search

Azure / azure-sdk-for-c

This repository is for active development of the Azure SDK for Embedded C. For consumers of the SDK we recommend visiting our versioned developer docs at https://azure.github.io/azure-sdk-for-c.
MIT License
224 stars 120 forks source link

esp32/arduino iot central sample that uses x509 certificates? #2072

Closed torntrousers closed 2 years ago

torntrousers commented 2 years ago

The provided esp32/arduino samples such as Azure_IoT_Central_ESP32_AzureIoTKituse sas tokens for security, could you provide any guidance on how to change them to use x509 certificates instead? Eg if the esp32 had a hard coded certificate and private key in pem formatted strings instead of the device key, here?

Thanks!

torntrousers commented 2 years ago

Should this issue be here or over in the azure-iot-sdk-c? I put it here because the sample repo's point to here (official library website link) from thier README, but thats a typo and it should be the iot repo isn't it?

kartben commented 2 years ago

@ewertons @wduraes

danewalton commented 2 years ago

This is the right place for this issue. The arduino repo is a reshuffling of files and directory structure so this is where the core logic lives.

With that, thanks for the suggestion! The SAS key sample was the first task to get the sample up and working. We have plans to bring the certificate scenario as well. We will try and keep this issue posted with updates.

torntrousers commented 2 years ago

Thanks. I need to get it working now not later though so in the meantime could you give any help/hints on what the changes I need to do to the existing sample to have it use certificates?

danewalton commented 2 years ago

Spitballing here.....

I see in the struct here fields for a client cert and client key. I would try putting them in there instead of the mqtt password which we have here?

Something like 

  mqtt_config.client_cert_pem = (const char*) my_device_cert;
  mqtt_config.client_cert_len = strlen(my_device_cert);
  mqtt_config.client_key_pem = (const char*) my_device_key;
  mqtt_config.client_key_len = strlen(my_device_key);

Again...haven't tried it but that's where I would start. Password field should be blank if using x509. Let me know if that helps!

torntrousers commented 2 years ago

Ok thanks @danewalton , I have this working now. You can see the changes i had to do here. I could raise a pull request if you've any interest in that?

danewalton commented 2 years ago

Oh that's great! Feel free to raise that PR and I'll hopefully get to verifying it today.

danewalton commented 2 years ago

I have a PR to add this feature more widespread: https://github.com/Azure/azure-sdk-for-c-arduino/pull/16