Merge branch 'bugfix/aws_iot_backport_few_fixes_for_v3.2' into 'release/v3.2'

Bugfix/aws iot backport few fixes for v3.2 (backport_v3.2) See merge request idf/esp-idf!4247
2019-02-19 11:36:18 +08:00 · 2019-02-19 11:36:18 +08:00 · 0f79c72704
parent 332ccd0925 c62a20f162
commit 0f79c72704
10 changed files with 56 additions and 111 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -113,7 +113,6 @@ build_template_app:
    - build
  variables:
    BATCH_BUILD: "1"
-    IDF_CI_BUILD: "1"
  only:
    variables:
      - $BOT_TRIGGER_WITH_LABEL == null
@ -248,7 +247,6 @@ build_esp_idf_tests_cmake:
      - $LOG_PATH
    expire_in: 2 days
  variables:
-    IDF_CI_BUILD: "1"
    LOG_PATH: "$CI_PROJECT_DIR/log_examples_make"
  only:
    variables:
@ -281,7 +279,6 @@ build_esp_idf_tests_cmake:
      - $LOG_PATH
    expire_in: 2 days
  variables:
-    IDF_CI_BUILD: "1"
    LOG_PATH: "$CI_PROJECT_DIR/log_examples_cmake"
  only:
    variables:
--- a/examples/protocols/aws_iot/README.md
+++ b/examples/protocols/aws_iot/README.md
@ -14,6 +14,16 @@ The [Getting Started section of the AWS IoT Developer Guide](http://docs.aws.ama

 To build and use this example, follow all the AWS IoT Getting Started steps from the beginning ("Sign in to the AWS Iot Console") up until "Configuring Your Device". For configuring the device, these are the steps:

+# Authentication (Based on X.509 certificates)
+
+### Device Authentication
+
+AWS IoT can use AWS IoT-generated certificates or certificates signed by a CA certificate for device authentication. To use a certificate that is not created by AWS IoT, you must register a CA certificate. All device certificates must be signed by the CA certificate you register. Please refer to guide at https://docs.aws.amazon.com/iot/latest/developerguide/device-certs-your-own.html for step-by-step instructions to register custom X.509 certificates.
+
+### Server Authentication
+
+Server certificates allow devices to verify that they're communicating with AWS IoT and not another server impersonating AWS IoT. By default [Amazon Root CA 1](https://www.amazontrust.com/repository/AmazonRootCA1.pem) (signed by Amazon Trust Services Endpoints CA) is embedded in applications, for more information please refer to https://docs.aws.amazon.com/iot/latest/developerguide/managing-device-certs.html#server-authentication
+
 ## Configuring Your Device

 ### Installing Private Key & Certificate
--- a/examples/protocols/aws_iot/subscribe_publish/main/CMakeLists.txt
+++ b/examples/protocols/aws_iot/subscribe_publish/main/CMakeLists.txt
@ -6,23 +6,6 @@ register_component()

 if(CONFIG_EXAMPLE_EMBEDDED_CERTS)
 target_add_binary_data(${COMPONENT_NAME} "certs/aws-root-ca.pem" TEXT)
-
-if(NOT IDF_CI_BUILD)
-    add_custom_command(OUTPUT certs/certificate.pem.crt certs/private.pem.key
-                        COMMAND echo "Dummy certificate data for continuous integration" >
-                                certs/certificate.pem.crt
-                        COMMAND echo "Dummy certificate data for continuous integration" >
-                                certs/private.pem.key
-                        WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
-                        VERBATIM)
-    add_custom_target(example_certificates DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/certs/certificate.pem.crt ${CMAKE_CURRENT_BINARY_DIR}/certs/private.pem.key)
-    
-    add_dependencies(${COMPONENT_NAME} example_certificates)
-    
-    target_add_binary_data(${COMPONENT_NAME} "${CMAKE_CURRENT_BINARY_DIR}/certs/certificate.pem.crt" TEXT)
-    target_add_binary_data(${COMPONENT_NAME} "${CMAKE_CURRENT_BINARY_DIR}/certs/private.pem.key" TEXT)
-else()
-    target_add_binary_data(${COMPONENT_NAME} "certs/certificate.pem.crt" TEXT)
-    target_add_binary_data(${COMPONENT_NAME} "certs/private.pem.key" TEXT) 
+target_add_binary_data(${COMPONENT_NAME} "certs/certificate.pem.crt" TEXT)
+target_add_binary_data(${COMPONENT_NAME} "certs/private.pem.key" TEXT)
 endif()
-endif()
--- a/examples/protocols/aws_iot/subscribe_publish/main/certs/aws-root-ca.pem
+++ b/examples/protocols/aws_iot/subscribe_publish/main/certs/aws-root-ca.pem
@ -1,28 +1,20 @@
 -----BEGIN CERTIFICATE-----
-MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB
-yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
-ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
-U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
-ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL
-MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
-ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln
-biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
-U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
-aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1
-nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex
-t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz
-SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG
-BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+
-rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/
-NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
-BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH
-BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
-aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv
-MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE
-p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y
-5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK
-WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
-4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
-hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
-----END CERTIFICATE-----
+MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF
+ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
+b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL
+MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
+b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj
+ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM
+9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw
+IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6
+VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L
+93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm
+jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA
+A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI
+U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs
+N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv
+o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU
+5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy
+rqXRfboQnoZsG4q5WTP468SQvvG5
+-----END CERTIFICATE-----
--- a/examples/protocols/aws_iot/subscribe_publish/main/component.mk
+++ b/examples/protocols/aws_iot/subscribe_publish/main/component.mk
@ -7,16 +7,8 @@ ifdef CONFIG_EXAMPLE_EMBEDDED_CERTS
 # from AWS, see README for details.
 COMPONENT_EMBED_TXTFILES := certs/aws-root-ca.pem certs/certificate.pem.crt certs/private.pem.key

-ifndef IDF_CI_BUILD
 # Print an error if the certificate/key files are missing
 $(COMPONENT_PATH)/certs/certificate.pem.crt $(COMPONENT_PATH)/certs/private.pem.key:
 	@echo "Missing PEM file $@. This file identifies the ESP32 to AWS for the example, see README for details."
 	exit 1
-else  # IDF_CI_BUILD
-# this case is for the internal Continuous Integration build which
-# compiles all examples. Add some dummy certs so the example can
-# compile (even though it won't work)
-$(COMPONENT_PATH)/certs/certificate.pem.crt $(COMPONENT_PATH)/certs/private.pem.key:
-	echo "Dummy certificate data for continuous integration" > $@
-endif
 endif
--- a/examples/protocols/aws_iot/subscribe_publish/sdkconfig.ci
+++ b/examples/protocols/aws_iot/subscribe_publish/sdkconfig.ci
@ -0,0 +1,2 @@
+# For CI build example assuming certificates stored on sdcard
+CONFIG_EXAMPLE_SDCARD_CERTS=y
--- a/examples/protocols/aws_iot/thing_shadow/main/CMakeLists.txt
+++ b/examples/protocols/aws_iot/thing_shadow/main/CMakeLists.txt
@ -6,23 +6,6 @@ register_component()

 if(CONFIG_EXAMPLE_EMBEDDED_CERTS)
 target_add_binary_data(${COMPONENT_NAME} "certs/aws-root-ca.pem" TEXT)
-
-if(NOT IDF_CI_BUILD)
-    add_custom_command(OUTPUT certs/certificate.pem.crt certs/private.pem.key
-                        COMMAND echo "Dummy certificate data for continuous integration" >
-                                certs/certificate.pem.crt
-                        COMMAND echo "Dummy certificate data for continuous integration" >
-                                certs/private.pem.key
-                        WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
-                        VERBATIM)
-    add_custom_target(example_certificates DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/certs/certificate.pem.crt ${CMAKE_CURRENT_BINARY_DIR}/certs/private.pem.key)
-    
-    add_dependencies(${COMPONENT_NAME} example_certificates)
-    
-    target_add_binary_data(${COMPONENT_NAME} "${CMAKE_CURRENT_BINARY_DIR}/certs/certificate.pem.crt" TEXT)
-    target_add_binary_data(${COMPONENT_NAME} "${CMAKE_CURRENT_BINARY_DIR}/certs/private.pem.key" TEXT)
-else()
-    target_add_binary_data(${COMPONENT_NAME} "certs/certificate.pem.crt" TEXT)
-    target_add_binary_data(${COMPONENT_NAME} "certs/private.pem.key" TEXT) 
+target_add_binary_data(${COMPONENT_NAME} "certs/certificate.pem.crt" TEXT)
+target_add_binary_data(${COMPONENT_NAME} "certs/private.pem.key" TEXT)
 endif()
-endif()
--- a/examples/protocols/aws_iot/thing_shadow/main/certs/aws-root-ca.pem
+++ b/examples/protocols/aws_iot/thing_shadow/main/certs/aws-root-ca.pem
@ -1,28 +1,20 @@
 -----BEGIN CERTIFICATE-----
-MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB
-yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
-ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
-U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
-ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL
-MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
-ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln
-biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
-U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
-aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1
-nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex
-t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz
-SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG
-BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+
-rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/
-NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
-BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH
-BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
-aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv
-MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE
-p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y
-5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK
-WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
-4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
-hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
-----END CERTIFICATE-----
+MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF
+ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
+b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL
+MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
+b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj
+ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM
+9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw
+IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6
+VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L
+93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm
+jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA
+A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI
+U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs
+N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv
+o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU
+5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy
+rqXRfboQnoZsG4q5WTP468SQvvG5
+-----END CERTIFICATE-----
--- a/examples/protocols/aws_iot/thing_shadow/main/component.mk
+++ b/examples/protocols/aws_iot/thing_shadow/main/component.mk
@ -7,16 +7,8 @@ ifdef CONFIG_EXAMPLE_EMBEDDED_CERTS
 # from AWS, see README for details.
 COMPONENT_EMBED_TXTFILES := certs/aws-root-ca.pem certs/certificate.pem.crt certs/private.pem.key

-ifndef IDF_CI_BUILD
 # Print an error if the certificate/key files are missing
 $(COMPONENT_PATH)/certs/certificate.pem.crt $(COMPONENT_PATH)/certs/private.pem.key:
 	@echo "Missing PEM file $@. This file identifies the ESP32 to AWS for the example, see README for details."
 	exit 1
-else  # IDF_CI_BUILD
-# this case is for the internal Continuous Integration build which
-# compiles all examples. Add some dummy certs so the example can
-# compile (even though it won't work)
-$(COMPONENT_PATH)/certs/certificate.pem.crt $(COMPONENT_PATH)/certs/private.pem.key:
-	echo "Dummy certificate data for continuous integration" > $@
-endif
 endif
--- a/examples/protocols/aws_iot/thing_shadow/sdkconfig.ci
+++ b/examples/protocols/aws_iot/thing_shadow/sdkconfig.ci
@ -0,0 +1,2 @@
+# For CI build example assuming certificates stored on sdcard
+CONFIG_EXAMPLE_SDCARD_CERTS=y