fixup! Migrate device provisioning service

.github/workflows/plgd-dps-tests.yml

@@ -41,7 +41,7 @@ jobs:
             docker_file: docker/apps/Dockerfile.dps-cloud-server
     uses: ./.github/workflows/plgd-dps-test-with-cfg.yml
     with:
-        build_args: ${{ matrix.build_args }}
+        build_args: -DOC_DEBUG_ENABLED=ON -DPLGD_DPS_MAXIMUM_LOG_LEVEL=TRACE ${{ matrix.build_args }}
         build_type: ${{ (github.event_name == 'workflow_dispatch' && inputs.build_type) || 'Debug' }}
         docker_file: ${{ matrix.docker_file || 'docker/apps/Dockerfile.dps-cloud-server-debug' }}
         skip: ${{ matrix.skip || false }}

CMakeLists.txt

@@ -236,14 +236,13 @@ if(BUILD_MBEDTLS)
 endif()
 
 set(OC_LOG_MAXIMUM_LOG_LEVEL_INT)
-oc_set_maximum_log_level(${OC_LOG_MAXIMUM_LOG_LEVEL} OC_LOG_MAXIMUM_LOG_LEVEL_INT)
-set(OC_LOG_MAXIMUM_LEVEL ${OC_LOG_MAXIMUM_LOG_LEVEL_INT} CACHE INTERNAL "Maximum supported log level in compile time as integer.")
+oc_set_maximum_log_level("${OC_LOG_MAXIMUM_LOG_LEVEL}" OC_LOG_MAXIMUM_LOG_LEVEL_INT)
 
 # clang-tidy triggers bugprone-macro-parentheses if the value is not in ()
-list(APPEND PRIVATE_COMPILE_DEFINITIONS "OC_LOG_MAXIMUM_LEVEL=(${OC_LOG_MAXIMUM_LEVEL})")
-list(APPEND TEST_COMPILE_DEFINITIONS "OC_LOG_MAXIMUM_LEVEL=(${OC_LOG_MAXIMUM_LEVEL})")
+list(APPEND PRIVATE_COMPILE_DEFINITIONS "OC_LOG_MAXIMUM_LEVEL=(${OC_LOG_MAXIMUM_LOG_LEVEL_INT})")
+list(APPEND TEST_COMPILE_DEFINITIONS "OC_LOG_MAXIMUM_LEVEL=(${OC_LOG_MAXIMUM_LOG_LEVEL_INT})")
 if(BUILD_MBEDTLS)
-    list(APPEND MBEDTLS_COMPILE_DEFINITIONS "OC_LOG_MAXIMUM_LEVEL=(${OC_LOG_MAXIMUM_LEVEL})")
+    list(APPEND MBEDTLS_COMPILE_DEFINITIONS "OC_LOG_MAXIMUM_LEVEL=(${OC_LOG_MAXIMUM_LOG_LEVEL_INT})")
 endif()
 
 if(OC_PUSH_ENABLED)
@@ -426,6 +425,12 @@ if(PLGD_DEV_DEVICE_PROVISIONING_ENABLED)
         message(FATAL_ERROR "Cannot set PLGD_DEV_DEVICE_PROVISIONING_ENABLED without PLGD_DEV_TIME_ENABLED")
     endif()
     list(APPEND PUBLIC_COMPILE_DEFINITIONS "PLGD_DEV_DEVICE_PROVISIONING")
+
+    set(PLGD_DPS_MAXIMUM_LOG_LEVEL "DISABLED" CACHE STRING "Maximum supported Plgd DPS log level in compile time.")
+    set(PLGD_DPS_MAXIMUM_LOG_LEVEL_INT)
+    oc_set_maximum_log_level("${PLGD_DPS_MAXIMUM_LOG_LEVEL}" PLGD_DPS_MAXIMUM_LOG_LEVEL_INT)
+    list(APPEND PRIVATE_COMPILE_DEFINITIONS "PLGD_DPS_LOG_MAXIMUM_LEVEL=(${PLGD_DPS_MAXIMUM_LOG_LEVEL_INT})")
+    list(APPEND TEST_COMPILE_DEFINITIONS "PLGD_DPS_LOG_MAXIMUM_LEVEL=(${PLGD_DPS_MAXIMUM_LOG_LEVEL_INT})")
 endif()
 
 if(PLGD_DEV_DEVICE_PROVISIONING_TEST_PROPERTIES_ENABLED)

api/plgd/device-provisioning-client/plgd_dps.c

@@ -18,20 +18,22 @@
 
 #include "plgd_dps_apis_internal.h"
 #include "plgd_dps_endpoint_internal.h"
+#include "plgd_dps_internal.h"
 #include "plgd_dps_log_internal.h"
 #include "plgd_dps_manager_internal.h"
 #include "plgd_dps_provision_internal.h"
 #include "plgd_dps_resource_internal.h"
 #include "plgd_dps_security_internal.h"
 #include "plgd_dps_store_internal.h" // dps_store_init
-#include "plgd_dps_internal.h"
+#include "plgd_dps_verify_certificate_internal.h"
 
 #include "api/oc_tcp_internal.h"
 #include "oc_certs.h"
 #include "oc_core_res.h"
 #include "oc_network_monitor.h"
 
 #include <assert.h>
+#include <inttypes.h>
 
 static void
 dps_manager_status_cb(plgd_dps_context_t *ctx)

api/plgd/device-provisioning-client/plgd_dps_endpoint_internal.h

@@ -24,6 +24,7 @@ extern "C" {
 #endif
 
 #include "plgd_dps_context_internal.h"
+#include "plgd_dps_log_internal.h"
 
 #include "oc_config.h"
 #include "oc_endpoint.h"

api/plgd/device-provisioning-client/plgd_dps_log_internal.h

@@ -49,12 +49,17 @@ extern "C" {
 #define PLGD_DPS_LOG_LEVEL_IS_ENABLED(level)                                   \
   ((level) <= (PLGD_DPS_LOG_MAXIMUM_LEVEL))
 
+#ifdef __cplusplus
+#define DPS_LOG_CAST
+#else
+#define DPS_LOG_CAST (plgd_dps_log_component_t)
+#endif
+
 #define DPS_LOG(log_level, log_component, ...)                                 \
   do {                                                                         \
     if (plgd_dps_log_get_level() >= (log_level) &&                             \
         (plgd_dps_log_get_components() & log_component) != 0) {                \
-      plgd_dps_get_log_fn()((log_level),                                       \
-                            (plgd_dps_log_component_t)(log_component),         \
+      plgd_dps_get_log_fn()((log_level), DPS_LOG_CAST(log_component),          \
                             __FILENAME__, __LINE__, __func__, __VA_ARGS__);    \
     }                                                                          \
   } while (0)

api/plgd/device-provisioning-client/plgd_dps_manager.c

@@ -31,6 +31,7 @@
 
 #include "oc_cred.h"
 #include "oc_network_monitor.h"
+#include "security/oc_cred_util_internal.h"
 #include "util/oc_list.h"
 
 #include <stdint.h>
@@ -53,52 +54,58 @@ dps_manager_start(plgd_dps_context_t *ctx)
 }
 
 static bool
-dps_has_mfg_certificate(size_t device)
+dps_mfg_certificate_iterate(const oc_sec_cred_t *cred, void *data)
 {
-  const oc_sec_cred_t *mfg_cred = NULL;
-  const oc_sec_creds_t *creds = oc_sec_get_creds(device);
-  const oc_sec_cred_t *cred = (oc_sec_cred_t *)oc_list_head(creds->creds);
-  while (cred != NULL) {
-    if (cred->credtype == OC_CREDTYPE_CERT &&
-        cred->credusage == OC_CREDUSAGE_MFG_CERT && !dps_is_dps_cred(cred)) {
-      mfg_cred = cred;
-      break;
-    }
-    cred = cred->next;
+  if (cred->credtype == OC_CREDTYPE_CERT &&
+      cred->credusage == OC_CREDUSAGE_MFG_CERT && !dps_is_dps_cred(cred)) {
+    (*(const oc_sec_cred_t **)data) = cred;
+    return false;
   }
+  return true;
+}
 
+static bool
+dps_has_mfg_certificate(size_t device)
+{
+  const oc_sec_creds_t *creds = oc_sec_get_creds(device);
+  const oc_sec_cred_t *mfg_cred = NULL;
+  oc_cred_iterate(creds->creds, dps_mfg_certificate_iterate, &mfg_cred);
   if (mfg_cred != NULL) {
     DPS_DBG("Manufacturer certificate(%d) found", mfg_cred->credid);
     return true;
   }
   return false;
 }
 
+static bool
+dps_mfg_trusted_root_ca_iterate(const oc_sec_cred_t *cred, void *data)
+{
+  if (cred->credtype == OC_CREDTYPE_CERT &&
+      cred->credusage == OC_CREDUSAGE_MFG_TRUSTCA && !dps_is_dps_cred(cred)) {
+    (*(const oc_sec_cred_t **)data) = cred;
+    return false;
+  }
+  return true;
+}
+
 static bool
 dps_has_mfg_trusted_root_ca(size_t device)
 {
   const oc_sec_cred_t *trusted_ca = NULL;
   const oc_sec_creds_t *creds = oc_sec_get_creds(device);
-  const oc_sec_cred_t *cred = (oc_sec_cred_t *)oc_list_head(creds->creds);
-  while (cred != NULL) {
-    if (cred->credtype == OC_CREDTYPE_CERT &&
-        cred->credusage == OC_CREDUSAGE_MFG_TRUSTCA && !dps_is_dps_cred(cred)) {
-      trusted_ca = cred;
-      break;
-    }
-    cred = cred->next;
-  }
+  oc_cred_iterate(creds->creds, dps_mfg_trusted_root_ca_iterate, &trusted_ca);
   if (trusted_ca != NULL) {
     DPS_DBG("manufacturer trusted root ca(%d) found", trusted_ca->credid);
     return true;
   }
   return false;
 }
 
-static uint32_t
-dps_try_reprovision(plgd_dps_context_t *ctx)
+provision_and_cloud_observer_flags_t
+dps_get_provision_and_cloud_observer_flags(plgd_dps_context_t *ctx)
 {
   uint32_t provisionFlags = 0;
+  uint8_t cloudObserverStatus = 0;
   if (dps_has_plgd_time()) {
     provisionFlags |= PLGD_DPS_HAS_TIME;
   }
@@ -123,12 +130,15 @@ dps_try_reprovision(plgd_dps_context_t *ctx)
     if (dps_cloud_is_started(ctx->device)) {
       provisionFlags |= PLGD_DPS_CLOUD_STARTED;
     }
-    ctx->cloud_observer.last_status |= OC_CLOUD_REGISTERED;
+    cloudObserverStatus |= OC_CLOUD_REGISTERED;
     if (dps_cloud_is_logged_in(ctx->device)) {
-      ctx->cloud_observer.last_status |= OC_CLOUD_LOGGED_IN;
+      cloudObserverStatus |= OC_CLOUD_LOGGED_IN;
     }
   }
-  return provisionFlags;
+  return (provision_and_cloud_observer_flags_t){
+    .provision_flags = provisionFlags,
+    .cloud_observer_status = cloudObserverStatus,
+  };
 }
 
 int
@@ -165,7 +175,10 @@ plgd_dps_manager_start(plgd_dps_context_t *ctx)
   ctx->status = 0;
   uint32_t new_status = PLGD_DPS_INITIALIZED;
   if (!ctx->force_reprovision) {
-    new_status |= dps_try_reprovision(ctx);
+    provision_and_cloud_observer_flags_t pacf =
+      dps_get_provision_and_cloud_observer_flags(ctx);
+    new_status |= pacf.provision_flags;
+    ctx->cloud_observer.last_status |= pacf.cloud_observer_status;
   }
   ctx->force_reprovision = false;
   dps_set_ps_and_last_error(ctx, new_status, 0, PLGD_DPS_OK);

api/plgd/device-provisioning-client/plgd_dps_manager_internal.h

@@ -69,6 +69,16 @@ OC_NO_DISCARD_RETURN
 oc_event_callback_retval_t dps_manager_provision_retry_async(void *data)
   OC_NONNULL();
 
+typedef struct
+{
+  uint32_t provision_flags;
+  uint8_t cloud_observer_status;
+} provision_and_cloud_observer_flags_t;
+
+/// @brief Get provision flags and cloud observer status based on current state
+provision_and_cloud_observer_flags_t dps_get_provision_and_cloud_observer_flags(
+  plgd_dps_context_t *ctx) OC_NONNULL();
+
 #ifdef __cplusplus
 }
 #endif

api/plgd/device-provisioning-client/plgd_dps_pki.c

@@ -344,9 +344,7 @@ dps_pki_replace_credentials_handler(oc_client_response_t *data)
   dps_manager_reprovision_and_restart(ctx);
 }
 
-/// @brief Try replacing current (expiring) DPS certificates with newer
-/// certificates retrieved from the DPS service.
-static bool
+bool
 dps_pki_try_renew_certificates(plgd_dps_context_t *ctx)
 {
   assert(ctx != NULL);

api/plgd/device-provisioning-client/plgd_dps_pki_internal.h

@@ -139,6 +139,10 @@ OC_NO_DISCARD_RETURN
 bool dps_pki_replace_certificates(size_t device, const oc_rep_t *rep,
                                   const oc_endpoint_t *endpoint) OC_NONNULL();
 
+/// @brief Try replacing current (expiring) DPS certificates with newer
+/// certificates retrieved from the DPS service.
+bool dps_pki_try_renew_certificates(plgd_dps_context_t *ctx) OC_NONNULL();
+
 #ifdef __cplusplus
 }
 #endif

api/plgd/device-provisioning-client/plgd_dps_provision_owner.c

@@ -39,11 +39,11 @@
 
 #include <string.h>
 
-static int
+int
 dps_handle_get_owner_response(oc_client_response_t *data)
 {
   const char *owner_str = NULL;
-  oc_rep_t *rep = data->payload;
+  const oc_rep_t *rep = data->payload;
   while (rep != NULL) {
     if (dps_is_property(rep, OC_REP_STRING, "devowneruuid",
                         OC_CHAR_ARRAY_LEN("devowneruuid"))) {

api/plgd/device-provisioning-client/plgd_dps_provision_owner_internal.h

@@ -44,6 +44,9 @@ extern "C" {
  */
 bool dps_get_owner(plgd_dps_context_t *ctx) OC_NONNULL();
 
+/** Handler of get owner response */
+int dps_handle_get_owner_response(oc_client_response_t *data) OC_NONNULL();
+
 #if DPS_DBG_IS_ENABLED
 
 /// @brief Print owner of device, pstat and doxm resources, acls and

api/plgd/device-provisioning-client/plgd_dps_retry.c

@@ -17,6 +17,7 @@
  ****************************************************************************/
 
 #include "plgd_dps_context_internal.h"
+#include "plgd_dps_internal.h"
 #include "plgd_dps_log_internal.h"
 #include "plgd_dps_retry_internal.h"
 

api/plgd/device-provisioning-client/plgd_dps_security_internal.h

@@ -28,7 +28,7 @@
 #include "security/oc_tls_internal.h"
 
 #if DPS_DBG_IS_ENABLED
-#include "mbedlts/build_info.h"
+#include "mbedtls/build_info.h"
 #include "mbedtls/md.h"
 #endif /* DPS_DBG_IS_ENABLED */
 

api/plgd/device-provisioning-client/plgd_dps_verify_certificate.c

@@ -146,19 +146,20 @@ dps_verify_certificate(oc_tls_peer_t *peer, const mbedtls_x509_crt *crt,
     return -1;
   }
 
+  dps_verify_certificate_data_t *cb_data =
+    (dps_verify_certificate_data_t *)peer->user_data.data;
+  if (cb_data == NULL) {
+    DPS_ERR("verifying certificate - cb_data is NULL");
+    return -1;
+  }
+
   unsigned char fingerprint[MBEDTLS_MD_MAX_SIZE] = { 0 };
   /* buffer is max length of returned hash, which is 64 in case we use sha-512
    */
   size_t fingerprint_size = 0;
   if (!calculate_fingerprint(ctx, crt, fingerprint, &fingerprint_size)) {
     return -1;
   }
-  dps_verify_certificate_data_t *cb_data =
-    (dps_verify_certificate_data_t *)peer->user_data.data;
-  if (cb_data == NULL) {
-    DPS_ERR("verifying certificate - cb_data is NULL");
-    return -1;
-  }
 
   // check fingerprint every time
   if (ctx->certificate_fingerprint.md_type != MBEDTLS_MD_NONE &&

api/plgd/unittest/plgd_dps_apis.cpp

@@ -35,11 +35,7 @@ static constexpr size_t kDeviceID = 0;
 
 class DPSApisTest : public testing::Test {
 public:
-  static void SetUpTestCase()
-  {
-    oc_runtime_init();
-    plgd_dps_log_set_level(OC_LOG_LEVEL_TRACE);
-  }
+  static void SetUpTestCase() { oc_runtime_init(); }
 
   static void TearDownTestCase() { oc_runtime_shutdown(); }
 };