Skip to content

Commit cab5f30

Browse files
pennampennam
committed
Add function to compare certificate authority key identifier
1 parent 708376e commit cab5f30

File tree

2 files changed

+20
-0
lines changed

2 files changed

+20
-0
lines changed

src/utility/SElementArduinoCloudCertificate.cpp

+19
Original file line numberDiff line numberDiff line change
@@ -117,6 +117,25 @@ int SElementArduinoCloudCertificate::read(SecureElement & se, ECP256Certificate
117117
return 1;
118118
}
119119

120+
int SElementArduinoCloudCertificate::isAuthorityKeyIdDifferent(const ECP256Certificate & cert, const String& authorityKeyIdentifier)
121+
{
122+
byte authorityKeyIdentifierBytes[ECP256_CERT_AUTHORITY_KEY_ID_LENGTH];
123+
124+
if (authorityKeyIdentifier.length() == 0 || cert.authorityKeyId() == nullptr) {
125+
DEBUG_ERROR("SEACC::%s input params error.", __FUNCTION__);
126+
return -1;
127+
}
128+
129+
hexStringToBytes(authorityKeyIdentifier, authorityKeyIdentifierBytes, sizeof(authorityKeyIdentifierBytes));
130+
131+
/* If authorityKeyId are matching there is no need to rebuild*/
132+
if (memcmp(authorityKeyIdentifierBytes, cert.authorityKeyId() , ECP256_CERT_AUTHORITY_KEY_ID_LENGTH) == 0) {
133+
DEBUG_VERBOSE("SEACC::%s authorityKeyIdentifierBytes are equal", __FUNCTION__);
134+
return 0;
135+
}
136+
return 1;
137+
}
138+
120139
int SElementArduinoCloudCertificate::rebuild(SecureElement & se, ECP256Certificate & cert, const String & deviceId, const String & notBefore, const String & notAfter, const String & serialNumber, const String & authorityKeyIdentifier, const String & signature, const SElementArduinoCloudSlot keySlot)
121140
{
122141
byte serialNumberBytes[ECP256_CERT_SERIAL_NUMBER_LENGTH];

src/utility/SElementArduinoCloudCertificate.h

+1
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ class SElementArduinoCloudCertificate : public SElementCertificate
2828

2929
static int write(SecureElement & se, ECP256Certificate & cert, const SElementArduinoCloudSlot certSlot);
3030
static int read(SecureElement & se, ECP256Certificate & cert, const SElementArduinoCloudSlot certSlot, const SElementArduinoCloudSlot keySlot = SElementArduinoCloudSlot::Key);
31+
static int isAuthorityKeyIdDifferent(const ECP256Certificate & cert, const String& authorityKeyIdentifier);
3132
static int rebuild(SecureElement & se, ECP256Certificate & cert, const String & deviceId,
3233
const String & notBefore, const String & notAfter, const String & serialNumber,
3334
const String & authorityKeyIdentifier, const String & signature,

0 commit comments

Comments
 (0)