePKCS11_Key.dat" +THING_PUBLIC_KEY_NAME = "corePKCS11_PubKey.dat" +THING_CERT_NAME = "corePKCS11_Certificate.dat" + +RESOURCE_STACK_NAME = "FPDemoStack" + +cf = boto3.client("cloudformation") +iot = boto3.client("iot") + +# Convert a CloudFormation arn into a link to the resource +def convert_cf_arn_to_link(arn): + region = arn.split(":")[3] + return f"https://{region}.console.aws.amazon.com/cloudformation/home?region={region}#/stacks/stackinfo?stackId={arn}" + +# Get the CloudFormation stack if it exists - "STACK_NOT_FOUND" otherwise +def get_stack(): + try: + response = cf.describe_stacks(StackName=RESOURCE_STACK_NAME) + return response["Stacks"][0] + except botocore.exceptions.ClientError as e: + if e.response["Error"]["Code"] == "ValidationError": + return "STACK_NOT_FOUND" + raise + +# Delete a Thing after clearing it of all certificates +def delete_thing(thing_name): + paginator = iot.get_paginator("list_thing_principals") + list_certificates_iterator = paginator.paginate( + thingName=thing_name + ) + + for response in list_certificates_iterator: + for certificate_arn in response["principals"]: + iot.detach_thing_principal( + thingName=thing_name, + principal=certificate_arn + ) + + iot.delete_thing(thingName=thing_name) + +# Delete a certificate and all Things attached to it +def delete_certificate_and_things(certificate_arn, policy_name): + paginator = iot.get_paginator("list_principal_things") + list_things_iterator = paginator.paginate( + principal=certificate_arn + ) + for response in list_things_iterator: + for thing_name in response["things"]: + delete_thing(thing_name) + + iot.detach_policy( + policyName=policy_name, + target=certificate_arn + ) + + certificate_id = certificate_arn.split("/")[-1] + iot.update_certificate( + certificateId=certificate_id, + newStatus="INACTIVE" + ) + iot.delete_certificate(certificateId=certificate_id) + +# Delete all resources (including provisioned Things) +def delete_resources(): + stack_response = get_stack() + if stack_response == "STACK_NOT_FOUND": + print("Nothing to delete - no Fleet Provisioning resources were found.") + return + + # Find all certificates with "CF_FleetProvisioningDemoThingPolicy" attached + print("Deleting certificates and things...") + paginator = iot.get_paginator("list_targets_for_policy") + list_targets_things_iterator = paginator.paginate( + policyName="CF_FleetProvisioningDemoThingPolicy" + ) + + # Delete all certificates and Things created by this demo + for response in list_targets_things_iterator: + for certificate_arn in response["targets"]: + delete_certificate_and_things( + certificate_arn, + "CF_FleetProvisioningDemoThingPolicy" + ) + + # Find all certificates with "CF_FleetProvisioningDemoClaimPolicy" attached + paginator = iot.get_paginator("list_targets_for_policy") + list_targets_claim_iterator = paginator.paginate( + policyName="CF_FleetProvisioningDemoClaimPolicy" + ) + + # Delete all Fleet Provisioning Claim certificates + for response in list_targets_claim_iterator: + for certificate_arn in response["targets"]: + delete_certificate_and_things( + certificate_arn, + "CF_FleetProvisioningDemoClaimPolicy" + ) + + print("Done.") + + print("Fleet Provisioning resource stack deletion started. View the stack in the CloudFormation console here:") + print(convert_cf_arn_to_link(stack_response["StackId"])) + delete_response = cf.delete_stack( + StackName=RESOURCE_STACK_NAME + ) + print("Waiting...") + try: + create_waiter = cf.get_waiter("stack_delete_complete") + create_waiter.wait(StackName=RESOURCE_STACK_NAME) + print("Successfully deleted the resources stack.") + except botocore.exceptions.WaiterError as err: + print("Error: Stack deletion failed. Check the CloudFormation link for more information.") + raise + + print("All Fleet Provisioning demo resources have been cleaned up.") + +# Delete the files created by the demo and reset demo_config.h +def reset_files(): + # Remove Claim credentials + if os.path.exists(f"../{KEY_OUT_NAME}"): + os.remove(f"../{KEY_OUT_NAME}") + if os.path.exists(f"../{CERT_OUT_NAME}"): + os.remove(f"../{CERT_OUT_NAME}") + + # Remove demo-generated Thing credentials + if os.path.exists(f"../{THING_PRIVATE_KEY_NAME}"): + os.remove(f"../{THING_PRIVATE_KEY_NAME}") + if os.path.exists(f"../{THING_PUBLIC_KEY_NAME}"): + os.remove(f"../{THING_PUBLIC_KEY_NAME}") + if os.path.exists(f"../{THING_CERT_NAME}"): + os.remove(f"../{THING_CERT_NAME}") + + # Reset demo_config.h + template_file = open("demo_config_empty.templ", 'r') + file_text = template_file.read() + + header_file = open("../demo_config.h", "w") + header_file.write(file_text) + header_file.close() + template_file.close() + print("Credentials removed and demo_config.h reset.") + + +# Parse arguments and execute appropriate functions +def main(): + # Check arguments and go appropriately + print("\nThis script will delete ALL Things, credentials, and resources which were created by demo_setup.py and the Fleet Provisioning demo.") + print("It may take several minutes for all of the resources to be deleted.") + if input("Are you sure you want to do this? (y/n) ") == "y": + print() + reset_files() + delete_resources() + + +if __name__ == "__main__": + main() diff --git a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/demo_config.templ b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/demo_config.templ new file mode 100644 index 000000000..a4e5473d5 --- /dev/null +++ b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/demo_config.templ @@ -0,0 +1,239 @@ +/* + * FreeRTOS V202112.00 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ + +#ifndef DEMO_CONFIG_H +#define DEMO_CONFIG_H + +/**************************************************/ +/******* DO NOT CHANGE the following order ********/ +/**************************************************/ + +/* Include logging header files and define logging macros in the following order: + * 1. Include the header file "logging_levels.h". + * 2. Define the LIBRARY_LOG_NAME and LIBRARY_LOG_LEVEL macros depending on + * the logging configuration for DEMO. + * 3. Include the header file "logging_stack.h", if logging is enabled for DEMO. + */ + +#include "logging_levels.h" + +/* Logging configuration for the Demo. */ +#ifndef LIBRARY_LOG_NAME + #define LIBRARY_LOG_NAME "FLEET_PROVISIONING_DEMO" +#endif + +#ifndef LIBRARY_LOG_LEVEL + #define LIBRARY_LOG_LEVEL LOG_INFO +#endif + +/* Prototype for the function used to print to console on Windows simulator + * of FreeRTOS. + * The function prints to the console before the network is connected; + * then a UDP port after the network has connected. */ +extern void vLoggingPrintf( const char * pcFormatString, + ... ); + +/* Map the SdkLog macro to the logging function to enable logging + * on Windows simulator. */ +#ifndef SdkLog + #define SdkLog( message ) vLoggingPrintf message +#endif + +#include "logging_stack.h" + +/************ End of logging configuration ****************/ + +/** + * @brief The unique ID used by the demo to differentiate instances. + * + *!!! Please note a #defined constant is used for convenience of demonstration + *!!! only. Production devices can use something unique to the device that can + *!!! be read by software, such as a production serial number, instead of a + *!!! hard coded constant. + */ +#define democonfigFP_DEMO_ID "FPDemoID"__TIME__ + +/** + * @brief The MQTT client identifier used in this example. Each client identifier + * must be unique so edit as required to ensure no two clients connecting to the + * same broker use the same client identifier. + * + * @note Appending __TIME__ to the client id string will reduce the possibility of a + * client id collision in the broker. Note that the appended time is the compilation + * time. This client id can cause collision, if more than one instance of the same + * binary is used at the same time to connect to the broker. + */ +#ifndef democonfigCLIENT_IDENTIFIER + #define democonfigCLIENT_IDENTIFIER "client"democonfigFP_DEMO_ID +#endif + +/** + * @brief Details of the MQTT broker to connect to. + * + * This is the Claim's Rest API Endpoint for AWS IoT. + * + * @note Your AWS IoT Core endpoint can be found in the AWS IoT console under + * Settings/Custom Endpoint, or using the describe-endpoint API. + * + * #define democonfigMQTT_BROKER_ENDPOINT "...insert here..." + */ +#define democonfigMQTT_BROKER_ENDPOINT <IOTEndpoint> + +/** + * @brief AWS IoT MQTT broker port number. + * + * In general, port 8883 is for secured MQTT connections. + * + * @note Port 443 requires use of the ALPN TLS extension with the ALPN protocol + * name. When using port 8883, ALPN is not required. + */ +#define democonfigMQTT_BROKER_PORT ( 8883 ) + +/** + * @brief Server's root CA certificate. + * + * For AWS IoT MQTT broker, this certificate is used to identify the AWS IoT + * server and is publicly available. Refer to the AWS documentation available + * in the link below. + * https://docs.aws.amazon.com/iot/latest/developerguide/server-authentication.html#server-authentication-certs + * + * @note This certificate should be PEM-encoded. + * + * Must include the PEM header and footer: + * "-----BEGIN CERTIFICATE-----\n"\ + * "...base64 data...\n"\ + * "-----END CERTIFICATE-----\n" + * + * #define democonfigROOT_CA_PEM "...insert here..." + */ +#define democonfigROOT_CA_PEM + "-----BEGIN CERTIFICATE-----\n" \ + "MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF\n" \ + "ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\n" \ + "b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL\n" \ + "MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv\n" \ + "b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj\n" \ + "ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM\n" \ + "9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw\n" \ + "IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6\n" \ + "VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L\n" \ + "93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm\n" \ + "jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n" \ + "AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA\n" \ + "A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI\n" \ + "U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs\n" \ + "N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv\n" \ + "o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU\n" \ + "5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy\n" \ + "rqXRfboQnoZsG4q5WTP468SQvvG5\n" \ + "-----END CERTIFICATE-----\n" + +/** + * @brief Name of the provisioning template to use for the RegisterThing + * portion of the Fleet Provisioning workflow. + * + * For information about provisioning templates, see the following AWS documentation: + * https://docs.aws.amazon.com/iot/latest/developerguide/provision-template.html#fleet-provision-template + * + * The example template used for this demo is available in the + * example_demo_template.json file in the DemoSetup directory. In the example, + * replace <provisioned-thing-policy> with the policy provisioned devices + * should have. The demo template uses Fn::Join to construct the Thing name by + * concatenating fp_demo_ and the serial number sent by the demo. + * + * @note The provisioning template MUST be created in AWS IoT before running the + * demo. + * + * @note If you followed the manual setup steps on https://freertos.org/iot-fleet-provisioning/demo.html, + * the provisioning template name is "FleetProvisioningDemoTemplate". + * However, if you used CloudFormation to set up the demo, the template name is "CF_FleetProvisioningDemoTemplate" + * + * #define democonfigPROVISIONING_TEMPLATE_NAME "...insert here..." + */ +#define democonfigPROVISIONING_TEMPLATE_NAME "CF_FleetProvisioningDemoTemplate" + + +/** + * @brief Subject name to use when creating the certificate signing request (CSR) + * for provisioning the demo client with using the Fleet Provisioning + * CreateCertificateFromCsr APIs. + * + * This is passed to MbedTLS; see https://tls.mbed.org/api/x509__csr_8h.html#a954eae166b125cea2115b7db8c896e90 + */ +#ifndef democonfigCSR_SUBJECT_NAME + #define democonfigCSR_SUBJECT_NAME "CN="democonfigFP_DEMO_ID +#endif + +/** + * @brief Set the stack size of the main demo task. + * + * In the Windows port, this stack only holds a structure. The actual + * stack is created by an operating system thread. + * + * @note This demo runs on WinSim and the minimal stack size is functional. + * However, if you are porting components of this demo to other platforms, + * the stack size may need to be increased to accommodate the size of the + * buffers used when generating new keys and certificates. + * + */ +#define democonfigDEMO_STACKSIZE configMINIMAL_STACK_SIZE + +/** + * @brief Size of the network buffer for MQTT packets. Must be large enough to + * hold the GetCertificateFromCsr response, which, among other things, includes + * a PEM encoded certificate. + */ +#define democonfigNETWORK_BUFFER_SIZE ( 2048U ) + +/** + * @brief The name of the operating system that the application is running on. + * The current value is given as an example. Please update for your specific + * operating system. + */ +#define democonfigOS_NAME "FreeRTOS" + +/** + * @brief The version of the operating system that the application is running + * on. The current value is given as an example. Please update for your specific + * operating system version. + */ +#define democonfigOS_VERSION tskKERNEL_VERSION_NUMBER + +/** + * @brief The name of the hardware platform the application is running on. The + * current value is given as an example. Please update for your specific + * hardware platform. + */ +#define democonfigHARDWARE_PLATFORM_NAME "WinSim" + +/** + * @brief The name of the MQTT library used and its version, following an "@" + * symbol. + */ +#include "core_mqtt.h" /* Include coreMQTT header for MQTT_LIBRARY_VERSION macro. */ +#define democonfigMQTT_LIB "core-mqtt@"MQTT_LIBRARY_VERSION + +#endif /* DEMO_CONFIG_H */ diff --git a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/demo_config_empty.templ b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/demo_config_empty.templ new file mode 100644 index 000000000..9c5816ca4 --- /dev/null +++ b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/demo_config_empty.templ @@ -0,0 +1,215 @@ +/* + * FreeRTOS V202112.00 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ + +#ifndef DEMO_CONFIG_H +#define DEMO_CONFIG_H + +/**************************************************/ +/******* DO NOT CHANGE the following order ********/ +/**************************************************/ + +/* Include logging header files and define logging macros in the following order: + * 1. Include the header file "logging_levels.h". + * 2. Define the LIBRARY_LOG_NAME and LIBRARY_LOG_LEVEL macros depending on + * the logging configuration for DEMO. + * 3. Include the header file "logging_stack.h", if logging is enabled for DEMO. + */ + +#include "logging_levels.h" + +/* Logging configuration for the Demo. */ +#ifndef LIBRARY_LOG_NAME + #define LIBRARY_LOG_NAME "FLEET_PROVISIONING_DEMO" +#endif + +#ifndef LIBRARY_LOG_LEVEL + #define LIBRARY_LOG_LEVEL LOG_INFO +#endif + +/* Prototype for the function used to print to console on Windows simulator + * of FreeRTOS. + * The function prints to the console before the network is connected; + * then a UDP port after the network has connected. */ +extern void vLoggingPrintf( const char * pcFormatString, + ... ); + +/* Map the SdkLog macro to the logging function to enable logging + * on Windows simulator. */ +#ifndef SdkLog + #define SdkLog( message ) vLoggingPrintf message +#endif + +#include "logging_stack.h" + +/************ End of logging configuration ****************/ + +/** + * @brief The unique ID used by the demo to differentiate instances. + * + *!!! Please note a #defined constant is used for convenience of demonstration + *!!! only. Production devices can use something unique to the device that can + *!!! be read by software, such as a production serial number, instead of a + *!!! hard coded constant. + */ +#define democonfigFP_DEMO_ID "FPDemoID"__TIME__ + +/** + * @brief The MQTT client identifier used in this example. Each client identifier + * must be unique so edit as required to ensure no two clients connecting to the + * same broker use the same client identifier. + * + * @note Appending __TIME__ to the client id string will reduce the possibility of a + * client id collision in the broker. Note that the appended time is the compilation + * time. This client id can cause collision, if more than one instance of the same + * binary is used at the same time to connect to the broker. + */ +#ifndef democonfigCLIENT_IDENTIFIER + #define democonfigCLIENT_IDENTIFIER "client"democonfigFP_DEMO_ID +#endif + +/** + * @brief Details of the MQTT broker to connect to. + * + * This is the Claim's Rest API Endpoint for AWS IoT. + * + * @note Your AWS IoT Core endpoint can be found in the AWS IoT console under + * Settings/Custom Endpoint, or using the describe-endpoint API. + * + * #define democonfigMQTT_BROKER_ENDPOINT "...insert here..." + */ + +/** + * @brief AWS IoT MQTT broker port number. + * + * In general, port 8883 is for secured MQTT connections. + * + * @note Port 443 requires use of the ALPN TLS extension with the ALPN protocol + * name. When using port 8883, ALPN is not required. + */ +#define democonfigMQTT_BROKER_PORT ( 8883 ) + +/** + * @brief Server's root CA certificate. + * + * For AWS IoT MQTT broker, this certificate is used to identify the AWS IoT + * server and is publicly available. Refer to the AWS documentation available + * in the link below. + * https://docs.aws.amazon.com/iot/latest/developerguide/server-authentication.html#server-authentication-certs + * + * @note This certificate should be PEM-encoded. + * + * Must include the PEM header and footer: + * "-----BEGIN CERTIFICATE-----\n"\ + * "...base64 data...\n"\ + * "-----END CERTIFICATE-----\n" + * + * #define democonfigROOT_CA_PEM "...insert here..." + */ + +/** + * @brief Name of the provisioning template to use for the RegisterThing + * portion of the Fleet Provisioning workflow. + * + * For information about provisioning templates, see the following AWS documentation: + * https://docs.aws.amazon.com/iot/latest/developerguide/provision-template.html#fleet-provision-template + * + * The example template used for this demo is available in the + * example_demo_template.json file in the DemoSetup directory. In the example, + * replace <provisioned-thing-policy> with the policy provisioned devices + * should have. The demo template uses Fn::Join to construct the Thing name by + * concatenating fp_demo_ and the serial number sent by the demo. + * + * @note The provisioning template MUST be created in AWS IoT before running the + * demo. + * + * @note If you followed the manual setup steps on https://freertos.org/iot-fleet-provisioning/demo.html, + * the provisioning template name is "FleetProvisioningDemoTemplate". + * However, if you used CloudFormation to set up the demo, the template name is "CF_FleetProvisioningDemoTemplate" + * + * #define democonfigPROVISIONING_TEMPLATE_NAME "...insert here..." + */ + +/** + * @brief Subject name to use when creating the certificate signing request (CSR) + * for provisioning the demo client with using the Fleet Provisioning + * CreateCertificateFromCsr APIs. + * + * This is passed to MbedTLS; see https://tls.mbed.org/api/x509__csr_8h.html#a954eae166b125cea2115b7db8c896e90 + */ +#ifndef democonfigCSR_SUBJECT_NAME + #define democonfigCSR_SUBJECT_NAME "CN="democonfigFP_DEMO_ID +#endif + +/** + * @brief Set the stack size of the main demo task. + * + * In the Windows port, this stack only holds a structure. The actual + * stack is created by an operating system thread. + * + * @note This demo runs on WinSim and the minimal stack size is functional. + * However, if you are porting components of this demo to other platforms, + * the stack size may need to be increased to accommodate the size of the + * buffers used when generating new keys and certificates. + * + */ +#define democonfigDEMO_STACKSIZE configMINIMAL_STACK_SIZE + +/** + * @brief Size of the network buffer for MQTT packets. Must be large enough to + * hold the GetCertificateFromCsr response, which, among other things, includes + * a PEM encoded certificate. + */ +#define democonfigNETWORK_BUFFER_SIZE ( 2048U ) + +/** + * @brief The name of the operating system that the application is running on. + * The current value is given as an example. Please update for your specific + * operating system. + */ +#define democonfigOS_NAME "FreeRTOS" + +/** + * @brief The version of the operating system that the application is running + * on. The current value is given as an example. Please update for your specific + * operating system version. + */ +#define democonfigOS_VERSION tskKERNEL_VERSION_NUMBER + +/** + * @brief The name of the hardware platform the application is running on. The + * current value is given as an example. Please update for your specific + * hardware platform. + */ +#define democonfigHARDWARE_PLATFORM_NAME "WinSim" + +/** + * @brief The name of the MQTT library used and its version, following an "@" + * symbol. + */ +#include "core_mqtt.h" /* Include coreMQTT header for MQTT_LIBRARY_VERSION macro. */ +#define democonfigMQTT_LIB "core-mqtt@"MQTT_LIBRARY_VERSION + +#endif /* DEMO_CONFIG_H */ diff --git a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/demo_setup.py b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/demo_setup.py new file mode 100755 index 000000000..fe6adaed0 --- /dev/null +++ b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/demo_setup.py @@ -0,0 +1,122 @@ +#!/usr/bin/env python + +import boto3 +import botocore +from convert_credentials_to_der import convert_pem_to_der + +KEY_OUT_NAME = "corePKCS11_Claim_Key.dat" +CERT_OUT_NAME = "corePKCS11_Claim_Certificate.dat" + +RESOURCE_STACK_NAME = "FPDemoStack" + +cf = boto3.client("cloudformation") +iot = boto3.client("iot") + +# Convert a CloudFormation arn into a link to the resource +def convert_cf_arn_to_link(arn): + region = arn.split(":")[3] + return f"https://{region}.console.aws.amazon.com/cloudformation/home?region={region}#/stacks/stackinfo?stackId={arn}" + +# Get the CloudFormation stack if it exists - "STACK_NOT_FOUND" otherwise +def get_stack(): + try: + paginator = cf.get_paginator("describe_stacks") + response_iterator = paginator.paginate(StackName=RESOURCE_STACK_NAME) + for response in response_iterator: + return response["Stacks"][0] + response = cf.describe_stacks(StackName=RESOURCE_STACK_NAME) + return response["Stacks"][0] + except botocore.exceptions.ClientError as e: + if e.response["Error"]["Code"] == "ValidationError": + return "STACK_NOT_FOUND" + raise + + +# Create the required resources from the CloudFormation template +def create_resources(): + stack_response = get_stack() + if stack_response != "STACK_NOT_FOUND": + print("Fleet Provisioning resource stack already exists with status: " + + stack_response["StackStatus"]) + print() + if stack_response["StackStatus"] != "CREATE_COMPLETE": + raise Exception("Fleet Provisioning resource stack failed to create successfully. You may need to delete the stack and retry." + + "\nView the stack in the CloudFormation console here:\n" + convert_cf_arn_to_link(stack_response["StackId"])) + else: + # Read the cloudformation template file contained in the same directory + cf_template_file = open("cloudformation_template.json", "r") + cf_template = cf_template_file.read() + cf_template_file.close() + + create_response = cf.create_stack( + StackName=RESOURCE_STACK_NAME, + TemplateBody=cf_template, + Capabilities=["CAPABILITY_NAMED_IAM"], + OnFailure="ROLLBACK" + ) + + print("Stack creation started. View the stack in the CloudFormation console here:") + print(convert_cf_arn_to_link(create_response["StackId"])) + print("Waiting...") + try: + create_waiter = cf.get_waiter("stack_create_complete") + create_waiter.wait(StackName=RESOURCE_STACK_NAME) + print("Successfully created the resources stack.") + except botocore.exceptions.WaiterError as err: + print( + "Error: Stack creation failed. You may need to delete_all and try again.") + raise + +# Generate IoT credentials in DER format and save them in the demo directory + + +def create_credentials(): + # Verify that the stack exists (create_resources has been ran before somewhere) + stack_response = get_stack() + if stack_response == "STACK_NOT_FOUND": + raise Exception( + f"CloudFormation stack \"{RESOURCE_STACK_NAME}\" not found.") + elif stack_response["StackStatus"] != "CREATE_COMPLETE": + print("Error: Stack was not successfully created. View the stack in the CloudFormation console here:") + stack_link = convert_cf_arn_to_link(stack_response["StackId"]) + raise Exception( + "Stack was not successfully created. View the stack in the CloudFormation console here:\n" + stack_link) + else: + credentials = iot.create_keys_and_certificate(setAsActive=True) + iot.attach_policy(policyName="CF_FleetProvisioningDemoClaimPolicy", + target=credentials["certificateArn"]) + convert_pem_to_der( + credentials["certificatePem"], credentials["keyPair"]["PrivateKey"]) + + +# Set the necessary fields in demo_config.h +def update_demo_config(): + endpoint = iot.describe_endpoint(endpointType='iot:Data-ATS') + + template_file = open("demo_config.templ", 'r') + file_text = template_file.read() + file_text = file_text.replace( + "<IOTEndpoint>", "\"" + endpoint["endpointAddress"] + "\"") + + header_file = open("../demo_config.h", "w") + header_file.write(file_text) + header_file.close() + template_file.close() + print("Successfully updated demo_config.h") + + +# Parse arguments and execute appropriate functions +def main(): + # Check arguments and go appropriately + print("\nThis script will set up the AWS resources required for the Fleet Provisioning demo.") + print("It may take several minutes for the resources to be provisioned.") + if input("Are you sure you want to do this? (y/n) ") == "y": + print() + create_resources() + create_credentials() + update_demo_config() + print("\nFleet Provisioning demo setup complete. Ensure that all generated files (key, certificate, demo_config.h) are in the same folder as \"fleet_provisioning_demo.sln\".") + + +if __name__ == "__main__": + main() diff --git a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/example_claim_policy.json b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/example_claim_policy.json index 6e33949a2..6e33949a2 100644 --- a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/example_claim_policy.json +++ b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/example_claim_policy.json diff --git a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/example_fleet_provisioning_template.json b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/example_fleet_provisioning_template.json index df62844e9..df62844e9 100644 --- a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/example_fleet_provisioning_template.json +++ b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/example_fleet_provisioning_template.json diff --git a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/example_iot_thing_policy.json b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/example_iot_thing_policy.json index 15eb8e4ec..15eb8e4ec 100644 --- a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/example_iot_thing_policy.json +++ b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/DemoSetup/example_iot_thing_policy.json diff --git a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/demo_config.h b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/demo_config.h index 1bfbf6118..9c5816ca4 100644 --- a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/demo_config.h +++ b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/demo_config.h @@ -137,7 +137,7 @@ extern void vLoggingPrintf( const char * pcFormatString, * https://docs.aws.amazon.com/iot/latest/developerguide/provision-template.html#fleet-provision-template * * The example template used for this demo is available in the - * example_demo_template.json file in the demo directory. In the example, + * example_demo_template.json file in the DemoSetup directory. In the example, * replace <provisioned-thing-policy> with the policy provisioned devices * should have. The demo template uses Fn::Join to construct the Thing name by * concatenating fp_demo_ and the serial number sent by the demo. @@ -145,6 +145,10 @@ extern void vLoggingPrintf( const char * pcFormatString, * @note The provisioning template MUST be created in AWS IoT before running the * demo. * + * @note If you followed the manual setup steps on https://freertos.org/iot-fleet-provisioning/demo.html, + * the provisioning template name is "FleetProvisioningDemoTemplate". + * However, if you used CloudFormation to set up the demo, the template name is "CF_FleetProvisioningDemoTemplate" + * * #define democonfigPROVISIONING_TEMPLATE_NAME "...insert here..." */ diff --git a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/fleet_provisioning_demo_setup.py b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/fleet_provisioning_demo_setup.py deleted file mode 100644 index b90b804b8..000000000 --- a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/fleet_provisioning_demo_setup.py +++ /dev/null @@ -1,63 +0,0 @@ -#!/usr/bin/env python - -import argparse -from cryptography import x509 -from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.primitives import serialization - -KEY_OUT_NAME = "corePKCS11_Claim_Key.dat" -CERT_OUT_NAME = "corePKCS11_Claim_Certificate.dat" - - -def convert_pem_to_der(cert_file, key_file): - # Convert certificate from PEM to DER - print("Converting format to DER format...") - with open(key_file, "rb") as key: - print("Starting key PEM to DER conversion.") - pemkey = serialization.load_pem_private_key(key.read(), None, default_backend()) - key_der = pemkey.private_bytes( - serialization.Encoding.DER, - serialization.PrivateFormat.TraditionalOpenSSL, - serialization.NoEncryption(), - ) - with open(KEY_OUT_NAME, "wb") as key_out: - key_out.write(key_der) - print( - f"Successfully converted key PEM to DER. Output file named: {KEY_OUT_NAME}" - ) - - print("Starting certificate pem conversion.") - with open(cert_file, "rb") as cert: - cert = x509.load_pem_x509_certificate(cert.read(), default_backend()) - with open(CERT_OUT_NAME, "wb") as cert_out: - cert_out.write(cert.public_bytes(serialization.Encoding.DER)) - - print( - f"Successfully converted certificate PEM to DER. Output file named: {CERT_OUT_NAME}" - ) - - -def main(args): - convert_pem_to_der(cert_file=args.cert_file, key_file=args.key_file) - - -if __name__ == "__main__": - arg_parser = argparse.ArgumentParser( - description="This script converts passed in PEM format certificates and keys into the binary DER format." - ) - arg_parser.add_argument( - "-c", - "--cert_file", - type=str, - help="Specify the name of the generated certificate file.", - required=True, - ) - arg_parser.add_argument( - "-k", - "--key_file", - type=str, - help="Specify the name of the generated key file.", - required=True, - ) - args = arg_parser.parse_args() - main(args) diff --git a/lexicon.txt b/lexicon.txt index 663c6f8d3..62bb30678 100644 --- a/lexicon.txt +++ b/lexicon.txt @@ -264,6 +264,7 @@ clienttoken cligetoutputbuffer clint cliprocesscommand +cloudformation clk clkdiv clksel @@ -522,6 +523,7 @@ democonfiguse democonfiguser demofiles demoiptrace +demosetup demotask demotimer der @@ -767,6 +769,7 @@ flasg flashc flashlite flashtimer +fleetprovisioningdemotemplate flexcomm flg flopc |